2016-09-02 12:49:59 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
*
|
|
|
|
* ip.c
|
|
|
|
* IPv6-aware network access.
|
|
|
|
*
|
2018-01-03 05:30:12 +01:00
|
|
|
* Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
|
2016-09-02 12:49:59 +02:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* IDENTIFICATION
|
|
|
|
* src/common/ip.c
|
|
|
|
*
|
|
|
|
* This file and the IPV6 implementation were initially provided by
|
|
|
|
* Nigel Kukard <nkukard@lbsd.net>, Linux Based Systems Design
|
|
|
|
* http://www.lbsd.net.
|
|
|
|
*
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef FRONTEND
|
|
|
|
#include "postgres.h"
|
|
|
|
#else
|
|
|
|
#include "postgres_fe.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <netdb.h>
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#ifdef HAVE_NETINET_TCP_H
|
|
|
|
#include <netinet/tcp.h>
|
|
|
|
#endif
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#include <sys/file.h>
|
|
|
|
|
|
|
|
#include "common/ip.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_UNIX_SOCKETS
|
|
|
|
static int getaddrinfo_unix(const char *path,
|
2017-06-21 20:39:04 +02:00
|
|
|
const struct addrinfo *hintsp,
|
|
|
|
struct addrinfo **result);
|
2016-09-02 12:49:59 +02:00
|
|
|
|
2017-06-21 20:39:04 +02:00
|
|
|
static int getnameinfo_unix(const struct sockaddr_un *sa, int salen,
|
2016-09-02 12:49:59 +02:00
|
|
|
char *node, int nodelen,
|
|
|
|
char *service, int servicelen,
|
|
|
|
int flags);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* pg_getaddrinfo_all - get address info for Unix, IPv4 and IPv6 sockets
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
pg_getaddrinfo_all(const char *hostname, const char *servname,
|
2017-06-21 20:39:04 +02:00
|
|
|
const struct addrinfo *hintp, struct addrinfo **result)
|
2016-09-02 12:49:59 +02:00
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
/* not all versions of getaddrinfo() zero *result on failure */
|
|
|
|
*result = NULL;
|
|
|
|
|
|
|
|
#ifdef HAVE_UNIX_SOCKETS
|
|
|
|
if (hintp->ai_family == AF_UNIX)
|
|
|
|
return getaddrinfo_unix(servname, hintp, result);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* NULL has special meaning to getaddrinfo(). */
|
|
|
|
rc = getaddrinfo((!hostname || hostname[0] == '\0') ? NULL : hostname,
|
|
|
|
servname, hintp, result);
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* pg_freeaddrinfo_all - free addrinfo structures for IPv4, IPv6, or Unix
|
|
|
|
*
|
|
|
|
* Note: the ai_family field of the original hint structure must be passed
|
|
|
|
* so that we can tell whether the addrinfo struct was built by the system's
|
|
|
|
* getaddrinfo() routine or our own getaddrinfo_unix() routine. Some versions
|
|
|
|
* of getaddrinfo() might be willing to return AF_UNIX addresses, so it's
|
|
|
|
* not safe to look at ai_family in the addrinfo itself.
|
|
|
|
*/
|
|
|
|
void
|
2017-06-21 20:39:04 +02:00
|
|
|
pg_freeaddrinfo_all(int hint_ai_family, struct addrinfo *ai)
|
2016-09-02 12:49:59 +02:00
|
|
|
{
|
|
|
|
#ifdef HAVE_UNIX_SOCKETS
|
|
|
|
if (hint_ai_family == AF_UNIX)
|
|
|
|
{
|
|
|
|
/* struct was built by getaddrinfo_unix (see pg_getaddrinfo_all) */
|
|
|
|
while (ai != NULL)
|
|
|
|
{
|
|
|
|
struct addrinfo *p = ai;
|
|
|
|
|
|
|
|
ai = ai->ai_next;
|
|
|
|
free(p->ai_addr);
|
|
|
|
free(p);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
Phase 2 of pgindent updates.
Change pg_bsd_indent to follow upstream rules for placement of comments
to the right of code, and remove pgindent hack that caused comments
following #endif to not obey the general rule.
Commit e3860ffa4dd0dad0dd9eea4be9cc1412373a8c89 wasn't actually using
the published version of pg_bsd_indent, but a hacked-up version that
tried to minimize the amount of movement of comments to the right of
code. The situation of interest is where such a comment has to be
moved to the right of its default placement at column 33 because there's
code there. BSD indent has always moved right in units of tab stops
in such cases --- but in the previous incarnation, indent was working
in 8-space tab stops, while now it knows we use 4-space tabs. So the
net result is that in about half the cases, such comments are placed
one tab stop left of before. This is better all around: it leaves
more room on the line for comment text, and it means that in such
cases the comment uniformly starts at the next 4-space tab stop after
the code, rather than sometimes one and sometimes two tabs after.
Also, ensure that comments following #endif are indented the same
as comments following other preprocessor commands such as #else.
That inconsistency turns out to have been self-inflicted damage
from a poorly-thought-through post-indent "fixup" in pgindent.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:18:54 +02:00
|
|
|
#endif /* HAVE_UNIX_SOCKETS */
|
2016-09-02 12:49:59 +02:00
|
|
|
{
|
|
|
|
/* struct was built by getaddrinfo() */
|
|
|
|
if (ai != NULL)
|
|
|
|
freeaddrinfo(ai);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* pg_getnameinfo_all - get name info for Unix, IPv4 and IPv6 sockets
|
|
|
|
*
|
|
|
|
* The API of this routine differs from the standard getnameinfo() definition
|
|
|
|
* in two ways: first, the addr parameter is declared as sockaddr_storage
|
|
|
|
* rather than struct sockaddr, and second, the node and service fields are
|
|
|
|
* guaranteed to be filled with something even on failure return.
|
|
|
|
*/
|
|
|
|
int
|
2017-06-21 20:39:04 +02:00
|
|
|
pg_getnameinfo_all(const struct sockaddr_storage *addr, int salen,
|
2016-09-02 12:49:59 +02:00
|
|
|
char *node, int nodelen,
|
|
|
|
char *service, int servicelen,
|
|
|
|
int flags)
|
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
#ifdef HAVE_UNIX_SOCKETS
|
|
|
|
if (addr && addr->ss_family == AF_UNIX)
|
|
|
|
rc = getnameinfo_unix((const struct sockaddr_un *) addr, salen,
|
|
|
|
node, nodelen,
|
|
|
|
service, servicelen,
|
|
|
|
flags);
|
|
|
|
else
|
|
|
|
#endif
|
|
|
|
rc = getnameinfo((const struct sockaddr *) addr, salen,
|
|
|
|
node, nodelen,
|
|
|
|
service, servicelen,
|
|
|
|
flags);
|
|
|
|
|
|
|
|
if (rc != 0)
|
|
|
|
{
|
|
|
|
if (node)
|
|
|
|
strlcpy(node, "???", nodelen);
|
|
|
|
if (service)
|
|
|
|
strlcpy(service, "???", servicelen);
|
|
|
|
}
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#if defined(HAVE_UNIX_SOCKETS)
|
|
|
|
|
|
|
|
/* -------
|
|
|
|
* getaddrinfo_unix - get unix socket info using IPv6-compatible API
|
|
|
|
*
|
|
|
|
* Bugs: only one addrinfo is set even though hintsp is NULL or
|
|
|
|
* ai_socktype is 0
|
|
|
|
* AI_CANONNAME is not supported.
