Re: Bug in pg_hba.conf or pg_basebackup concerning replication connections

On 04/09/2011 03:18 PM, Brendan Jurd wrote:
> On 10 April 2011 04:23, Joshua Berkus<josh(at)agliodbs(dot)com> wrote:
>> If I have the following line in pg_hba.conf:
>>
>> host replication replication all md5
>>
>> pg_basebackup -x -v -P -h master1 -U replication -D $PGDATA
>> pg_basebackup: could not connect to server: FATAL: no pg_hba.conf entry for replication connection from host "216.121.61.233", user "replication"
>>
> Welcome to the wonderful world of keywords in hba not being specific
> to fields. I encountered this problem myself back in Oct 2010 [1] and
> predicted that it would bite other users. You've been kind enough to
> validate that prediction. I submitted a WIP patch aimed at fixing it
> just over a week ago [2].
>
> Until that patch (or some other solution) goes through, you'll need to
> quote "replication" in your hba.conf if you want to use it as a
> username.
>
> Cheers,
> BJ
>
> [1] http://archives.postgresql.org/message-id/AANLkTi=q8DZj79OKrWc-kE9zg-rH-1tcQdqbsbKfO1zF@mail.gmail.com
> [2] http://archives.postgresql.org/message-id/AANLkTin8p0SoN1YJeXO3cgiDLxev67oh4c7VtJ7e0h4O@mail.gmail.com
>

That's a 2000 line patch that looks like it's out of the question now.
But I think this should fix Josh's immediate problem if we want to do it:

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index 2def6ce..4306071 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -492,6 +492,8 @@ check_role(const char *role, Oid roleid, char
*param_str)
return true;
}
else if (strcmp(tok, role) == 0 ||
+ (strcmp(tok, "replication\n") == 0 &&
+ strcmp(role,"replication") ==0) ||
strcmp(tok, "all\n") == 0)
return true;
}

Incidentally, are walsenders supposed to be able to match any db name
other than 'replication'? If not, I think we have a bug in check_db(),
which is probably missing an "else return false;" in the amwalsender branch.
cheers

andrew