MySQL 8.0.37
Source Code Documentation
sql_audit.h
Go to the documentation of this file.
1#ifndef SQL_AUDIT_INCLUDED
2#define SQL_AUDIT_INCLUDED
3
4/* Copyright (c) 2007, 2024, Oracle and/or its affiliates.
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License, version 2.0,
8 as published by the Free Software Foundation.
9
10 This program is designed to work with certain software (including
11 but not limited to OpenSSL) that is licensed under separate terms,
12 as designated in a particular file or component or in included license
13 documentation. The authors of MySQL hereby grant you an additional
14 permission to link the program and your derivative works with the
15 separately licensed software that they have either included with
16 the program or referenced in the documentation.
17
18 This program is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 GNU General Public License, version 2.0, for more details.
22
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
26
27#include <string.h>
28
29#include "lex_string.h"
30#include "m_string.h"
31#include "my_command.h"
32#include "mysql/plugin_audit.h"
33
34class THD;
35class Security_context;
36class Table_ref;
37
38static const size_t MAX_USER_HOST_SIZE = 512;
39
40/**
41 Audit API event to string expanding macro.
42*/
43#define AUDIT_EVENT(x) x, #x
44
45bool is_audit_plugin_class_active(THD *thd, unsigned long event_class);
46bool is_global_audit_mask_set();
47
48size_t make_user_name(Security_context *sctx, char *buf);
49
50struct st_plugin_int;
51
52int initialize_audit_plugin(st_plugin_int *plugin);
53int finalize_audit_plugin(st_plugin_int *plugin);
54
55void mysql_audit_initialize();
56void mysql_audit_finalize();
57
58void mysql_audit_init_thd(THD *thd);
59void mysql_audit_free_thd(THD *thd);
60int mysql_audit_acquire_plugins(THD *thd, mysql_event_class_t event_class,
61 unsigned long event_subclass,
62 bool check_audited = true);
63void mysql_audit_release(THD *thd);
64
65/**
66 Enable auditing of the specified THD.
67
68 @param[in] thd THD whose auditing capability is turned on.
69*/
70void mysql_audit_enable_auditing(THD *thd);
71
72/**
73 Call audit plugins of GENERAL audit class.
74
75 @param[in] thd Current thread data.
76 @param[in] subclass Type of general audit event.
77 @param[in] subclass_name Subclass name.
78 @param[in] error_code Error code
79 @param[in] msg Message
80 @param[in] msg_len Message length.
81
82 @return Value returned is not taken into consideration by the server.
83*/
84int mysql_audit_notify(THD *thd, mysql_event_general_subclass_t subclass,
85 const char *subclass_name, int error_code,
86 const char *msg, size_t msg_len);
87/**
88 Call audit plugins of GENERAL LOG audit class.
89
90 @param[in] thd Current thread data.
91 @param[in] cmd Command text.
92 @param[in] cmdlen Command text length.
93
94 @return Value returned is not taken into consideration by the server.
95*/
96inline static int mysql_audit_general_log(THD *thd, const char *cmd,
97 size_t cmdlen) {
98 return mysql_audit_notify(thd, AUDIT_EVENT(MYSQL_AUDIT_GENERAL_LOG), 0, cmd,
99 cmdlen);
100}
101
102/**
103 Call audit plugins of CONNECTION audit class.
104
105 @param[in] thd Current thread context.
106 @param[in] subclass Type of the connection audit event.
107 @param[in] subclass_name Name of the subclass.
108 @param[in] errcode Error code.
109
110 @return 0 continue server flow, otherwise abort.
111*/
112int mysql_audit_notify(THD *thd, mysql_event_connection_subclass_t subclass,
113 const char *subclass_name, int errcode);
114
115/**
116 Call audit plugins of PARSE audit class.
117
118 @param[in] thd Current thread context.
119 @param[in] subclass Type of the parse audit event.
120 @param[in] subclass_name Name of the subclass.
121 @param[out] flags Rewritten query flags.
122 @param[out] rewritten_query Rewritten query
123
124 @return 0 continue server flow, otherwise abort.
125*/
126int mysql_audit_notify(THD *thd, mysql_event_parse_subclass_t subclass,
127 const char *subclass_name,
128 mysql_event_parse_rewrite_plugin_flag *flags,
129 LEX_CSTRING *rewritten_query);
130
131/**
132 Call audit plugins of AUTHORIZATION audit class.
133
134 @param[in] thd Thread data.
135 @param[in] subclass Type of the connection audit event.
136 @param[in] subclass_name Name of the subclass.
137 @param[in] database object database
138 @param[in] database_length object database length
139 @param[in] name object name
140 @param[in] name_length object name length
141
142 @return 0 continue server flow, otherwise abort.
