Change the error message for logical replication authentication failure.

The authentication failure error message wasn't distinguishing whether
it is a physical replication or logical replication connection failure and
was giving incomplete information on what led to failure in case of logical
replication connection.

Author: Paul Martinez and Amit Kapila
Reviewed-by: Euler Taveira and Amit Kapila
Discussion: https://postgr.es/m/CACqFVBYahrAi2OPdJfUA3YCvn3QMzzxZdw0ibSJ8wouWeDtiyQ@mail.gmail.com

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index c4b9971a206cc43d4cb360df1e58c3fc37ad91e0..b420486a0afa155201e0b10a1183884d6a2f3793 100644 (file)
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -229,8 +229,10 @@ hostnogssenc  <replaceable>database</replaceable>  <replaceable>user</replaceabl
        members of the role, directly or indirectly, and not just by
        virtue of being a superuser.
        The value <literal>replication</literal> specifies that the record
-       matches if a physical replication connection is requested (note that
-       replication connections do not specify any particular database).
+       matches if a physical replication connection is requested, however, it
+       doesn't match with logical replication connections. Note that physical
+       replication connections do not specify any particular database whereas
+       logical replication connections do specify it.
        Otherwise, this is the name of
        a specific <productname>PostgreSQL</productname> database.
        Multiple database names can be supplied by separating them with

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 545635f41a916c740aacd6a8b68672d10378b7ab..baa0712c0f7fab61c40832723e8b9b71f7842e2a 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -417,7 +417,7 @@ ClientAuthentication(Port *port)
 #endif
                    _("no encryption");
 
-               if (am_walsender)
+               if (am_walsender && !am_db_walsender)
                    ereport(FATAL,
                            (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
                    /* translator: last %s describes encryption state */
@@ -484,7 +484,7 @@ ClientAuthentication(Port *port)
                                  gai_strerror(port->remote_hostname_errcode)) : \
                    0))
 
-               if (am_walsender)
+               if (am_walsender && !am_db_walsender)
                    ereport(FATAL,
                            (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
                    /* translator: last %s describes encryption state */