git.postgresql.org Git - postgresql.git/commit

projects / postgresql.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 9c00e4c) | patch

author	Jeff Davis <jdavis@postgresql.org>
	Fri, 12 Jan 2024 21:42:09 +0000 (13:42 -0800)
committer	Jeff Davis <jdavis@postgresql.org>
	Fri, 12 Jan 2024 21:42:09 +0000 (13:42 -0800)
commit	4c03ac7e2bc46988fe4ecf3b1aef393488786f12
tree	e1ff9956c956f5c94c1de28a1ab65b7ef019620b	tree
parent	9c00e4c7751f50e81636b0e837809b309bfe7ef6	commit \| diff

Re-validate connection string in libpqrcv_connect().

A superuser may create a subscription with password_required=true, but
which uses a connection string without a password.

Previously, if the owner of such a subscription was changed to a
non-superuser, the non-superuser was able to utilize a password from
another source (like a password file or the PGPASSWORD environment
variable), which should not have been allowed.

This commit adds a step to re-validate the connection string before
connecting.

Reported-by: Jeff Davis
Author: Vignesh C
Reviewed-by: Peter Smith, Robert Haas, Amit Kapila
Discussion: https://www.postgresql.org/message-id/flat/e5892973ae2a80a1a3e0266806640dae3c428100.camel%40j-davis.com
Backpatch-through: 16

doc/src/sgml/ref/create_subscription.sgml		diff \| blob \| blame \| history
src/backend/replication/libpqwalreceiver/libpqwalreceiver.c		diff \| blob \| blame \| history
src/test/subscription/t/027_nosuperuser.pl		diff \| blob \| blame \| history

This is the main PostgreSQL git repository.