143*/
144int mysql_audit_notify(THD *thd, mysql_event_authorization_subclass_t subclass,
145 const char *subclass_name, const char *database,
146 unsigned int database_length, const char *name,
147 unsigned int name_length);
148/**
149 Call audit plugins of TABLE ACCESS audit class events for all tables
150 available in the list.
151
152 Event subclass value depends on the thd->lex->sql_command value.
153
154 The event is generated for 'USER' and 'SYS' tables only.
155
156 @param[in] thd Current thread data.
157 @param[in] table Connected list of tables, for which event is generated.
158
159 @return 0 - continue server flow, otherwise abort.
160*/
161int mysql_audit_table_access_notify(THD *thd, Table_ref *table);
162
163/**
164 Call audit plugins of GLOBAL VARIABLE audit class.
165
166 @param[in] thd Current thread data.
167 @param[in] subclass Type of the global variable audit event.
168 @param[in] subclass_name Name of the subclass.
169 @param[in] name Name of the variable.
170 @param[in] value Textual value of the variable.
171 @param[in] value_length Textual value length.
172
173 @return 0 continue server flow, otherwise abort.
174*/
175int mysql_audit_notify(THD *thd,
176 mysql_event_global_variable_subclass_t subclass,
177 const char *subclass_name, const char *name,
178 const char *value, const unsigned int value_length);
179/**
180 Call audit plugins of SERVER STARTUP audit class.
181
182 @param[in] subclass Type of the server startup audit event.
183 @param[in] subclass_name Name of the subclass.
184 @param[in] argv Array of program arguments.
185 @param[in] argc Program arguments array length.
186
187 @return 0 continue server start, otherwise abort.
188*/
189int mysql_audit_notify(mysql_event_server_startup_subclass_t subclass,
190 const char *subclass_name, const char **argv,
191 unsigned int argc);
192
193/**
194 Call audit plugins of SERVER SHUTDOWN audit class.
195
196 @param[in] subclass Type of the server abort audit event.
197 @param[in] reason Reason code of the shutdown.
198 @param[in] exit_code Abort exit code.
199
200 @return Value returned is not taken into consideration by the server.
201*/
202int mysql_audit_notify(mysql_event_server_shutdown_subclass_t subclass,
203 mysql_server_shutdown_reason_t reason, int exit_code);
204
205#if 0 /* Function commented out. No Audit API calls yet. */
206/**
207 Call audit plugins of AUTHORIZATION audit class.
208
209 @param[in] thd Current thread data.
210 @param[in] subclass Type of the authorization audit event.
211 @param[in] subclass_name Name of the subclass.
212 @param[in] database Database name.
213 @param[in] table Table name.
214 @param[in] object Object name associated with the authorization event.
215
216 @return 0 continue server flow, otherwise abort.
217*/
218
219int mysql_audit_notify(THD *thd,
220 mysql_event_authorization_subclass_t subclass,
221 const char *subclass_name,
222 const char *database,
223 const char *table,
224 const char *object);
225#endif
226
227/**
228 Call audit plugins of CONNECTION audit class.
229
230 Internal connection info is extracted from the thd object.
231
232 @param[in] thd Current thread data.
233 @param[in] subclass Type of the connection audit event.
234 @param[in] subclass_name Name of the subclass.
235
236 @return 0 continue server flow, otherwise abort.
237*/
238int mysql_audit_notify(THD *thd, mysql_event_connection_subclass_t subclass,
239 const char *subclass_name);
240
241/**
242 Call audit plugins of COMMAND audit class.
243
244 Internal connection info is extracted from the thd object.
245
246 @param[in] thd Current thread data.
247 @param[in] subclass Type of the command audit event.
248 @param[in] subclass_name Name of the subclass.
249 @param[in] command Command id value.
250 @param[in] command_text Command string value.
251
252 @return 0 continue server flow, otherwise abort.
253*/
254int mysql_audit_notify(THD *thd, mysql_event_command_subclass_t subclass,
255 const char *subclass_name, enum_server_command command,
256 const char *command_text);
257/**
258 Call audit plugins of QUERY audit class.
259
260 Internal query info is extracted from the thd object.
261
262 @param[in] thd Current thread data.
263 @param[in] subclass Type of the query audit event.
264 @param[in] subclass_name Name of the subclass.
265
266 @return 0 continue server flow, otherwise abort.
267*/
268int mysql_audit_notify(THD *thd, mysql_event_query_subclass_t subclass,
269 const char *subclass_name);
270
271/**
272 Call audit plugins of STORED PROGRAM audit class.
273
274 @param[in] thd Current thread data.
