Re: Logging of PAM Authentication Failure

On 2013-05-16 17:35:10 +0900, Amit Langote wrote:
> On Thu, May 16, 2013 at 3:53 PM, Amit Langote <amitlangote09(at)gmail(dot)com> wrote:
> > Attached herewith is a patch based on description in my previous mail.
> > This patch would need revision since the error situation in case of
> > authentication timeout on the server needs to be handled; probably in
> > simple_prompt()?
>
> Forgot attaching the patch in the last mail; find it with this one.

The patch seems to have windows line endings...

> --- a/src/interfaces/libpq/libpq-fe.h
> +++ b/src/interfaces/libpq/libpq-fe.h
> @@ -62,7 +62,11 @@ typedef enum
> * backend startup. */
> CONNECTION_SETENV, /* Negotiating environment. */
> CONNECTION_SSL_STARTUP, /* Negotiating SSL. */
> - CONNECTION_NEEDED /* Internal state: connect() needed */
> + CONNECTION_NEEDED, /* Internal state: connect() needed */
> + CONNECTION_SENDING_PASSWORD /* An intermediate state to help client send a password
> + * over an existing connection
> + */
> +
> } ConnStatusType;
>
> typedef enum
> @@ -258,6 +262,9 @@ extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport,
> #define PQsetdb(M_PGHOST,M_PGPORT,M_PGOPT,M_PGTTY,M_DBNAME) \
> PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL)
>
> +/* send a password that the server asked for halfway between a connection sequence */
> +extern void PQsendPassword(PGconn *conn, char *password);
> +

I unfortunately have to say I don't really see the point of this. The
cost of the additional connection attempt is rather low and we have to
deal with the superflous attempts anyway since there will be old libpqs
around for years. Why is this worth the effort?

Greetings,

Andres Freund

--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services