Disallow empty passwords in LDAP authentication, the same way

mhagander · mhagander · commit 6c4637a3b3d3 · 2009-06-25T11:30:08.000Z
we already do it for PAM.
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.182 2009/06/11 14:48:57 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.183 2009/06/25 11:30:08 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -2066,6 +2066,13 @@ CheckLDAPAuth(Port *port)
 	if (passwd == NULL)
 		return STATUS_EOF;		/* client wouldn't send password */
 
+	if (strlen(passwd) == 0)
+	{
+		ereport(LOG,
+				(errmsg("empty password returned by client")));
+		return STATUS_ERROR;
+	}
+
 	ldap = ldap_init(port->hba->ldapserver, port->hba->ldapport);
 	if (!ldap)
 	{

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.182 2009/06/11 14:48:57 momjian Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.183 2009/06/25 11:30:08 mha Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -2066,6 +2066,13 @@ CheckLDAPAuth(Port *port)`
`2066`	`2066`	`if (passwd == NULL)`
`2067`	`2067`	`return STATUS_EOF; /* client wouldn't send password */`
`2068`	`2068`
	`2069`	`+ if (strlen(passwd) == 0)`
	`2070`	`+ {`
	`2071`	`+ ereport(LOG,`
	`2072`	`+ (errmsg("empty password returned by client")));`
	`2073`	`+ return STATUS_ERROR;`
	`2074`	`+ }`
	`2075`	`+`
`2069`	`2076`	`ldap = ldap_init(port->hba->ldapserver, port->hba->ldapport);`
`2070`	`2077`	`if (!ldap)`
`2071`	`2078`	`{`