static char *pam_passwd = NULL; /* Workaround for Solaris 2.6 brokenness */
static Port *pam_port_cludge; /* Workaround for passing "Port *port" into
* pam_passwd_conv_proc */
+static bool pam_no_password; /* For detecting no-password-given */
#endif /* USE_PAM */
{
/*
* Client didn't want to send password. We
- * intentionally do not log anything about this.
+ * intentionally do not log anything about this,
+ * either here or at higher levels.
*/
+ pam_no_password = true;
goto fail;
}
}
*/
pam_passwd = password;
pam_port_cludge = port;
+ pam_no_password = false;
/*
* Set the application data portion of the conversation struct. This is
if (retval != PAM_SUCCESS)
{
- ereport(LOG,
- (errmsg("pam_authenticate failed: %s",
- pam_strerror(pamh, retval))));
+ /* If pam_passwd_conv_proc saw EOF, don't log anything */
+ if (!pam_no_password)
+ ereport(LOG,
+ (errmsg("pam_authenticate failed: %s",
+ pam_strerror(pamh, retval))));
pam_passwd = NULL; /* Unset pam_passwd */
- return STATUS_ERROR;
+ return pam_no_password ? STATUS_EOF : STATUS_ERROR;
}
retval = pam_acct_mgmt(pamh, 0);
if (retval != PAM_SUCCESS)
{
- ereport(LOG,
- (errmsg("pam_acct_mgmt failed: %s",
- pam_strerror(pamh, retval))));
+ /* If pam_passwd_conv_proc saw EOF, don't log anything */
+ if (!pam_no_password)
+ ereport(LOG,
+ (errmsg("pam_acct_mgmt failed: %s",
+ pam_strerror(pamh, retval))));
pam_passwd = NULL; /* Unset pam_passwd */
- return STATUS_ERROR;
+ return pam_no_password ? STATUS_EOF : STATUS_ERROR;
}
retval = pam_end(pamh, retval);
projects / postgresql.git / commitdiff