Skip to content

Commit c3e9699

Browse files
bmomjianbmomjian
committed
Enable IPv6 connections to the server, and add pg_hba.conf IPv6 entries
if the OS supports it. Code will still compile on non-IPv6-aware machines (feature added by Bruce). Nigel Kukard
1 parent d99e7b5 commit c3e9699

File tree

18 files changed

+922
-221
lines changed

18 files changed

+922
-221
lines changed

configure

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7169,6 +7169,80 @@ fi
71697169
done
71707170
71717171
7172+
# This exports HAVE_IPV6 to both C files and Makefiles
7173+
echo "$as_me:$LINENO: checking for getaddrinfo" >&5
7174+
echo $ECHO_N "checking for getaddrinfo... $ECHO_C" >&6
7175+
if test "${ac_cv_func_getaddrinfo+set}" = set; then
7176+
echo $ECHO_N "(cached) $ECHO_C" >&6
7177+
else
7178+
cat >conftest.$ac_ext <<_ACEOF
7179+
#line $LINENO "configure"
7180+
#include "confdefs.h"
7181+
/* System header to define __stub macros and hopefully few prototypes,
7182+
which can conflict with char getaddrinfo (); below. */
7183+
#include <assert.h>
7184+
/* Override any gcc2 internal prototype to avoid an error. */
7185+
#ifdef __cplusplus
7186+
extern "C"
7187+
#endif
7188+
/* We use char because int might match the return type of a gcc2
7189+
builtin and then its argument prototype would still apply. */
7190+
char getaddrinfo ();
7191+
char (*f) ();
7192+
7193+
#ifdef F77_DUMMY_MAIN
7194+
# ifdef __cplusplus
7195+
extern "C"
7196+
# endif
7197+
int F77_DUMMY_MAIN() { return 1; }
7198+
#endif
7199+
int
7200+
main ()
7201+
{
7202+
/* The GNU C library defines this for functions which it implements
7203+
to always fail with ENOSYS. Some functions are actually named
7204+
something starting with __ and the normal name is an alias. */
7205+
#if defined (__stub_getaddrinfo) || defined (__stub___getaddrinfo)
7206+
choke me
7207+
#else
7208+
f = getaddrinfo;
7209+
#endif
7210+
7211+
;
7212+
return 0;
7213+
}
7214+
_ACEOF
7215+
rm -f conftest.$ac_objext conftest$ac_exeext
7216+
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
7217+
(eval $ac_link) 2>&5
7218+
ac_status=$?
7219+
echo "$as_me:$LINENO: \$? = $ac_status" >&5
7220+
(exit $ac_status); } &&
7221+
{ ac_try='test -s conftest$ac_exeext'
7222+
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
7223+
(eval $ac_try) 2>&5
7224+
ac_status=$?
7225+
echo "$as_me:$LINENO: \$? = $ac_status" >&5
7226+
(exit $ac_status); }; }; then
7227+
ac_cv_func_getaddrinfo=yes
7228+
else
7229+
echo "$as_me: failed program was:" >&5
7230+
cat conftest.$ac_ext >&5
7231+
ac_cv_func_getaddrinfo=no
7232+
fi
7233+
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
7234+
fi
7235+
echo "$as_me:$LINENO: result: $ac_cv_func_getaddrinfo" >&5
7236+
echo "${ECHO_T}$ac_cv_func_getaddrinfo" >&6
7237+
if test $ac_cv_func_getaddrinfo = yes; then
7238+
HAVE_IPV6="yes"; cat >>confdefs.h <<\_ACEOF
7239+
#define HAVE_IPV6 1
7240+
_ACEOF
7241+
7242+
fi
7243+
7244+
7245+
71727246
if test "$with_readline" = yes; then
71737247
71747248
for ac_header in readline/readline.h
@@ -16427,6 +16501,7 @@ s,@python_moduledir@,$python_moduledir,;t t
1642716501
s,@python_moduleexecdir@,$python_moduleexecdir,;t t
1642816502
s,@python_includespec@,$python_includespec,;t t
1642916503
s,@python_libspec@,$python_libspec,;t t
16504+
s,@HAVE_IPV6@,$HAVE_IPV6,;t t
1643016505
s,@LIBOBJS@,$LIBOBJS,;t t
1643116506
s,@HPUXMATHLIB@,$HPUXMATHLIB,;t t
1643216507
s,@HAVE_POSIX_SIGNALS@,$HAVE_POSIX_SIGNALS,;t t

configure.in

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
dnl Process this file with autoconf to produce a configure script.
2-
dnl $Header: /cvsroot/pgsql/configure.in,v 1.224 2002/12/30 17:19:49 tgl Exp $
2+
dnl $Header: /cvsroot/pgsql/configure.in,v 1.225 2003/01/06 03:18:25 momjian Exp $
33
dnl
44
dnl Developers, please strive to achieve this order:
55
dnl
@@ -687,6 +687,11 @@ AC_CHECK_HEADERS(netinet/tcp.h, [], [],
687687
#endif
688688
])
689689

