Re: Preventing non-superusers from altering session authorization

On Wed, Jun 21, 2023 at 04:28:43PM -0400, Joseph Koshakow wrote:
> +    roleTup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(AuthenticatedUserId));
> +    if (!HeapTupleIsValid(roleTup))
> +        ereport(FATAL,
> +                (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
> +                        errmsg("role with OID %u does not exist", AuthenticatedUserId)));
> +    rform = (Form_pg_authid) GETSTRUCT(roleTup);

I think "superuser_arg(AuthenticatedUserId)" would work here.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com