Stef Walter writes:
> [ postgres-hba-samenet-8.patch ]
Applied with some mostly-cosmetic editorialization.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pg
At 2009-09-30 11:16:57 -0500, stef-l...@memberwebs.com wrote:
>
> I've now added tests for sys/ioctl.h and net/if.h even though these
> headers seemed to be common to all the unixes investigated.
Thanks. I've marked this ready for committer now.
> FWIW, there are checks for various bad netmasks.
Tom Lane wrote:
> I was just poking at this.
Thanks for trying it out.
It seems to need rather a lot of
> editorialization (eg to fix the lack of consistency about whether
> nonstandard headers have configure tests, or bother to make use of the
> tests that did get added).
I've now added tes
Robert Haas writes:
> On Mon, Sep 28, 2009 at 4:04 PM, Stef Walter wrote:
>> * Tested on Solaris, FreeBSD, Linux and Windows. As far as I can tell
>> this should also work on Mac OS, HPUX and AIX, and probably others.
> This look ready to you, too? If so, please mark it as such.
I was just
On Mon, Sep 28, 2009 at 4:04 PM, Stef Walter wrote:
> Robert Haas wrote:
>> So is this one Ready for Committer?
>
> Here we go, I think this one is ready. In addition to previous patches,
> it does:
>
> * Use some techniques from postfix for getting interface addresses.
> Couldn't use code outr
Dave Page wrote:
> On Mon, Sep 28, 2009 at 10:10 PM, Stef Walter
> wrote:
>
>> * Win32 using win_wsa2.dll
>
> I assume you mean ws2_32.dll?
Yes. I get dyslexic around windows DLLs. :)
Stef
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscri
On Mon, Sep 28, 2009 at 10:10 PM, Stef Walter wrote:
> * Win32 using win_wsa2.dll
I assume you mean ws2_32.dll?
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www
Whoops I missed this email...
Robert Haas wrote:
> Rereading the thread, it seems that the main question is whether there
> are any platforms that we support that have neither getifaddrs or
> SIOCGIFCONF, or where they don't work properly.
As far as I can tell, there are no non-ancient mainstream
Robert Haas wrote:
> So is this one Ready for Committer?
Here we go, I think this one is ready. In addition to previous patches,
it does:
* Use some techniques from postfix for getting interface addresses.
Couldn't use code outright, due to license incompatibilities.
* Tested on Solaris, Fre
Robert Haas wrote:
>> Attached patch contains a fix.
>
> So is this one Ready for Committer?
Not yet. Two more things to do. Will work on them early next week:
* On Solaris the ioctl used only returns IPv4 addresses.
* Don't use hard coded buffers on win32 and ioctl.
Cheers,
Stef
--
Sen
On Thu, Sep 24, 2009 at 8:32 PM, Stef Walter wrote:
> Magnus Hagander wrote:
>> On Mon, Sep 21, 2009 at 20:12, Stef Walter wrote:
>> This patch does not build on Windows, the error is:
>> ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@36
>> referenced
>> in function _pg_fore
Magnus Hagander wrote:
> On Mon, Sep 21, 2009 at 20:12, Stef Walter wrote:
> This patch does not build on Windows, the error is:
> ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@36
> referenced
> in function _pg_foreach_ifaddr
> ip.obj : error LNK2019: unresolved external sym
On Wed, Sep 23, 2009 at 7:56 PM, Stef Walter wrote:
> Tom Lane wrote:
>> Stef Walter writes:
>>> Allowing host names in pg_hba.conf would also solve this problem,
>>> although the last person who tried to implement this it was a topic of
>>> contention. I asked if I should focus on reverse DNS ho
Stef Walter writes:
> But if you like I can add additional defensive checks in the code to
> ignore those obviously invalid netmasks like /0. Basically the OS would
> be giving postgres bad information. Does postgres generally try to guard
> against this? I'll follow the convention of the project.
Tom Lane wrote:
> Stef Walter writes:
>> Allowing host names in pg_hba.conf would also solve this problem,
>> although the last person who tried to implement this it was a topic of
>> contention. I asked if I should focus on reverse DNS host names in
>> pg_hba.conf or portability for this samenet
Tom Lane wrote:
> Mark Mielke writes:
>> Postfix has this capability and it works fine.
>
> Hmm, have we looked at the Postfix code to see exactly how they do it?
> I'd be a *lot* more comfortable adopting logic that's been proven in the
> field than something written from scratch.
Good idea.
A
On 09/23/2009 05:40 PM, Tom Lane wrote:
I haven't looked at this "feature" at all, but I'd be inclined, on the
grounds you quite reasonably cite, to require a netmask with "samenet",
rather than just ask the interface for its netmask.
I was just thinking the same thing. Could we then unif
Mark Mielke writes:
> Postfix has this capability and it works fine.
Hmm, have we looked at the Postfix code to see exactly how they do it?