275 @param[in] subclass Type of the stored program audit event.
276 @param[in] subclass_name Name of the subclass.
277 @param[in] database Stored program database name.
278 @param[in] name Name of the stored program.
279 @param[in] parameters Parameters of the stored program execution.
280
281 @return 0 continue server flow, otherwise abort.
282*/
283int mysql_audit_notify(THD *thd, mysql_event_stored_program_subclass_t subclass,
284 const char *subclass_name, const char *database,
285 const char *name, void *parameters);
286
287/**
288 Call audit plugins of AUTHENTICATION audit class
289
290 @param[in] thd Current thread data.
291 @param[in] subclass Type of the authentication audit event.
292 @param[in] subclass_name Name of the subclass.
293 @param[in] status Status of the event.
294 @param[in] user Name of the user.
295 @param[in] host Name of the host.
296 @param[in] authentication_plugin Current authentication plugin for user.
297 @param[in] is_role Whether given AuthID is a role or not
298 @param[in] new_user Name of the new user - In case of rename
299 @param[in] new_host Name of the new host - In case of rename
300
301 @return 0 continue server flow, otherwise abort.
302*/
303int mysql_audit_notify(THD *thd, mysql_event_authentication_subclass_t subclass,
304 const char *subclass_name, int status, const char *user,
305 const char *host, const char *authentication_plugin,
306 bool is_role, const char *new_user,
307 const char *new_host);
308
309/**
310 Call audit plugins of MESSAGE audit class.
311
312 @param[in] thd Current thread data.
313 @param[in] subclass Message class subclass name.
314 @param[in] subclass_name Subclass name length.
315 @param[in] component Component name.
316 @param[in] component_length Component name length.
317 @param[in] producer Producer name.
318 @param[in] producer_length Producer name length.
319 @param[in] message Message text.
320 @param[in] message_length Message text length.
321 @param[in] key_value_map Key value map pointer.
322 @param[in] key_value_map_length Key value map length.
323
324 @return 0 continue server flow.
325*/
326int mysql_audit_notify(THD *thd, mysql_event_message_subclass_t subclass,
327 const char *subclass_name, const char *component,
328 size_t component_length, const char *producer,
329 size_t producer_length, const char *message,
330 size_t message_length,
331 mysql_event_message_key_value_t *key_value_map,
332 size_t key_value_map_length);
333
334#endif /* SQL_AUDIT_INCLUDED */
Security_context
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:54
THD
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:34
Table_ref
Definition: table.h:2790
flags
static int flags[50]
Definition: hp_test1.cc:40
lex_string.h
m_string.h
my_command.h
enum_server_command
enum_server_command
A list of all MySQL protocol commands.
Definition: my_command.h:48
user
char * user
Definition: mysqladmin.cc:60
host
const char * host
Definition: mysqladmin.cc:59
buf
Definition: buf0block_hint.cc:30
plugin_audit.h
mysql_event_global_variable_subclass_t
mysql_event_global_variable_subclass_t
Events for MYSQL_AUDIT_GLOBAL_VARIABLE_CLASS event class.
Definition: plugin_audit.h:330
mysql_event_server_startup_subclass_t
mysql_event_server_startup_subclass_t
Events for MYSQL_AUDIT_SERVER_STARTUP_CLASS event class.
Definition: plugin_audit.h:359
mysql_event_general_subclass_t
mysql_event_general_subclass_t
Events for the MYSQL_AUDIT_GENERAL_CLASS event class.
Definition: plugin_audit.h:112
MYSQL_AUDIT_GENERAL_LOG
@ MYSQL_AUDIT_GENERAL_LOG
occurs before emitting to the general query log.
Definition: plugin_audit.h:114
mysql_event_command_subclass_t
mysql_event_command_subclass_t
Events for MYSQL_AUDIT_COMMAND_CLASS event class.
Definition: plugin_audit.h:423
mysql_event_authentication_subclass_t
mysql_event_authentication_subclass_t
Events for MYSQL_AUDIT_AUTHENTICATION_CLASS event class.
Definition: plugin_audit.h:539
mysql_event_authorization_subclass_t
mysql_event_authorization_subclass_t
Events for MYSQL_AUDIT_AUTHORIZATION_CLASS event class.
Definition: plugin_audit.h:234
mysql_event_query_subclass_t
mysql_event_query_subclass_t
Events for MYSQL_AUDIT_QUERY_CLASS event class.
Definition: plugin_audit.h:461
mysql_event_parse_rewrite_plugin_flag
mysql_event_parse_rewrite_plugin_flag
Definition: plugin_audit.h:203
mysql_event_server_shutdown_subclass_t
mysql_event_server_shutdown_subclass_t
Events for MYSQL_AUDIT_SERVER_SHUTDOWN_CLASS event class.
