From 170b66a0c5ed7b1921fb6119f0668136fecc0a05 Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Thu, 20 Nov 2008 20:45:30 +0000
Subject: Issue a proper error message when MD5 is attempted when
 db_user_namespace is enabled.

Also document this limitation.
---
 src/backend/libpq/auth.c |  6 +++++-
 src/backend/libpq/hba.c  | 11 ++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 1d89e096820..9545ded268b 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.173 2008/11/20 11:48:26 mha Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.174 2008/11/20 20:45:30 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -413,6 +413,10 @@ ClientAuthentication(Port *port)
 			break;
 
 		case uaMD5:
+			if (Db_user_namespace)
+				ereport(FATAL,
+						(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
+						 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
 			sendAuthRequest(port, AUTH_REQ_MD5);
 			status = recv_and_check_password_packet(port);
 			break;
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index 2464c5f6f94..a70d53a0e2d 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.174 2008/11/20 11:48:26 mha Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.175 2008/11/20 20:45:30 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -846,7 +846,16 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline)
 	else if (strcmp(token, "reject") == 0)
 		parsedline->auth_method = uaReject;
 	else if (strcmp(token, "md5") == 0)
+	{
+		if (Db_user_namespace)
+		{
+			ereport(LOG,
+					(errcode(ERRCODE_CONFIG_FILE_ERROR),
+					 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
+			return false;
+		}
 		parsedline->auth_method = uaMD5;
+	}
 	else if (strcmp(token, "pam") == 0)
 #ifdef USE_PAM
 		parsedline->auth_method = uaPAM;
-- 
cgit v1.2.3