Обсуждение: pgsql: Re-validate connection string in libpqrcv_connect().

Re-validate connection string in libpqrcv_connect().

A superuser may create a subscription with password_required=true, but
which uses a connection string without a password.

Previously, if the owner of such a subscription was changed to a
non-superuser, the non-superuser was able to utilize a password from
another source (like a password file or the PGPASSWORD environment
variable), which should not have been allowed.

This commit adds a step to re-validate the connection string before
connecting.

Reported-by: Jeff Davis
Author: Vignesh C
Reviewed-by: Peter Smith, Robert Haas, Amit Kapila
Discussion: https://www.postgresql.org/message-id/flat/e5892973ae2a80a1a3e0266806640dae3c428100.camel%40j-davis.com
Backpatch-through: 16

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/5c31669058b5550b4b3d623c07bc4203c11b8316

Modified Files
--------------
doc/src/sgml/ref/create_subscription.sgml          | 11 +--
.../libpqwalreceiver/libpqwalreceiver.c            |  9 +++
src/test/subscription/t/027_nosuperuser.pl         | 80 ++++++++++++++++++++++
3 files changed, 95 insertions(+), 5 deletions(-)

On Fri, 2024-01-12 at 21:43 +0000, Jeff Davis wrote:
> Re-validate connection string in libpqrcv_connect().

Looks like the test is causing problems on drogo:

ERROR:  could not connect to the publisher: connection to server at
"127.0.0.1", port 54707 failed: FATAL:  SSPI authentication failed for
user "regress_test_user"'

https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2024-01-13%2002%3A41%3A35

I think we need to change the pg_hba.conf on the publisher before
creating (or at least before enabling) the subscription. I might have
to commit a trial fix unless someone can debug this more easily on
drogo's configuration.

I suppose I could also take out the test, but I like that it adds
better coverage of the password_required setting.

Regards,
    Jeff Davis

Jeff Davis <pgsql@j-davis.com> writes:
>> Re-validate connection string in libpqrcv_connect().

> Looks like the test is causing problems on drogo:

> ERROR:  could not connect to the publisher: connection to server at
> "127.0.0.1", port 54707 failed: FATAL:  SSPI authentication failed for
> user "regress_test_user"'

I might be wrong, but I think the problem is lack of an auth_extra
setting for that role.  See for example 1e3f461e8.

            regards, tom lane