Skip to content

@mpalmi mpalmi released this Feb 28, 2019 · 2 commits to master since this release

Release 1.6.2 adds the following features/bugfixes:

  • 43973d8 2019-02-28 | Update regression tests for 1.6.2 (HEAD, tag: REL1_6_2, origin/master, origin/HEAD) [Mike Palmiotto]
  • 1096551 2019-02-27 | Require reset_user() when using set_user() [Yuli Khodorkovskiy]
  • bfb8182 2018-11-29 | Fix builds of set_user for PG12 [Yuli Khodorkovskiy]
  • c7157eb 2018-09-28 | Add set_user hooks queue [Mike Palmiotto]
  • 70b72d0 2018-09-27 | Update set_user hooks doc in README [Mike Palmiotto]
  • 3531230 2018-09-27 | Add utility function for registering hooks [Mike Palmiotto]
  • 6df909a 2018-08-23 | Use rendezvous variables for set_user post hooks [Mike Palmiotto]
  • 4543aec 2018-09-27 | Fix static analysis findings [Mike Palmiotto]
  • 0534fb5 2018-06-27 | Fix readme language to be more consistent [Brian Faherty]
  • 91cca0f 2018-06-25 | Add whitelist for set_user() target [Brian Faherty]
Assets 2
Pre-release

@mpalmi mpalmi released this Oct 3, 2018 · 5 commits to master since this release

Release candidate with static analysis fixes and new rendezvous hooks.

Assets 2

@mpalmi mpalmi released this Jun 25, 2018 · 12 commits to master since this release

Fix superuser whitelist bug.

Assets 2

@mpalmi mpalmi released this May 17, 2018 · 13 commits to master since this release

Version 1.6.0 adds one major feature:

  • superuser Audit Tag

Additionally, version 1.6.0 significantly updates the documentation for readability and maintainability.

Here is an abbreviated git history since the last release:

  • e661c61 2018-05-17 | Bump version to 1.6 to tag [Mike Palmiotto]
  • 56a136a 2018-05-17 | Fix const warning and log formatting [Mike Palmiotto]
  • 4dbe435 2018-05-17 | Change period to colon for consistency [Mike Palmiotto]
  • 9d0c798 2018-05-17 | Move TODO to bottom of README [Mike Palmiotto]
  • 4614e6d 2018-05-17 | Fix clumsy wording [Mike Palmiotto]
  • e3adc76 2018-05-17 | Update README formatting to be more maintainable [Mike Palmiotto]
  • bb96d79 2018-05-17 | Use single backtick for code tags [Mike Palmiotto]
  • e911f62 2018-05-17 | Update README structure for readability [Mike Palmiotto]
  • 9337606 2018-05-01 | Add superuser audit tag GUC [Mike Palmiotto]
  • 77942df 2018-04-19 | Bump version to 1.5 to tag [Mike Palmiotto]
  • ee9e8f1 2018-04-19 | Bump Copyright date to 2018 [Mike Palmiotto]
Assets 2

@mpalmi mpalmi released this Apr 19, 2018 · 22 commits to master since this release

Version 1.5.0 adds three major features:

  • set_user/reset_user post-execution hooks
  • group role whitelisting in set_user.superuser_whitelist
  • pdf doc generation

Here is the abbreviated git history:

  • f727c3b 2018-04-19 | Bump version to 1.5 to tag [Mike Palmiotto]
  • 28aabc9 2018-04-19 | Bump Copyright date to 2018 [Mike Palmiotto]
  • 3dd4764 2018-04-19 | Add some documentation for set_user hooks [Mike Palmiotto]
  • fe454c4 2018-04-19 | Get rid of some trailing whitespace in README.md Examples section [Mike Palmiotto]
  • 4dd7ba1 2018-04-19 | Fix typo in Requirements for group roles [Mike Palmiotto]
  • f284b03 2018-02-08 | Fix regression test failure for set_user_u [Mike Palmiotto]
  • 11788c7 2017-09-15 | Add group role support to superuser whitelist [Mike Palmiotto]
  • e673604 2018-03-20 | Add post-set_user hooks [Mike Palmiotto]
  • bb5e0ce 2017-07-19 | Add some more verbose notes [John K. Harvey]
  • 07ef6bf 2017-07-19 | Some gitignores and some cleanup [John K. Harvey]
  • dc25d1f 2017-07-18 | Docbuilder - generates pdf from Readme.md [John K. Harvey]
Assets 2

@mpalmi mpalmi released this Jul 17, 2017 · 33 commits to master since this release

Add untrusted set_user and superuser whitelist
This patch adds two new functionalities:

  • Distinguish between superuser escalation and normal set_user through use of
    the 'set_user_u' function.
  • Add granular control over which PostgreSQL roles can escalate to
    superuser.

Previously, we relied on only the Block_SU GUC to toggle all superuser
escalation privileges.

Assets 2

@mpalmi mpalmi released this May 3, 2017 · 43 commits to master since this release

6bf59fd Add pg10 compatibility for ProcessUtilityHook
set_user.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 46 insertions(+), 3 deletions(-)

Assets 2

@mpalmi mpalmi released this Feb 14, 2017 · 45 commits to master since this release

Joe Conway (2):
Add new variants of set_user and reset_user which allow a token to be set initially and if so required to be present and match at reset time.
In previous commit, two new versions of the existing functions were created, but I neglected to provide the permissions matching the originals. Fix that.

Assets 2

@jconway jconway released this Nov 22, 2016

Add new custom GUC set_user.block_superuser

Add new custom GUC set_user.block_superuser defaulting to off. When
on, will prevent switching to a role which has superuser privs.
Assets 2
Dec 15, 2015
Remove no longer relevant sections from the documentation.
You can’t perform that action at this time.