On tor, 2010-10-07 at 12:45 +0900, KaiGai Kohei wrote:
> * The logic is still unclear for me.
>
> The check_hostname() immediately returns with false, if the resolved
> remote hostname is NOT matched with the hostname described in pg_hba.conf.
> If the resolved hostname is matched with the hostname described
> in pg_hba.conf, we can consider this HbaLine to be a suitable
> configuration without any fallbacks. Right?
> It so, it should be as follows:
>
> if (strcmp(port->remote_hostname, hostname) == 0)
> return true;
>
> In addition, we should go the rest of fallback code on mismatch
> cases only, don't we?
The code below that is not a fallback, it is the second part of the
double DNS lookup that has been extensively discussed throughout this
thread. The logic is
get hostname from client's IP address
strcmp hostname to pg_hba.conf
get IP address from hostname
if that IP address == client's IP address; then pg_hba.conf entry OK
> * Why getnameinfo() in the fallback loop?
I checked through my git history; this was actually a leftover from some
debugging code. I'll remove it.
> * Slash ('/') after the hostname
>
> At the parse_hba_line(), the parsed token which contains either
> hostname or cidr address is sliced into two parts on the first '/'
> character, if exist.
> Then, even if cidr_slash is not NULL, it shall be ignored when
> top-half of the token is hostname, not numeric address.
OK, I'll fix that.