Re: 7.4.3 & 8.0.0beta1 + Solaris 9: default pg_hba.conf

Поиск
Список
Период
Сортировка
От Andrew Dunstan
Тема Re: 7.4.3 & 8.0.0beta1 + Solaris 9: default pg_hba.conf
Дата
Msg-id 4124DD91.80005@dunslane.net
обсуждение исходный текст
Ответ на Re: 7.4.3 & 8.0.0beta1 + Solaris 9: default pg_hba.conf breaks  (Bruce Momjian <pgman@candle.pha.pa.us>)
Ответы Re: 7.4.3 & 8.0.0beta1 + Solaris 9: default pg_hba.conf breaks
Список pgsql-hackers
Дерево обсуждения 

Bruce Momjian wrote:

>Added to open items:
>
>    * Fix Solaris for single-host netmasks in pg_hba.conf, use CIDR?
>  
>

At this stage of the game I would just change pg_hba.conf.sample to use 
'127.0.0.1/32' instead of '127.0.0.1 255.255.255.255'. No need for a 
Solaris-specific fix for the default setup if we do that, and I don't 
have time right now to do what I suggested below.

cheers

andrew

>
>---------------------------------------------------------------------------
>
>Andrew Dunstan wrote:
>  
>
>>Tom Lane wrote:
>>
>>    
>>
>>>Andrew Dunstan <andrew@dunslane.net> writes:
>>> 
>>>
>>>      
>>>
>>>>>Seems unlikely.  I suppose you could argue that we shouldn't be using
>>>>>getaddrinfo on the netmask field at all; there's certainly not any value
>>>>>in doing a DNS lookup on it, for instance.  Maybe we should go back to
>>>>>using plain ol' inet_aton for it?  (Nah, won't handle IPv6...)
>>>>>     
>>>>>
>>>>>          
>>>>>
>>> 
>>>
>>>      
>>>
>>>>We could do it if we tested the addr.ai_family first, and only did it in 
>>>>the IPv4 case. I agree calling getaddrinfo is overkill for masks.
>>>>   
>>>>
>>>>        
>>>>
>>>Huh?  The reason we're using getaddrinfo in the first place is we don't
>>>*know* whether we've got an IPv4 or IPv6 string ...
>>>
>>>
>>> 
>>>
>>>      
>>>
>>We know the address family - in fact we pass it to SockAddr_cidr_mask(). 
>>It's only the family of the mask that we don't know. But they had better 
>>be the same, of course. See hba.c around line 753:
>>
>>        if (cidr_slash)
>>        {
>>            if (SockAddr_cidr_mask(&mask, cidr_slash + 1, 
>>addr.ss_family) < 0)
>>                goto hba_syntax;
>>        }
>>        else
>>        {
>>            /* Read the mask field. */
>>            line_item = lnext(line_item);
>>            if (!line_item)
>>                goto hba_syntax;
>>            token = lfirst(line_item);
>>
>>            ret = getaddrinfo_all(token, NULL, &hints, &gai_result);
>>
>>cheers
>>
>>andrew
>>
>>    
>>
>
>  
>

В списке pgsql-hackers по дате отправления: