pgAudit 1.1.0 commit log

Update master to PostgreSQL 9.6.

commit   : 081f5e3722ea19112c3d322573480e94ab6068a4    
  
author   : David Steele <david@crunchydata.com>    
date     : Wed, 16 Nov 2016 11:58:09 -0500    
  
committer: David Steele <david@crunchydata.com>    
date     : Wed, 16 Nov 2016 11:58:09 -0500    

Click here for diff

* Updated URLs and branch names in the documentation.  
* Changed COMMERR log level to LOG_SERVER_ONLY.  
* Updated regression tests.  

M README.md
M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Updated documentation formatting.

commit   : 83a2f4e6040e63418b32b107494880a49b801a61    
  
author   : David Steele <david@crunchydata.com>    
date     : Wed, 16 Nov 2016 11:27:07 -0500    
  
committer: David Steele <david@crunchydata.com>    
date     : Wed, 16 Nov 2016 11:27:07 -0500    

Click here for diff

M README.md

Added log-client option to suppress output to client regardless of client-min-messages setting.

commit   : 33c62cf149f728b7e2b4805e79fb5a026009bdc4    
  
author   : David Steele <david@pgmasters.net>    
date     : Tue, 15 Nov 2016 11:23:59 -0500    
  
committer: David Steele <david@pgmasters.net>    
date     : Tue, 15 Nov 2016 11:23:59 -0500    

Click here for diff

M README.md
M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Updates to comments and spacing.

commit   : d7aa601186368fa9bde6bfa77e83a45580e4674a    
  
author   : David Steele <david@crunchydata.com>    
date     : Mon, 14 Nov 2016 08:11:47 -0500    
  
committer: David Steele <david@crunchydata.com>    
date     : Mon, 14 Nov 2016 08:11:47 -0500    

Click here for diff

M pgaudit.c

Migrated the pgaudit_analyze project to the pgaudit_analyze repository.

commit   : 18d8c652cfac70d3e57cdd2aaa0a464ba161e5ae    
  
author   : David Steele <david@pgmasters.net>    
date     : Fri, 11 Nov 2016 14:55:48 -0500    
  
committer: David Steele <david@pgmasters.net>    
date     : Fri, 11 Nov 2016 14:55:48 -0500    

Click here for diff

D analyze/README.md
D analyze/bin/pgaudit_analyze
D analyze/lib/PgAudit/CSV.pm
D analyze/lib/PgAudit/Wait.pm
D analyze/sql/audit.sql
D analyze/test/Vagrantfile
D analyze/test/test.pl
D analyze/test/vm/pgaudit_analyze.service

Fix when using shared_preload_libraries on Windows.

commit   : 1c99eb969d28e950f8a236bc066aceac169bdc3a    
  
author   : Joe Conway <mail@joeconway.com>    
date     : Tue, 14 Jun 2016 09:24:46 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Tue, 14 Jun 2016 09:24:46 -0400    

Click here for diff

IsUnderPostmaster behaves differently under Windows than it does under Linux. Instead use  
process_shared_preload_libraries_in_progress to determine if pgaudit is being loaded by shared_preload_libraries.  

M pgaudit.c

Remove ‘use threads’ from Wait.pm, fix potential undefined scenario that happened on Solaris (#12)

commit   : a91f29388bdec6346e80fd596957659087706ac2    
  
author   : crunchyjohn <crunchyjohn@users.noreply.github.com>    
date     : Fri, 10 Jun 2016 14:48:42 -0400    
  
committer: David Steele <dwsteele@users.noreply.github.com>    
date     : Fri, 10 Jun 2016 14:48:42 -0400    

Click here for diff

M analyze/bin/pgaudit_analyze
M analyze/lib/PgAudit/Wait.pm

Update authors section.

commit   : 2a989ac3732d9486c84f287a84da44d33c8a0892    
  
author   : David Steele <david@pgmasters.net>    
date     : Sat, 4 Jun 2016 11:30:47 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Sat, 4 Jun 2016 11:30:47 -0400    

Click here for diff

M README.md

Passwords are now redacted in CREATE/ALTER ROLE statements.

commit   : 506ed71d906f875328b92d5bcf589047f322ff0f    
  
author   : David Steele <david@pgmasters.net>    
date     : Thu, 5 May 2016 15:25:16 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Thu, 5 May 2016 15:25:16 -0400    

Click here for diff

Note that all text in the statement after the "password" token is redacted so non-password related clauses will also be redacted when they follow the "password" token.  

M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Closed #9: CREATE EXTENSION problem.

commit   : 3296ceff06d06ab95ea4285e40503509c17a3cec    
  
author   : David Steele <david@pgmasters.net>    
date     : Tue, 29 Mar 2016 21:38:54 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Tue, 29 Mar 2016 21:38:54 -0400    

Click here for diff

This was happening because pgaudit.log was set before CREATE EXTENSION was called.  This caused an issue where pgaudit was trying to log itself being created which won't work properly with event triggers.  Documented that pgaudit.log must not be set when the pgaudit extension is created.  

M README.md

Fixed #7: Audit log problem with CREATE TABLE AS.

commit   : dded12726964ac7075d58529294cc7c5e5616d9d    
  
author   : David Steele <david@pgmasters.net>    
date     : Tue, 29 Mar 2016 21:29:07 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Tue, 29 Mar 2016 21:29:07 -0400    

Click here for diff

This issue was caused by an event that had already been logged being logged again by another call to ExecutorCheckPerms().  Fixed by altering the audit log code so events won't be logged again unless there is new information.  

M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Fixed #6: Audit log is not output after the SET ROLE.

commit   : b6dd6b775f426ca57b9ccea981196f4acbb83fcf    
  
author   : David Steele <david@crunchydata.com>    
date     : Tue, 29 Mar 2016 12:02:14 -0400    
  
committer: David Steele <david@crunchydata.com>    
date     : Tue, 29 Mar 2016 12:02:14 -0400    

Click here for diff

This issue had to do with trying to suppress audit logs for statements that are not run as the current role, which includes security definer functions and foreign key lookups.  If the initial logon was a superuser then no audit logs would be created at all after a set role and while this is not very realistic it still needs to be taken in account.  The downside of this change is that FK lookups and statements in security definer functions will be logged when the user initially logs on a superuser making the audit log much noisier in this case.  

M pgaudit.c