Working version for PostgreSQL 10.

pgaudit · Jun 28, 2017 · 067cb6a · 067cb6a
1 parent 7befa05
commit 067cb6a
Show file tree

Hide file tree

Showing 9 changed files with 38 additions and 36 deletions.
diff --git a/Makefile b/Makefile
@@ -4,7 +4,7 @@ MODULE_big = pgaudit
 OBJS = pgaudit.o $(WIN32RES)
 
 EXTENSION = pgaudit
-DATA = pgaudit--1.1.1.sql pgaudit--1.0--1.1.1.sql
+DATA = pgaudit--1.2.sql
 PGFILEDESC = "pgAudit - An audit logging extension for PostgreSQL"
 
 REGRESS = pgaudit

diff --git a/README.md b/README.md
@@ -49,12 +49,14 @@ To limit the number of relations audit logged for `SELECT` and `DML` statements,
 
 pgAudit was developed to support PostgreSQL 9.5 or greater.
 
-In order to support new functionality introduced in each PostgreSQL release, pgAudit maintains a separate branch for each PostgreSQL major version (currently PostgreSQL 9.5 through PostgreSQL 9.6) which will be maintained in a manner similar to the PostgreSQL project.
+In order to support new functionality introduced in each PostgreSQL release, pgAudit maintains a separate branch for each PostgreSQL major version (currently PostgreSQL 9.5 through PostgreSQL 10) which will be maintained in a manner similar to the PostgreSQL project.
 
-Aside from bug fixes, no further development is planned for the PostgreSQL 9.5 through PostgreSQL 9.6 branches. New development, if any, will be strictly for next unreleased major version of PostgreSQL.
+Aside from bug fixes, no further development is planned for the PostgreSQL 9.5 through PostgreSQL 10 branches. New development, if any, will be strictly for next unreleased major version of PostgreSQL.
 
 pgAudit versions relate to PostgreSQL major versions as follows:
 
+- **pgAudit v1.2.X** is intended to support PostgreSQL 10.
+
 - **pgAudit v1.1.X** is intended to support PostgreSQL 9.6.
 
 - **pgAudit v1.0.X** is intended to support PostgreSQL 9.5.
@@ -101,7 +103,7 @@ Settings may be modified only by a superuser. Allowing normal users to change th
 
 Settings can be specified globally (in `postgresql.conf` or using `ALTER SYSTEM ... SET`), at the database level (using `ALTER DATABASE ... SET`), or at the role level (using `ALTER ROLE ... SET`). Note that settings are not inherited through normal role inheritance and `SET ROLE` will not alter a user's pgAudit settings. This is a limitation of the roles system and not inherent to pgAudit.
 
-The pgAudit extension must be loaded in [shared_preload_libraries](http://www.postgresql.org/docs/9.6/static/runtime-config-client.html#GUC-SHARED-PRELOAD-LIBRARIES). Otherwise, an error will be raised at load time and no audit logging will occur. In addition, `CREATE EXTENSION pgaudit` must be called before `pgaudit.log` is set. If the `pgaudit` extension is dropped and needs to be recreated then `pgaudit.log` must be unset first otherwise an error will be raised.
+The pgAudit extension must be loaded in [shared_preload_libraries](http://www.postgresql.org/docs/10/static/runtime-config-client.html#GUC-SHARED-PRELOAD-LIBRARIES). Otherwise, an error will be raised at load time and no audit logging will occur. In addition, `CREATE EXTENSION pgaudit` must be called before `pgaudit.log` is set. If the `pgaudit` extension is dropped and needs to be recreated then `pgaudit.log` must be unset first otherwise an error will be raised.
 
 ### pgaudit.log
 
@@ -324,7 +326,7 @@ Audit entries are written to the standard logging facility and contain the follo
 
 - **PARAMETER** - If `pgaudit.log_parameter` is set then this field will contain the statement parameters as quoted CSV.
 
-Use [log_line_prefix](http://www.postgresql.org/docs/9.6/static/runtime-config-logging.html#GUC-LOG-LINE-PREFIX) to add any other fields that are needed to satisfy your audit log requirements. A typical log line prefix might be `'\%m \%u \%d: '` which would provide the date/time, user name, and database name for each audit log.
+Use [log_line_prefix](http://www.postgresql.org/docs/10/static/runtime-config-logging.html#GUC-LOG-LINE-PREFIX) to add any other fields that are needed to satisfy your audit log requirements. A typical log line prefix might be `'\%m \%u \%d: '` which would provide the date/time, user name, and database name for each audit log.
 
