Here's a patch that does what has been discussed on Hackers to allow a
default setting in pg_hba.conf for loopback addresses, and should cause
no problems no matter what style of ipv6 is or isn't configured.
If it's wanted I'll document it, if not I won't :-)
BTW, I notice that the sample doesn't seem to contain anything about
hostnossl lines.
cheers
andrew
Index: src/backend/libpq/hba.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v
retrieving revision 1.111
diff -c -w -r1.111 hba.c
*** src/backend/libpq/hba.c 4 Aug 2003 02:39:59 -0000 1.111
--- src/backend/libpq/hba.c 3 Sep 2003 20:01:03 -0000
***************
*** 595,600 ****
--- 595,628 ----
if (!IS_AF_UNIX(port->raddr.addr.ss_family))
return;
}
+ else if (strcmp(token, "loopback") == 0)
+ {
+ /* Get the database. */
+ line = lnext(line);
+ if (!line)
+ goto hba_syntax;
+ db = lfirst(line);
+
+ /* Get the user. */
+ line = lnext(line);
+ if (!line)
+ goto hba_syntax;
+ user = lfirst(line);
+
+ line = lnext(line);
+ if (!line)
+ goto hba_syntax;
+
+ /* Read the rest of the line. */
+ parse_hba_auth(line, &port->auth_method, &port->auth_arg, error_p);
+ if (*error_p)
+ goto hba_syntax;
+
+ /* Check if we match any loopback addr for IP4, IP4 over IP6, or IP6 */
+ if (!is_loopback_addr(&port->raddr.addr))
+ return;
+
+ }
else if (strcmp(token, "host") == 0
|| strcmp(token, "hostssl") == 0
|| strcmp(token, "hostnossl") == 0)
Index: src/backend/libpq/ip.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/ip.c,v
retrieving revision 1.19
diff -c -w -r1.19 ip.c
*** src/backend/libpq/ip.c 4 Aug 2003 02:39:59 -0000 1.19
--- src/backend/libpq/ip.c 3 Sep 2003 20:01:04 -0000
***************
*** 389,391 ****
--- 389,438 ----
}
#endif
+
+ bool
+ is_loopback_addr(const struct sockaddr_storage * addr)
+ {
+ /* 127.0.0.1 in network order */
+ long ip4addr = htonl(0x7f000001L);
+
+ #ifdef HAVE_IPV6
+
+ /* 16 octets in network order (most significant on left) */
+
+ /* ::ffff:127.0.0.1 */
+ char * ip4ip6addr = "\0\0\0\0\0\0\0\0\0\0\xff\xff\x7f\0\0\x01";
+
+ /* ::1 */
+ char * ip6addr = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01";
+
+ #endif
+
+ if (addr->ss_family == AF_INET)
+ {
+ if (ip4addr == ((struct sockaddr_in *)addr)->sin_addr.s_addr)
+ return true;
+ }
+
+ #ifdef HAVE_IPV6
+
+ else if (addr->ss_family == AF_INET6)
+ {
+ if ( memcmp(ip4ip6addr,
+ ((struct sockaddr_in6 *)addr)->sin6_addr.s6_addr,
+ 16) == 0
+ ||
+ memcmp(ip6addr,
+ ((struct sockaddr_in6 *)addr)->sin6_addr.s6_addr,
+ 16) == 0
+ )
+ {
+ return true;
+ }
+ }
+
+ #endif
+
+ return false;
+ }
+
Index: src/backend/libpq/pg_hba.conf.sample
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/pg_hba.conf.sample,v
retrieving revision 1.44
diff -c -w -r1.44 pg_hba.conf.sample
*** src/backend/libpq/pg_hba.conf.sample 1 Aug 2003 23:40:10 -0000 1.44
--- src/backend/libpq/pg_hba.conf.sample 3 Sep 2003 20:01:04 -0000
***************
*** 7,15 ****
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
! # databases they can access. Records take one of five forms:
#
# local DATABASE USER METHOD [OPTION]
# host DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION]
# hostssl DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION]
# host DATABASE USER IP-ADDRESS/CIDR-MASK METHOD [OPTION]
--- 7,16 ----
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
! # databases they can access. Records take one of six forms:
#
# local DATABASE USER METHOD [OPTION]
+ # loopback DATABASE USER METHOD [OPTION]
# host DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION]
# hostssl DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION]
# host DATABASE USER IP-ADDRESS/CIDR-MASK METHOD [OPTION]
***************
*** 51,58 ****
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
local all all trust
! host all all 127.0.0.1 255.255.255.255 trust
- # uncomment these to support IPv6 localhost connections
- # host all all ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust
- # host all all ::ffff:127.0.0.1/128 trust
--- 52,56 ----
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
local all all trust
! loopback all all trust
Index: src/include/libpq/ip.h
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/include/libpq/ip.h,v
retrieving revision 1.10
diff -c -w -r1.10 ip.h
*** src/include/libpq/ip.h 4 Aug 2003 00:43:31 -0000 1.10
--- src/include/libpq/ip.h 3 Sep 2003 20:01:06 -0000
***************
*** 33,38 ****
--- 33,40 ----
extern int SockAddr_cidr_mask(struct sockaddr_storage ** mask,
char *numbits, int family);
+ extern bool is_loopback_addr(const struct sockaddr_storage * addr);
+
#ifdef HAVE_UNIX_SOCKETS
#define IS_AF_UNIX(fam) ((fam) == AF_UNIX)
#else