Disallow empty passwords in LDAP authentication, the same way

we already do it for PAM.

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 84d72cb2410a4077ccb2418caccfac8a6079b795..7e328f7bcf67cd05be56ac307407b9e04dc78787 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.182 2009/06/11 14:48:57 momjian Exp $
+ *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.183 2009/06/25 11:30:08 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -2066,6 +2066,13 @@ CheckLDAPAuth(Port *port)
        if (passwd == NULL)
                return STATUS_EOF;              /* client wouldn't send password */
 
+       if (strlen(passwd) == 0)
+       {
+               ereport(LOG,
+                               (errmsg("empty password returned by client")));
+               return STATUS_ERROR;
+       }
+
        ldap = ldap_init(port->hba->ldapserver, port->hba->ldapport);
        if (!ldap)
        {