Re-validate connection string in libpqrcv_connect().
Jeff Davis <jdavis@postgresql.org>
Re-validate connection string in libpqrcv_connect(). A superuser may create a subscription with password_required=true, but which uses a connection string without a password. Previously, if the owner of such a subscription was changed to a non-superuser, the non-superuser was able to utilize a password from another source (like a password file or the PGPASSWORD environment variable), which should not have been allowed. This commit adds a step to re-validate the connection string before connecting. Reported-by: Jeff Davis Author: Vignesh C Reviewed-by: Peter Smith, Robert Haas, Amit Kapila Discussion: https://www.postgresql.org/message-id/flat/e5892973ae2a80a1a3e0266806640dae3c428100.camel%40j-davis.com Backpatch-through: 16
Files
| Path | Change | +/− |
|---|---|---|
| doc/src/sgml/ref/create_subscription.sgml | modified | +6 −5 |
| src/backend/replication/libpqwalreceiver/libpqwalreceiver.c | modified | +9 −0 |
| src/test/subscription/t/027_nosuperuser.pl | modified | +80 −0 |
Documentation touched
Discussion
- [16+] subscription can end up in inconsistent state 25 messages · 2023-09-10 → 2024-01-18