This is an automated email from the ASF dual-hosted git repository. yjhjstz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/cloudberry.git
commit e7e594420d73e4fc68ecfbc859b41fb2ae776003 Author: Haotian Chen <[email protected]> AuthorDate: Wed Aug 10 11:08:43 2022 +0800 Fix leak user information by LDAP (#13831) When an LDAP user attempts to login to the GPDB database with bad credentials, the below message is "leaked" to the log. This includes the LDAP server address, bind user (distinguished name), and bind password. Something like this: > 2021-11-23 19:43:46.528056 UTC,"ajones2","ajones2",p12654,th-1991804800,"127.0.0.1","53756",2021-11-23 19:43:42 UTC,0,con17,,seg-1,,,,sx1,"LOG","00000","LDAP login failed for user ""uid=ajones2,ou=people,dc=dc1,dc=nebula,dc=local"" on server ""192.168.1.82"": Invalid credentials",,,,,,,0,,"auth.c",2384, > > 2021-11-23 19:43:46.528139 UTC,"ajones2","ajones2",p12654,th-1991804800,"127.0.0.1","53756",2021-11-23 19:43:42 UTC,0,con17,,seg-1,,,,sx1,"FATAL","28000","LDAP authentication failed for user ""ajones2""","Connection matched pg_hba.conf line 92: ""host all ajones2 0.0.0.0/0 ldap ldapserver=192.168.1.82 ldapbasedn=""ou=people,dc=dc1,dc=nebula,dc=local"" ldapbinddn=""cn=admin,dc=dc1,dc=nebula,dc=local"" ldapbindpasswd=""SuperSecretPassword"" ldapsearchattribute=""uid"" "" [...] The reason is when we connect database by LDAP, if authentication failed LDAP server will return some user personal privacy like passwd, ID address etc.., so we need to hide these privacy detail to database user and avoid them existing in pg_log file. In this case, we don't need to add regression test here. Firstly, it is security issue only happed in LDAP, and will not cause other problems in database kernel. Secondly, Adding some regressions cases to test leaking infoomation details is also a hard work. Co-authored-by: CharlieTT <[email protected]> --- src/backend/libpq/auth.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index ad0e7e57f3..6561ff0bab 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -368,6 +368,18 @@ auth_failed(Port *port, int status, char *logdetail) cdetail = psprintf(_("Connection matched pg_hba.conf line %d: \"%s\""), port->hba->linenumber, port->hba->rawline); + + /* + * Avoid leak user infomations when failed to connect database using LDAP, + * and we need hide failed details return by LDAP. + * */ + if (port->hba->auth_method == uaLDAP) + { + pfree(cdetail); + cdetail = NULL; + logdetail = NULL; + } + if (logdetail) logdetail = psprintf("%s\n%s", logdetail, cdetail); else @@ -3254,8 +3266,7 @@ CheckLDAPAuth(Port *port) if (r != LDAP_SUCCESS) { ereport(LOG, - (errmsg("LDAP login failed for user \"%s\" on server \"%s\": %s", - fulluser, server_name, ldap_err2string(r)), + (errmsg("LDAP login failed for user on server."), errdetail_for_ldap(ldap))); ldap_unbind(ldap); pfree(passwd); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
