Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit344a113

Browse files
committed
Don't use SCRAM-specific "e=invalid-proof" on invalid password.
Instead, send the same FATAL message as with other password-basedauthentication mechanisms. This gives a more user-friendly message:psql: FATAL: password authentication failed for user "test"instead of:psql: error received from server in SASL exchange: invalid-proofEven before this patch, the server sent that FATAL message, after theSCRAM-specific "e=invalid-proof" message. But libpq would stop at theSCRAM error message, and not process the ErrorResponse that would comeafter that. We could've taught libpq to check for an ErrorResponse afterfailed authentication, but it's simpler to modify the server to send onlythe ErrorResponse. The SCRAM specification allows for aborting theauthentication at any point, using an application-defined error mechanism,like PostgreSQL's ErrorResponse. Using the e=invalid-proof message isoptional.Reported by Jeff Janes.Discussion:https://www.postgresql.org/message-id/CAMkU%3D1w3jQ53M1OeNfN8Cxd9O%2BA_9VONJivTbYoYRRdRsLT6vA@mail.gmail.com
1 parent44c5288 commit344a113

File tree

1 file changed

+7
-8
lines changed

1 file changed

+7
-8
lines changed

‎src/backend/libpq/auth-scram.c

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -343,21 +343,20 @@ pg_be_scram_exchange(void *opaq, char *input, int inputlen,
343343
* If we performed a "mock" authentication that we knew would fail
344344
* from the get go, this is where we fail.
345345
*
346+
* The SCRAM specification includes an error code,
347+
* "invalid-proof", for authentication failure, but it also allows
348+
* erroring out in an application-specific way. We choose to do
349+
* the latter, so that the error message for invalid password is
350+
* the same for all authentication methods. The caller will call
351+
* ereport(), when we return SASL_EXCHANGE_FAILURE with no output.
352+
*
346353
* NB: the order of these checks is intentional. We calculate the
347354
* client proof even in a mock authentication, even though it's
348355
* bound to fail, to thwart timing attacks to determine if a role
349356
* with the given name exists or not.
350357
*/
351358
if (!verify_client_proof(state)||state->doomed)
352359
{
353-
/*
354-
* Signal invalid-proof, although the real reason might also
355-
* be e.g. that the password has expired, or the user doesn't
356-
* exist. "e=other-error" might be more correct, but
357-
* "e=invalid-proof" is more likely to give a nice error
358-
* message to the user.
359-
*/
360-
*output=psprintf("e=invalid-proof");
361360
result=SASL_EXCHANGE_FAILURE;
362361
break;
363362
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp