Commit6c4637a

committed

Disallow empty passwords in LDAP authentication, the same way

we already do it for PAM.

1 parent4183b10 commit6c4637aCopy full SHA for 6c4637a

File tree

-1

lines changed

-1

lines changed

Lines changed: 8 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.182 2009/06/11 14:48:57 momjian Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.183 2009/06/25 11:30:08 mha Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -2066,6 +2066,13 @@ CheckLDAPAuth(Port *port)`
`2066`	`2066`	`if (passwd==NULL)`
`2067`	`2067`	`returnSTATUS_EOF;/* client wouldn't send password */`
`2068`	`2068`
	`2069`	`+if (strlen(passwd)==0)`
	`2070`	`+{`
	`2071`	`+ereport(LOG,`
	`2072`	`+(errmsg("empty password returned by client")));`
	`2073`	`+returnSTATUS_ERROR;`
	`2074`	`+}`
	`2075`	`+`
`2069`	`2076`	`ldap=ldap_init(port->hba->ldapserver,port->hba->ldapport);`
`2070`	`2077`	`if (!ldap)`
`2071`	`2078`	`{`

Comments

(0)