Abort authentication if the client selected an invalid SASL mechanism.
Previously, the server would log an error, but then try to continue with SCRAM-SHA-256 anyway. Michael Paquier Discussion: https://www.postgresql.org/message-id/CAB7nPqR0G5aF2_kc_LH29knVqwvmBc66TF5DicvpGVdke68nKw@mail.gmail.com
This commit is contained in:
parent
073ce405d6
commit
505b5d2f86
@ -934,9 +934,13 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
|
||||
*/
|
||||
selected_mech = pq_getmsgrawstring(&buf);
|
||||
if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0)
|
||||
{
|
||||
ereport(COMMERROR,
|
||||
(errcode(ERRCODE_PROTOCOL_VIOLATION),
|
||||
errmsg("client selected an invalid SASL authentication mechanism")));
|
||||
pfree(buf.data);
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
|
||||
inputlen = pq_getmsgint(&buf, 4);
|
||||
if (inputlen == -1)
|
||||
|
Loading…
x
Reference in New Issue
Block a user