database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-05 09:19:17 +03:00
Code

Abort authentication if the client selected an invalid SASL mechanism.

Browse Source 
Previously, the server would log an error, but then try to continue with
SCRAM-SHA-256 anyway.

Michael Paquier

Discussion: https://www.postgresql.org/message-id/CAB7nPqR0G5aF2_kc_LH29knVqwvmBc66TF5DicvpGVdke68nKw@mail.gmail.com
This commit is contained in:
Heikki Linnakangas 2017-05-25 08:50:47 -04:00
parent 073ce405d6
commit 505b5d2f86
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/libpq/auth.c
View File

@ -934,9 +934,13 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
*/ */
selected_mech = pq_getmsgrawstring(&buf); selected_mech = pq_getmsgrawstring(&buf);
if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0) if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0)
{
ereport(COMMERROR, ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), (errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("client selected an invalid SASL authentication mechanism"))); errmsg("client selected an invalid SASL authentication mechanism")));
pfree(buf.data);
return STATUS_ERROR;
}
inputlen = pq_getmsgint(&buf, 4); inputlen = pq_getmsgint(&buf, 4);
if (inputlen == -1) if (inputlen == -1)