commit e13f21d596bc5670156a441dc6eec5228864b4b0
Author: Jacob Champion <jchampion@timescale.com>
Date:   Thu Sep 22 16:39:34 2022 -0700

    squash! libpq: let client reject unexpected auth methods
    
    Remove TODOs, and document why the code remains as-is.

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 565e44fcf6..793888d30f 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -921,8 +921,14 @@ check_expected_areq(AuthRequest areq, PGconn *conn)
 				 * else that the user has allowed an authentication-less
 				 * connection).
 				 *
-				 * TODO: how should !auth_required interact with an incomplete
-				 * SCRAM exchange?
+				 * If the user has allowed both SCRAM and unauthenticated
+				 * (trust) connections, then this check will silently accept
+				 * partial SCRAM exchanges, where a misbehaving server does not
+				 * provide its verifier before sending an OK. This is consistent
+				 * with historical behavior, but it may be a point to revisit in
+				 * the future, since it could allow a server that doesn't know
+				 * the user's password to silently harvest material for a brute
+				 * force attack.
 				 */
 				if (!conn->auth_required || conn->client_finished_auth)
 					break;
@@ -940,10 +946,9 @@ check_expected_areq(AuthRequest areq, PGconn *conn)
 					/*
 					 * If implicit GSS auth has already been performed via GSS
 					 * encryption, we don't need to have performed an
-					 * AUTH_REQ_GSS exchange.
-					 *
-					 * TODO: check this assumption. What mutual auth guarantees
-					 * are made in this case?
+					 * AUTH_REQ_GSS exchange. This allows require_auth=gss to be
+					 * combined with gssencmode, since there won't be an
+					 * explicit authentication request in that case.
 					 */
 				}
 				else