Disallow empty passwords in LDAP authentication, the same way

we already do it for PAM.
author: Magnus Hagander <magnus@hagander.net> 2009-06-25 11:30:08 +0000
committer: Magnus Hagander <magnus@hagander.net> 2009-06-25 11:30:08 +0000
commit: 6c4637a3b3d333583ee5d91588ce477751e8af04 (patch)
tree: 1c760e4b8d11834a5f25e872c2b42b7c7bb319ef /src/backend/libpq/auth.c
parent: 4183b10661b8c829b3187ca5a4c2c0faca0c4766 (diff)
download: postgresql-6c4637a3b3d333583ee5d91588ce477751e8af04.tar.gz
postgresql-6c4637a3b3d333583ee5d91588ce477751e8af04.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 84d72cb2410..7e328f7bcf6 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.182 2009/06/11 14:48:57 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.183 2009/06/25 11:30:08 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -2066,6 +2066,13 @@ CheckLDAPAuth(Port *port)
 	if (passwd == NULL)
 		return STATUS_EOF;		/* client wouldn't send password */
 
+	if (strlen(passwd) == 0)
+	{
+		ereport(LOG,
+				(errmsg("empty password returned by client")));
+		return STATUS_ERROR;
+	}
+
 	ldap = ldap_init(port->hba->ldapserver, port->hba->ldapport);
 	if (!ldap)
 	{
author	Magnus Hagander <magnus@hagander.net>	2009-06-25 11:30:08 +0000
committer	Magnus Hagander <magnus@hagander.net>	2009-06-25 11:30:08 +0000
commit	6c4637a3b3d333583ee5d91588ce477751e8af04 (patch)
tree	1c760e4b8d11834a5f25e872c2b42b7c7bb319ef /src/backend/libpq/auth.c
parent	4183b10661b8c829b3187ca5a4c2c0faca0c4766 (diff)
download	postgresql-6c4637a3b3d333583ee5d91588ce477751e8af04.tar.gz postgresql-6c4637a3b3d333583ee5d91588ce477751e8af04.zip