audit log postgres session PID

gravitational · Oct 16, 2024 · a4dec8f · a4dec8f
1 parent 4a59807
commit a4dec8f
Show file tree

Hide file tree

Showing 6 changed files with 786 additions and 741 deletions.
diff --git a/api/proto/teleport/legacy/types/events/events.proto b/api/proto/teleport/legacy/types/events/events.proto
@@ -3041,6 +3041,10 @@ message DatabaseSessionStart {
     (gogoproto.embed) = true,
     (gogoproto.jsontag) = ""
   ];
+  // PostgresPID is the Postgres backend PID that was created for a Postgres
+  // connection. This can be useful for backend process cancellation or
+  // termination and it is not a sensitive or secret value.
+  uint32 PostgresPID = 8 [(gogoproto.jsontag) = "postgres_pid,omitempty"];
 }
 
 // DatabaseSessionQuery is emitted when a user executes a database query.

diff --git a/api/types/events/events.pb.go b/api/types/events/events.pb.go
diff --git a/lib/srv/db/audit_test.go b/lib/srv/db/audit_test.go
@@ -61,7 +61,10 @@ func TestAuditPostgres(t *testing.T) {
 	// Connect should trigger successful session start event.
 	psql, err := testCtx.postgresClient(ctx, "alice", "postgres", "postgres", "postgres")
 	require.NoError(t, err)
-	requireEvent(t, testCtx, libevents.DatabaseSessionStartCode)
+	startEvt, ok := requireEvent(t, testCtx, libevents.DatabaseSessionStartCode).(*events.DatabaseSessionStart)
+	require.True(t, ok)
+	require.NotNil(t, startEvt)
+	require.NotZero(t, startEvt.PostgresPID)
 
 	// Simple query should trigger the query event.
 	_, err = psql.Exec(ctx, "select 1").ReadAll()

diff --git a/lib/srv/db/common/audit.go b/lib/srv/db/common/audit.go
@@ -145,6 +145,7 @@ func (a *audit) OnSessionStart(ctx context.Context, session *Session, sessionErr
 		Status: events.Status{
 			Success: true,
 		},
+		PostgresPID: session.PostgresPID,
 	}
 	event.SetTime(session.StartTime)
 

diff --git a/lib/srv/db/common/session.go b/lib/srv/db/common/session.go
@@ -66,6 +66,8 @@ type Session struct {
 	AuthContext *authz.Context
 	// StartTime is the time the session started.
 	StartTime time.Time
+	// PostgresPID is the Postgres backend PID for the session.
+	PostgresPID uint32
 }
 
 // String returns string representation of the session parameters.

diff --git a/lib/srv/db/postgres/engine.go b/lib/srv/db/postgres/engine.go
@@ -147,6 +147,8 @@ func (e *Engine) HandleConnection(ctx context.Context, sessionCtx *common.Sessio
 		cancelAutoUserLease()
 		return trace.Wrap(err)
 	}
+	sessionCtx.PostgresPID = hijackedConn.PID
+	e.Log = e.Log.With("pg_backend_pid", hijackedConn.PID)
 	e.rawServerConn = hijackedConn.Conn
 	// Release the auto-users semaphore now that we've successfully connected.
 	cancelAutoUserLease()