Re: 7.4devel auth failed

Ok Bruce,

I found out what's happening.
I'm running a Suse 8.1 2.4.19 standard kernel which has IPV6 enabled by 
default. When connecting locally over IP (pgaccess), hba is checked 
against IPV6 patterns in pg_hba.conf.
My pgadmin2 machine will connect with an IP4-to-6 mapped address of 
0:ffff:c0a80002 (192.168.0.2), which convSockAddr6to4 will convert to 
dst->in.sin_addr.s_addr=0xc0a80002. On the other side, SockAddr_pton 
will convert my 192.168.0.0/255.255.255.0 entry to a8c0/ffffff, and 
consequently rangeSockAddr will fail.

If your kernel isn't V6 enabled, the incoming socket will be AF_INET, 
and no conversion is done, that's why you don't get the problem.
To fix this, the [12]..[15] indices need to be reversed (for Intel). 
This might be machine specific... Maybe for all big-endian machines the 
current code is ok, and needs reversal for little-endian processors.
I wonder if the following is completely portable, could be:
dst->in.sin_addr.s_addr = *(in_addr_t*)(src->in4.sin6_addr.s6_addr+12);

Regards,
Andreas

PS Your mail host candle.pha.pa.us rejected this mail as spam?!?



Bruce Momjian wrote:

>That's strange.  I just tested it here, and it worked.  I have IPv6 code
>enabled. but no IPv6 in my kernel, so there are just IPv4 connections.
>
>Can you peek in this funciton and see where it is failing:
>    
>    int
>    rangeSockAddrAF_INET(const SockAddr *addr, const SockAddr *netaddr,
>                         const SockAddr *netmask)
>    {
>        if (addr->sa.sa_family != AF_INET ||
>            netaddr->sa.sa_family != AF_INET ||
>            netmask->sa.sa_family != AF_INET)
>            return 0;
>        if (((addr->in.sin_addr.s_addr ^ netaddr->in.sin_addr.s_addr) &
>             netmask->in.sin_addr.s_addr) == 0)
>            return 1;
>        else
>            return 0;
>    }       
>
>That is the IPv4 function.
>        
>
>  
>