690+
# This exports HAVE_IPV6 to both C files and Makefiles
691+
AC_CHECK_FUNC(getaddrinfo,
692+
[HAVE_IPV6="yes"; AC_DEFINE(HAVE_IPV6, 1, [])], [])
693+
AC_SUBST(HAVE_IPV6)
694+
690695
if test "$with_readline" = yes; then
691696
AC_CHECK_HEADERS(readline/readline.h, [],
692697
[AC_CHECK_HEADERS(readline.h, [],
@@ -908,7 +913,7 @@ AC_CHECK_FUNCS([strtoull strtouq], [break])
908913
# Check for one of atexit() or on_exit()
909914
AC_CHECK_FUNCS(atexit, [],
910915
[AC_CHECK_FUNCS(on_exit, [],
911-
[AC_MSG_ERROR([neither atexit() nor on_exit() found])])])
916+
[AC_MSG_ERROR([neither atexit() nor on_exit() found])])])
912917

913918
AC_FUNC_FSEEKO
914919

doc/src/sgml/client-auth.sgml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.42 2002/12/03 21:50:44 momjian Exp $
2+
$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.43 2003/01/06 03:18:26 momjian Exp $
33
-->
44

55
<chapter id="client-authentication">
@@ -190,7 +190,11 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <
190190
</blockquote>
191191
must be zero for the record to match. (Of course IP addresses
192192
can be spoofed but this consideration is beyond the scope of
193-
<productname>PostgreSQL</productname>.)
193+
<productname>PostgreSQL</productname>.) If you machine supports
194+
IPv6, the default <filename>pg_hba.conf</> will have an IPv6
195+
entry for <literal>localhost</>. You can add your own IPv6
196+
entries to the file. IPv6 entries are used only for IPv6
197+
connections.
194198
</para>
195199

196200
<para>

src/Makefile.global.in

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# -*-makefile-*-
2-
# $Header: /cvsroot/pgsql/src/Makefile.global.in,v 1.158 2003/01/05 13:45:47 petere Exp $
2+
# $Header: /cvsroot/pgsql/src/Makefile.global.in,v 1.159 2003/01/06 03:18:26 momjian Exp $
33

44
#------------------------------------------------------------------------------
55
# All PostgreSQL makefiles include this file and use the variables it sets,
@@ -277,6 +277,7 @@ ifeq ($(enable_rpath), yes)
277277
LDFLAGS += $(rpath)
278278
endif
279279

280+
HAVE_IPV6 = @HAVE_IPV6@
280281

281282
##########################################################################
282283
#

src/backend/Makefile

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
#
55
# Copyright (c) 1994, Regents of the University of California
66
#
7-
# $Header: /cvsroot/pgsql/src/backend/Makefile,v 1.89 2002/12/14 00:24:23 petere Exp $
7+
# $Header: /cvsroot/pgsql/src/backend/Makefile,v 1.90 2003/01/06 03:18:26 momjian Exp $
88
#
99
#-------------------------------------------------------------------------
1010

@@ -132,7 +132,14 @@ ifeq ($(MAKE_DLL), true)
132132
endif
133133
endif
134134
$(MAKE) -C catalog install-data
135+
ifdef HAVE_IPV6
135136
$(INSTALL_DATA) $(srcdir)/libpq/pg_hba.conf.sample $(DESTDIR)$(datadir)/pg_hba.conf.sample
137+
else
138+
grep -v '^host.*::1.*ffff:ffff:ffff:ffff:ffff:ffff' \
139+
$(srcdir)/libpq/pg_hba.conf.sample \
140+
> $(srcdir)/libpq/pg_hba.conf.sample.no_ipv6
141+
$(INSTALL_DATA) $(srcdir)/libpq/pg_hba.conf.sample.no_ipv6 $(DESTDIR)$(datadir)/pg_hba.conf.sample
142+
endif
136143
$(INSTALL_DATA) $(srcdir)/libpq/pg_ident.conf.sample $(DESTDIR)$(datadir)/pg_ident.conf.sample
137144
$(INSTALL_DATA) $(srcdir)/utils/misc/postgresql.conf.sample $(DESTDIR)$(datadir)/postgresql.conf.sample
138145

