MySQL 8.4.2
Source Code Documentation
sql_audit.h
Go to the documentation of this file.
1#ifndef SQL_AUDIT_INCLUDED
2#define SQL_AUDIT_INCLUDED
3
4/* Copyright (c) 2007, 2024, Oracle and/or its affiliates.
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License, version 2.0,
8 as published by the Free Software Foundation.
9
10 This program is designed to work with certain software (including
11 but not limited to OpenSSL) that is licensed under separate terms,
12 as designated in a particular file or component or in included license
13 documentation. The authors of MySQL hereby grant you an additional
14 permission to link the program and your derivative works with the
15 separately licensed software that they have either included with
16 the program or referenced in the documentation.
17
18 This program is distributed in the hope that it will be useful,
19 but WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 GNU General Public License, version 2.0, for more details.
22
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
26
27#include <string.h>
28
29#include "lex_string.h"
30#include "my_command.h"
31#include "mysql/plugin_audit.h"
32#include "sql/error_handler.h"
33
46
48
49class THD;
51class Table_ref;
52
53static const size_t MAX_USER_HOST_SIZE = 512;
54
58 const void *event;
60};
61
64 const void *event;
65};
66
67/**
68 Audit API event to string expanding macro.
69*/
70#define AUDIT_EVENT(x) x, #x
71
72bool is_audit_plugin_class_active(THD *thd, unsigned long event_class);
74
75size_t make_user_name(Security_context *sctx, char *buf);
76
77struct st_plugin_int;
78
81
84
85void mysql_audit_init_thd(THD *thd);
86void mysql_audit_free_thd(THD *thd);
88 unsigned long event_subclass,
89 bool check_audited = true);
90void mysql_audit_release(THD *thd);
91
92/**
93 Enable auditing of the specified THD.
94
95 @param[in] thd THD whose auditing capability is turned on.
96*/
98
99/**
100 Notify consumers of AUTHENTICATION event tracking events.
101
102 @param[in] thd Current thread data.
103 @param[in] subclass Type of the authentication audit event.
104 @param[in] subclass_name Name of the subclass.
105 @param[in] status Status of the event.
106 @param[in] user Name of the user.
107 @param[in] host Name of the host.
108 @param[in] authentication_plugin Current authentication plugin for user.
109 @param[in] is_role Whether given AuthID is a role or not
110 @param[in] new_user Name of the new user - In case of rename
111 @param[in] new_host Name of the new host - In case of rename
112
113 @return 0 continue server flow, otherwise abort.
114*/
117 const char *subclass_name, int status, const char *user, const char *host,
118 const char *authentication_plugin, bool is_role, const char *new_user,
119 const char *new_host);
120
121/**
122 Notify consumers of COMMAND event tracking events.
123
124 Internal connection info is extracted from the thd object.
125
126 @param[in] thd Current thread data.
127 @param[in] subclass Type of the command audit event.
128 @param[in] subclass_name Name of the subclass.
129 @param[in] command Command id value.
130 @param[in] command_text Command string value.
131
132 @return 0 continue server flow, otherwise abort.
133*/
134
137 const char *subclass_name, enum_server_command command,
138 const char *command_text);
139
140/**
141 Notify consumers of CONNECTION event tracking events.
142
143 @param[in] thd Current thread context.
144 @param[in] subclass Type of the connection audit event.
145 @param[in] subclass_name Name of the subclass.
146 @param[in] errcode Error code.
147
148 @return 0 continue server flow, otherwise abort.
149*/
152 const char *subclass_name, int errcode);
153
154/**
155 Notify consumers of CONNECTION event tracking events.
156
157 Internal connection info is extracted from the thd object.
158
159 @param[in] thd Current thread data.
160 @param[in] subclass Type of the connection audit event.
161 @param[in] subclass_name Name of the subclass.
162
163 @return 0 continue server flow, otherwise abort.
164*/
167 const char *subclass_name);
168
169/**
170 Notify consumers of GENERAL event tracking events.
171
172 @param[in] thd Current thread data.
173 @param[in] subclass Type of general audit event.
174 @param[in] subclass_name Subclass name.
175 @param[in] error_code Error code
176 @param[in] msg Message
177 @param[in] msg_len Message length.
178
179 @return Value returned is not taken into consideration by the server.
180*/
183 const char *subclass_name, int error_code, const char *msg, size_t msg_len);
184
185/**
186 Notify consumers of GENERAL event tracking events.
187
188 @param[in] thd Current thread data.
189 @param[in] cmd Command text.
