From: Magnus Hagander Date: Thu, 25 Jun 2009 11:30:12 +0000 (+0000) Subject: Disallow empty passwords in LDAP authentication, the same way X-Git-Tag: REL8_3_8~30 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e3eb8f6cc2f96855af33f4500a4f9e336ea6a3e3;p=postgresql Disallow empty passwords in LDAP authentication, the same way we already do it for PAM. --- diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 031a9d4f54..0c9fc850db 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164.2.1 2008/07/24 17:52:02 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164.2.2 2009/06/25 11:30:12 mha Exp $ * *------------------------------------------------------------------------- */ @@ -1457,6 +1457,13 @@ CheckLDAPAuth(Port *port) if (passwd == NULL) return STATUS_EOF; /* client wouldn't send password */ + if (strlen(passwd) == 0) + { + ereport(LOG, + (errmsg("empty password returned by client"))); + return STATUS_ERROR; + } + ldap = ldap_init(server, ldapport); if (!ldap) {