Re: Server ignores contents of SASLInitialResponse

On Thu, May 25, 2017 at 10:52:23AM -0400, Michael Paquier wrote:
> On Thu, May 25, 2017 at 9:32 AM, Michael Paquier
> <michael(dot)paquier(at)gmail(dot)com> wrote:
> > On Thu, May 25, 2017 at 8:51 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> >> On 05/24/2017 11:33 PM, Michael Paquier wrote:
> >>> I have noticed today that the server ignores completely the contents
> >>> of SASLInitialResponse. ... Attached is a patch to fix the problem.
> >>
> >> Fixed, thanks!
> >
> > Thanks for the commit.
>
> Actually, I don't think that we are completely done here. Using the
> patch of upthread to enforce a failure on SASLInitialResponse, I see
> that connecting without SSL causes the following error:
> psql: FATAL: password authentication failed for user "mpaquier"
> But connecting with SSL returns that:
> psql: duplicate SASL authentication request
>
> I have not looked at that in details yet, but it seems to me that we
> should not take pg_SASL_init() twice in the scram authentication code
> path in libpq for a single attempt.

[Action required within three days. This is a generic notification.]

The above-described topic is currently a PostgreSQL 10 open item. Heikki,
since you committed the patch believed to have created it, you own this open
item. If some other commit is more relevant or if this does not belong as a
v10 open item, please let us know. Otherwise, please observe the policy on
open item ownership[1] and send a status update within three calendar days of
this message. Include a date for your subsequent status update. Testers may
discover new open items at any time, and I want to plan to get them all fixed
well in advance of shipping v10. Consequently, I will appreciate your efforts
toward speedy resolution. Thanks.

[1] https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com