* Stephen Frost (sfr...@snowman.net) wrote: > I'd be happy to go back to the original patch/idea of just the simple > addition of %U as an option for log_line_prefix.
Updated patch attached which just adds %U support to log_line_prefix. Will work on adding CSV support for this in 9.2, along with associated other issues regarding supporting variable CSV format output. Thanks, Stephen commit c1b06c04af0c886c6ec27917368f3c674227ed2d Author: Stephen Frost <sfr...@snowman.net> Date: Tue Feb 15 10:21:38 2011 -0500 Add %U option to log_line_prefix This patch adds a %U option to log_line_prefix, to allow logging of the current role (previously not possible). Also reworks %u a bit and adds documentation to clarify what each means.
*** a/doc/src/sgml/config.sgml --- b/doc/src/sgml/config.sgml *************** *** 3542,3548 **** local0.* /var/log/postgresql </row> <row> <entry><literal>%u</literal></entry> ! <entry>User name</entry> <entry>yes</entry> </row> <row> --- 3542,3561 ---- </row> <row> <entry><literal>%u</literal></entry> ! <entry>Session user name, typically the user name which was used ! to authenticate to <productname>PostgreSQL</productname> with, ! but can be changed by a superuser, see <command>SET SESSION ! AUTHORIZATION</></entry> ! <entry>yes</entry> ! </row> ! <row> ! <entry><literal>%U</literal></entry> ! <entry>Current role name, when set with <command>SET ROLE</>; ! the current role identifier is relevant for permission checking; ! Returns 'none' if the current role matches the session user. ! Note: Log messages from inside <literal>SECURITY DEFINER</> ! functions will show the calling role, not the effective role ! inside the <literal>SECURITY DEFINER</> function</entry> <entry>yes</entry> </row> <row> *** a/src/backend/commands/variable.c --- b/src/backend/commands/variable.c *************** *** 847,852 **** assign_session_authorization(const char *value, bool doit, GucSource source) --- 847,857 ---- return result; } + /* + * function to return the stored session username, needed because we + * can't do catalog lookups when possibly being called after an error, + * eg: from elog.c or part of GUC handling. + */ const char * show_session_authorization(void) { *************** *** 972,977 **** assign_role(const char *value, bool doit, GucSource source) --- 977,987 ---- return result; } + /* + * function to return the stored role username, needed because we + * can't do catalog lookups when possibly being called after an error, + * eg: from elog.c or part of GUC handling. + */ const char * show_role(void) { *** a/src/backend/utils/error/elog.c --- b/src/backend/utils/error/elog.c *************** *** 3,8 **** --- 3,17 ---- * elog.c * error logging and reporting * + * A few comments about situations where error processing is called: + * + * We need to be cautious of both a performance hit when logging, since + * log messages can be generated at a huge rate if every command is being + * logged and we also need to watch out for what can happen when we are + * trying to log from an aborted transaction. Specifically, attempting to + * do SysCache lookups and possibly use other usually available backend + * systems will fail badly when logging from an aborted transaction. + * * Some notes about recursion and errors during error processing: * * We need to be robust about recursive-error scenarios --- for example, *************** *** 1817,1831 **** log_line_prefix(StringInfo buf, ErrorData *edata) } break; case 'u': - if (MyProcPort) { ! const char *username = MyProcPort->user_name; ! ! if (username == NULL || *username == '\0') ! username = _("[unknown]"); ! appendStringInfoString(buf, username); } break; case 'd': if (MyProcPort) { --- 1826,1849 ---- } break; case 'u': { ! const char *session_auth = show_session_authorization(); ! ! if (*session_auth != '\0') ! appendStringInfoString(buf, session_auth); ! else if (MyProcPort) ! { ! const char *username = MyProcPort->user_name; ! ! if (username == NULL || *username == '\0') ! username = _("[unknown]"); ! appendStringInfoString(buf, username); ! } } break; + case 'U': + appendStringInfoString(buf, show_role()); + break; case 'd': if (MyProcPort) { *** a/src/backend/utils/misc/postgresql.conf.sample --- b/src/backend/utils/misc/postgresql.conf.sample *************** *** 360,366 **** #log_hostname = off #log_line_prefix = '' # special values: # %a = application name ! # %u = user name # %d = database name # %r = remote host and port # %h = remote host --- 360,367 ---- #log_hostname = off #log_line_prefix = '' # special values: # %a = application name ! # %u = session user name ! # %U = current role name # %d = database name # %r = remote host and port # %h = remote host
signature.asc
Description: Digital signature