Re: Server ignores contents of SASLInitialResponse
Michael Paquier <michael.paquier@gmail.com>
From: Michael Paquier <michael.paquier@gmail.com>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2017-05-25T14:52:23Z
Lists: pgsql-hackers
On Thu, May 25, 2017 at 9:32 AM, Michael Paquier <michael.paquier@gmail.com> wrote: > On Thu, May 25, 2017 at 8:51 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote: >> On 05/24/2017 11:33 PM, Michael Paquier wrote: >>> I have noticed today that the server ignores completely the contents >>> of SASLInitialResponse. ... Attached is a patch to fix the problem. >> >> Fixed, thanks! > > Thanks for the commit. Actually, I don't think that we are completely done here. Using the patch of upthread to enforce a failure on SASLInitialResponse, I see that connecting without SSL causes the following error: psql: FATAL: password authentication failed for user "mpaquier" But connecting with SSL returns that: psql: duplicate SASL authentication request I have not looked at that in details yet, but it seems to me that we should not take pg_SASL_init() twice in the scram authentication code path in libpq for a single attempt. -- Michael
Commits
-
Clear auth context correctly when re-connecting after failed auth attempt.
- f44c609ea014 9.6.4 landed
- 1fe1fc449772 9.4.13 landed
- f2fa0c6514b6 9.3.18 landed
- 739cb7f8bfeb 9.5.8 landed
- e6c33d594a00 10.0 landed
-
Fix double-free bug in GSS authentication.
- 3344582e6f16 10.0 landed
-
Abort authentication if the client selected an invalid SASL mechanism.
- 505b5d2f8672 10.0 landed
-
Refactor libpq authentication request processing.
- 61bf96cab063 10.0 cited