Re: Server ignores contents of SASLInitialResponse
Noah Misch <noah@leadboat.com>
From: Noah Misch <noah@leadboat.com>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: Michael Paquier <michael.paquier@gmail.com>, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2017-06-03T04:58:40Z
Lists: pgsql-hackers
On Tue, May 30, 2017 at 03:04:47AM +0000, Noah Misch wrote: > On Thu, May 25, 2017 at 10:52:23AM -0400, Michael Paquier wrote: > > On Thu, May 25, 2017 at 9:32 AM, Michael Paquier > > <michael.paquier@gmail.com> wrote: > > > On Thu, May 25, 2017 at 8:51 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote: > > >> On 05/24/2017 11:33 PM, Michael Paquier wrote: > > >>> I have noticed today that the server ignores completely the contents > > >>> of SASLInitialResponse. ... Attached is a patch to fix the problem. > > >> > > >> Fixed, thanks! > > > > > > Thanks for the commit. > > > > Actually, I don't think that we are completely done here. Using the > > patch of upthread to enforce a failure on SASLInitialResponse, I see > > that connecting without SSL causes the following error: > > psql: FATAL: password authentication failed for user "mpaquier" > > But connecting with SSL returns that: > > psql: duplicate SASL authentication request > > > > I have not looked at that in details yet, but it seems to me that we > > should not take pg_SASL_init() twice in the scram authentication code > > path in libpq for a single attempt. > > [Action required within three days. This is a generic notification.] > > The above-described topic is currently a PostgreSQL 10 open item. Heikki, > since you committed the patch believed to have created it, you own this open > item. If some other commit is more relevant or if this does not belong as a > v10 open item, please let us know. Otherwise, please observe the policy on > open item ownership[1] and send a status update within three calendar days of > this message. Include a date for your subsequent status update. Testers may > discover new open items at any time, and I want to plan to get them all fixed > well in advance of shipping v10. Consequently, I will appreciate your efforts > toward speedy resolution. Thanks. > > [1] https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com This PostgreSQL 10 open item is past due for your status update. Kindly send a status update within 24 hours, and include a date for your subsequent status update. Refer to the policy on open item ownership: https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com
Commits
-
Clear auth context correctly when re-connecting after failed auth attempt.
- f44c609ea014 9.6.4 landed
- 1fe1fc449772 9.4.13 landed
- f2fa0c6514b6 9.3.18 landed
- 739cb7f8bfeb 9.5.8 landed
- e6c33d594a00 10.0 landed
-
Fix double-free bug in GSS authentication.
- 3344582e6f16 10.0 landed
-
Abort authentication if the client selected an invalid SASL mechanism.
- 505b5d2f8672 10.0 landed
-
Refactor libpq authentication request processing.
- 61bf96cab063 10.0 cited