@@ -182,6 +189,9 @@ clean:
182189
rm -f postgres$(X) $(POSTGRES_IMP) \
183190
$(top_srcdir)/src/include/parser/parse.h \
184191
$(top_builddir)/src/include/utils/fmgroids.h
192+
ifndef HAVE_IPV6
193+
rm -f $(srcdir)/libpq/pg_hba.conf.sample.no_ipv6
194+
endif
185195
ifeq ($(PORTNAME), win)
186196
rm -f postgres.dll postgres.def libpostgres.a
187197
endif

src/backend/libpq/Makefile

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
# Makefile for libpq subsystem (backend half of libpq interface)
55
#
66
# IDENTIFICATION
7-
# $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.35 2002/12/06 04:37:02 momjian Exp $
7+
# $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.36 2003/01/06 03:18:26 momjian Exp $
88
#
99
#-------------------------------------------------------------------------
1010

@@ -14,8 +14,8 @@ include $(top_builddir)/src/Makefile.global
1414

1515
# be-fsstubs is here for historical reasons, probably belongs elsewhere
1616

17-
OBJS = be-fsstubs.o be-secure.o auth.o crypt.o hba.o md5.o pqcomm.o \
18-
pqformat.o pqsignal.o
17+
OBJS = be-fsstubs.o be-secure.o auth.o crypt.o hba.o ip.o md5.o pqcomm.o \
18+
pqformat.o pqsignal.o
1919

2020

2121
all: SUBSYS.o

src/backend/libpq/auth.c

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.94 2002/12/06 04:37:02 momjian Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.95 2003/01/06 03:18:26 momjian Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -410,12 +410,18 @@ ClientAuthentication(Port *port)
410410
*/
411411
{
412412
const char *hostinfo = "localhost";
413+
#ifdef HAVE_IPV6
414+
char ip_hostinfo[INET6_ADDRSTRLEN];
415+
#else
416+
char ip_hostinfo[INET_ADDRSTRLEN];
417+
#endif
418+
if (isAF_INETx(port->raddr.sa.sa_family) )
419+
hostinfo = SockAddr_ntop(&port->raddr, ip_hostinfo,
420+
sizeof(ip_hostinfo), 1);
413421

414-
if (port->raddr.sa.sa_family == AF_INET)
415-
hostinfo = inet_ntoa(port->raddr.in.sin_addr);
416422
elog(FATAL,
417-
"No pg_hba.conf entry for host %s, user %s, database %s",
418-
hostinfo, port->user, port->database);
423+
"No pg_hba.conf entry for host %s, user %s, database %s",
424+
hostinfo, port->user, port->database);
419425
break;
420426
}
421427

src/backend/libpq/hba.c

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
*
1111
*
1212
* IDENTIFICATION
13-
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.92 2002/12/14 18:49:37 momjian Exp $
13+
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.93 2003/01/06 03:18:26 momjian Exp $
1414
*
1515
*-------------------------------------------------------------------------
1616
*/
@@ -586,8 +586,7 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
586586
}
587587
else if (strcmp(token, "host") == 0 || strcmp(token, "hostssl") == 0)
588588
{
589-
struct in_addr file_ip_addr,
590-
mask;
589+
SockAddr file_ip_addr, mask;
591590

592591
if (strcmp(token, "hostssl") == 0)
593592
{
@@ -623,15 +622,20 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
623622
if (!line)
624623
goto hba_syntax;
625624
token = lfirst(line);
626-
if (!inet_aton(token, &file_ip_addr))
625+
626+
if(SockAddr_pton(&file_ip_addr, token) < 0)
627627
goto hba_syntax;
628628

629629
/* Read the mask field. */
630630
line = lnext(line);
631631
if (!line)
632632
goto hba_syntax;
633633
token = lfirst(line);
634-
if (!inet_aton(token, &mask))
634+
635+
if(SockAddr_pton(&mask, token) < 0)
636+
goto hba_syntax;
637+
638+
if(file_ip_addr.sa.sa_family != mask.sa.sa_family)
635639
goto hba_syntax;
636640

637641
/* Read the rest of the line. */
@@ -643,8 +647,8 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
643647
goto hba_syntax;
644648

645649
/* Must meet network restrictions */
646-
if (port->raddr.sa.sa_family != AF_INET ||
647-
((file_ip_addr.s_addr ^ port->raddr.in.sin_addr.s_addr) & mask.s_addr) != 0)
650+
if (!isAF_INETx(port->raddr.sa.sa_family) ||
651+
!rangeSockAddr(&port->raddr, &file_ip_addr, &mask))
648652
return;
649653
}
650654
else

0 commit comments

Comments
 (0)