forked from pgaudit/pgaudit
-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathpgaudit.h
More file actions
94 lines (82 loc) · 2.86 KB
/
pgaudit.h
File metadata and controls
94 lines (82 loc) · 2.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
/*
* pgaudit.h
*
* Copyright (c) 2017, NIPPON TELEGRAPH AND TELEPHONE CORPORATION
*/
/*
* This is an internal header file for pgaudit*.c, not for user programs.
*
* IDENTIFICATION
* contrib/pgaudit/pgaudit.h
*/
#ifndef PGAUDIT_H
#define PGAUDIT_H
#include "postgres.h"
#include "lib/stringinfo.h"
#include "nodes/pg_list.h"
#include "tcop/utility.h"
#include "tcop/deparse_utility.h"
#ifndef _SYS_SYSLOG_H
#include <syslog.h>
#endif
/*
* AUDIT_ELOG() is for audit logging differ to ereport. Now that we emit the audit
* log in pgaudit_emit_log_hook, it's possible to emit the log recusively. To
* prevent it, we introduece a variable emitAuditLogCalled, which is 0 by default.
* > 1 means that we alreadby emited some logs, so we don't need to emit log anymore.
*
* In case where we want to use elog/ereport, we should use AUDIT_ELOG/EREPORT instead
* which easily avoid to emit log recusively.
*/
extern int emitAuditLogCalled;
#define START_AUDIT_LOGGING() (emitAuditLogCalled++)
#define END_AUDIT_LOGGING() (emitAuditLogCalled--)
#define AUDIT_ELOG(level, ...) \
do { \
START_AUDIT_LOGGING(); \
elog((level), __VA_ARGS__); \
END_AUDIT_LOGGING(); \
emitAuditLogCalled--; \
} while (0)
#define AUDIT_EREPORT(level, ...) \
do { \
START_AUDIT_LOGGING(); \
ereport((level), __VA_ARGS__); \
END_AUDIT_LOGGING(); \
} while (0)
/*
* An AuditEvent represents an operation that potentially affects a single
* object. If a statement affects multiple objects then multiple AuditEvents
* are created to represent them.
*/
typedef struct
{
int64 statementId; /* Simple counter */
int64 substatementId; /* Simple counter */
LogStmtLevel logStmtLevel; /* From GetCommandLogLevel when possible,
generated when not. */
NodeTag commandTag; /* same here */
const char *command; /* same here */
const char *objectType; /* From event trigger when possible,
generated when not. */
char *objectName; /* Fully qualified object identification */
const char *commandText; /* sourceText / queryString */
ParamListInfo paramList; /* QueryDesc/ProcessUtility parameters */
bool granted; /* Audit role has object permissions? */
bool logged; /* Track if we have logged this event, used
post-ProcessUtility to make sure we log */
bool statementLogged; /* Track if we have logged the statement */
} AuditEvent;
/*
* A simple FIFO queue to keep track of the current stack of audit events.
*/
typedef struct AuditEventStackItem
{
struct AuditEventStackItem *next;
AuditEvent auditEvent;
int64 stackId;
MemoryContext contextAudit;
MemoryContextCallback contextCallback;
} AuditEventStackItem;
extern pg_time_t auditTimestampOfDay;
#endif