liulang <lang.liu@esgyn.cn> writes:
> The above code does not affect the database execution,but
> ClientAuthentication_hook will be confused whether the password is
> incorrect or not currently entered?
> so.. The CheckPWChallengeAuth should returns STATUS_EOF when It is, I think.
Yeah, I think you are right. Overriding the subroutine's result
here is mistaken, even without considering whether it confuses any
ClientAuthentication_hook. The whole point, as per the comments,
is to not betray to the remote end whether or not there is a user
with a password set. But if we substitute STATUS_ERROR for
STATUS_EOF then we cause exactly that to happen: if the remote closes
the connection for send only, it can tell by whether an error comes
back whether or not the code found a password.
I think we can do it more simply than you suggest though. Just
drop the "return STATUS_ERROR" bit; the Assert is enough.
regards, tom lane