I'd be a *lot* more comfortable adopting logic that's been proven in the
field than something written from scratch.
regards, tom lan
On 09/23/2009 05:37 PM, Andrew Dunstan wrote:
Tom Lane wrote:
In this case what particularly scares me is the idea that 'samenet'
might be interpreted to let in a larger subnet than the user expected,
eg 10/8 instead of 10.0.0/24. You'd likely not notice the problem until
after you'd been broke
Andrew Dunstan writes:
> Tom Lane wrote:
>> In this case what particularly scares me is the idea that 'samenet'
>> might be interpreted to let in a larger subnet than the user expected,
>> eg 10/8 instead of 10.0.0/24. You'd likely not notice the problem until
>> after you'd been broken into ...
Tom Lane wrote:
In this case what particularly scares me is the idea that 'samenet'
might be interpreted to let in a larger subnet than the user expected,
eg 10/8 instead of 10.0.0/24. You'd likely not notice the problem until
after you'd been broken into ...
I haven't looked at this "fe
If looking for representation -
I consider the default pg_hba.conf to be problematic. Newbies start with
"trust" access, and then do silly things to open it up.
I would use samehost, and if samenet worked the same way it does for
Postfix, I would probably use samenet. This information can be
Stef Walter writes:
> Allowing host names in pg_hba.conf would also solve this problem,
> although the last person who tried to implement this it was a topic of
> contention. I asked if I should focus on reverse DNS host names in
> pg_hba.conf or portability for this samenet patch, and it was indi
On Wed, Sep 23, 2009 at 3:53 PM, Stef Walter wrote:
> Robert Haas wrote:
>> On Wed, Sep 23, 2009 at 12:41 PM, Stef Walter
>> wrote:
>>> Currently people are adding 0.0.0.0 to a default pg_hba.conf file in
>>> order to allow access from nearby machines, without running into the
>>> maintenance pr
Robert Haas wrote:
> On Wed, Sep 23, 2009 at 12:41 PM, Stef Walter
> wrote:
>> Currently people are adding 0.0.0.0 to a default pg_hba.conf file in
>> order to allow access from nearby machines, without running into the
>> maintenance problems of hard coding IP addresses. However using 0.0.0.0
>>
On Wed, Sep 23, 2009 at 12:41 PM, Stef Walter wrote:
> Currently people are adding 0.0.0.0 to a default pg_hba.conf file in
> order to allow access from nearby machines, without running into the
> maintenance problems of hard coding IP addresses. However using 0.0.0.0
> is clearly suboptimal from
On Wed, Sep 23, 2009 at 18:41, Stef Walter wrote:
> Magnus Hagander wrote:
>> On Mon, Sep 21, 2009 at 20:12, Stef Walter wrote:
>>
>>
>>
>>> Updated in attached patch.
>>
>> This patch does not build on Windows, the error is:
>> ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@
Magnus Hagander wrote:
> On Mon, Sep 21, 2009 at 20:12, Stef Walter wrote:
>
>
>
>> Updated in attached patch.
>
> This patch does not build on Windows, the error is:
> ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@36
> referenced
> in function _pg_foreach_ifaddr
> ip.ob
On Mon, Sep 21, 2009 at 20:12, Stef Walter wrote:
> Updated in attached patch.
This patch does not build on Windows, the error is:
ip.obj : error LNK2019: unresolved external symbol __imp__wsaio...@36 referenced
in function _pg_foreach_ifaddr
ip.obj : error LNK2019: unresolved external symbol
Thanks for your review!
Abhijit Menon-Sen wrote:
> First, it needs to be reformatted to not use a space before the opening
> parentheses in (some) function calls and definitions.
Fixed in the attached patch.
>> *** a/doc/src/sgml/client-auth.sgml
>> --- b/doc/src/sgml/client-auth.sgml
>> [...]
>
On Sun, Sep 20, 2009 at 05:59, Abhijit Menon-Sen wrote:
> I think the patch is more or less ready, but I have a few minor
> comments:
>
> First, it needs to be reformatted to not use a space before the opening
> parentheses in (some) function calls and definitions.
>
>> *** a/doc/src/sgml/client-a
(This is my review of the latest version of Stef Walter's samehost/net
patch, posted on 2009-09-17. See
http://archives.postgresql.org/message-id/4ab28043.3050...@memberwebs.com
for the original message.)
The patch applies and builds cleanly, and the samehost/samenet keywords
in pg_hba.conf work a
[Thanks for the heads up about the MessageID missing when posting this
previously. Was doing some mail filter development, and accidentally
left it in place... ]
Magnus Hagander wrote:
> 2009/8/25 Alvaro Herrera :
>> Something to keep in mind -- my getifaddrs(3) manpage says that on BSD
>> it can
Stef Walter wrote:
> [Looks like my response to this never made it to the mailing list,
> sending again...]
Your original message did not carry a Message-Id header, and neither
does this one (at least the copy I got). Are you doing something weird
to the message? This worries me, because we inte
2009/8/25 Alvaro Herrera :
> Stef Walter wrote:
>> Magnus Hagander wrote:
>
>> > and not just use SIOCGIFCONF for all Unixen?
