]> granicus.if.org Git - postgresql/commitdiff
Disallow empty passwords in LDAP authentication, the same way
authorMagnus Hagander <magnus@hagander.net>
Thu, 25 Jun 2009 11:30:12 +0000 (11:30 +0000)
committerMagnus Hagander <magnus@hagander.net>
Thu, 25 Jun 2009 11:30:12 +0000 (11:30 +0000)
we already do it for PAM.

src/backend/libpq/auth.c

index 031a9d4f54cef70b872585697cee822262960a74..0c9fc850db0716aca7a39b0ac2a00a80f24d0ec9 100644 (file)
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164.2.1 2008/07/24 17:52:02 tgl Exp $
+ *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164.2.2 2009/06/25 11:30:12 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1457,6 +1457,13 @@ CheckLDAPAuth(Port *port)
        if (passwd == NULL)
                return STATUS_EOF;              /* client wouldn't send password */
 
+       if (strlen(passwd) == 0)
+       {
+               ereport(LOG,
+                               (errmsg("empty password returned by client")));
+               return STATUS_ERROR;
+       }
+
        ldap = ldap_init(server, ldapport);
        if (!ldap)
        {