From: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
---|---|
To: | bertranddrouvot(dot)pg(at)gmail(dot)com |
Cc: | tgl(at)sss(dot)pgh(dot)pa(dot)us, nathandbossart(at)gmail(dot)com, michael(at)paquier(dot)xyz, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: ProcessStartupPacket(): database_name and user_name truncation |
Date: | 2023-07-03 02:09:58 |
Message-ID: | 20230703.110958.1680214817768853182.horikyota.ntt@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
At Mon, 03 Jul 2023 10:50:45 +0900 (JST), Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> wrote in
> For the record, if I understand Nathan correctly, it is what I
> suggested in my initial post. If this is correct, +1 for the suggestion.
>
> me> I think we might want to consider outright rejecting the
> me> estblishment of a connection when the given database name doesn't
> me> fit the startup packet
Mmm. It's bit wrong. "doesn't fit the startup packet" is "is long as a
database name".
At Sat, 1 Jul 2023 16:02:06 +0200, "Drouvot, Bertrand" <bertranddrouvot(dot)pg(at)gmail(dot)com> wrote in
> Please find V2 attached where it's failing as soon as the database
> name or
> user name are detected as overlength.
I find another errocde "ERRCODE_INVALID_ROLE_SPECIFICATION". I don't
find a clear distinction between the usages of the two, but I think
.._ROLE_.. might be a better fit.
ERRCODE_INVALID_ROLE_SPACIFICATION:
auth.c:1507: "could not transnlate name"
auth.c:1526: "could not translate name"
auth.c:1539: "realm name too long"
auth.c:1554: "translated account name too long"
ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION:
postmaster.c:2268: "no PostgreSQL user name specified in startup packet"
miscinit.c:756: "role \"%s\" does not exist"
miscinit.c:764: "role with OID %u does not exist"
miscinit.c:794: "role \"%s\" is not permitted to log in"
auth.c:420: "connection requires a valid client certificate"
auth.c:461,468,528,536: "pg_hba.conf rejects ..."
auth.c:878: MD5 authentication is not supported when \"db_user_namespace\" is enabled"
auth-scram.c:1016: "SCRAM channel binding negotiation error"
auth-scram.c:1349: "SCRAM channel binding check failed"
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
From | Date | Subject | |
---|---|---|---|
Next Message | Masahiko Sawada | 2023-07-03 02:15:05 | doc: improve the restriction description of using indexes on REPLICA IDENTITY FULL table. |
Previous Message | Kyotaro Horiguchi | 2023-07-03 01:50:45 | Re: ProcessStartupPacket(): database_name and user_name truncation |