>>
>> I do know that using SIOCGIFCONF on AIX comes with strange wrinkles and
>> variable length data structures etc... getifaddrs() on AIX is a far more
>> maintainable int
Something is very wrong here -- this message does not have a
message-id!
Stef Walter wrote:
> Magnus Hagander wrote:
> > On Wed, Aug 19, 2009 at 15:02, Stef Walter wrote:
> >> Magnus Hagander wrote:
> >>> On Wed, Aug 19, 2009 at 03:58, Stef Walter
> >>> wrote:
> Attached is a new patch, whi
Stef Walter wrote:
> Magnus Hagander wrote:
> > and not just use SIOCGIFCONF for all Unixen?
>
> I do know that using SIOCGIFCONF on AIX comes with strange wrinkles and
> variable length data structures etc... getifaddrs() on AIX is a far more
> maintainable interface.
Clearly the getifaddrs cod
Magnus Hagander wrote:
> On Wed, Aug 19, 2009 at 15:02, Stef Walter wrote:
>> Magnus Hagander wrote:
>>> On Wed, Aug 19, 2009 at 03:58, Stef Walter wrote:
Attached is a new patch, which I hope addresses all the concerns raised.
>>> I think you forgot to actually attach the patch
>> Whoops.
On Wed, Aug 19, 2009 at 15:02, Stef Walter wrote:
> Magnus Hagander wrote:
>> On Wed, Aug 19, 2009 at 03:58, Stef Walter wrote:
>>> Attached is a new patch, which I hope addresses all the concerns raised.
>>
>> I think you forgot to actually attach the patch
>
> Whoops. Here it is.
Is there an
Magnus Hagander wrote:
> On Wed, Aug 19, 2009 at 03:58, Stef Walter wrote:
>> Attached is a new patch, which I hope addresses all the concerns raised.
>
> I think you forgot to actually attach the patch
Whoops. Here it is.
Stef
diff --git a/configure.in b/configure.in
index 505644a..bc37b1b
On Wed, Aug 19, 2009 at 03:58, Stef Walter wrote:
> Attached is a new patch, which I hope addresses all the concerns raised.
I think you forgot to actually attach the patch
(others have taken care of the question about login already I see)
--
Magnus Hagander
Me: http://www.hagander.net/
On Tue, Aug 18, 2009 at 10:11 PM, Tom Lane wrote:
> Stef Walter writes:
>> Magnus Hagander wrote:
>>> Please add it to the open commitfest
>>> (https://commitfest.postgresql.org/action/commitfest_view/open). This
>>> will cause it to be reviewed during the next commitfest, and then you
>>> just ne
Stef Walter writes:
> Magnus Hagander wrote:
>> Please add it to the open commitfest
>> (https://commitfest.postgresql.org/action/commitfest_view/open). This
>> will cause it to be reviewed during the next commitfest, and then you
>> just need to be around to answer any questions that reviewers co
Attached is a new patch, which I hope addresses all the concerns raised.
Magnus Hagander wrote:
>> I've attached an initial patch which implements "samehost" and
>> "samenet". The patch looks more invasive than it really is, due to
>> necessary indentation change (ie: a if block), and moving some
Stef Walter writes:
> True. I could build compatibility getifaddrs for various systems, if the
> community thought this patch was worth it, and would otherwise accept
> the patch.
If you can do that I think it'd remove the major objection.
regards, tom lane
--
Sent via
Tom Lane wrote:
> Magnus Hagander writes:
>> On Fri, Aug 14, 2009 at 00:50, Stef Walter wrote:
>>> It would be great if, in the cidr-address field of pg_hba.conf, we could
>>> specify "samehost" and "samenet".
>
>> Seems like a reasonable feature - especially the samehost part.
>
> ISTM people h
Magnus Hagander wrote:
>
> A couple of comments on the patch:
Thanks I'll keep these in mind, as things progress and for future patches.
> * In general, don't include configure in the patch. Just configure.in.
> Makes it easier to read, and configure is normally built by the
> committer anyway.
Magnus Hagander writes:
> On Fri, Aug 14, 2009 at 00:50, Stef Walter wrote:
>> It would be great if, in the cidr-address field of pg_hba.conf, we could
>> specify "samehost" and "samenet".
> Seems like a reasonable feature - especially the samehost part.
ISTM people have traditionally used 127.0
On Fri, Aug 14, 2009 at 00:50, Stef Walter wrote:
> I love using postgresql, and have for a long time. I'm involved with
> almost a hundred postgresql installs. But this is the first time I've
> gotten into the code.
>
> Renumbering networks happens often, and will happen more frequently as
> IPv4
I love using postgresql, and have for a long time. I'm involved with
almost a hundred postgresql installs. But this is the first time I've
gotten into the code.
Renumbering networks happens often, and will happen more frequently as
IPv4 space runs low. The IP based restrictions in pg_hba.conf is o
50 matches
Mail list logo
