Re: 7.4devel auth failed

I am confused about using only the last few bytes. Does this
adjustment of IP addresses help:

void
convSockAddr6to4(const SockAddr *src, SockAddr *dst)
{
char addr_str[INET6_ADDRSTRLEN];

dst->in.sin_family = AF_INET;
dst->in.sin_port = src->in6.sin6_port;

dst->in.sin_addr.s_addr =
(src->in6.sin6_addr.s6_addr[15])
+ (src->in6.sin6_addr.s6_addr[14] << 8)
+ (src->in6.sin6_addr.s6_addr[13] << 16)
+ (src->in6.sin6_addr.s6_addr[12] << 24);
SockAddr_ntop(src, addr_str, INET6_ADDRSTRLEN, 0);
}

Can you supply a patch?

FYI, I do have IPv6 enabled libraries, but not in my kernel.

> PS Your mail host candle.pha.pa.us rejected this mail as spam?!?

I have whitelisted web.de. I received spam from them last month, and
didn't know if they were legit or just a spamhouse. Unfortunately, I
don't check each one I blacklist.

---------------------------------------------------------------------------

Andreas Pflug wrote:
> Ok Bruce,
>
> I found out what's happening.
> I'm running a Suse 8.1 2.4.19 standard kernel which has IPV6 enabled by
> default. When connecting locally over IP (pgaccess), hba is checked
> against IPV6 patterns in pg_hba.conf.
> My pgadmin2 machine will connect with an IP4-to-6 mapped address of
> 0:ffff:c0a80002 (192.168.0.2), which convSockAddr6to4 will convert to
> dst->in.sin_addr.s_addr=0xc0a80002. On the other side, SockAddr_pton
> will convert my 192.168.0.0/255.255.255.0 entry to a8c0/ffffff, and
> consequently rangeSockAddr will fail.
>
> If your kernel isn't V6 enabled, the incoming socket will be AF_INET,
> and no conversion is done, that's why you don't get the problem.
> To fix this, the [12]..[15] indices need to be reversed (for Intel).
> This might be machine specific... Maybe for all big-endian machines the
> current code is ok, and needs reversal for little-endian processors.
> I wonder if the following is completely portable, could be:
> dst->in.sin_addr.s_addr = *(in_addr_t*)(src->in4.sin6_addr.s6_addr+12);
>
> Regards,
> Andreas
>
> PS Your mail host candle.pha.pa.us rejected this mail as spam?!?
>
>
>
> Bruce Momjian wrote:
>
> >That's strange. I just tested it here, and it worked. I have IPv6 code
> >enabled. but no IPv6 in my kernel, so there are just IPv4 connections.
> >
> >Can you peek in this funciton and see where it is failing:
> >
> > int
> > rangeSockAddrAF_INET(const SockAddr *addr, const SockAddr *netaddr,
> > const SockAddr *netmask)
> > {
> > if (addr->sa.sa_family != AF_INET ||
> > netaddr->sa.sa_family != AF_INET ||
> > netmask->sa.sa_family != AF_INET)
> > return 0;
> > if (((addr->in.sin_addr.s_addr ^ netaddr->in.sin_addr.s_addr) &
> > netmask->in.sin_addr.s_addr) == 0)
> > return 1;
> > else
> > return 0;
> > }
> >
> >That is the IPv4 function.
> >
> >
> >
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073