|
|
|
|
* -------
|
|
|
|
*/
|
|
|
|
static int
|
2017-06-21 20:39:04 +02:00
|
|
|
getaddrinfo_unix(const char *path, const struct addrinfo *hintsp,
|
|
|
|
struct addrinfo **result)
|
2016-09-02 12:49:59 +02:00
|
|
|
{
|
|
|
|
struct addrinfo hints;
|
|
|
|
struct addrinfo *aip;
|
|
|
|
struct sockaddr_un *unp;
|
|
|
|
|
|
|
|
*result = NULL;
|
|
|
|
|
|
|
|
MemSet(&hints, 0, sizeof(hints));
|
|
|
|
|
|
|
|
if (strlen(path) >= sizeof(unp->sun_path))
|
|
|
|
return EAI_FAIL;
|
|
|
|
|
|
|
|
if (hintsp == NULL)
|
|
|
|
{
|
|
|
|
hints.ai_family = AF_UNIX;
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
memcpy(&hints, hintsp, sizeof(hints));
|
|
|
|
|
|
|
|
if (hints.ai_socktype == 0)
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
|
|
|
if (hints.ai_family != AF_UNIX)
|
|
|
|
{
|
|
|
|
/* shouldn't have been called */
|
|
|
|
return EAI_FAIL;
|
|
|
|
}
|
|
|
|
|
|
|
|
aip = calloc(1, sizeof(struct addrinfo));
|
|
|
|
if (aip == NULL)
|
|
|
|
return EAI_MEMORY;
|
|
|
|
|
|
|
|
unp = calloc(1, sizeof(struct sockaddr_un));
|
|
|
|
if (unp == NULL)
|
|
|
|
{
|
|
|
|
free(aip);
|
|
|
|
return EAI_MEMORY;
|
|
|
|
}
|
|
|
|
|
|
|
|
aip->ai_family = AF_UNIX;
|
|
|
|
aip->ai_socktype = hints.ai_socktype;
|
|
|
|
aip->ai_protocol = hints.ai_protocol;
|
|
|
|
aip->ai_next = NULL;
|
|
|
|
aip->ai_canonname = NULL;
|
|
|
|
*result = aip;
|
|
|
|
|
|
|
|
unp->sun_family = AF_UNIX;
|
|
|
|
aip->ai_addr = (struct sockaddr *) unp;
|
|
|
|
aip->ai_addrlen = sizeof(struct sockaddr_un);
|
|
|
|
|
|
|
|
strcpy(unp->sun_path, path);
|
|
|
|
|
|
|
|
#ifdef HAVE_STRUCT_SOCKADDR_STORAGE_SS_LEN
|
|
|
|
unp->sun_len = sizeof(struct sockaddr_un);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Convert an address to a hostname.
|
|
|
|
*/
|
|
|
|
static int
|
2017-06-21 20:39:04 +02:00
|
|
|
getnameinfo_unix(const struct sockaddr_un *sa, int salen,
|
2016-09-02 12:49:59 +02:00
|
|
|
char *node, int nodelen,
|
|
|
|
char *service, int servicelen,
|
|
|
|
int flags)
|
|
|
|
{
|
Clean up assorted misuses of snprintf()'s result value.
Fix a small number of places that were testing the result of snprintf()
but doing so incorrectly. The right test for buffer overrun, per C99,
is "result >= bufsize" not "result > bufsize". Some places were also
checking for failure with "result == -1", but the standard only says
that a negative value is delivered on failure.
(Note that this only makes these places correct if snprintf() delivers
C99-compliant results. But at least now these places are consistent
with all the other places where we assume that.)
Also, make psql_start_test() and isolation_start_test() check for
buffer overrun while constructing their shell commands. There seems
like a higher risk of overrun, with more severe consequences, here
than there is for the individual file paths that are made elsewhere
in the same functions, so this seemed like a worthwhile change.
Also fix guc.c's do_serialize() to initialize errno = 0 before
calling vsnprintf. In principle, this should be unnecessary because
vsnprintf should have set errno if it returns a failure indication ...
but the other two places this coding pattern is cribbed from don't
assume that, so let's be consistent.
These errors are all very old, so back-patch as appropriate. I think
that only the shell command overrun cases are even theoretically
reachable in practice, but there's not much point in erroneous error
checks.
Discussion: https://postgr.es/m/17245.1534289329@sss.pgh.pa.us
2018-08-15 22:29:31 +02:00
|
|
|
int ret;
|
2016-09-02 12:49:59 +02:00
|
|
|
|
|
|
|
/* Invalid arguments. */
|
|
|
|
if (sa == NULL || sa->sun_family != AF_UNIX ||
|
|
|
|
(node == NULL && service == NULL))
|
|
|
|
return EAI_FAIL;
|
|
|
|
|
|
|
|
if (node)
|
|
|
|
{
|
|
|
|
ret = snprintf(node, nodelen, "%s", "[local]");
|
Clean up assorted misuses of snprintf()'s result value.
