From 081f5e3722ea19112c3d322573480e94ab6068a4 Mon Sep 17 00:00:00 2001
From: David Steele <david@crunchydata.com>
Date: Wed, 16 Nov 2016 11:58:09 -0500
Subject: [PATCH] Update master to PostgreSQL 9.6.

* Updated URLs and branch names in the documentation.
* Changed COMMERR log level to LOG_SERVER_ONLY.
* Updated regression tests.
---
 README.md            |  8 ++++----
 expected/pgaudit.out | 24 +++++++++++++-----------
 pgaudit.c            |  2 +-
 sql/pgaudit.sql      |  3 +++
 4 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index ae77003..0e1bc1a 100644
--- a/README.md
+++ b/README.md
@@ -51,9 +51,9 @@ Clone the PostgreSQL repository:
 ```
 git clone https://github.com/postgres/postgres.git
 ```
-Checkout `REL9_5_STABLE` branch:
+Checkout `REL9_6_STABLE` branch:
 ```
-git checkout REL9_5_STABLE
+git checkout REL9_6_STABLE
 ```
 Make PostgreSQL:
 ```
@@ -87,7 +87,7 @@ Settings may be modified only by a superuser. Allowing normal users to change th
 
 Settings can be specified globally (in `postgresql.conf` or using `ALTER SYSTEM ... SET`), at the database level (using `ALTER DATABASE ... SET`), or at the role level (using `ALTER ROLE ... SET`). Note that settings are not inherited through normal role inheritance and `SET ROLE` will not alter a user's pgAudit settings. This is a limitation of the roles system and not inherent to pgAudit.
 
-The pgAudit extension must be loaded in [shared_preload_libraries](http://www.postgresql.org/docs/9.5/static/runtime-config-client.html#GUC-SHARED-PRELOAD-LIBRARIES). Otherwise, an error will be raised at load time and no audit logging will occur. In addition, `CREATE EXTENSION pgaudit` must be called before `pgaudit.log` is set. If the `pgaudit` extension is dropped and needs to be recreated then `pgaudit.log` must be unset first otherwise an error will be raised.
+The pgAudit extension must be loaded in [shared_preload_libraries](http://www.postgresql.org/docs/9.6/static/runtime-config-client.html#GUC-SHARED-PRELOAD-LIBRARIES). Otherwise, an error will be raised at load time and no audit logging will occur. In addition, `CREATE EXTENSION pgaudit` must be called before `pgaudit.log` is set. If the `pgaudit` extension is dropped and needs to be recreated then `pgaudit.log` must be unset first otherwise an error will be raised.
 
 ### pgaudit.log
 
@@ -310,7 +310,7 @@ Audit entries are written to the standard logging facility and contain the follo
 
 - **PARAMETER** - If `pgaudit.log_parameter` is set then this field will contain the statement parameters as quoted CSV.
 
-Use [log_line_prefix](http://www.postgresql.org/docs/9.5/static/runtime-config-logging.html#GUC-LOG-LINE-PREFIX) to add any other fields that are needed to satisfy your audit log requirements. A typical log line prefix might be `'\%m \%u \%d: '` which would provide the date/time, user name, and database name for each audit log.
+Use [log_line_prefix](http://www.postgresql.org/docs/9.6/static/runtime-config-logging.html#GUC-LOG-LINE-PREFIX) to add any other fields that are needed to satisfy your audit log requirements. A typical log line prefix might be `'\%m \%u \%d: '` which would provide the date/time, user name, and database name for each audit log.
 
 ## Caveats
 
diff --git a/expected/pgaudit.out b/expected/pgaudit.out
index 982ff14..22fd2a1 100644
--- a/expected/pgaudit.out
+++ b/expected/pgaudit.out
@@ -799,7 +799,7 @@ NOTICE:  AUDIT: SESSION,30,1,READ,SELECT,,,explain select 1;,<none>
 NOTICE:  AUDIT: SESSION,30,2,MISC,EXPLAIN,,,explain select 1;,<none>
                 QUERY PLAN                
 ------------------------------------------
- Result  (cost=0.00..0.01 rows=1 width=0)
+ Result  (cost=0.00..0.01 rows=1 width=4)
 (1 row)
 
 --
@@ -843,11 +843,11 @@ END $$;",<none>
 NOTICE:  AUDIT: SESSION,34,2,READ,SELECT,TABLE,public.test,"SELECT id
