Here is a patch that allows CIDR netmasks in pg_hba.conf. It allows two

address/mask forms: . address/maskbits, or . address netmask (as now) If the patch is accepted I will submit a documentation patch to cover it. This is submitted by agreement with Kurt Roeckx, who has worked on a patch that covers this and other IPv6 issues. Andrew Dunstan
2025-11-13 16:22:44 +03:00 · 2003-06-12 02:12:58 +00:00
parent 310c084921
commit b78961b0da
3 changed files with 91 additions and 13 deletions
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.100 2003/04/25 01:24:00 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.101 2003/06/12 02:12:58 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -588,6 +588,7 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
 	else if (strcmp(token, "host") == 0 || strcmp(token, "hostssl") == 0)
 	{
 		SockAddr file_ip_addr, mask;
+		char * cidr_slash;

 		if (strcmp(token, "hostssl") == 0)
 		{
@@ -618,26 +619,48 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
 			goto hba_syntax;
 		user = lfirst(line);

-		/* Read the IP address field. */
+		/* Read the IP address field. (with or without CIDR netmask) */
 		line = lnext(line);
 		if (!line)
 			goto hba_syntax;
 		token = lfirst(line);

+		/* Check if it has a CIDR suffix and if so isolate it */
+		cidr_slash = strchr(token,'/');
+		if (cidr_slash)
+			*cidr_slash = '\0';
+
+		/* Get the IP address either way */
 		if(SockAddr_pton(&file_ip_addr, token) < 0)
+		{
+			if (cidr_slash)
+				*cidr_slash = '/';
 			goto hba_syntax;
+		}

-		/* Read the mask field. */
-		line = lnext(line);
-		if (!line)
-			goto hba_syntax;
-		token = lfirst(line);
+		/* Get the netmask */
+		if (cidr_slash)
+		{
+			*cidr_slash = '/';
+			if (SockAddr_cidr_mask(&mask, ++cidr_slash, file_ip_addr.sa.sa_family) < 0)
+				goto hba_syntax;
+		}
+		else
+		{
+			/* Read the mask field. */
+			line = lnext(line);
+			if (!line)
+				goto hba_syntax;
+			token = lfirst(line);
+
+			if(SockAddr_pton(&mask, token) < 0)
+				goto hba_syntax;
+
+			if(file_ip_addr.sa.sa_family != mask.sa.sa_family)
+				goto hba_syntax;
+		}

-		if(SockAddr_pton(&mask, token) < 0)
-			goto hba_syntax;

-		if(file_ip_addr.sa.sa_family != mask.sa.sa_family)
-			goto hba_syntax;

 		/* Read the rest of the line. */
 		line = lnext(line);