log_role_option.patch
text/x-diff
Filename: log_role_option.patch
Type: text/x-diff
Part: 0
Patch
Same data as JSON:
GET /api/v1/attachments/:id/patch
the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes.
API reference →
Format: context
| File | + | − |
|---|---|---|
| doc/src/sgml/config.sgml | 21 | 0 |
| src/backend/commands/variable.c | 10 | 0 |
| src/backend/utils/error/elog.c | 43 | 0 |
*** a/doc/src/sgml/config.sgml
--- b/doc/src/sgml/config.sgml
***************
*** 3504,3510 **** local0.* /var/log/postgresql
</row>
<row>
<entry><literal>%u</literal></entry>
! <entry>User name</entry>
<entry>yes</entry>
</row>
<row>
--- 3504,3523 ----
</row>
<row>
<entry><literal>%u</literal></entry>
! <entry>Session user name, typically the user name which was used
! to authenticate to <productname>PostgreSQL</productname> with,
! but can be changed by a superuser, see <command>SET SESSION
! AUTHORIZATION</></entry>
! <entry>yes</entry>
! </row>
! <row>
! <entry><literal>%U</literal></entry>
! <entry>Current role name, when set with <command>SET ROLE</>;
! the current role identifier is relevant for permission checking;
! Returns 'none' if the current role matches the session user.
! Note: Log messages from inside <literal>SECURITY DEFINER</>
! functions will show the calling role, not the effective role
! inside the <literal>SECURITY DEFINER</> function</entry>
<entry>yes</entry>
</row>
<row>
***************
*** 3731,3737 **** FROM pg_stat_activity;
(<acronym>CSV</>) format,
with these columns:
timestamp with milliseconds,
! user name,
database name,
process ID,
client host:port number,
--- 3744,3751 ----
(<acronym>CSV</>) format,
with these columns:
timestamp with milliseconds,
! session user name,
! current role name,
database name,
process ID,
client host:port number,
***************
*** 3755,3760 **** FROM pg_stat_activity;
--- 3769,3778 ----
location of the error in the PostgreSQL source code
(if <varname>log_error_verbosity</> is set to <literal>verbose</>),
and application name.
+
+ For additional details on the definition of the above columns, refer
+ to the documentation for log_line_prefix.
+
Here is a sample table definition for storing CSV-format log output:
<programlisting>
***************
*** 3762,3767 **** CREATE TABLE postgres_log
--- 3780,3786 ----
(
log_time timestamp(3) with time zone,
user_name text,
+ role_name text,
database_name text,
process_id integer,
connection_from text,
*** a/src/backend/commands/variable.c
--- b/src/backend/commands/variable.c
***************
*** 760,765 **** assign_session_authorization(const char *value, bool doit, GucSource source)
--- 760,770 ----
return result;
}
+ /*
+ * function to return the stored session username, needed because we
+ * can't do catalog lookups when possibly being called after an error,
+ * eg: from elog.c or part of GUC handling.
+ */
const char *
show_session_authorization(void)
{
***************
*** 885,890 **** assign_role(const char *value, bool doit, GucSource source)
--- 890,900 ----
return result;
}
+ /*
+ * function to return the stored role username, needed because we
+ * can't do catalog lookups when possibly being called after an error,
+ * eg: from elog.c or part of GUC handling.
+ */
const char *
show_role(void)
{
*** a/src/backend/utils/error/elog.c
--- b/src/backend/utils/error/elog.c
***************
*** 3,8 ****
--- 3,17 ----
* elog.c
* error logging and reporting
*
+ * A few comments about situations where error processing is called:
+ *
+ * We need to be cautious of both a performance hit when logging, since
+ * log messages can be generated at a huge rate if every command is being
+ * logged and we also need to watch out for what can happen when we are
+ * trying to log from an aborted transaction. Specifically, attempting to
+ * do SysCache lookups and possibly use other usually available backend
+ * systems will fail badly when logging from an aborted transaction.
+ *
* Some notes about recursion and errors during error processing:
*
* We need to be robust about recursive-error scenarios --- for example,
***************
*** 59,64 ****
--- 68,74 ----
#include "access/transam.h"
#include "access/xact.h"
+ #include "commands/variable.h"
#include "libpq/libpq.h"
#include "libpq/pqformat.h"
#include "mb/pg_wchar.h"
***************
*** 1817,1831 **** log_line_prefix(StringInfo buf, ErrorData *edata)
}
break;
case 'u':
- if (MyProcPort)
{
! const char *username = MyProcPort->user_name;
!
! if (username == NULL || *username == '\0')
! username = _("[unknown]");
! appendStringInfoString(buf, username);
}
break;
case 'd':
if (MyProcPort)
{
--- 1827,1850 ----
}
break;
case 'u':
{
! const char *session_auth = show_session_authorization();
! if (*session_auth != '\0')
! appendStringInfoString(buf, session_auth);
! else
! if (MyProcPort)
! {
! const char *username = MyProcPort->user_name;
!
! if (username == NULL || *username == '\0')
! username = _("[unknown]");
! appendStringInfoString(buf, username);
! }
}
break;
+ case 'U':
+ appendStringInfoString(buf, show_role());
+ break;
case 'd':
if (MyProcPort)
{
***************
*** 1952,1957 **** appendCSVLiteral(StringInfo buf, const char *data)
--- 1971,1978 ----
static void
write_csvlog(ErrorData *edata)
{
+ const char *session_auth = show_session_authorization();
+
StringInfoData buf;
bool print_stmt = false;
***************
*** 1989,1997 **** write_csvlog(ErrorData *edata)
appendStringInfoString(&buf, formatted_log_time);
appendStringInfoChar(&buf, ',');
! /* username */
! if (MyProcPort)
! appendCSVLiteral(&buf, MyProcPort->user_name);
appendStringInfoChar(&buf, ',');
/* database name */
--- 2010,2031 ----
appendStringInfoString(&buf, formatted_log_time);
appendStringInfoChar(&buf, ',');
! /* session username, as done for %u */
! if (*session_auth != '\0')
! appendCSVLiteral(&buf, session_auth);
! else
! if (MyProcPort)
! {
! const char *username = MyProcPort->user_name;
!
! if (username == NULL || *username == '\0')
! username = _("[unknown]");
! appendCSVLiteral(&buf, username);
! }
! appendStringInfoChar(&buf, ',');
!
! /* current role, same as %U */
! appendCSVLiteral(&buf, show_role());
appendStringInfoChar(&buf, ',');
/* database name */