Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Postgres prepared statements aren't captured in audit log #6051

Closed
r0mant opened this issue Mar 18, 2021 · 0 comments · Fixed by #6303
Closed

Postgres prepared statements aren't captured in audit log #6051

r0mant opened this issue Mar 18, 2021 · 0 comments · Fixed by #6303
Assignees
@r0mant
Labels
bug database-access Database access related issues and PRs
Milestone
6.2 "Buffalo"

Comments

@r0mant
Copy link
Collaborator

r0mant commented Mar 18, 2021

Current database access protocol integration captures simple pgproto3.Query messages but doesn't take into account prepared statements so those slip the audit log.

Example logs when using DataGrip that executes prepared statements:

DEBU [DB:SERVIC] Received client message: &pgproto3.Parse{Name:"S_3", Query:"select * from test", ParameterOIDs:[]uint32(nil)}. db:local from:client id:7714d409-e373-4bf4-9a43-31dd093b440a postgres/engine.go:265
DEBU [DB:SERVIC] Received client message: &pgproto3.Bind{DestinationPortal:"C_4", PreparedStatement:"S_3", ParameterFormatCodes:[]int16(nil), Parameters:[][]uint8(nil), ResultFormatCodes:[]int16{}}. db:local from:client id:7714d409-e373-4bf4-9a43-31dd093b440a postgres/engine.go:265
DEBU [DB:SERVIC] Received client message: &pgproto3.Describe{ObjectType:0x50, Name:"C_4"}. db:local from:client id:7714d409-e373-4bf4-9a43-31dd093b440a postgres/engine.go:265
DEBU [DB:SERVIC] Received client message: &pgproto3.Execute{Portal:"C_4", MaxRows:0x64}. db:local from:client id:7714d409-e373-4bf4-9a43-31dd093b440a postgres/engine.go:265
DEBU [DB:SERVIC] Received client message: &pgproto3.Sync{}. db:local from:client id:7714d409-e373-4bf4-9a43-31dd093b440a postgres/engine.go:265
DEBU [DB:SERVIC] Received server message: &pgproto3.ParseComplete{}. db:local from:server id:7714d409-e373-4bf4-9a43-31dd093b440a postgres/engine.go:303
DEBU [DB:SERVIC] Received server message: &pgproto3.BindComplete{}. db:local from:server id:7714d409-e373-4bf4-9a43-31dd093b440a postgres/engine.go:303
DEBU [DB:SERVIC] Received server message: &pgproto3.RowDescription{Fields:[]pgproto3.FieldDescription{pgproto3.FieldDescription{Name:[]uint8{0x69, 0x64}, TableOID:0x6001, TableAttributeNumber:0x1, DataTypeOID:0x19, DataTypeSize:-1, TypeModifier:-1, Format:0}}}. db:local from:server id:7714d409-e373-4bf4-9a43-31dd093b440a postgres/engine.go:303
DEBU [DB:SERVIC] Received server message: &pgproto3.DataRow{Values:[][]uint8{[]uint8{0x71, 0x77, 0x65, 0x71, 0x77, 0x65, 0x71, 0x77, 0x65}}}. db:local from:server id:7714d409-e373-4bf4-9a43-31dd093b440a postgres/engine.go:303
...

We need to capture pgproto3.Parse messages as well.
@r0mant r0mant added bug database-access Database access related issues and PRs labels Mar 18, 2021
@r0mant r0mant added this to the 6.1 milestone Mar 18, 2021
@r0mant r0mant self-assigned this Mar 18, 2021
@r0mant r0mant modified the milestones: 6.1, 6.2 Mar 24, 2021
@r0mant r0mant mentioned this issue Apr 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@r0mant r0mant

Labels
bug database-access Database access related issues and PRs
Projects
None yet
Milestone
6.2 "Buffalo"
Development

Successfully merging a pull request may close this issue.

Capture postgres extended protocol queries in audit log gravitational/teleport
1 participant
@r0mant