Definition: plugin_audit.h:385
mysql_event_parse_subclass_t
mysql_event_parse_subclass_t
Events for MYSQL_AUDIT_PARSE_CLASS event class.
Definition: plugin_audit.h:193
mysql_event_class_t
mysql_event_class_t
Audit event classes.
Definition: plugin_audit.h:48
mysql_server_shutdown_reason_t
mysql_server_shutdown_reason_t
Server shutdown reason.
Definition: plugin_audit.h:397
mysql_event_stored_program_subclass_t
mysql_event_stored_program_subclass_t
Events for MYSQL_AUDIT_STORED_PROGRAM_CLASS event class.
Definition: plugin_audit.h:500
mysql_event_connection_subclass_t
mysql_event_connection_subclass_t
Events for MYSQL_AUDIT_CONNECTION_CLASS event class.
Definition: plugin_audit_connection_types.h:37
mysql_event_message_subclass_t
mysql_event_message_subclass_t
Events for MYSQL_AUDIT_MESSAGE_CLASS event class.
Definition: plugin_audit_message_types.h:41
status
required uint32 status
Definition: replication_asynchronous_connection_failover.proto:61
make_user_name
size_t make_user_name(Security_context *sctx, char *buf)
Definition: sql_audit.cc:1451
mysql_audit_enable_auditing
void mysql_audit_enable_auditing(THD *thd)
Enable auditing of the specified THD.
Definition: sql_audit.cc:1177
mysql_audit_finalize
void mysql_audit_finalize()
Finalize Audit global variables.
Definition: sql_audit.cc:1235
is_global_audit_mask_set
bool is_global_audit_mask_set()
Checks presence of active audit plugin.
Definition: sql_audit.cc:1443
mysql_audit_general_log
static int mysql_audit_general_log(THD *thd, const char *cmd, size_t cmdlen)
Call audit plugins of GENERAL LOG audit class.
Definition: sql_audit.h:96
AUDIT_EVENT
#define AUDIT_EVENT(x)
Audit API event to string expanding macro.
Definition: sql_audit.h:43
mysql_audit_release
void mysql_audit_release(THD *thd)
Release any resources associated with the current thd.
Definition: sql_audit.cc:1147
mysql_audit_notify
int mysql_audit_notify(THD *thd, mysql_event_general_subclass_t subclass, const char *subclass_name, int error_code, const char *msg, size_t msg_len)
Call audit plugins of GENERAL audit class.
Definition: sql_audit.cc:364
is_audit_plugin_class_active
bool is_audit_plugin_class_active(THD *thd, unsigned long event_class)
There's at least one active audit plugin tracking a specified class.
Definition: sql_audit.cc:1432
mysql_audit_init_thd
void mysql_audit_init_thd(THD *thd)
Initialize thd variables used by Audit.
Definition: sql_audit.cc:1186
mysql_audit_free_thd
void mysql_audit_free_thd(THD *thd)
Free thd variables used by Audit.
Definition: sql_audit.cc:1197
initialize_audit_plugin
int initialize_audit_plugin(st_plugin_int *plugin)
Initialize an Audit plug-in.
Definition: sql_audit.cc:1246
finalize_audit_plugin
int finalize_audit_plugin(st_plugin_int *plugin)
Finalize an Audit plug-in.
Definition: sql_audit.cc:1305
mysql_audit_initialize
void mysql_audit_initialize()
Initialize Audit global variables.
Definition: sql_audit.cc:1222
mysql_audit_acquire_plugins
int mysql_audit_acquire_plugins(THD *thd, mysql_event_class_t event_class, unsigned long event_subclass, bool check_audited=true)
Acquire audit plugins.
Definition: sql_audit.cc:1087
mysql_audit_table_access_notify
int mysql_audit_table_access_notify(THD *thd, Table_ref *table)
Call audit plugins of TABLE ACCESS audit class events for all tables available in the list.
Definition: sql_audit.cc:581
MAX_USER_HOST_SIZE
static const size_t MAX_USER_HOST_SIZE
Definition: sql_audit.h:38
name
case opt name
Definition: sslopt-case.h:33
MYSQL_LEX_CSTRING
Definition: mysql_lex_string.h:40
mysql_event_message_key_value_t
Structure that stores key-value pair of the MYSQL_AUDIT_MESSAGE_CLASS event class.
Definition: plugin_audit_message_types.h:64
st_plugin_int
Definition: sql_plugin_ref.h:45
st_plugin_int::plugin
st_mysql_plugin * plugin
Definition: sql_plugin_ref.h:47
command
command
Definition: version_token.cc:280