summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Hagander2009-06-25 11:30:08 +0000
committerMagnus Hagander2009-06-25 11:30:08 +0000
commit356083d9ec7e69a06c5528a03f761f0a769ddcca (patch)
tree4ca8e8e6d7316ab0ed63b82da0faac1c10d96ed9
parent0ea4761afbeabd5d9d71b6e974e00cb758150bda (diff)
Disallow empty passwords in LDAP authentication, the same way
we already do it for PAM.
-rw-r--r--src/backend/libpq/auth.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 5c223d347b..fc184e1fe4 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -2066,6 +2066,13 @@ CheckLDAPAuth(Port *port)
if (passwd == NULL)
return STATUS_EOF; /* client wouldn't send password */
+ if (strlen(passwd) == 0)
+ {
+ ereport(LOG,
+ (errmsg("empty password returned by client")));
+ return STATUS_ERROR;
+ }
+
ldap = ldap_init(port->hba->ldapserver, port->hba->ldapport);
if (!ldap)
{