diff options
| author | Bruce Momjian <bruce@momjian.us> | 2003-06-12 02:12:58 +0000 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2003-06-12 02:12:58 +0000 |
| commit | b78961b0da946e67c0f46156c193d27e63aa3de9 (patch) | |
| tree | b0633beed7f5203a8abfe4cef2cb53a7ba7275a8 /src/backend/libpq/hba.c | |
| parent | 310c084921930f5a01601dc11b5bc0fb363c71e4 (diff) | |
Here is a patch that allows CIDR netmasks in pg_hba.conf. It allows two
address/mask forms:
. address/maskbits, or
. address netmask (as now)
If the patch is accepted I will submit a documentation patch to cover
it.
This is submitted by agreement with Kurt Roeckx, who has worked on a
patch that covers this and other IPv6 issues.
Andrew Dunstan
Diffstat (limited to 'src/backend/libpq/hba.c')
| -rw-r--r-- | src/backend/libpq/hba.c | 45 |
1 files changed, 34 insertions, 11 deletions
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index f722bb52716..6d4da21cfb9 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -10,7 +10,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.100 2003/04/25 01:24:00 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.101 2003/06/12 02:12:58 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -588,6 +588,7 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p) else if (strcmp(token, "host") == 0 || strcmp(token, "hostssl") == 0) { SockAddr file_ip_addr, mask; + char * cidr_slash; if (strcmp(token, "hostssl") == 0) { @@ -618,26 +619,48 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p) goto hba_syntax; user = lfirst(line); - /* Read the IP address field. */ + /* Read the IP address field. (with or without CIDR netmask) */ line = lnext(line); if (!line) goto hba_syntax; token = lfirst(line); + /* Check if it has a CIDR suffix and if so isolate it */ + cidr_slash = strchr(token,'/'); + if (cidr_slash) + *cidr_slash = '\0'; + + /* Get the IP address either way */ if(SockAddr_pton(&file_ip_addr, token) < 0) + { + if (cidr_slash) + *cidr_slash = '/'; goto hba_syntax; + } - /* Read the mask field. */ - line = lnext(line); - if (!line) - goto hba_syntax; - token = lfirst(line); + /* Get the netmask */ + if (cidr_slash) + { + *cidr_slash = '/'; + if (SockAddr_cidr_mask(&mask, ++cidr_slash, file_ip_addr.sa.sa_family) < 0) + goto hba_syntax; + } + else + { + /* Read the mask field. */ + line = lnext(line); + if (!line) + goto hba_syntax; + token = lfirst(line); + + if(SockAddr_pton(&mask, token) < 0) + goto hba_syntax; + + if(file_ip_addr.sa.sa_family != mask.sa.sa_family) + goto hba_syntax; + } - if(SockAddr_pton(&mask, token) < 0) - goto hba_syntax; - if(file_ip_addr.sa.sa_family != mask.sa.sa_family) - goto hba_syntax; /* Read the rest of the line. */ line = lnext(line); |