Re: 7.4.3 & 8.0.0beta1 + Solaris 9: default pg_hba.conf

Bruce Momjian wrote:

>Added to open items:
>
> * Fix Solaris for single-host netmasks in pg_hba.conf, use CIDR?
>
>

At this stage of the game I would just change pg_hba.conf.sample to use
'127.0.0.1/32' instead of '127.0.0.1 255.255.255.255'. No need for a
Solaris-specific fix for the default setup if we do that, and I don't
have time right now to do what I suggested below.

cheers

andrew

>
>---------------------------------------------------------------------------
>
>Andrew Dunstan wrote:
>
>
>>Tom Lane wrote:
>>
>>
>>
>>>Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
>>>
>>>
>>>
>>>
>>>>>Seems unlikely. I suppose you could argue that we shouldn't be using
>>>>>getaddrinfo on the netmask field at all; there's certainly not any value
>>>>>in doing a DNS lookup on it, for instance. Maybe we should go back to
>>>>>using plain ol' inet_aton for it? (Nah, won't handle IPv6...)
>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>
>>>
>>>>We could do it if we tested the addr.ai_family first, and only did it in
>>>>the IPv4 case. I agree calling getaddrinfo is overkill for masks.
>>>>
>>>>
>>>>
>>>>
>>>Huh? The reason we're using getaddrinfo in the first place is we don't
>>>*know* whether we've got an IPv4 or IPv6 string ...
>>>
>>>
>>>
>>>
>>>
>>>
>>We know the address family - in fact we pass it to SockAddr_cidr_mask().
>>It's only the family of the mask that we don't know. But they had better
>>be the same, of course. See hba.c around line 753:
>>
>> if (cidr_slash)
>> {
>> if (SockAddr_cidr_mask(&mask, cidr_slash + 1,
>>addr.ss_family) < 0)
>> goto hba_syntax;
>> }
>> else
>> {
>> /* Read the mask field. */
>> line_item = lnext(line_item);
>> if (!line_item)
>> goto hba_syntax;
>> token = lfirst(line_item);
>>
>> ret = getaddrinfo_all(token, NULL, &hints, &gai_result);
>>
>>cheers
>>
>>andrew
>>
>>
>>
>
>
>