Skip to content

Commit cb9bb57

Browse files
darolddarold
committed
Fix password_valid_until / password_valid_max behavior. Thanks to wlkvv Daniel for the report.
1 parent 9b42c77 commit cb9bb57

1 file changed

Lines changed: 9 additions & 5 deletions

File tree

credcheck.c

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1630,10 +1630,14 @@ cc_ProcessUtility(PEL_PROCESSUTILITY_PROTO)
16301630
errmsg(gettext_noop("the VALID UNTIL option must have a date older than %d days"), password_valid_until)));
16311631
}
16321632
/* check that the valid until date is not under the limit of days */
1633-
if (dvalidUntil && dvalidUntil->arg && password_valid_max > 0)
1633+
if (dvalidUntil && dvalidUntil->arg)
16341634
{
16351635
int valid_max = check_valid_until(strVal(dvalidUntil->arg));
1636-
if (valid_max > password_valid_max)
1636+
if (password_valid_until > 0 && valid_max < password_valid_until)
1637+
ereport(ERROR,
1638+
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
1639+
errmsg(gettext_noop("the VALID UNTIL option must have a date beyond %d days"), password_valid_until)));
1640+
if (password_valid_max > 0 && valid_max > password_valid_max)
16371641
ereport(ERROR,
16381642
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
16391643
errmsg(gettext_noop("the VALID UNTIL option must NOT have a date beyond %d days"), password_valid_max)));
@@ -1751,11 +1755,11 @@ cc_ProcessUtility(PEL_PROCESSUTILITY_PROTO)
17511755
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
17521756
errmsg(gettext_noop("require a VALID UNTIL option with a date older than %d days"), password_valid_until)));
17531757

1754-
/* check that a maximum number of days for password validity is defined */
1755-
if (password_valid_max > 0 && valid_max < password_valid_max)
1758+
/* check that we do not exceed the number of days for password validity */
1759+
if (password_valid_max > 0 && valid_max > password_valid_max)
17561760
ereport(ERROR,
17571761
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
1758-
errmsg(gettext_noop("require a VALID UNTIL option with a date beyond %d days"), password_valid_max)));
1762+
errmsg(gettext_noop("require a VALID UNTIL option with a date NOT beyond %d days"), password_valid_max)));
17591763

17601764
#if PG_VERSION_NUM >= 120000
17611765
/* The password can be saved into the history */

0 commit comments

Comments
 (0)