From bd05ad8b052012155fd5de0c21029d5869ad5eb4 Mon Sep 17 00:00:00 2001 From: Heikki Linnakangas Date: Fri, 5 May 2017 11:24:02 +0300 Subject: [PATCH] Give nicer error message when connecting to a v10 server requiring SCRAM. This is just to give the user a hint that they need to upgrade, if they try to connect to a v10 server that uses SCRAM authentication, with an older client. Commit to all stable branches, but not master. Discussion: https://www.postgresql.org/message-id/bbf45d92-3896-eeb7-7399-2111d517261b@pivotal.io --- src/include/libpq/pqcomm.h | 2 ++ src/interfaces/libpq/fe-auth.c | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h index c6bbfc23772..1d063d12489 100644 --- a/src/include/libpq/pqcomm.h +++ b/src/include/libpq/pqcomm.h @@ -172,6 +172,8 @@ extern bool Db_user_namespace; #define AUTH_REQ_GSS 7 /* GSSAPI without wrap() */ #define AUTH_REQ_GSS_CONT 8 /* Continue GSS exchanges */ #define AUTH_REQ_SSPI 9 /* SSPI negotiate without wrap() */ +#define AUTH_REQ_SASL 10 /* SASL authentication. Not supported before + * libpq version 10. */ typedef uint32 AuthRequest; diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 9bf6e52d631..493ef82d4a7 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -703,6 +703,19 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn) return STATUS_ERROR; break; + /* + * SASL authentication was introduced in version 10. Older + * versions recognize the request only to give a nicer error + * message. We call it "SCRAM authentication" in the error, rather + * than SASL, because SCRAM is more familiar to users, and it's + * the only SASL authentication mechanism that has been + * implemented as of this writing, anyway. + */ + case AUTH_REQ_SASL: + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("SCRAM authentication requires libpq version 10 or above\n")); + return STATUS_ERROR; + default: printfPQExpBuffer(&conn->errorMessage, libpq_gettext("authentication method %u not supported\n"), areq);