upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-03-12 21:54:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/backend/libpq
History
Tom Lane 970372037a Avoid logging complaints about abandoned connections when using PAM. 
For a long time (since commit aed378e8d) we have had a policy to log
nothing about a connection if the client disconnects when challenged
for a password.  This is because libpq-using clients will typically
do that, and then come back for a new connection attempt once they've
collected a password from their user, so that logging the abandoned
connection attempt will just result in log spam.  However, this did
not work well for PAM authentication: the bottom-level function
pam_passwd_conv_proc() was on board with it, but we logged messages
at higher levels anyway, for lack of any reporting mechanism.
Add a flag and tweak the logic so that the case is silent, as it is
for other password-using auth mechanisms.

Per complaint from Yoann La Cancellera.  It's been like this for awhile,
so back-patch to all supported branches.

Discussion: https://postgr.es/m/CACP=ajbrFFYUrLyJBLV8=q+eNCapa1xDEyvXhMoYrNphs-xqPw@mail.gmail.com
2019-11-05 14:27:37 -05:00
..
auth.c Avoid logging complaints about abandoned connections when using PAM. 2019-11-05 14:27:37 -05:00
be-fsstubs.c Fix saving and restoring umask 2017-09-23 10:04:55 -04:00
be-secure-openssl.c Disallow SSL session tickets. 2017-08-04 11:07:10 -04:00
be-secure.c Server-side fix for delayed NOTIFY and SIGTERM processing. 2018-10-19 21:39:22 -04:00
crypt.c Don't allow logging in with empty password. 2017-08-07 17:04:00 +03:00
hba.c Fix some null pointer dereferences in LDAP auth code 2017-11-10 14:30:06 -05:00
ip.c Clean up assorted misuses of snprintf()'s result value. 2018-08-15 16:29:32 -04:00
Makefile Support frontend-backend protocol communication using a shm_mq. 2014-10-31 12:02:40 -04:00
md5.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
pg_hba.conf.sample Remove support for native krb5 authentication 2014-01-19 17:05:01 +01:00
pg_ident.conf.sample Reformat the comments in pg_hba.conf and pg_ident.conf 2010-01-26 06:58:39 +00:00
pqcomm.c Second try at fixing tcp_keepalives_idle option on Solaris. 2017-06-28 12:30:16 -04:00
pqformat.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
pqmq.c Don't CHECK_FOR_INTERRUPTS between WaitLatch and ResetLatch. 2016-08-01 15:13:53 -04:00
pqsignal.c Update copyright for 2015 2015-01-06 11:43:47 -05:00
README.SSL Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00

README.SSL 

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------