Re: ProcessStartupPacket(): database_name and user_name truncation

At Mon, 03 Jul 2023 10:50:45 +0900 (JST), Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> wrote in
> For the record, if I understand Nathan correctly, it is what I
> suggested in my initial post. If this is correct, +1 for the suggestion.
>
> me> I think we might want to consider outright rejecting the
> me> estblishment of a connection when the given database name doesn't
> me> fit the startup packet

Mmm. It's bit wrong. "doesn't fit the startup packet" is "is long as a
database name".

At Sat, 1 Jul 2023 16:02:06 +0200, "Drouvot, Bertrand" <bertranddrouvot(dot)pg(at)gmail(dot)com> wrote in
> Please find V2 attached where it's failing as soon as the database
> name or
> user name are detected as overlength.

I find another errocde "ERRCODE_INVALID_ROLE_SPECIFICATION". I don't
find a clear distinction between the usages of the two, but I think
.._ROLE_.. might be a better fit.

ERRCODE_INVALID_ROLE_SPACIFICATION:
auth.c:1507: "could not transnlate name"
auth.c:1526: "could not translate name"
auth.c:1539: "realm name too long"
auth.c:1554: "translated account name too long"

ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION:
postmaster.c:2268: "no PostgreSQL user name specified in startup packet"
miscinit.c:756: "role \"%s\" does not exist"
miscinit.c:764: "role with OID %u does not exist"
miscinit.c:794: "role \"%s\" is not permitted to log in"
auth.c:420: "connection requires a valid client certificate"
auth.c:461,468,528,536: "pg_hba.conf rejects ..."
auth.c:878: MD5 authentication is not supported when \"db_user_namespace\" is enabled"
auth-scram.c:1016: "SCRAM channel binding negotiation error"
auth-scram.c:1349: "SCRAM channel binding check failed"

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center