public inbox for [email protected]  
help / color / mirror / Atom feed
From: Nathan Bossart <[email protected]>
To: Joseph Koshakow <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: Preventing non-superusers from altering session authorization
Date: Wed, 21 Jun 2023 20:48:18 -0700
Message-ID: <20230622034818.GA1077640@nathanxps13> (raw)
In-Reply-To: <CAAvxfHc-HHzONQ2oXdvhFF9ayRnidPwK+fVBhRzaBWYYLVQL-g@mail.gmail.com>
References: <CAAvxfHc-HHzONQ2oXdvhFF9ayRnidPwK+fVBhRzaBWYYLVQL-g@mail.gmail.com>

On Wed, Jun 21, 2023 at 04:28:43PM -0400, Joseph Koshakow wrote:
> +	roleTup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(AuthenticatedUserId));
> +	if (!HeapTupleIsValid(roleTup))
> +		ereport(FATAL,
> +				(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
> +						errmsg("role with OID %u does not exist", AuthenticatedUserId)));
> +	rform = (Form_pg_authid) GETSTRUCT(roleTup);

I think "superuser_arg(AuthenticatedUserId)" would work here.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com






view thread (4+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Preventing non-superusers from altering session authorization
  In-Reply-To: <20230622034818.GA1077640@nathanxps13>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox