projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a160423) |
Re-validate connection string in libpqrcv_connect().
authorJeff Davis <[email protected]>
Fri, 12 Jan 2024 21:41:36 +0000 (13:41 -0800)
committerJeff Davis <[email protected]>
Fri, 12 Jan 2024 21:41:36 +0000 (13:41 -0800)
commit5c31669058b5550b4b3d623c07bc4203c11b8316
treea4b14e4019276cd67e5c5d93a3bad14f2d6710e1tree
parenta1604237a6ffee70b171bacd5f36b0e380afd33acommit | diff
Re-validate connection string in libpqrcv_connect().

A superuser may create a subscription with password_required=true, but
which uses a connection string without a password.

Previously, if the owner of such a subscription was changed to a
non-superuser, the non-superuser was able to utilize a password from
another source (like a password file or the PGPASSWORD environment
variable), which should not have been allowed.

This commit adds a step to re-validate the connection string before
connecting.

Reported-by: Jeff Davis
Author: Vignesh C
Reviewed-by: Peter Smith, Robert Haas, Amit Kapila
Discussion: https://www.postgresql.org/message-id/flat/e5892973ae2a80a1a3e0266806640dae3c428100.camel%40j-davis.com
Back-through: 16
doc/src/sgml/ref/create_subscription.sgmldiff | blob | blame | history
src/backend/replication/libpqwalreceiver/libpqwalreceiver.cdiff | blob | blame | history
src/test/subscription/t/027_nosuperuser.pldiff | blob | blame | history
This is the main PostgreSQL git repository.