From e3eb8f6cc2f96855af33f4500a4f9e336ea6a3e3 Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Thu, 25 Jun 2009 11:30:12 +0000 Subject: [PATCH] Disallow empty passwords in LDAP authentication, the same way we already do it for PAM. --- src/backend/libpq/auth.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 031a9d4f54..0c9fc850db 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164.2.1 2008/07/24 17:52:02 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164.2.2 2009/06/25 11:30:12 mha Exp $ * *------------------------------------------------------------------------- */ @@ -1457,6 +1457,13 @@ CheckLDAPAuth(Port *port) if (passwd == NULL) return STATUS_EOF; /* client wouldn't send password */ + if (strlen(passwd) == 0) + { + ereport(LOG, + (errmsg("empty password returned by client"))); + return STATUS_ERROR; + } + ldap = ldap_init(server, ldapport); if (!ldap) { -- 2.50.1