pgAudit 1.4.2 (upcoming) commit log

commit   : 28faa197d3a4c63738e9a2f74488f555dc9d95e5    
  
author   : David Steele <david@pgmasters.net>    
date     : Tue, 12 Jan 2021 09:09:59 -0500    
  
committer: David Steele <david@pgmasters.net>    
date     : Tue, 12 Jan 2021 09:09:59 -0500    

Click here for diff

M pgaudit.c

Remove PostgreSQL 13 repository used for pre-release testing.

commit   : 94a2ae8c203a0a305edf59787a4af57651e59d2b    
  
author   : David Steele <david@pgmasters.net>    
date     : Tue, 12 Jan 2021 09:05:18 -0500    
  
committer: David Steele <david@pgmasters.net>    
date     : Tue, 12 Jan 2021 09:05:18 -0500    

Click here for diff

M test/Vagrantfile

Improve compile and install instructions.

commit   : fd4319f7c8e215a4f291975f48c931fd55f5b037    
  
author   : David Steele <david@pgmasters.net>    
date     : Tue, 12 Jan 2021 08:55:42 -0500    
  
committer: David Steele <david@pgmasters.net>    
date     : Tue, 12 Jan 2021 08:55:42 -0500    

Click here for diff

Adding PG_CONFIG to make suggested by @vkhvorostianyi.  

M README.md

Remove make check from compile and install section of README.md

commit   : 7169e84e1aa6d68f5c59701655ef31f810d171f5    
  
author   : Michael Otte <michaelotte1@gmail.com>    
date     : Tue, 12 Jan 2021 05:32:44 -0800    
  
committer: GitHub <noreply@github.com>    
date     : Tue, 12 Jan 2021 05:32:44 -0800    

Click here for diff

This only works when pgaudit is located in a PostgreSQL source tree.

M README.md

Update version in README.md to PostgreSQL 13.

commit   : 5096e75f1aa6635c3d0e203254c4ef7eae9d3087    
  
author   : David Steele <david@pgmasters.net>    
date     : Wed, 9 Sep 2020 09:54:32 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Wed, 9 Sep 2020 09:54:32 -0400    

Click here for diff

M README.md

Suppress logging for internally generated foreign-key queries.

commit   : 33248d2222cbb11c45da2ab61bbb855658836d7d    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Wed, 9 Sep 2020 14:50:08 +0200    
  
committer: GitHub <noreply@github.com>    
date     : Wed, 9 Sep 2020 14:50:08 +0200    

Click here for diff

When auditing write operations (pgaudit.log = 'write'), we check whether the query requires ACL_UPDATE permissions.  This also catches SELECT FOR UPDATE, SELECT FOR KEY SHARE, etc. queries, because there is no separate permission for those. This is especially annoying because internally generated foreign-key queries get logged.
  

  
To avoid this, in PostgreSQL 13 we can also check the rellockmode field of the range table entry.  If it's at least RowExclusiveLock, then it's a real UPDATE, else it's some kind of SELECT with locking clause.

M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Fix "pgaudit stack is not empty" error.

commit   : 437a537345b38613fb28feaa0e343144c05309e1    
  
author   : David Steele <dwsteele@users.noreply.github.com>    
date     : Wed, 9 Sep 2020 08:22:06 -0400    
  
committer: GitHub <noreply@github.com>    
date     : Wed, 9 Sep 2020 08:22:06 -0400    

Click here for diff

Select, show, and explain cursors are not freed until they are closed, so they are left on the stack between calls to the backend. The assertion to make sure the stack was empty on each call did not expect to see them and threw an error.
  

  
Allow select, show, and explain cursors on the stack between calls to handle this case. 
  

  
Also log and remove close statements from the stack immediately so they are logged correctly.
  

  
Reported by @Giak79, @HesusFTW, @laurenz (Laurenz Albe), @svb007, @dylrich (Dylan Richardson)
  
Tested by @yugo-n (Yugo Nagata)

M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Fix misclassification of partitioned tables/indexes.

commit   : c07aa8254d59541c56fefde5a666004c76c603ee    
  
author   : gaoxueyu <44825804+gaoxueyu@users.noreply.github.com>    
date     : Wed, 22 Jul 2020 00:46:38 +0800    
  
committer: GitHub <noreply@github.com>    
date     : Wed, 22 Jul 2020 00:46:38 +0800    

Click here for diff

Partitioned tables and indexes were being classified as UNKNOWN but they should be classified as TABLE/INDEX.

M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

commit   : 2fcf4f5460d4d03be930fc6a080302ff452c3001    
  
author   : David Steele <david@pgmasters.net>    
date     : Thu, 18 Jun 2020 08:18:08 -0400    
  
committer: David Steele <david@pgmasters.net>    
date     : Thu, 18 Jun 2020 08:18:08 -0400    

Click here for diff

M pgaudit.c

Use syscache to get relation namespace/name.

commit   : 7053d0a0f34179cab447b238f3494314477447c2    
  
author   : David Steele <dwsteele@users.noreply.github.com>    
date     : Thu, 18 Jun 2020 07:41:04 -0400    
  
committer: GitHub <noreply@github.com>    
date     : Thu, 18 Jun 2020 07:41:04 -0400    

Click here for diff

The prior method of opening the relation with NoLock failed during assert builds.
  

  
Using the syscache allows us to get the namespace/name without calling relation_open(). Since the syscache calls are performed after permissions have been checked it should not be possible to have a cache miss.
  

  
Found by @rykp.
  
Reviewed by Joe Conway (@jconway), Stephen Frost (@sfrost).

M pgaudit.c

Update to PostgreSQL 13.

commit   : 387db257f1e807cfb57a745112192ddae2b4c84c    
  
author   : yulicrunchy <yuli.khodorkovskiy@crunchydata.com>    
date     : Mon, 15 Jun 2020 15:52:54 -0400    
  
committer: GitHub <noreply@github.com>    
date     : Mon, 15 Jun 2020 15:52:54 -0400    

Click here for diff

M Makefile
M README.md
M expected/pgaudit.out
R100 pgaudit–1.4.sql pgaudit–1.5.sql
M pgaudit.c
M pgaudit.control
M sql/pgaudit.sql
M test/Vagrantfile