| From: | The Hermit Hacker <scrappy(at)hub(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, darcy(at)vex(dot)net |
| Subject: | Re: pg_hba.conf && ident ... |
| Date: | 2000-05-10 14:34:02 |
| Message-ID: | Pine.BSF.4.21.0005101132330.777-100000@thelab.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 10 May 2000, Tom Lane wrote:
> The Hermit Hacker <scrappy(at)hub(dot)org> writes:
> > i pg_hba.conf, that host has:
> > host trends_acctng 216.126.72.30 255.255.255.255 ident sameuser
> > And its the only time we have ident being used ...
> > right now, its the only theory I ahve to work with ...
>
> Bingo. All your cores show the thing waiting inside the ident code:
>
> (gdb) bt
> #0 0x18263890 in recvfrom () from /usr/lib/libc.so.4
> #1 0x1825062b in recv () from /usr/lib/libc.so.4
> #2 0x80ad4d0 in ident (remote_ip_addr={s_addr = 508067544}, local_ip_addr={
> s_addr = 56131288}, remote_port=27631, local_port=14357,
> ident_failed=0xbfbfeeef "\004\023 \b,\207\024\b\212\217(\030\223\203\204|\n\b\214+\0304P",
> ident_username=0xbfbfeef0 "\004\023 \b,\207\024\b\212\217(\030\223\203\204|\n\b\214+\0304P") at hba.c:635
> #3 0x80ad912 in authident (raddr=0x82011ac, laddr=0x8201140,
> postgres_username=0x8201261 "db", auth_arg=0x8201304 "sameuser")
> at hba.c:869
> #4 0x80ac5b9 in be_recvauth (port=0x8201000) at auth.c:523
> #5 0x80e0c4a in readStartupPacket (arg=0x8201000, len=292, pkt=0x820101c)
> at postmaster.c:1214
> #6 0x80aeb67 in PacketReceiveFragment (port=0x8201000) at pqpacket.c:102
> #7 0x80e08ad in ServerLoop () at postmaster.c:982
> #8 0x80e039a in PostmasterMain (argc=13, argv=0xbfbffbc4) at postmaster.c:723
> #9 0x80aee43 in main (argc=13, argv=0xbfbffbc4) at main.c:93
> #10 0x8063393 in _start ()
>
> Looking at the code, there doesn't seem to be any defense against a
> broken ident server --- there is no timeout or anything being used here!
> Ugh. Has it always been like this?
>
> Anyway, I think the immediate fix for you is to stop using ident auth
> for that host, at least till we can improve this code...
Once I started scanning with lsof and saw the auth stuff, I clued in and
we disabled the ident stuff ... looking at your backtrace above, I should
have clued in sooner, as I *saw* the ident on line 2, but didn't *see* it
:(
Thanks ...
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy(at)hub(dot)org secondary: scrappy(at){freebsd|postgresql}.org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | The Hermit Hacker | 2000-05-10 14:44:34 | Re: pgsql/php3/apache authentication |
| Previous Message | Tom Lane | 2000-05-10 14:27:13 | Re: pg_hba.conf && ident ... |