diff options
Diffstat (limited to 'src/backend/libpq/auth.c')
| -rw-r--r-- | src/backend/libpq/auth.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 25b3a781cdc..bc0cf26b122 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -144,6 +144,10 @@ static int CheckLDAPAuth(Port *port); #define LDAP_OPT_DIAGNOSTIC_MESSAGE LDAP_OPT_ERROR_STRING #endif +/* Default LDAP password mutator hook, can be overridden by a shared library */ +static char *dummy_ldap_password_mutator(char *input); +auth_password_hook_typ ldap_password_hook = dummy_ldap_password_mutator; + #endif /* USE_LDAP */ /*---------------------------------------------------------------- @@ -2370,6 +2374,12 @@ InitializeLDAPConnection(Port *port, LDAP **ldap) #define LDAPS_PORT 636 #endif +static char * +dummy_ldap_password_mutator(char *input) +{ + return input; +} + /* * Return a newly allocated C string copied from "pattern" with all * occurrences of the placeholder "$username" replaced with "user_name". @@ -2498,7 +2508,7 @@ CheckLDAPAuth(Port *port) */ r = ldap_simple_bind_s(ldap, port->hba->ldapbinddn ? port->hba->ldapbinddn : "", - port->hba->ldapbindpasswd ? port->hba->ldapbindpasswd : ""); + port->hba->ldapbindpasswd ? ldap_password_hook(port->hba->ldapbindpasswd) : ""); if (r != LDAP_SUCCESS) { ereport(LOG, |