Quick Links

[PATCH] pg_hba.conf error messages for logical replication connections

From:	Paul Martinez <paulmtz(at)google(dot)com>
To:	pgsql-hackers(at)postgresql(dot)org
Subject:	[PATCH] pg_hba.conf error messages for logical replication connections
Date:	2021-01-28 02:58:40
Message-ID:	CACqFVBYahrAi2OPdJfUA3YCvn3QMzzxZdw0ibSJ8wouWeDtiyQ@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Hey, all,

When creating a logical replication connection that isn't allowed by the
current pg_hba.conf, the error message states that a "replication
connection" is not allowed.

This error message is confusing because although the user is trying to
create a replication connection and specified "replication=database" in
the connection string, the special "replication" pg_hba.conf keyword
does not apply. I believe the error message should just refer to a
regular connection and specify the database the user is trying to
connect to.

When connecting using "replication" in a connection string, the variable
am_walsender is set to true. When "replication=database" is specified,
the variable am_db_walsender is also set to true [1].

When checking whether a pg_hba.conf rule matches in libpq/hba.c, we only
check for the "replication" keyword when am_walsender && !am_db_walsender [2].

But then when reporting error messages in libpq/auth.c, only
am_walsender is used in the condition that chooses whether to specify
"replication connection" or "connection" to a specific database in the
error message [3] [4].

In this patch I have modified the conditions in libpq/auth.c to check
am_walsender && !am_db_walsender, as in hba.c. I have also added a
clarification in the documentation for pg_hba.conf.

> The value `replication` specifies that the record matches if a
> physical replication connection is requested (note that replication
> - connections do not specify any particular database).
> + connections do not specify any particular database), but it does not
> + match logical replication connections that specify
> + `replication=database` and a `dbname` in their connection string.

Thanks,
Paul

[1]: https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/postmaster/postmaster.c;h=7de27ee4e0171863faca2f24d62488b773a7636e;hb=HEAD#l2154

[2]: https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/libpq/hba.c;h=371dccb852fd5c0775c7ebd82b67de3f20dc70af;hb=HEAD#l640

[3]: https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/libpq/auth.c;h=545635f41a916c740aacd6a8b68672d10378b7ab;hb=HEAD#l420

[4]: https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/libpq/auth.c;h=545635f41a916c740aacd6a8b68672d10378b7ab;hb=HEAD#l487

Attachment	Content-Type	Size
pg_hba_conf_error_message_patch_v00.diff	application/octet-stream	2.2 KB

Responses

Re: [PATCH] pg_hba.conf error messages for logical replication connections at 2021-01-29 04:17:06 from Amit Kapila

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Kyotaro Horiguchi	2021-01-28 03:06:27	Re: Wrong usage of RelationNeedsWAL
Previous Message	Amit Kapila	2021-01-28 02:47:07	Re: On login trigger: take three