Add FATAL_CLIENT_ONLY to ereport/elog SASL exchanges must end with either an AuthenticationOk or an ErrorResponse from the server, and the standard way to produce an ErrorResponse packet is for auth_failed() to call ereport(FATAL). This means that there's no way for a SASL mechanism to suppress the server log entry if the "authentication attempt" was really just a query for authentication metadata, as is done with OAUTHBEARER.
Following the example of 1f9158ba4, add a FATAL_CLIENT_ONLY elevel. This will allow ClientAuthentication() to choose not to log a particular failure, while still correctly ending the authentication exchange before process exit. (The provenance of this patch is convoluted: since it's a mechanical copy-paste of 1f9158ba4, both Zsolt Parragi and I produced nearly identical versions independently, and Andrey Borodin reviewed Zsolt's version. Tom Lane is the author of 1f9158ba4, but I don't want to imply that he's signed off on this adaptation. See Discussion.) Reviewed-by: Andrey Borodin <[email protected]> Discussion: https://postgr.es/m/CAN4CZFPim7hUiyb7daNKQPSZ8CvQRBGkVhbvED7yZi8VktSn4Q%40mail.gmail.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/c2bca7cc9621f45e27dc332e3f58c7544386de88 Modified Files -------------- src/backend/utils/error/elog.c | 7 +++++-- src/include/utils/elog.h | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-)
