mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2025-01-06 15:24:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Back out this patch because it is patched inside a later patch.

Browse Source 
---------------------------------------------------------------------------

here is a patch that allows CIDR netmasks in pg_hba.conf. It allows two
address/mask forms:

. address/maskbits, or
. address netmask (as now)

If the patch is accepted I will submit a documentation patch to cover
it.

This is submitted by agreement with Kurt Roeckx, who has worked on a
patch that covers this and other IPv6 issues.
This commit is contained in:
Bruce Momjian 2003-06-12 07:00:57 +00:00
parent 1cef8ea790
commit e5549a272d
3 changed files with 13 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/backend/libpq/hba.c
View File

@ -10,7 +10,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.101 2003/06/12 02:12:58 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.102 2003/06/12 07:00:57 momjian Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -588,7 +588,6 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
else if (strcmp(token, "host") == 0 || strcmp(token, "hostssl") == 0) else if (strcmp(token, "host") == 0 || strcmp(token, "hostssl") == 0)
{ {
SockAddr file_ip_addr, mask; SockAddr file_ip_addr, mask;
char * cidr_slash;
if (strcmp(token, "hostssl") == 0) if (strcmp(token, "hostssl") == 0)
{ {
@ -619,48 +618,26 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
goto hba_syntax; goto hba_syntax;
user = lfirst(line); user = lfirst(line);
/* Read the IP address field. (with or without CIDR netmask) */ /* Read the IP address field. */
line = lnext(line); line = lnext(line);
if (!line) if (!line)
goto hba_syntax; goto hba_syntax;
token = lfirst(line); token = lfirst(line);
/* Check if it has a CIDR suffix and if so isolate it */
cidr_slash = strchr(token,'/');
if (cidr_slash)
*cidr_slash = '\0';
/* Get the IP address either way */
if(SockAddr_pton(&file_ip_addr, token) < 0) if(SockAddr_pton(&file_ip_addr, token) < 0)
{
if (cidr_slash)
*cidr_slash = '/';
goto hba_syntax; goto hba_syntax;
}
/* Get the netmask */ /* Read the mask field. */
if (cidr_slash) line = lnext(line);
{ if (!line)
*cidr_slash = '/'; goto hba_syntax;
if (SockAddr_cidr_mask(&mask, ++cidr_slash, file_ip_addr.sa.sa_family) < 0) token = lfirst(line);
goto hba_syntax;
}
else
{
/* Read the mask field. */
line = lnext(line);
if (!line)
goto hba_syntax;
token = lfirst(line);
if(SockAddr_pton(&mask, token) < 0)
goto hba_syntax;
if(file_ip_addr.sa.sa_family != mask.sa.sa_family)
goto hba_syntax;
}
if(SockAddr_pton(&mask, token) < 0)
goto hba_syntax;
if(file_ip_addr.sa.sa_family != mask.sa.sa_family)
goto hba_syntax;
/* Read the rest of the line. */ /* Read the rest of the line. */
line = lnext(line); line = lnext(line);

55
src/backend/libpq/ip.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/ip.c,v 1.10 2003/06/12 02:12:58 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/libpq/ip.c,v 1.11 2003/06/12 07:00:57 momjian Exp $
* *
* This file and the IPV6 implementation were initially provided by * This file and the IPV6 implementation were initially provided by
* Nigel Kukard <nkukard@lbsd.net>, Linux Based Systems Design * Nigel Kukard <nkukard@lbsd.net>, Linux Based Systems Design
@ -251,59 +251,6 @@ SockAddr_pton(SockAddr *sa, const char *src)
} }
} }
/*
* SockAddr_cidr_mask - make a network mask of the appropriate family
* and required number of significant bits
*/
int
SockAddr_cidr_mask(SockAddr *mask, char *numbits, int family)
{
int i;
long bits;
char * endptr;
bits = strtol(numbits,&endptr,10);
if (*numbits == '\0' || *endptr != '\0')
return -1;
if ((bits < 0) || (family == AF_INET && bits > 32)
#ifdef HAVE_IPV6
|| (family == AF_INET6 && bits > 128)
#endif
)
return -1;
mask->sa.sa_family = family;
switch (family)
{
case AF_INET:
mask->in.sin_addr.s_addr = htonl((0xffffffffUL << (32 - bits)) & 0xffffffffUL);
break;
#ifdef HAVE_IPV6
case AF_INET6:
for (i = 0; i < 16; i++)
{
if (bits <= 0)
mask->in6.sin6_addr.s6_addr[i]=0;
else if (bits >= 8)
mask->in6.sin6_addr.s6_addr[i]=0xff;
else
mask->in6.sin6_addr.s6_addr[i]=(0xff << (8 - bits)) & 0xff;
bits -= 8;
}
break;
#endif
default:
return -1;
}
return 0;
}
/* /*
* isAF_INETx - check to see if sa is AF_INET or AF_INET6 * isAF_INETx - check to see if sa is AF_INET or AF_INET6

4
src/include/libpq/ip.h
View File

@ -5,7 +5,7 @@
* *
* Copyright (c) 2003, PostgreSQL Global Development Group * Copyright (c) 2003, PostgreSQL Global Development Group
* *
* $Id: ip.h,v 1.6 2003/06/12 02:12:58 momjian Exp $ * $Id: ip.h,v 1.7 2003/06/12 07:00:57 momjian Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -25,8 +25,6 @@ extern char *SockAddr_ntop(const SockAddr *sa, char *dst, size_t cnt,
int v4conv); int v4conv);
extern int SockAddr_pton(SockAddr *sa, const char *src); extern int SockAddr_pton(SockAddr *sa, const char *src);
extern int SockAddr_cidr_mask(SockAddr *mask, char *numbits, int family);
extern int isAF_INETx(const int family); extern int isAF_INETx(const int family);
extern int rangeSockAddr(const SockAddr *addr, const SockAddr *netaddr, extern int rangeSockAddr(const SockAddr *addr, const SockAddr *netaddr,
const SockAddr *netmask); const SockAddr *netmask);