Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
Andrew Dunstan wrote:
Andreas,
You should check that the CIDR mask is a valid integer. You would need
to use strtol() rather than atoi() to do that. Perhaps this should be
hoisted out of ip.c:SockAddr_cidr_mask() and put in hba.c.
Right, I added this.
Regards,
Andreas
Index: hba.c
===
RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v
retrieving revision 1.112
diff -c -r1.112 hba.c
*** hba.c 5 Sep 2003 03:57:13 - 1.112
--- hba.c 5 Sep 2003 09:04:33 -
***
*** 673,708
if (cidr_slash)
*cidr_slash = '/';
! if (file_ip_addr-ai_family != port-raddr.addr.ss_family)
{
! /* Wrong address family. */
freeaddrinfo_all(hints.ai_family, file_ip_addr);
! return;
}
! /* Get the netmask */
! if (cidr_slash)
{
! if (SockAddr_cidr_mask(mask, cidr_slash + 1,
!
file_ip_addr-ai_family) 0)
! goto hba_syntax;
}
else
{
! /* Read the mask field. */
! line = lnext(line);
! if (!line)
! goto hba_syntax;
! token = lfirst(line);
!
! ret = getaddrinfo_all(token, NULL, hints, file_ip_mask);
! if (ret || !file_ip_mask)
! goto hba_syntax;
!
! mask = (struct sockaddr_storage *) file_ip_mask-ai_addr;
!
! if (file_ip_addr-ai_family != mask-ss_family)
! goto hba_syntax;
}
/* Read the rest of the line. */
--- 673,774
if (cidr_slash)
*cidr_slash = '/';
! #ifdef HAVE_IPV6
!
! if (file_ip_addr-ai_family == AF_INET port-raddr.addr.ss_family
== AF_INET6)
{
! /* port got a IPV6 address, but the current line is IPV4.
! * We'll make a IPV6 entry from this line, to check if by chance the
connecting port
! * is a converted IPV4 address. */
!
! char *v6addr=palloc(strlen(token)+8);
! char *v6mask;
!
freeaddrinfo_all(hints.ai_family, file_ip_addr);
!
! if (cidr_slash)
! *cidr_slash = 0;
! sprintf(v6addr, :::%s, token);
! if (cidr_slash)
! *cidr_slash = '/';
!
! ret = getaddrinfo_all(v6addr, NULL, hints, file_ip_addr);
! if (ret || !file_ip_addr)
! {
! ereport(LOG,
! (errcode(ERRCODE_CONFIG_FILE_ERROR),
!errmsg(could not interpret converted
IP address \%s\ in config file: %s,
! token,
gai_strerror(ret;
! }
! if (cidr_slash)
! {
! int v4bits;
! char *endptr;
!
! v4bits=strtol(cidr_slash+1, endptr, 10);
! if (cidr_slash[1]==0 || *endptr!=0 || v4bits0 ||
v4bits32)
! goto hba_syntax;
!
! v6mask = palloc(20);
! sprintf(v6mask, %d, v4bits+96);
! if (SockAddr_cidr_mask(mask, v6mask,
file_ip_addr-ai_family) 0)
! goto hba_syntax;
! }
! else
! {
! line = lnext(line);
! if (!line)
! goto hba_syntax;
! token = lfirst(line);
! v6mask = palloc(strlen(token)+32);
! sprintf(v6mask, ::::::%s,
token);
!
! ret = getaddrinfo_all(v6mask, NULL, hints,
file_ip_mask);
! if (ret || !file_ip_mask)
! goto hba_syntax;
!
! mask = (struct sockaddr_storage *)
file_ip_mask-ai_addr;
!
! if (file_ip_addr-ai_family != mask-ss_family)
! goto hba_syntax;
!
Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
Tom Lane wrote: I thought this was still really messy, so I modified it to use a separate promote v4 address to v6 subroutine. I've applied the attached patch (plus docs). It's not very well tested since I don't have an IPv6 setup here; please check that it does what you want. It SEGVs. Reason is that the memcpy of the promote_v4_to_v6_XXX functions assumes that the sockaddr_storage is large enough to hold an IPV6 address, which appears to be not true. Since the struct isn't created by a plain malloc() and returned by free(), but assembled by getaddrinfo() according to the family's requirement, I don't see a way how to fix this. IMHO the struct needs to be created officially by getaddrinfo(), which will lead more or less the the same solution I posted previously. Regards, Andreas ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
Tom Lane said: Andreas Pflug [EMAIL PROTECTED] writes: are you sure it's not just for beauty's sake? What I didn't like about your last patch was the close coupling of the CIDR/netmask processing to the v4-to-v6 conversion; as Andrew pointed out, you were hacking into hba.c functionality that overlapped with SockAddr_cidr_mask. Doing the conversion after we've collected the netmask seems a lot cleaner to me. Also, this way keeps a fairly decent separation of interests between hba.c (parsing the hba.conf syntax) and ip.c (messing with address representations). While talking about beauty: that setting of *cidr_slash to '/' and 0 doesn't look too esthetic... It is ugly (and I didn't write it ;-)). But if we palloc'd a modified version of the token we'd have to remember to pfree it, so it nets out to about the same amount of code either way I think. If you wanna try to clean it up more, be my guest ... I wrote it :-) The reason is that alone of the tokens in this file address/mask is a composite. I agree it is a bit ugly. In fact, this whole function is ugly and getting uglier and needs recasting. I intend to have a go at that, since I am partly responsible, but not in the present cycle. Nobody objected when the original patch from Kurt (including my bit) was submitted, though, so it's a bit late to complain now about aesthetics. cheers andrew ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
Tom Lane wrote: Andreas Pflug [EMAIL PROTECTED] writes: are you sure it's not just for beauty's sake? What I didn't like about your last patch was the close coupling of the CIDR/netmask processing to the v4-to-v6 conversion; as Andrew pointed out, you were hacking into hba.c functionality that overlapped with SockAddr_cidr_mask. Doing the conversion after we've collected the netmask seems a lot cleaner to me. Also, this way keeps a fairly decent separation of interests between hba.c (parsing the hba.conf syntax) and ip.c (messing with address representations). While talking about beauty: that setting of *cidr_slash to '/' and 0 doesn't look too esthetic... It is ugly (and I didn't write it ;-)). But if we palloc'd a modified version of the token we'd have to remember to pfree it, so it nets out to about the same amount of code either way I think. If you wanna try to clean it up more, be my guest ... Would you like me to conditionally add the IPv6 line to pg_hba.conf from initdb now? -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
Bruce Momjian [EMAIL PROTECTED] writes: Would you like me to conditionally add the IPv6 line to pg_hba.conf from initdb now? I was going to tackle that tomorrow, but if you wanna do it, go for it. regards, tom lane ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [PATCHES] IPV4 addresses on IPV6 machines in pg_hba.conf
On Wed, Sep 03, 2003 at 07:19:16PM +0200, Andreas Pflug wrote: This was discussed in [HACKERS] TCP/IP with 7.4 beta2 broken? I created a patch to hba.c which uses IPV4 entries as IPV6 entries if running on a IPV6 system (which is detected from a port coming in as AF_INET6). You're assuming all systems have an AF_INET6 constant, which is not the case. Please make use of HAVE_IPV6. Can't directly see anything else wrong with it. Kurt ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