Fix a small number of places that were testing the result of snprintf()
but doing so incorrectly. The right test for buffer overrun, per C99,
is "result >= bufsize" not "result > bufsize". Some places were also
checking for failure with "result == -1", but the standard only says
that a negative value is delivered on failure.
(Note that this only makes these places correct if snprintf() delivers
C99-compliant results. But at least now these places are consistent
with all the other places where we assume that.)
Also, make psql_start_test() and isolation_start_test() check for
buffer overrun while constructing their shell commands. There seems
like a higher risk of overrun, with more severe consequences, here
than there is for the individual file paths that are made elsewhere
in the same functions, so this seemed like a worthwhile change.
Also fix guc.c's do_serialize() to initialize errno = 0 before
calling vsnprintf. In principle, this should be unnecessary because
vsnprintf should have set errno if it returns a failure indication ...
but the other two places this coding pattern is cribbed from don't
assume that, so let's be consistent.
These errors are all very old, so back-patch as appropriate. I think
that only the shell command overrun cases are even theoretically
reachable in practice, but there's not much point in erroneous error
checks.
Discussion: https://postgr.es/m/17245.1534289329@sss.pgh.pa.us
2018-08-15 22:29:31 +02:00
|
|
|
if (ret < 0 || ret >= nodelen)
|
2016-09-02 12:49:59 +02:00
|
|
|
return EAI_MEMORY;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (service)
|
|
|
|
{
|
|
|
|
ret = snprintf(service, servicelen, "%s", sa->sun_path);
|
Clean up assorted misuses of snprintf()'s result value.
Fix a small number of places that were testing the result of snprintf()
but doing so incorrectly. The right test for buffer overrun, per C99,
is "result >= bufsize" not "result > bufsize". Some places were also
checking for failure with "result == -1", but the standard only says
that a negative value is delivered on failure.
(Note that this only makes these places correct if snprintf() delivers
C99-compliant results. But at least now these places are consistent
with all the other places where we assume that.)
Also, make psql_start_test() and isolation_start_test() check for
buffer overrun while constructing their shell commands. There seems
like a higher risk of overrun, with more severe consequences, here
than there is for the individual file paths that are made elsewhere
in the same functions, so this seemed like a worthwhile change.
Also fix guc.c's do_serialize() to initialize errno = 0 before
calling vsnprintf. In principle, this should be unnecessary because
vsnprintf should have set errno if it returns a failure indication ...
but the other two places this coding pattern is cribbed from don't
assume that, so let's be consistent.
These errors are all very old, so back-patch as appropriate. I think
that only the shell command overrun cases are even theoretically
reachable in practice, but there's not much point in erroneous error
checks.
Discussion: https://postgr.es/m/17245.1534289329@sss.pgh.pa.us
2018-08-15 22:29:31 +02:00
|
|
|
if (ret < 0 || ret >= servicelen)
|
2016-09-02 12:49:59 +02:00
|
|
|
return EAI_MEMORY;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
Phase 2 of pgindent updates.
Change pg_bsd_indent to follow upstream rules for placement of comments
to the right of code, and remove pgindent hack that caused comments
following #endif to not obey the general rule.
Commit e3860ffa4dd0dad0dd9eea4be9cc1412373a8c89 wasn't actually using
the published version of pg_bsd_indent, but a hacked-up version that
tried to minimize the amount of movement of comments to the right of
code. The situation of interest is where such a comment has to be
moved to the right of its default placement at column 33 because there's
code there. BSD indent has always moved right in units of tab stops
in such cases --- but in the previous incarnation, indent was working
in 8-space tab stops, while now it knows we use 4-space tabs. So the
net result is that in about half the cases, such comments are placed
one tab stop left of before. This is better all around: it leaves
more room on the line for comment text, and it means that in such
cases the comment uniformly starts at the next 4-space tab stop after
the code, rather than sometimes one and sometimes two tabs after.
Also, ensure that comments following #endif are indented the same
as comments following other preprocessor commands such as #else.
That inconsistency turns out to have been self-inflicted damage
from a poorly-thought-through post-indent "fixup" in pgindent.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:18:54 +02:00
|
|
|
#endif /* HAVE_UNIX_SOCKETS */
|