 ## Caveats
 

diff --git a/expected/pgaudit.out b/expected/pgaudit.out
@@ -1123,6 +1123,7 @@ DROP TABLE tmp2;
 SET client_min_messages = 'warning';
 ALTER ROLE :current_user RESET pgaudit.log;
 ALTER ROLE :current_user RESET pgaudit.log_catalog;
+ALTER ROLE :current_user RESET pgaudit.log_client;
 ALTER ROLE :current_user RESET pgaudit.log_level;
 ALTER ROLE :current_user RESET pgaudit.log_parameter;
 ALTER ROLE :current_user RESET pgaudit.log_relation;

diff --git a/pgaudit--1.0--1.1.1.sql b/pgaudit--1.0--1.1.1.sql
diff --git a/pgaudit--1.1.1.sql → pgaudit--1.2.sql b/pgaudit--1.1.1.sql → pgaudit--1.2.sql
@@ -1,4 +1,4 @@
-/* pgaudit/pgaudit--1.1.1.sql */
+/* pgaudit/pgaudit--1.2.sql */
 
 -- complain if script is sourced in psql, rather than via CREATE EXTENSION
 \echo Use "CREATE EXTENSION pgaudit" to load this file.\quit

diff --git a/pgaudit.c b/pgaudit.c
@@ -35,6 +35,7 @@
 #include "utils/rel.h"
 #include "utils/syscache.h"
 #include "utils/timestamp.h"
+#include "utils/varlena.h"
 
 PG_MODULE_MAGIC;
 
@@ -494,7 +495,7 @@ log_audit_event(AuditEventStackItem *stackItem)
 
             switch (stackItem->auditEvent.commandTag)
             {
-                    /* Currently, only EXECUTE is different */
+                /* Currently, only EXECUTE is different */
                 case T_ExecuteStmt:
                     className = CLASS_MISC;
                     class = LOG_MISC;
@@ -596,16 +597,17 @@ log_audit_event(AuditEventStackItem *stackItem)
         case LOGSTMT_ALL:
             switch (stackItem->auditEvent.commandTag)
             {
-                    /* READ statements */
+                /* READ statements */
                 case T_CopyStmt:
+                case T_DeclareCursorStmt:
                 case T_SelectStmt:
                 case T_PrepareStmt:
                 case T_PlannedStmt:
                     className = CLASS_READ;
                     class = LOG_READ;
                     break;
 
-                    /* FUNCTION statements */
+                /* FUNCTION statements */
                 case T_DoStmt:
                     className = CLASS_FUNCTION;
                     class = LOG_FUNCTION;
@@ -1342,12 +1344,13 @@ pgaudit_ExecutorCheckPerms_hook(List *rangeTabls, bool abort)
  * Hook ProcessUtility to do session auditing for DDL and utility commands.
  */
 static void
-pgaudit_ProcessUtility_hook(Node *parsetree,
-                             const char *queryString,
-                             ProcessUtilityContext context,
-                             ParamListInfo params,
-                             DestReceiver *dest,
-                             char *completionTag)
+pgaudit_ProcessUtility_hook(PlannedStmt *pstmt,
+                            const char *queryString,
+                            ProcessUtilityContext context,
+                            ParamListInfo params,
+                            QueryEnvironment *queryEnv,
+                            DestReceiver *dest,
+                            char *completionTag)
 {
     AuditEventStackItem *stackItem = NULL;
     int64 stackId = 0;
@@ -1371,9 +1374,9 @@ pgaudit_ProcessUtility_hook(Node *parsetree,
             stackItem = stack_push();
 
         stackId = stackItem->stackId;
-        stackItem->auditEvent.logStmtLevel = GetCommandLogLevel(parsetree);
-        stackItem->auditEvent.commandTag = nodeTag(parsetree);
-        stackItem->auditEvent.command = CreateCommandTag(parsetree);
+        stackItem->auditEvent.logStmtLevel = GetCommandLogLevel(pstmt->utilityStmt);
+        stackItem->auditEvent.commandTag = nodeTag(pstmt->utilityStmt);
+        stackItem->auditEvent.command = CreateCommandTag(pstmt->utilityStmt);
         stackItem->auditEvent.commandText = queryString;
 
