forked from pgaudit/pgaudit
-
Notifications
You must be signed in to change notification settings - Fork 4
/
rule.h
115 lines (103 loc) · 4.03 KB
/
rule.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
/*
* rule.h
*
* Copyright (c) 2017, NIPPON TELEGRAPH AND TELEPHONE CORPORATION
*
* IDENTIFICATION
* pgaudit/rule.h
*/
#include "postgres.h"
#include "pgaudit.h"
/*
* String constants used for redacting text after the password token in
* CREATE/ALTER ROLE commands.
*/
#define TOKEN_PASSWORD "password"
#define TOKEN_REDACTED "<REDACTED>"
/*
* String constants for testing role commands. Rename and drop role statements
* are assigned the nodeTag T_RenameStmt and T_DropStmt respectively. This is
* not very useful for classification, so we resort to comparing strings
* against the result of CreateCommandTag(parsetree).
*/
#define COMMAND_ALTER_ROLE "ALTER ROLE"
#define COMMAND_DROP_ROLE "DROP ROLE"
#define COMMAND_GRANT "GRANT"
#define COMMAND_REVOKE "REVOKE"
enum
{
AUDIT_RULE_TIMESTAMP = 0,
AUDIT_RULE_DATABASE,
AUDIT_RULE_AUDIT_ROLE,
AUDIT_RULE_CLASS,
AUDIT_RULE_COMMAND_TAG,
AUDIT_RULE_OBJECT_TYPE,
AUDIT_RULE_OBJECT_NAME,
AUDIT_RULE_APPLICATION_NAME,
AUDIT_RULE_REMOTE_HOST
};
/* Configuration variable types */
enum
{
AUDIT_RULE_TYPE_STRING = 1,
AUDIT_RULE_TYPE_TIMESTAMP,
AUDIT_RULE_TYPE_BITMAP
};
/*/*
* String constants for log classes - used when processing tokens in the
* pgaudit.log GUC.
*/
#define CLASS_BACKUP "BACKUP"
#define CLASS_CONNECT "CONNECT"
#define CLASS_DDL "DDL"
#define CLASS_ERROR "ERROR"
#define CLASS_FUNCTION "FUNCTION"
#define CLASS_MISC "MISC"
#define CLASS_READ "READ"
#define CLASS_ROLE "ROLE"
#define CLASS_WRITE "WRITE"
#define CLASS_SYSTEM "SYSTEM"
#define CLASS_NONE "NONE"
#define CLASS_ALL "ALL"
/* Defines the classes for filtering operation by class field */
#define LOG_BACKUP (1 << 0) /* Backbackup through replication */
#define LOG_CONNECT (1 << 1) /* connection, disconnection */
#define LOG_DDL (1 << 2) /* CREATE/DROP/ALTER objects */
#define LOG_ERROR (1 << 3) /* General ERROR message */
#define LOG_FUNCTION (1 << 4) /* Functions and DO blocks */
#define LOG_MISC (1 << 5) /* Statements not covered */
#define LOG_READ (1 << 6) /* SELECTs */
#define LOG_ROLE (1 << 7) /* GRANT/REVOKE, CREATE/ALTER/DROP ROLE */
#define LOG_WRITE (1 << 8) /* INSERT, UPDATE, DELETE, TRUNCATE */
#define LOG_SYSTEM (1 << 9) /* Server startup, end, interrupt */
#define LOG_NONE 0 /* nothing */
#define LOG_ALL (0xFFFFFFFF) /* All */
/*
* For audit logging, we must emit not only SQL but alos other utility log
* such as connection, disconnection, replication command even if log_min_messages
* is not enough to emit these logs. To support this, we define message-IDs used
* by emit_log_hook to pull log messages out to audit logging. These messages
* will have to be considered when log message is changed.
*/
#define AUDIT_MSG_CONNECTION_RECV "connection received: host="
#define AUDIT_MSG_CONNECTION_AUTH "connection authorized: user="
#define AUDIT_MSG_DISCONNECTION "disconnection: session time:"
#define AUDIT_MSG_SHUTDOWN "database system was shut down at"
#define AUDIT_MSG_SHUTDOWN_IN_RECOV "database system was shut down in recovery at"
#define AUDIT_MSG_INTERRUPT "database system was interrupted"
#define AUDIT_MSG_CONNECTION_READY "database system is ready to accept connections"
#define AUDIT_MSG_REPLICATION "received replication command: BASE_BACKUP"
#define AUDIT_MSG_NEW_TLID "selected new timeline ID:"
/* Macros for rule */
#define isStringRule(rule) \
((((AuditRule)(rule)).type == AUDIT_RULE_TYPE_STRING))
#define isTimestampRule(rule) \
((((AuditRule)(rule)).type == AUDIT_RULE_TYPE_TIMESTAMP))
#define isBitmapRule(rule) \
((((AuditRule)(rule)).type == AUDIT_RULE_TYPE_BITMAP))
/* Fucntion proto types */
extern bool apply_all_rules(AuditEventStackItem *stackItem, ErrorData *edata,
int class, char *className, bool *valid_rules);
extern char *classify_statement_class(AuditEventStackItem *stackItem,
int *class);
extern char *classify_edata_class(ErrorData *edata, int *class);