Re: Preventing non-superusers from altering session authorization - Mailing list pgsql-hackers

From Nathan Bossart
Subject Re: Preventing non-superusers from altering session authorization
Date
Msg-id 20230622034818.GA1077640@nathanxps13
Whole thread Raw
In response to Preventing non-superusers from altering session authorization  (Joseph Koshakow <koshy44@gmail.com>)
Responses Re: Preventing non-superusers from altering session authorization
List pgsql-hackers
On Wed, Jun 21, 2023 at 04:28:43PM -0400, Joseph Koshakow wrote:
> +    roleTup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(AuthenticatedUserId));
> +    if (!HeapTupleIsValid(roleTup))
> +        ereport(FATAL,
> +                (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
> +                        errmsg("role with OID %u does not exist", AuthenticatedUserId)));
> +    rform = (Form_pg_authid) GETSTRUCT(roleTup);

I think "superuser_arg(AuthenticatedUserId)" would work here.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com



pgsql-hackers by date:

Previous
From: Amit Kapila
Date:
Subject: Re: Assert while autovacuum was executing
Next
From: shveta malik
Date:
Subject: Re: Support logical replication of DDLs