         /*
@@ -1388,11 +1391,11 @@ pgaudit_ProcessUtility_hook(Node *parsetree,
 
     /* Call the standard process utility chain. */
     if (next_ProcessUtility_hook)
-        (*next_ProcessUtility_hook) (parsetree, queryString, context,
-                                     params, dest, completionTag);
+        (*next_ProcessUtility_hook) (pstmt, queryString, context, params,
+                                     queryEnv, dest, completionTag);
     else
-        standard_ProcessUtility(parsetree, queryString, context,
-                                params, dest, completionTag);
+        standard_ProcessUtility(pstmt, queryString, context, params,
+                                queryEnv, dest, completionTag);
 
     /*
      * Process the audit event if there is one.  Also check that this event
@@ -1845,7 +1848,7 @@ _PG_init(void)
 
         "Specifies that session logging should be enabled in the case where "
         "all relations in a statement are in pg_catalog.  Disabling this "
-         "setting will reduce noise in the log from tools like psql and PgAdmin "
+        "setting will reduce noise in the log from tools like psql and PgAdmin "
         "that query the catalog heavily.",
 
         NULL,

diff --git a/pgaudit.control b/pgaudit.control
@@ -1,5 +1,5 @@
 # pgaudit extension
 comment = 'provides auditing functionality'
-default_version = '1.1.1'
+default_version = '1.2'
 module_pathname = '$libdir/pgaudit'
 relocatable = true
diff --git a/sql/pgaudit.sql b/sql/pgaudit.sql
@@ -779,6 +779,7 @@ SET client_min_messages = 'warning';
 
 ALTER ROLE :current_user RESET pgaudit.log;
 ALTER ROLE :current_user RESET pgaudit.log_catalog;
+ALTER ROLE :current_user RESET pgaudit.log_client;
 ALTER ROLE :current_user RESET pgaudit.log_level;
 ALTER ROLE :current_user RESET pgaudit.log_parameter;
 ALTER ROLE :current_user RESET pgaudit.log_relation;

diff --git a/test/Vagrantfile b/test/Vagrantfile
@@ -8,10 +8,11 @@ Vagrant.configure(2) do |config|
     # Provision the VM
     config.vm.provision "shell", inline: <<-SHELL
         # Setup environment
-        export PG_VERSION=9.6
-        export PG_VERSION_NODOT=96
-        export PG_PACKAGE=pgdg-centos${PG_VERSION_NODOT?}-${PG_VERSION?}-3.noarch.rpm
-        export PG_PATH=$PATH:/usr/pgsql-${PG_VERSION?}/bin
+        echo 'export PG_VERSION=10' >> /etc/bashrc
+        echo 'export PG_VERSION_NODOT=10' >> /etc/bashrc
+        echo 'export PG_PACKAGE=pgdg-centos${PG_VERSION_NODOT?}-${PG_VERSION?}-1.noarch.rpm' >> /etc/bashrc
+        echo 'export PATH=$PATH:/usr/pgsql-${PG_VERSION?}/bin' >> /etc/bashrc
+        source /etc/bashrc
 
         # Install PostgreSQL
         rpm -ivh http://yum.postgresql.org/${PG_VERSION?}/redhat/rhel-6-x86_64/${PG_PACKAGE?}
@@ -20,7 +21,7 @@ Vagrant.configure(2) do |config|
         # Compile & install pgaudit
         cd /
         yum install -y postgresql${PG_VERSION_NODOT?}-devel gcc openssl-devel
-        bash -c "export PATH='${PG_PATH?}' && make -C /pgaudit install USE_PGXS=1"
+        make -C /pgaudit install USE_PGXS=1
 
         # Create PostgreSQL cluster
         sudo -u postgres /usr/pgsql-${PG_VERSION?}/bin/initdb -A trust -k /var/lib/pgsql/${PG_VERSION?}/data
@@ -29,7 +30,7 @@ Vagrant.configure(2) do |config|
         sudo -u postgres psql -Xc 'create user vagrant superuser' postgres
 
         # Test pgaudit
-        sudo -u vagrant bash -c "export PATH='${PG_PATH?}' && make -C /pgaudit installcheck USE_PGXS=1"
+        sudo -u vagrant bash -cl 'make -C /pgaudit installcheck USE_PGXS=1'
     SHELL
 
   # Don't share the default vagrant folder