- Notifications
You must be signed in to change notification settings - Fork28
Commite6c33d5
committed
Clear auth context correctly when re-connecting after failed auth attempt.
If authentication over an SSL connection fails, with sslmode=prefer,libpq will reconnect without SSL and retry. However, we did not clearthe variables related to GSS, SSPI, and SASL authentication state, whenreconnecting. Because of that, the second authentication attempt wouldalways fail with a "duplicate GSS/SASL authentication request" error.pg_SSPI_startup did not check for duplicate authentication requests likethe corresponding GSS and SASL functions, so with SSPI, you would leaksome memory instead.Another way this could manifest itself, on version 10, is if you listmultiple hostnames in the "host" parameter. If the first server requestsKerberos or SCRAM authentication, but it fails, the attempts to connect tothe other servers will also fail with "duplicate authentication request"errors.To fix, move the clearing of authentication state from closePGconn topgDropConnection, so that it is cleared also when re-connecting.Patch by Michael Paquier, with some kibitzing by me.Backpatch down to 9.3. 9.2 has the same bug, but the code around closingthe connection is somewhat different, so that this patch doesn't apply.To fix this in 9.2, I think we would need to back-port commit210eb9bfirst, and then apply this patch. However, given that we only bumped intothis in our own testing, we haven't heard any reports from users aboutthis, and that 9.2 will be end-of-lifed in a couple of months anyway, itdoesn't seem worth the risk and trouble.Discussion:https://www.postgresql.org/message-id/CAB7nPqRuOUm0MyJaUy9L3eXYJU3AKCZ-0-03=-aDTZJGV4GyWw@mail.gmail.com1 parent3344582 commite6c33d5
2 files changed
+50
-37
lines changedLines changed: 6 additions & 1 deletion
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
416 | 416 |
| |
417 | 417 |
| |
418 | 418 |
| |
419 |
| - | |
| 419 | + | |
| 420 | + | |
| 421 | + | |
| 422 | + | |
| 423 | + | |
| 424 | + | |
420 | 425 |
| |
421 | 426 |
| |
422 | 427 |
| |
|
Lines changed: 44 additions & 36 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
406 | 406 |
| |
407 | 407 |
| |
408 | 408 |
| |
| 409 | + | |
409 | 410 |
| |
410 | 411 |
| |
411 | 412 |
| |
412 | 413 |
| |
| 414 | + | |
413 | 415 |
| |
414 | 416 |
| |
415 | 417 |
| |
| 418 | + | |
416 | 419 |
| |
417 | 420 |
| |
| 421 | + | |
| 422 | + | |
| 423 | + | |
| 424 | + | |
| 425 | + | |
| 426 | + | |
| 427 | + | |
| 428 | + | |
| 429 | + | |
| 430 | + | |
| 431 | + | |
| 432 | + | |
| 433 | + | |
| 434 | + | |
| 435 | + | |
| 436 | + | |
| 437 | + | |
| 438 | + | |
| 439 | + | |
| 440 | + | |
| 441 | + | |
| 442 | + | |
| 443 | + | |
| 444 | + | |
| 445 | + | |
| 446 | + | |
| 447 | + | |
| 448 | + | |
| 449 | + | |
| 450 | + | |
| 451 | + | |
| 452 | + | |
| 453 | + | |
| 454 | + | |
| 455 | + | |
| 456 | + | |
| 457 | + | |
| 458 | + | |
| 459 | + | |
| 460 | + | |
| 461 | + | |
418 | 462 |
| |
419 | 463 |
| |
420 | 464 |
| |
| |||
3475 | 3519 |
| |
3476 | 3520 |
| |
3477 | 3521 |
| |
3478 |
| - | |
3479 |
| - | |
3480 |
| - | |
3481 |
| - | |
3482 |
| - | |
3483 |
| - | |
3484 |
| - | |
3485 |
| - | |
3486 |
| - | |
3487 |
| - | |
3488 |
| - | |
3489 |
| - | |
3490 |
| - | |
3491 |
| - | |
3492 |
| - | |
3493 |
| - | |
3494 |
| - | |
3495 |
| - | |
3496 |
| - | |
3497 |
| - | |
3498 |
| - | |
3499 |
| - | |
3500 |
| - | |
3501 |
| - | |
3502 |
| - | |
3503 |
| - | |
3504 |
| - | |
3505 |
| - | |
3506 |
| - | |
3507 |
| - | |
3508 |
| - | |
3509 |
| - | |
3510 |
| - | |
3511 |
| - | |
3512 |
| - | |
3513 |
| - | |
3514 | 3522 |
| |
3515 | 3523 |
| |
3516 | 3524 |
| |
|
0 commit comments
Comments
(0)