Postgres Pro
Downloads
Home   >   mailing lists

[PATCH] pg_hba.conf error messages for logical replication connections - Mailing list pgsql-hackers

From Paul Martinez
Subject [PATCH] pg_hba.conf error messages for logical replication connections
Date
Msg-id CACqFVBYahrAi2OPdJfUA3YCvn3QMzzxZdw0ibSJ8wouWeDtiyQ@mail.gmail.com
Whole thread Raw
Responses Re: [PATCH] pg_hba.conf error messages for logical replication connections  (Amit Kapila <amit.kapila16@gmail.com>)
List pgsql-hackers
Tree view 
Hey, all,

When creating a logical replication connection that isn't allowed by the
current pg_hba.conf, the error message states that a "replication
connection" is not allowed.

This error message is confusing because although the user is trying to
create a replication connection and specified "replication=database" in
the connection string, the special "replication" pg_hba.conf keyword
does not apply. I believe the error message should just refer to a
regular connection and specify the database the user is trying to
connect to.

When connecting using "replication" in a connection string, the variable
am_walsender is set to true. When "replication=database" is specified,
the variable am_db_walsender is also set to true [1].

When checking whether a pg_hba.conf rule matches in libpq/hba.c, we only
check for the "replication" keyword when am_walsender && !am_db_walsender [2].

But then when reporting error messages in libpq/auth.c, only
am_walsender is used in the condition that chooses whether to specify
"replication connection" or "connection" to a specific database in the
error message [3] [4].

In this patch I have modified the conditions in libpq/auth.c to check
am_walsender && !am_db_walsender, as in hba.c. I have also added a
clarification in the documentation for pg_hba.conf.

>   The value `replication` specifies that the record matches if a
>   physical replication connection is requested (note that replication
> - connections do not specify any particular database).
> + connections do not specify any particular database), but it does not
> + match logical replication connections that specify
> + `replication=database` and a `dbname` in their connection string.

Thanks,
Paul

[1]:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/postmaster/postmaster.c;h=7de27ee4e0171863faca2f24d62488b773a7636e;hb=HEAD#l2154

[2]:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/libpq/hba.c;h=371dccb852fd5c0775c7ebd82b67de3f20dc70af;hb=HEAD#l640

[3]:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/libpq/auth.c;h=545635f41a916c740aacd6a8b68672d10378b7ab;hb=HEAD#l420

[4]:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/libpq/auth.c;h=545635f41a916c740aacd6a8b68672d10378b7ab;hb=HEAD#l487
Attachment

pgsql-hackers by date:

Previous
From: Amit Kapila
Date:
Subject: Re: On login trigger: take three
Next
From: Kyotaro Horiguchi
Date:
Subject: Re: Wrong usage of RelationNeedsWAL