From 1c0724fdf78e8ca74aa22cf03a7a76ab91e0d700 Mon Sep 17 00:00:00 2001
From: Vignesh C <vignesh21@gmail.com>
Date: Fri, 22 Sep 2023 12:27:34 +0530
Subject: [PATCH v2] Make sure that the password option is provided for
 non-superusers when password required is true.

Password can be set from PGPASS file, for non-superusers we should
make sure that the password option is provided when password required
is true before subscriber connects to the publisher.
---
 .../replication/libpqwalreceiver/libpqwalreceiver.c       | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c
index 60d5c1fc40..76ceaf2019 100644
--- a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c
+++ b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c
@@ -137,6 +137,14 @@ libpqrcv_connect(const char *conninfo, bool logical, bool must_use_password,
 	const char *vals[6];
 	int			i = 0;
 
+	/*
+	 * Check if the password is specified as part of connection string itself
+	 * for non-superusers. This check is required to prevent password being
+	 * set from PGPASS file in case of non-superusers.
+	 */
+	if (must_use_password)
+		libpqrcv_check_conninfo(conninfo, true);
+
 	/*
 	 * We use the expand_dbname parameter to process the connection string (or
 	 * URI), and pass some extra options.
-- 
2.34.1