Home > mailing lists

Re: [HACKERS] Server ignores contents of SASLInitialResponse - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: [HACKERS] Server ignores contents of SASLInitialResponse
Date	May 25, 2017 20:52:23
Msg-id	CAB7nPqQO9RijoeCYxY74v0eFq7jiLHWSy_eiidPqC1f1toFyfA@mail.gmail.com Whole thread Raw
In response to	Re: [HACKERS] Server ignores contents of SASLInitialResponse (Michael Paquier <michael.paquier@gmail.com>)
Responses	Re: [HACKERS] Server ignores contents of SASLInitialResponse (Michael Paquier <michael.paquier@gmail.com>) Re: [HACKERS] Server ignores contents of SASLInitialResponse (Noah Misch <noah@leadboat.com>)
List	pgsql-hackers

Tree view

On Thu, May 25, 2017 at 9:32 AM, Michael Paquier
<michael.paquier@gmail.com> wrote:
> On Thu, May 25, 2017 at 8:51 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
>> On 05/24/2017 11:33 PM, Michael Paquier wrote:
>>> I have noticed today that the server ignores completely the contents
>>> of SASLInitialResponse. ... Attached is a patch to fix the problem.
>>
>> Fixed, thanks!
>
> Thanks for the commit.

Actually, I don't think that we are completely done here. Using the
patch of upthread to enforce a failure on SASLInitialResponse, I see
that connecting without SSL causes the following error:
psql: FATAL:  password authentication failed for user "mpaquier"
But connecting with SSL returns that:
psql: duplicate SASL authentication request

I have not looked at that in details yet, but it seems to me that we
should not take pg_SASL_init() twice in the scram authentication code
path in libpq for a single attempt.
-- 
Michael

pgsql-hackers by date:

From: Aleksander Alekseev
Date: 25 May 2017, 20:52:14
Subject: Re: [HACKERS] Fix performance of generic atomics

From: Sokolov Yura
Date: 25 May 2017, 21:12:44
Subject: Re: [HACKERS] Fix performance of generic atomics

Re: [HACKERS] Server ignores contents of SASLInitialResponse - Mailing list pgsql-hackers

Previous

Next