Fix for password authentication does not work in certain cases

Pgpool-II was only trying to get the password from the pool_passwd file when
backends were configured to use password authentication.  And when the password
is not present in the pool_passwd file it was failing without trying to get the
password from the user even when clear text authentication was allowed on
frontend connections.

The fix is to use clear text password authentication with frontend to get the
user password (If it is allowed by the configuration) when the password for the
connecting user is not found in the pool_passwd file.

The issue was reported by "Tatsuo Ishii<ishii@sraoss.co.jp>"

diff --git a/src/auth/pool_auth.c b/src/auth/pool_auth.c
index 2cc50fe24f2a82f3e9a4e7f9b1028b8107328a80..3421c178a92cf512ae1a94552531fb7331c77e38 100644 (file)
--- a/src/auth/pool_auth.c
+++ b/src/auth/pool_auth.c
@@ -1019,12 +1019,35 @@ do_clear_text_password(POOL_CONNECTION * backend, POOL_CONNECTION * frontend, in
                /* frontend and backend are both authenticated already */
                return 0;
        }
+
        if (get_auth_password(backend, frontend, reauth, &pwd, &passwordType) == false)
        {
-               ereport(FATAL,
-                               (return_code(2),
-                                errmsg("clear text password authentication failed"),
-                                errdetail("unable to get the password for user: \"%s\"", frontend->username)));
+               /*
+                * We do not have any passeord, we can still get the password
+                * from client using plain text authentication if it is
+                * allowed by user
+                */
+
+               if (frontend->pool_hba == NULL ||
+                       frontend->pool_hba->auth_method == uaPassword ||
+                       pool_config->allow_clear_text_frontend_auth )
+               {
+                       ereport(DEBUG1,
+                               (errmsg("using clear text authentication with frontend"),
+                                        errdetail("backend is using password authentication")));
+
+                       authenticate_frontend_clear_text(frontend);
+
+                       /* now check again if we have a password now */
+
+                       if (get_auth_password(backend, frontend, reauth, &pwd, &passwordType) == false)
+                       {
+                               ereport(FATAL,
+                                               (return_code(2),
+                                                       errmsg("clear text password authentication failed"),
+                                                       errdetail("unable to get the password for user: \"%s\"", frontend->username)));
+                       }
+               }
        }
 
        if (passwordType == PASSWORD_TYPE_AES)