 		  FROM test",<none>
 NOTICE:  AUDIT: SESSION,34,3,WRITE,INSERT,TABLE,public.test,"INSERT INTO test (id)
-			 VALUES (result.id + 100)",",,"
+			 VALUES (result.id + 100)","f,,"
 NOTICE:  AUDIT: SESSION,34,4,WRITE,INSERT,TABLE,public.test,"INSERT INTO test (id)
-			 VALUES (result.id + 100)",",,"
+			 VALUES (result.id + 100)","t,,"
 NOTICE:  AUDIT: SESSION,34,5,WRITE,INSERT,TABLE,public.test,"INSERT INTO test (id)
-			 VALUES (result.id + 100)",",,"
+			 VALUES (result.id + 100)","t,,"
 --
 -- Test obfuscated dynamic sql for clean logging
 DO $$
@@ -1098,14 +1098,16 @@ GRANT UPDATE
    TO auditor;
 INSERT INTO aaa VALUES (generate_series(1,100));
 NOTICE:  AUDIT: SESSION,66,1,WRITE,INSERT,TABLE,public.aaa,"INSERT INTO aaa VALUES (generate_series(1,100));",<none>
+SET pgaudit.log_parameter TO OFF;
 INSERT INTO bbb VALUES (1);
-NOTICE:  AUDIT: SESSION,67,1,WRITE,INSERT,TABLE,public.bbb,INSERT INTO bbb VALUES (1);,<none>
-NOTICE:  AUDIT: OBJECT,67,2,WRITE,UPDATE,TABLE,public.aaa,"SELECT 1 FROM ONLY ""public"".""aaa"" x WHERE ""id"" OPERATOR(pg_catalog.=) $1 FOR KEY SHARE OF x",1
-NOTICE:  AUDIT: SESSION,67,2,WRITE,UPDATE,TABLE,public.aaa,"SELECT 1 FROM ONLY ""public"".""aaa"" x WHERE ""id"" OPERATOR(pg_catalog.=) $1 FOR KEY SHARE OF x",1
-NOTICE:  AUDIT: OBJECT,67,3,WRITE,UPDATE,TABLE,public.bbb,UPDATE bbb set id = new.id + 1,",,,,,,,,,,,,,"
-NOTICE:  AUDIT: SESSION,67,3,WRITE,UPDATE,TABLE,public.bbb,UPDATE bbb set id = new.id + 1,",,,,,,,,,,,,,"
-NOTICE:  AUDIT: OBJECT,67,4,WRITE,UPDATE,TABLE,public.aaa,"SELECT 1 FROM ONLY ""public"".""aaa"" x WHERE ""id"" OPERATOR(pg_catalog.=) $1 FOR KEY SHARE OF x",2
-NOTICE:  AUDIT: SESSION,67,4,WRITE,UPDATE,TABLE,public.aaa,"SELECT 1 FROM ONLY ""public"".""aaa"" x WHERE ""id"" OPERATOR(pg_catalog.=) $1 FOR KEY SHARE OF x",2
+NOTICE:  AUDIT: SESSION,67,1,WRITE,INSERT,TABLE,public.bbb,INSERT INTO bbb VALUES (1);,<not logged>
+NOTICE:  AUDIT: OBJECT,67,2,WRITE,UPDATE,TABLE,public.aaa,"SELECT 1 FROM ONLY ""public"".""aaa"" x WHERE ""id"" OPERATOR(pg_catalog.=) $1 FOR KEY SHARE OF x",<not logged>
+NOTICE:  AUDIT: SESSION,67,2,WRITE,UPDATE,TABLE,public.aaa,"SELECT 1 FROM ONLY ""public"".""aaa"" x WHERE ""id"" OPERATOR(pg_catalog.=) $1 FOR KEY SHARE OF x",<not logged>
+NOTICE:  AUDIT: OBJECT,67,3,WRITE,UPDATE,TABLE,public.bbb,UPDATE bbb set id = new.id + 1,<not logged>
+NOTICE:  AUDIT: SESSION,67,3,WRITE,UPDATE,TABLE,public.bbb,UPDATE bbb set id = new.id + 1,<not logged>
+NOTICE:  AUDIT: OBJECT,67,4,WRITE,UPDATE,TABLE,public.aaa,"SELECT 1 FROM ONLY ""public"".""aaa"" x WHERE ""id"" OPERATOR(pg_catalog.=) $1 FOR KEY SHARE OF x",<not logged>
+NOTICE:  AUDIT: SESSION,67,4,WRITE,UPDATE,TABLE,public.aaa,"SELECT 1 FROM ONLY ""public"".""aaa"" x WHERE ""id"" OPERATOR(pg_catalog.=) $1 FOR KEY SHARE OF x",<not logged>
+SET pgaudit.log_parameter TO ON;
 DROP TABLE bbb;
 DROP TABLE aaa;
 -- Test create table as after extension as been dropped
diff --git a/pgaudit.c b/pgaudit.c
index 1b7727b..98c2924 100644
--- a/pgaudit.c
+++ b/pgaudit.c
@@ -735,7 +735,7 @@ log_audit_event(AuditEventStackItem *stackItem)
      * translatability, but we currently haven't got translation support in
      * pgaudit anyway.
      */
-    ereport(auditLogClient ? auditLogLevel : COMMERROR,
+    ereport(auditLogClient ? auditLogLevel : LOG_SERVER_ONLY,
             (errmsg("AUDIT: %s," INT64_FORMAT "," INT64_FORMAT ",%s,%s",
                     stackItem->auditEvent.granted ?
                     AUDIT_TYPE_OBJECT : AUDIT_TYPE_SESSION,
diff --git a/sql/pgaudit.sql b/sql/pgaudit.sql
index 9a17abc..22960ae 100644
--- a/sql/pgaudit.sql
+++ b/sql/pgaudit.sql
@@ -756,7 +756,10 @@ GRANT UPDATE
    TO auditor;
 
 INSERT INTO aaa VALUES (generate_series(1,100));
+
+SET pgaudit.log_parameter TO OFF;
 INSERT INTO bbb VALUES (1);
+SET pgaudit.log_parameter TO ON;
 
 DROP TABLE bbb;
 DROP TABLE aaa;