From 26f040e9c7f7547cc16e755bf97b47a7b333e4aa Mon Sep 17 00:00:00 2001 From: Gilles Darold Date: Fri, 3 Nov 2023 11:16:29 +0300 Subject: [PATCH] Update ChangeLog and version to 2.3.0 --- ChangeLog | 11 ++- credcheck--2.3.0.sql | 100 ++++++++++++++++++++++++++++ credcheck.control | 2 +- updates/credcheck--2.2.0--2.3.0.sql | 6 ++ 4 files changed, 117 insertions(+), 2 deletions(-) create mode 100644 credcheck--2.3.0.sql create mode 100644 updates/credcheck--2.2.0--2.3.0.sql diff --git a/ChangeLog b/ChangeLog index e3c95fc..2e50d3b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2023-11-03 - Version 2.3.0 + +This release is a maintenance release to fix a major issue with the +"whitelist" feature. + + - Fix crash when length of the credcheck.whitelist value was > NAMEDATALEN. + Thanks to zobnin for the report. + +Extension upgrade requires a PostgreSQL restart to reload the credcheck library. + 2023-09-16 - Version 2.2.0 This release adds a new feature, fixes a major bug with null password and fixes @@ -23,7 +33,6 @@ some issues reported by users since last release. Extension upgrade requires a PostgreSQL restart to reload the credcheck library. - 2023-07-15 - Version 2.1.0 This release adds a two new features and fix issues reported by users diff --git a/credcheck--2.3.0.sql b/credcheck--2.3.0.sql new file mode 100644 index 0000000..79807a1 --- /dev/null +++ b/credcheck--2.3.0.sql @@ -0,0 +1,100 @@ +-- credcheck extension for PostgreSQL +-- Copyright (c) 2021-2023 MigOps Inc - All rights reserved. +-- Copyright (c) 2023 Gilles Darold - All rights reserved. + +-- complain if script is sourced in psql, rather than via CREATE EXTENSION +\echo Use "CREATE EXTENSION credcheck" to load this file. \quit + +CREATE SCHEMA credcheck; + +---- +-- Remove all entries from password history. +-- Returns the number of entries removed. +---- +CREATE FUNCTION pg_password_history_reset( ) +RETURNS integer +AS 'MODULE_PATHNAME' +LANGUAGE C VOLATILE; + +---- +-- Remove entries of the specified user from password history. +-- Returns the number of entries removed. +---- +CREATE FUNCTION pg_password_history_reset( IN username name ) +RETURNS integer +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT VOLATILE; + +---- +-- Look at password history entries +---- +CREATE FUNCTION pg_password_history ( + OUT rolename name, + OUT password_date timestamp with time zone, + OUT password_hash text +) +RETURNS SETOF record +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT VOLATILE; + +-- Register a view on the function for ease of use. +CREATE VIEW pg_password_history AS + SELECT * FROM pg_password_history(); + +---- +-- Change password creation timestamp for all entries of the specified +-- user in the password history. Proposed for testing purpose only. +-- Returns the number of entries changed. +---- +CREATE FUNCTION pg_password_history_timestamp( IN username name, IN new_timestamp timestamp with time zone) +RETURNS integer +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT VOLATILE; + +GRANT SELECT ON pg_password_history TO PUBLIC; + +-- Don't want this to be available to non-superusers. +REVOKE ALL ON FUNCTION pg_password_history_reset() FROM PUBLIC; +REVOKE ALL ON FUNCTION pg_password_history_reset(name) FROM PUBLIC; +REVOKE ALL ON FUNCTION pg_password_history_timestamp(name, timestamp with time zone) FROM PUBLIC; + +---- +-- Remove all entries from authent failure cache. +-- Returns the number of entries removed. +---- +CREATE FUNCTION pg_banned_role_reset( ) +RETURNS integer +AS 'MODULE_PATHNAME' +LANGUAGE C VOLATILE; + +---- +-- Remove entries of the specified user from authent failure cache. +-- Returns the number of entries removed. +---- +CREATE FUNCTION pg_banned_role_reset( IN username name ) +RETURNS integer +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT VOLATILE; + +---- +-- Look at authent failure cache entries +---- +CREATE FUNCTION pg_banned_role ( + OUT roleid Oid, + OUT failure_count integer, + OUT banned_date timestamp +) +RETURNS SETOF record +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT VOLATILE; + +-- Register a view on the function for ease of use. +CREATE VIEW pg_banned_role AS + SELECT * FROM pg_banned_role(); + +GRANT SELECT ON pg_banned_role TO PUBLIC; + +-- Don't want this to be available to non-superusers. +REVOKE ALL ON FUNCTION pg_banned_role_reset() FROM PUBLIC; +REVOKE ALL ON FUNCTION pg_banned_role_reset(name) FROM PUBLIC; + diff --git a/credcheck.control b/credcheck.control index 3856fc4..5bec56a 100644 --- a/credcheck.control +++ b/credcheck.control @@ -1,4 +1,4 @@ comment = 'credcheck - postgresql plain text credential checker' -default_version = '2.2.0' +default_version = '2.3.0' module_pathname = '$libdir/credcheck' relocatable = false diff --git a/updates/credcheck--2.2.0--2.3.0.sql b/updates/credcheck--2.2.0--2.3.0.sql new file mode 100644 index 0000000..667b765 --- /dev/null +++ b/updates/credcheck--2.2.0--2.3.0.sql @@ -0,0 +1,6 @@ +-- credcheck extension for PostgreSQL +-- Copyright (c) 2021-2023 MigOps Inc - All rights reserved. +-- Copyright (c) 2023 Gilles Darold - All rights reserved. + +-- No SQL change to apply in this version +