190 @param[in] cmdlen Command text length.
191
192 @return Value returned is not taken into consideration by the server.
193*/
194inline static int mysql_event_tracking_general_notify(THD *thd, const char *cmd,
195 size_t cmdlen) {
197 thd, AUDIT_EVENT(EVENT_TRACKING_GENERAL_LOG), 0, cmd, cmdlen);
198}
199
200/**
201 Notify consumers of GLOBAL VARIABLE event tracking events.
202
203 @param[in] thd Current thread data.
204 @param[in] subclass Type of the global variable audit event.
205 @param[in] subclass_name Name of the subclass.
206 @param[in] name Name of the variable.
207 @param[in] value Textual value of the variable.
208 @param[in] value_length Textual value length.
209
210 @return 0 continue server flow, otherwise abort.
211*/
214 const char *subclass_name, const char *name, const char *value,
215 const unsigned int value_length);
216
217/**
218 Notify consumers of MESSAGE event tracking events.
219
220 @param[in] thd Current thread data.
221 @param[in] subclass Message class subclass name.
222 @param[in] subclass_name Subclass name length.
223 @param[in] component Component name.
224 @param[in] component_length Component name length.
225 @param[in] producer Producer name.
226 @param[in] producer_length Producer name length.
227 @param[in] message Message text.
228 @param[in] message_length Message text length.
229 @param[in] key_value_map Key value map pointer.
230 @param[in] key_value_map_length Key value map length.
231
232 @return 0 continue server flow.
233*/
236 const char *subclass_name, const char *component, size_t component_length,
237 const char *producer, size_t producer_length, const char *message,
238 size_t message_length,
240 size_t key_value_map_length);
241
242/**
243 Notify consumers of PARSE event tracking events.
244
245 @param[in] thd Current thread context.
246 @param[in] subclass Type of the parse audit event.
247 @param[in] subclass_name Name of the subclass.
248 @param[out] flags Rewritten query flags.
249 @param[out] rewritten_query Rewritten query
250
251 @return 0 continue server flow, otherwise abort.
252*/
255 const char *subclass_name,
257 mysql_cstring_with_length *rewritten_query);
258
259/**
260 Notify consumers of QUERY event tracking events.
261
262 Internal query info is extracted from the thd object.
263
264 @param[in] thd Current thread data.
265 @param[in] subclass Type of the query audit event.
266 @param[in] subclass_name Name of the subclass.
267
268 @return 0 continue server flow, otherwise abort.
269*/
272 const char *subclass_name);
273
274/**
275 Notify consumers of LIFECYCLE (Shutdown) event tracking events.
276
277 @param[in] subclass Type of the server abort audit event.
278 @param[in] subclass_name Name of the subclass
279 @param[in] reason Reason code of the shutdown.
280 @param[in] exit_code Abort exit code.
281
282 @return Value returned is not taken into consideration by the server.
283*/
286 const char *subclass_name, mysql_event_tracking_shutdown_reason_t reason,
287 int exit_code);
288
289/**
290 Notify consumers of LIFECYCLE (Starup) event tracking events.
291
292 @param[in] subclass Type of the server startup audit event.
293 @param[in] subclass_name Name of the subclass.
294 @param[in] argv Array of program arguments.
295 @param[in] argc Program arguments array length.
296
297 @return 0 continue server start, otherwise abort.
298*/
300 mysql_event_tracking_startup_subclass_t subclass, const char *subclass_name,
301 const char **argv, unsigned int argc);
302
303/**
304 Notify consumers of STORED PROGRAM event tracking events.
305
306 @param[in] thd Current thread data.
307 @param[in] subclass Type of the stored program audit event.
308 @param[in] subclass_name Name of the subclass.
309 @param[in] database Stored program database name.
310 @param[in] name Name of the stored program.
311 @param[in] parameters Parameters of the stored program execution.
312
313 @return 0 continue server flow, otherwise abort.
314*/
317 const char *subclass_name, const char *database, const char *name,
318 void *parameters);
319
320/**
321 Notify consumers of TABLE ACCESS event tracking events for all tables
322 available in the list.
323
324 Event subclass value depends on the thd->lex->sql_command value.
325
326 The event is generated for 'USER' and 'SYS' tables only.
327
328 @param[in] thd Current thread data.
329 @param[in] table Connected list of tables, for which event is generated.
330
331 @return 0 - continue server flow, otherwise abort.
332*/
334
335#if 0 /* Function commented out. No Audit API calls yet. */
336/**
337 Call audit plugins of AUTHORIZATION audit class.
338
339 @param[in] thd Thread data.
