Error message on missing SCRAM authentication with older clients
Currently, if you use 9.6 libpq to connect to a v10 server that requires
SCRAM authentication, you get an error:
psql: authentication method 10 not supported
I'd like to apply this small patch to all the stable branches, to give a
nicer error message:
psql: SCRAM authentication not supported by this version of libpq
It won't help unless you upgrade to the latest minor version, of course,
but it's better than nothing. Any objections?
- Heikki
Attachments:
backport-nicer-error-on-scram.patchinvalid/octet-stream; name=backport-nicer-error-on-scram.patchDownload
diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h
index c6bbfc2377..1d063d1248 100644
--- a/src/include/libpq/pqcomm.h
+++ b/src/include/libpq/pqcomm.h
@@ -172,6 +172,8 @@ extern bool Db_user_namespace;
#define AUTH_REQ_GSS 7 /* GSSAPI without wrap() */
#define AUTH_REQ_GSS_CONT 8 /* Continue GSS exchanges */
#define AUTH_REQ_SSPI 9 /* SSPI negotiate without wrap() */
+#define AUTH_REQ_SASL 10 /* SASL authentication. Not supported before
+ * libpq version 10. */
typedef uint32 AuthRequest;
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 9bf6e52d63..ae3299e817 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -703,6 +703,19 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
return STATUS_ERROR;
break;
+ /*
+ * SASL authentication was introduced in version 10. Older
+ * versions recognize the request only to give a nicer error
+ * message. We call it "SCRAM authentication" in the error, rather
+ * SASL, because SCRAM is more familiar to users, and it's the
+ * only SASL authentication mechanism that has been implemented as
+ * of this writing, anyway.
+ */
+ case AUTH_REQ_SASL:
+ printfPQExpBuffer(&conn->errorMessage,
+ libpq_gettext("SCRAM authentication not supported by this version of libpq\n"));
+ return STATUS_ERROR;
+
default:
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("authentication method %u not supported\n"), areq);
Hi Heikki,
psql: SCRAM authentication not supported by this version of libpq
Maybe it would be better to specify a minimum required version?
--
Best regards,
Aleksander Alekseev
On Wed, May 3, 2017 at 10:58 AM, Heikki Linnakangas <hlinnakangas@pivotal.io
wrote:
Currently, if you use 9.6 libpq to connect to a v10 server that requires
SCRAM authentication, you get an error:psql: authentication method 10 not supported
I'd like to apply this small patch to all the stable branches, to give a
nicer error message:psql: SCRAM authentication not supported by this version of libpq
It won't help unless you upgrade to the latest minor version, of course,
but it's better than nothing. Any objections?
+1, even though it's not strictly speaking a bugfix to go in a backpatch, I
think it will help enough users that it's worth doing. And I can't see how
it could possibly be unsafe...
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
Hi Magnus,
+1, even though it's not strictly speaking a bugfix to go in a backpatch, I
think it will help enough users that it's worth doing. And I can't see how
it could possibly be unsafe...
Well, strictly speaking there could be applications that parse error
messages using regular expressions or something like this. But I don't
think it's something we should really bother about.
--
Best regards,
Aleksander Alekseev
On 05/03/2017 03:12 PM, Aleksander Alekseev wrote:
Hi Heikki,
psql: SCRAM authentication not supported by this version of libpq
Maybe it would be better to specify a minimum required version?
Yeah, that could be helpful. Can you suggest a wording?
My first thought was:
psql: SCRAM authentication not supported by this version of libpq
(version 10 or above required)
But that's very long. Perhaps:
psql: SCRAM authentication requires libpq version 10 or above
- Heikki
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Hi Heikki,
psql: SCRAM authentication requires libpq version 10 or above
Sounds good.
--
Best regards,
Aleksander Alekseev
On Fri, May 5, 2017 at 10:19 AM, Aleksander Alekseev <
a.alekseev@postgrespro.ru> wrote:
Hi Heikki,
psql: SCRAM authentication requires libpq version 10 or above
Sounds good.
+1.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
On 05/05/2017 11:26 AM, Magnus Hagander wrote:
On Fri, May 5, 2017 at 10:19 AM, Aleksander Alekseev <
a.alekseev@postgrespro.ru> wrote:psql: SCRAM authentication requires libpq version 10 or above
Sounds good.
+1.
Ok, committed. Thanks!
- Heikki
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers