*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.113 2003/09/05 20:31:35 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.114 2003/09/05 23:07:21 tgl Exp $
*
*-------------------------------------------------------------------------
*/
char *token;
char *db;
char *user;
- struct addrinfo *file_ip_addr = NULL,
- *file_ip_mask = NULL;
+ struct addrinfo *gai_result;
struct addrinfo hints;
- struct sockaddr_storage *mask;
- char *cidr_slash;
int ret;
+ struct sockaddr_storage addr;
+ struct sockaddr_storage mask;
+ char *cidr_slash;
Assert(line != NIL);
line_number = lfirsti(line);
if (cidr_slash)
*cidr_slash = '\0';
+ /* Get the IP address either way */
hints.ai_flags = AI_NUMERICHOST;
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = 0;
hints.ai_addr = NULL;
hints.ai_next = NULL;
- /* Get the IP address either way */
- ret = getaddrinfo_all(token, NULL, &hints, &file_ip_addr);
- if (ret || !file_ip_addr)
+ ret = getaddrinfo_all(token, NULL, &hints, &gai_result);
+ if (ret || !gai_result)
{
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
token, gai_strerror(ret))));
if (cidr_slash)
*cidr_slash = '/';
+ if (gai_result)
+ freeaddrinfo_all(hints.ai_family, gai_result);
goto hba_syntax;
}
if (cidr_slash)
*cidr_slash = '/';
+ memcpy(&addr, gai_result->ai_addr, gai_result->ai_addrlen);
+ freeaddrinfo_all(hints.ai_family, gai_result);
+
/* Get the netmask */
if (cidr_slash)
{
- if (SockAddr_cidr_mask(&mask, cidr_slash + 1,
- file_ip_addr->ai_family) < 0)
+ if (SockAddr_cidr_mask(&mask, cidr_slash + 1, addr.ss_family) < 0)
goto hba_syntax;
}
else
goto hba_syntax;
token = lfirst(line);
- ret = getaddrinfo_all(token, NULL, &hints, &file_ip_mask);
- if (ret || !file_ip_mask)
+ ret = getaddrinfo_all(token, NULL, &hints, &gai_result);
+ if (ret || !gai_result)
+ {
+ if (gai_result)
+ freeaddrinfo_all(hints.ai_family, gai_result);
goto hba_syntax;
+ }
- mask = (struct sockaddr_storage *) file_ip_mask->ai_addr;
+ memcpy(&mask, gai_result->ai_addr, gai_result->ai_addrlen);
+ freeaddrinfo_all(hints.ai_family, gai_result);
- if (file_ip_addr->ai_family != mask->ss_family)
+ if (addr.ss_family != mask.ss_family)
goto hba_syntax;
}
- if (file_ip_addr->ai_family != port->raddr.addr.ss_family)
+ if (addr.ss_family != port->raddr.addr.ss_family)
{
/*
* Wrong address family. We allow only one case: if the
* address to IPv6 and try to match that way.
*/
#ifdef HAVE_IPV6
- if (file_ip_addr->ai_family == AF_INET &&
+ if (addr.ss_family == AF_INET &&
port->raddr.addr.ss_family == AF_INET6)
{
- promote_v4_to_v6_addr((struct sockaddr_storage *) file_ip_addr->ai_addr);
- promote_v4_to_v6_mask(mask);
+ promote_v4_to_v6_addr(&addr);
+ promote_v4_to_v6_mask(&mask);
}
else
#endif /* HAVE_IPV6 */
{
- freeaddrinfo_all(hints.ai_family, file_ip_addr);
+ /* Line doesn't match client port, so ignore it. */
return;
}
}
+ /* Ignore line if client port is not in the matching addr range. */
+ if (!rangeSockAddr(&port->raddr.addr, &addr, &mask))
+ return;
+
/* Read the rest of the line. */
line = lnext(line);
if (!line)
parse_hba_auth(line, &port->auth_method, &port->auth_arg, error_p);
if (*error_p)
goto hba_syntax;
-
- /* Must meet network restrictions */
- if (!rangeSockAddr(&port->raddr.addr,
- (struct sockaddr_storage *) file_ip_addr->ai_addr,
- mask))
- goto hba_freeaddr;
-
- freeaddrinfo_all(hints.ai_family, file_ip_addr);
- if (file_ip_mask)
- freeaddrinfo_all(hints.ai_family, file_ip_mask);
}
else
goto hba_syntax;
line_number)));
*error_p = true;
-
-hba_freeaddr:
- if (file_ip_addr)
- freeaddrinfo_all(hints.ai_family, file_ip_addr);
- if (file_ip_mask)
- freeaddrinfo_all(hints.ai_family, file_ip_mask);
}
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/libpq/ip.c,v 1.20 2003/09/05 20:31:36 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/libpq/ip.c,v 1.21 2003/09/05 23:07:21 tgl Exp $
*
* This file and the IPV6 implementation were initially provided by
* Nigel Kukard <nkukard@lbsd.net>, Linux Based Systems Design
* SockAddr_cidr_mask - make a network mask of the appropriate family
* and required number of significant bits
*
- * Note: Returns a static pointer for the mask, so it's not thread safe,
- * and a second call will overwrite the data.
+ * The resulting mask is placed in *mask, which had better be big enough.
+ *
+ * Return value is 0 if okay, -1 if not.
*/
int
-SockAddr_cidr_mask(struct sockaddr_storage ** mask, char *numbits, int family)
+SockAddr_cidr_mask(struct sockaddr_storage * mask, char *numbits, int family)
{
long bits;
char *endptr;
- static struct sockaddr_storage sock;
struct sockaddr_in mask4;
#ifdef HAVE_IPV6
)
return -1;
- *mask = &sock;
-
switch (family)
{
case AF_INET:
mask4.sin_addr.s_addr =
htonl((0xffffffffUL << (32 - bits))
& 0xffffffffUL);
- memcpy(&sock, &mask4, sizeof(mask4));
+ memcpy(mask, &mask4, sizeof(mask4));
break;
#ifdef HAVE_IPV6
case AF_INET6:
}
bits -= 8;
}
- memcpy(&sock, &mask6, sizeof(mask6));
+ memcpy(mask, &mask6, sizeof(mask6));
break;
}
#endif
return -1;
}
- sock.ss_family = family;
+ mask->ss_family = family;
return 0;
}
* promote_v4_to_v6_addr --- convert an AF_INET addr to AF_INET6, using
* the standard convention for IPv4 addresses mapped into IPv6 world
*
- * The passed addr is modified in place. Note that we only worry about
- * setting the fields that rangeSockAddr will look at.
+ * The passed addr is modified in place; be sure it is large enough to
+ * hold the result! Note that we only worry about setting the fields
+ * that rangeSockAddr will look at.
*/
void
promote_v4_to_v6_addr(struct sockaddr_storage * addr)
* This must be different from promote_v4_to_v6_addr because we want to
* set the high-order bits to 1's not 0's.
*
- * The passed addr is modified in place. Note that we only worry about
- * setting the fields that rangeSockAddr will look at.
+ * The passed addr is modified in place; be sure it is large enough to
+ * hold the result! Note that we only worry about setting the fields
+ * that rangeSockAddr will look at.
*/
void
promote_v4_to_v6_mask(struct sockaddr_storage * addr)
projects / postgresql / commitdiff