/* * Copyright (c) 2020 Huawei Technologies Co.,Ltd. * * openGauss is licensed under Mulan PSL v2. * You can use this software according to the terms and conditions of the Mulan PSL v2. * You may obtain a copy of Mulan PSL v2 at: * * http://license.coscl.org.cn/MulanPSL2 * * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. * See the Mulan PSL v2 for more details. * --------------------------------------------------------------------------------------- * * pgaudit.h * * * * IDENTIFICATION * src/include/pgaudit.h * * --------------------------------------------------------------------------------------- */ #ifndef _PGAUDIT_H #define _PGAUDIT_H #include "fmgr.h" extern THR_LOCAL bool Audit_delete; #define AUDIT_EXEC_ENABLED (u_sess->attr.attr_security.Audit_enabled && u_sess->attr.attr_security.Audit_Exec) #define AUDIT_COPY_ENABLED (u_sess->attr.attr_security.Audit_enabled && u_sess->attr.attr_security.Audit_Copy) #define CHECK_AUDIT_DDL(type) ((unsigned int)u_sess->attr.attr_security.Audit_DDL & (1 << (type))) #define CHECK_AUDIT_LOGIN(type) (unsigned int)u_sess->attr.attr_security.Audit_Session & (1 << (type)); #define PG_QUERY_AUDIT_ARGS_MAX 3 extern THR_LOCAL bool am_sysauditor; #ifndef WIN32 extern int sysauditPipe[2]; #else extern HANDLE sysauditPipe[2]; #endif extern ThreadId pgaudit_start(void); extern void allow_immediate_pgaudit_restart(void); #ifdef EXEC_BACKEND extern void PgAuditorMain(); #endif /* ---------- * Functions called from backends, the sequence is relevent to struct AuditTypeDescs which should be changed in the same time * ---------- */ typedef enum { AUDIT_UNKNOWN_TYPE = 0, AUDIT_LOGIN_SUCCESS, AUDIT_LOGIN_FAILED, AUDIT_USER_LOGOUT, AUDIT_SYSTEM_START, AUDIT_SYSTEM_STOP, AUDIT_SYSTEM_RECOVER, AUDIT_SYSTEM_SWITCH, AUDIT_LOCK_USER, AUDIT_UNLOCK_USER, AUDIT_GRANT_ROLE, AUDIT_REVOKE_ROLE, AUDIT_USER_VIOLATION, AUDIT_DDL_DATABASE, AUDIT_DDL_DIRECTORY, AUDIT_DDL_TABLESPACE, AUDIT_DDL_SCHEMA, AUDIT_DDL_USER, AUDIT_DDL_TABLE, AUDIT_DDL_INDEX, AUDIT_DDL_VIEW, AUDIT_DDL_TRIGGER, AUDIT_DDL_FUNCTION, AUDIT_DDL_RESOURCEPOOL, AUDIT_DDL_WORKLOAD, AUDIT_DDL_SERVERFORHADOOP, AUDIT_DDL_DATASOURCE, AUDIT_DDL_NODEGROUP, AUDIT_DDL_ROWLEVELSECURITY, AUDIT_DDL_SYNONYM, AUDIT_DDL_TYPE, AUDIT_DDL_TEXTSEARCH, AUDIT_DML_ACTION, AUDIT_DML_ACTION_SELECT, AUDIT_INTERNAL_EVENT, AUDIT_FUNCTION_EXEC, AUDIT_COPY_TO, AUDIT_COPY_FROM, AUDIT_SET_PARAMETER, AUDIT_POLICY_EVENT, MASKING_POLICY_EVENT, SECURITY_EVENT, AUDIT_DDL_SEQUENCE, AUDIT_DDL_KEY // ddl_sequence in struct AuditTypeDescs } AuditType; /* keep the same sequence with parameter audit_system_object */ typedef enum { DDL_DATABASE = 0, DDL_SCHEMA, DDL_USER, DDL_TABLE, DDL_INDEX, DDL_VIEW, DDL_TRIGGER, DDL_FUNCTION, DDL_TABLESPACE, DDL_RESOURCEPOOL, DDL_WORKLOAD, DDL_SERVERFORHADOOP, DDL_DATASOURCE, DDL_NODEGROUP, DDL_ROWLEVELSECURITY, DDL_TYPE, DDL_TEXTSEARCH, DDL_DIRECTORY, DDL_SYNONYM, DDL_SEQUENCE, DDL_KEY } DDLType; typedef enum { AUDIT_UNKNOWN = 0, AUDIT_OK, AUDIT_FAILED } AuditResult; typedef enum { AUDIT_FUNC_QUERY = 0, AUDIT_FUNC_DELETE } AuditFuncType; typedef enum { STD_AUDIT_TYPE = 0, UNIFIED_AUDIT_TYPE } AuditClassType; extern void audit_report(AuditType type, AuditResult result, const char* object_name, const char* detail_info, AuditClassType ctype = STD_AUDIT_TYPE); extern Datum pg_query_audit(PG_FUNCTION_ARGS); extern Datum pg_delete_audit(PG_FUNCTION_ARGS); /* define a macro about the return value of security function */ #define check_intval(errno, express, retval, file, line) \ { \ if (errno == -1) { \ fprintf(stderr, \ "%s:%d failed on calling " \ "security function.\n", \ file, \ line); \ express; \ return retval; \ } \ } #define securec_check_intval(val, express, retval) check_intval(val, express, retval, __FILE__, __LINE__) #endif /* _PGAUDIT_H */