340 @param[in] subclass Type of the connection audit event.
341 @param[in] subclass_name Name of the subclass.
342 @param[in] database object database
343 @param[in] database_length object database length
344 @param[in] name object name
345 @param[in] name_length object name length
346
347 @return 0 continue server flow, otherwise abort.
348*/
349int mysql_audit_notify(THD *thd, mysql_event_authorization_subclass_t subclass,
350 const char *subclass_name, const char *database,
351 unsigned int database_length, const char *name,
352 unsigned int name_length);
353
354/**
355 Call audit plugins of AUTHORIZATION audit class.
356
357 @param[in] thd Current thread data.
358 @param[in] subclass Type of the authorization audit event.
359 @param[in] subclass_name Name of the subclass.
360 @param[in] database Database name.
361 @param[in] table Table name.
362 @param[in] object Object name associated with the authorization event.
363
364 @return 0 continue server flow, otherwise abort.
365*/
366
367int mysql_audit_notify(THD *thd,
369 const char *subclass_name,
370 const char *database,
371 const char *table,
372 const char *object);
373#endif /* 0 */
374
376 public:
379 Event_tracking_information(const char *command_name, size_t command_length)
380 : command_{command_name, command_length} {}
383};
384
387 public:
389 std::vector<const char *> authentication_methods_;
393
396 std::vector<const char *> &auth_methods, bool is_role,
397 const char *new_user, const char *new_host)
399 subclass_(subclass),
400 authentication_methods_{auth_methods},
401 is_role_{is_role},
402 new_user_{new_user, new_user ? strlen(new_user) : 0},
403 new_host_{new_host, new_host ? strlen(new_host) : 0} {}
404};
405
408 public:
410 uint64_t rows_;
411 uint64_t time_;
413
415 mysql_event_tracking_general_subclass_t subclass, uint64_t rows,
416 uint64_t time, LEX_CSTRING external_user, const char *command_name,
417 size_t command_length)
418 : Event_tracking_information{command_name, command_length},
419 subclass_{subclass},
420 rows_{rows},
421 time_{time},
422 external_user_{external_user.str, external_user.length} {}
423};
424
425#endif /* SQL_AUDIT_INCLUDED */
Kerberos Client Authentication nullptr
Definition: auth_kerberos_client_plugin.cc:251
mysql_cstring_with_length new_host_
Definition: sql_audit.h:392
mysql_cstring_with_length new_user_
Definition: sql_audit.h:391
Event_tracking_authentication_information(mysql_event_tracking_authentication_subclass_t subclass, std::vector< const char * > &auth_methods, bool is_role, const char *new_user, const char *new_host)
Definition: sql_audit.h:394
mysql_event_tracking_authentication_subclass_t subclass_
Definition: sql_audit.h:388
std::vector< const char * > authentication_methods_
Definition: sql_audit.h:389
bool is_role_
Definition: sql_audit.h:390
Definition: sql_audit.h:407
uint64_t rows_
Definition: sql_audit.h:410
Event_tracking_general_information(mysql_event_tracking_general_subclass_t subclass, uint64_t rows, uint64_t time, LEX_CSTRING external_user, const char *command_name, size_t command_length)
Definition: sql_audit.h:414
mysql_event_tracking_general_subclass_t subclass_
Definition: sql_audit.h:409
mysql_cstring_with_length external_user_
Definition: sql_audit.h:412
uint64_t time_
Definition: sql_audit.h:411
Definition: sql_audit.h:375
virtual ~Event_tracking_information()
Definition: sql_audit.h:382
Event_tracking_information(const Event_tracking_information &src)=default
mysql_cstring_with_length command_
Definition: sql_audit.h:377
Event_tracking_information(const char *command_name, size_t command_length)
Definition: sql_audit.h:379
Event_tracking_information()
Definition: sql_audit.h:378
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:54
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:36
Definition: table.h:2864
Data for authentication event tracking.
unsigned long mysql_event_tracking_authentication_subclass_t
Events for Authentication event tracking.
Definition: event_tracking_authentication_defs.h:72
Data for RPC command event tracking.
unsigned long mysql_event_tracking_command_subclass_t
Events for Command event tracking.
Definition: event_tracking_command_defs.h:47
Common data used for tracking various types of events.
Data for connection event tracking.
unsigned long mysql_event_tracking_connection_subclass_t
Events for Connection event tracking.
Definition: event_tracking_connection_defs.h:53
Data for general event tracking.
