Skip to content

Commit

Permalink
Update ChangeLog and version to 3.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@darold
darold committed Dec 31, 2024
1 parent 6f8f950 commit d914cb3
Show file tree
Hide file tree
Showing 4 changed files with 126 additions and 1 deletion.
19 changes: 19 additions & 0 deletions ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,22 @@
2024-12-31 - Version 3.0.0

This release adds a new feature to exclude a list of users from being banned
and fixes bugs reported by users since last release.

- Fix ban count with ssl.
- Fix compilation with PG11.
- Add new configuration variable to exclude some users from being banned.
With credcheck.whitelist_auth_failure you can set a whitelist of usernames
that must be excluded from this behavior. Example of use:
credcheck.whitelist_auth_failure = 'appuser1,appuser2'
Thanks to Kennycwc for the feature request.
- Update regression test expected output.
- Add a note about the \password command. Thanks to tsoulabail for the report.
- Fix test for password reuse.
- Fix pg_banned_role.roleid value. Thanks to Julien Rouhaud for the patch.
- Move the project under HexaCluster GitHub account.
- Update copyright year.

2024-08-03 - Version 2.8.0

This release adds the compatibility with PostgreSQL 17. Upgrade require a
Expand Down
101 changes: 101 additions & 0 deletions credcheck--3.0.0.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
-- credcheck extension for PostgreSQL
-- Copyright (c) 2021-2023 MigOps Inc
-- Copyright (c) 2023 Gilles Darold
-- Copyright (c) 2024 HexaCluster Corp

-- complain if script is sourced in psql, rather than via CREATE EXTENSION
\echo Use "CREATE EXTENSION credcheck" to load this file. \quit

CREATE SCHEMA credcheck;

----
-- Remove all entries from password history.
-- Returns the number of entries removed.
----
CREATE FUNCTION pg_password_history_reset( )
RETURNS integer
AS 'MODULE_PATHNAME'
LANGUAGE C VOLATILE;

----
-- Remove entries of the specified user from password history.
-- Returns the number of entries removed.
----
CREATE FUNCTION pg_password_history_reset( IN username name )
RETURNS integer
AS 'MODULE_PATHNAME'
LANGUAGE C STRICT VOLATILE;

----
-- Look at password history entries
----
CREATE FUNCTION pg_password_history (
OUT rolename name,
OUT password_date timestamp with time zone,
OUT password_hash text
)
RETURNS SETOF record
AS 'MODULE_PATHNAME'
LANGUAGE C STRICT VOLATILE;

-- Register a view on the function for ease of use.
CREATE VIEW pg_password_history AS
SELECT * FROM pg_password_history();

----
-- Change password creation timestamp for all entries of the specified
-- user in the password history. Proposed for testing purpose only.
-- Returns the number of entries changed.
----
CREATE FUNCTION pg_password_history_timestamp( IN username name, IN new_timestamp timestamp with time zone)
RETURNS integer
AS 'MODULE_PATHNAME'
LANGUAGE C STRICT VOLATILE;

GRANT SELECT ON pg_password_history TO PUBLIC;

-- Don't want this to be available to non-superusers.
REVOKE ALL ON FUNCTION pg_password_history_reset() FROM PUBLIC;
REVOKE ALL ON FUNCTION pg_password_history_reset(name) FROM PUBLIC;
REVOKE ALL ON FUNCTION pg_password_history_timestamp(name, timestamp with time zone) FROM PUBLIC;

----
-- Remove all entries from authent failure cache.
-- Returns the number of entries removed.
----
CREATE FUNCTION pg_banned_role_reset( )
RETURNS integer
AS 'MODULE_PATHNAME'
LANGUAGE C VOLATILE;

----
-- Remove entries of the specified user from authent failure cache.
-- Returns the number of entries removed.
----
CREATE FUNCTION pg_banned_role_reset( IN username name )
RETURNS integer
AS 'MODULE_PATHNAME'
LANGUAGE C STRICT VOLATILE;

----
-- Look at authent failure cache entries
----
CREATE FUNCTION pg_banned_role (
OUT roleid Oid,
OUT failure_count integer,
OUT banned_date timestamp
)
RETURNS SETOF record
AS 'MODULE_PATHNAME'
LANGUAGE C STRICT VOLATILE;

-- Register a view on the function for ease of use.
CREATE VIEW pg_banned_role AS
SELECT * FROM pg_banned_role();

GRANT SELECT ON pg_banned_role TO PUBLIC;

-- Don't want this to be available to non-superusers.
REVOKE ALL ON FUNCTION pg_banned_role_reset() FROM PUBLIC;
REVOKE ALL ON FUNCTION pg_banned_role_reset(name) FROM PUBLIC;

2 changes: 1 addition & 1 deletion credcheck.control
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
comment = 'credcheck - postgresql plain text credential checker'
default_version = '2.8.0'
default_version = '3.0.0'
module_pathname = '$libdir/credcheck'
relocatable = false
5 changes: 5 additions & 0 deletions updates/credcheck--2.8.0--3.0.0.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-- credcheck extension for PostgreSQL
-- Copyright (c) 2024-2025 HexaCluster Corp - All rights reserved.

-- No SQL change to apply in this version

0 comments on commit d914cb3

Please sign in to comment.