diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2014-01-27 21:04:09 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2014-01-27 21:04:09 -0500 |
| commit | 64e43c59b817a78ddf70f2fd62de31a4add5d988 (patch) | |
| tree | 3eacd40e47d7521db81896f375c33907bce1c92b /src/backend/libpq/crypt.c | |
| parent | f0d6f20278b7c5c412ce40a9b86c6b31dc2fbfdd (diff) | |
| download | postgresql-64e43c59b817a78ddf70f2fd62de31a4add5d988.tar.gz postgresql-64e43c59b817a78ddf70f2fd62de31a4add5d988.zip | |
Log a detail message for auth failures due to missing or expired password.
It's worth distinguishing these cases from run-of-the-mill wrong-password
problems, since users have been known to waste lots of time pursuing the
wrong theory about what's failing. Now, our longstanding policy about how
to report authentication failures is that we don't really want to tell the
*client* such things, since that might be giving information to a bad guy.
But there's nothing wrong with reporting the details to the postmaster log,
and indeed the comments in this area of the code contemplate that
interesting details should be so reported. We just weren't handling these
particular interesting cases usefully.
To fix, add infrastructure allowing subroutines of ClientAuthentication()
to return a string to be added to the errdetail_log field of the main
authentication-failed error report. We might later want to use this to
report other subcases of authentication failure the same way, but for the
moment I just dealt with password cases.
Per discussion of a patch from Josh Drake, though this is not what
he proposed.
Diffstat (limited to 'src/backend/libpq/crypt.c')
| -rw-r--r-- | src/backend/libpq/crypt.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c index 56b3ea8a21b..5451db6d974 100644 --- a/src/backend/libpq/crypt.c +++ b/src/backend/libpq/crypt.c @@ -29,8 +29,14 @@ #include "utils/timestamp.h" +/* + * Check given password for given user, and return STATUS_OK or STATUS_ERROR. + * In the error case, optionally store a palloc'd string at *logdetail + * that will be sent to the postmaster log (but not the client). + */ int -md5_crypt_verify(const Port *port, const char *role, char *client_pass) +md5_crypt_verify(const Port *port, const char *role, char *client_pass, + char **logdetail) { int retval = STATUS_ERROR; char *shadow_pass, @@ -58,6 +64,8 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass) if (isnull) { ReleaseSysCache(roleTup); + *logdetail = psprintf(_("User \"%s\" has no password assigned."), + role); return STATUS_ERROR; /* user has no password */ } shadow_pass = TextDatumGetCString(datum); @@ -148,7 +156,11 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass) if (isnull) retval = STATUS_OK; else if (vuntil < GetCurrentTimestamp()) + { + *logdetail = psprintf(_("User \"%s\" has an expired password."), + role); retval = STATUS_ERROR; + } else retval = STATUS_OK; } |