Re: Server ignores contents of SASLInitialResponse
Noah Misch <noah@leadboat.com>
From: Noah Misch <noah@leadboat.com>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: Michael Paquier <michael.paquier@gmail.com>, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2017-06-04T22:49:52Z
Lists: pgsql-hackers
On Fri, Jun 02, 2017 at 09:58:40PM -0700, Noah Misch wrote: > On Tue, May 30, 2017 at 03:04:47AM +0000, Noah Misch wrote: > > On Thu, May 25, 2017 at 10:52:23AM -0400, Michael Paquier wrote: > > > On Thu, May 25, 2017 at 9:32 AM, Michael Paquier > > > <michael.paquier@gmail.com> wrote: > > > > On Thu, May 25, 2017 at 8:51 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote: > > > >> On 05/24/2017 11:33 PM, Michael Paquier wrote: > > > >>> I have noticed today that the server ignores completely the contents > > > >>> of SASLInitialResponse. ... Attached is a patch to fix the problem. > > > >> > > > >> Fixed, thanks! > > > > > > > > Thanks for the commit. > > > > > > Actually, I don't think that we are completely done here. Using the > > > patch of upthread to enforce a failure on SASLInitialResponse, I see > > > that connecting without SSL causes the following error: > > > psql: FATAL: password authentication failed for user "mpaquier" > > > But connecting with SSL returns that: > > > psql: duplicate SASL authentication request > > > > > > I have not looked at that in details yet, but it seems to me that we > > > should not take pg_SASL_init() twice in the scram authentication code > > > path in libpq for a single attempt. > > > > [Action required within three days. This is a generic notification.] > > > > The above-described topic is currently a PostgreSQL 10 open item. Heikki, > > since you committed the patch believed to have created it, you own this open > > item. If some other commit is more relevant or if this does not belong as a > > v10 open item, please let us know. Otherwise, please observe the policy on > > open item ownership[1] and send a status update within three calendar days of > > this message. Include a date for your subsequent status update. Testers may > > discover new open items at any time, and I want to plan to get them all fixed > > well in advance of shipping v10. Consequently, I will appreciate your efforts > > toward speedy resolution. Thanks. > > > > [1] https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com > > This PostgreSQL 10 open item is past due for your status update. Kindly send > a status update within 24 hours, and include a date for your subsequent status > update. Refer to the policy on open item ownership: > https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com IMMEDIATE ATTENTION REQUIRED. This PostgreSQL 10 open item is long past due for your status update. Please reacquaint yourself with the policy on open item ownership[1] and then reply immediately. If I do not hear from you by 2017-06-05 23:00 UTC, I will transfer this item to release management team ownership without further notice. [1] https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com
Commits
-
Clear auth context correctly when re-connecting after failed auth attempt.
- f44c609ea014 9.6.4 landed
- 1fe1fc449772 9.4.13 landed
- f2fa0c6514b6 9.3.18 landed
- 739cb7f8bfeb 9.5.8 landed
- e6c33d594a00 10.0 landed
-
Fix double-free bug in GSS authentication.
- 3344582e6f16 10.0 landed
-
Abort authentication if the client selected an invalid SASL mechanism.
- 505b5d2f8672 10.0 landed
-
Refactor libpq authentication request processing.
- 61bf96cab063 10.0 cited