#define EVENT_TRACKING_GENERAL_LOG
occurs before emitting to the general query log.
Definition: event_tracking_general_defs.h:35
unsigned long mysql_event_tracking_general_subclass_t
Events for the General event tracking.
Definition: event_tracking_general_defs.h:52
Data for global variable event tracking.
unsigned long mysql_event_tracking_global_variable_subclass_t
Events for Global variable event tracking.
Definition: event_tracking_global_variable_defs.h:47
Data for program lifecycle events.
unsigned long mysql_event_tracking_shutdown_subclass_t
Events for Shutdown event tracking.
Definition: event_tracking_lifecycle_defs.h:68
unsigned long mysql_event_tracking_startup_subclass_t
Events for Startup event tracking.
Definition: event_tracking_lifecycle_defs.h:42
int mysql_event_tracking_shutdown_reason_t
Server shutdown reason.
Definition: event_tracking_lifecycle_defs.h:80
Data for message event tracking.
unsigned long mysql_event_tracking_message_subclass_t
Events for Message event tracking.
Definition: event_tracking_message_defs.h:47
Data for parse event tracking.
unsigned int mysql_event_tracking_parse_rewrite_plugin_flag
Query rewritting flags.
Definition: event_tracking_parse_defs.h:61
unsigned long mysql_event_tracking_parse_subclass_t
Events for Parse event tracking.
Definition: event_tracking_parse_defs.h:47
Data for query event tracking.
unsigned long mysql_event_tracking_query_subclass_t
Events for Query event tracking.
Definition: event_tracking_query_defs.h:52
Data for stored program event tracking.
unsigned long mysql_event_tracking_stored_program_subclass_t
Events for Stored program event tracking.
Definition: event_tracking_stored_program_defs.h:44
Data for query event tracking.
static int flags[50]
Definition: hp_test1.cc:40
enum_server_command
A list of all MySQL protocol commands.
Definition: my_command.h:48
static const char * command_name[]
Definition: myisamlog.cc:102
char * user
Definition: mysqladmin.cc:66
const char * host
Definition: mysqladmin.cc:65
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1081
static PFS_engine_table_share_proxy table
Definition: pfs.cc:61
Definition: buf0block_hint.cc:30
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:76
mysql_event_authorization_subclass_t
Events for MYSQL_AUDIT_AUTHORIZATION_CLASS event class.
Definition: plugin_audit.h:236
mysql_event_class_t
Audit event classes.
Definition: plugin_audit.h:50
required uint32 status
Definition: replication_asynchronous_connection_failover.proto:61
size_t make_user_name(Security_context *sctx, char *buf)
Definition: sql_audit.cc:816
void mysql_audit_enable_auditing(THD *thd)
Enable auditing of the specified THD.
Definition: sql_audit.cc:639
void mysql_audit_finalize()
Finalize Audit global variables.
Definition: sql_audit.cc:697
int mysql_event_tracking_query_notify(THD *thd, mysql_event_tracking_query_subclass_t subclass, const char *subclass_name)
Notify consumers of QUERY event tracking events.
Definition: sql_audit.cc:1092
bool is_global_audit_mask_set()
Checks presence of active audit plugin.
Definition: sql_audit.cc:808
int mysql_event_tracking_global_variable_notify(THD *thd, mysql_event_tracking_global_variable_subclass_t subclass, const char *subclass_name, const char *name, const char *value, const unsigned int value_length)
Notify consumers of GLOBAL VARIABLE event tracking events.
Definition: sql_audit.cc:1012
int mysql_event_tracking_parse_notify(THD *thd, mysql_event_tracking_parse_subclass_t subclass, const char *subclass_name, mysql_event_tracking_parse_rewrite_plugin_flag *flags, mysql_cstring_with_length *rewritten_query)
Notify consumers of PARSE event tracking events.
Definition: sql_audit.cc:1066
#define AUDIT_EVENT(x)
Audit API event to string expanding macro.
Definition: sql_audit.h:70
int mysql_event_tracking_message_notify(THD *thd, mysql_event_tracking_message_subclass_t subclass, const char *subclass_name, const char *component, size_t component_length, const char *producer, size_t producer_length, const char *message, size_t message_length, mysql_event_tracking_message_key_value_t *key_value_map, size_t key_value_map_length)
Notify consumers of MESSAGE event tracking events.
Definition: sql_audit.cc:1037
void mysql_audit_release(THD *thd)
Release any resources associated with the current thd.
Definition: sql_audit.cc:609
bool is_audit_plugin_class_active(THD *thd, unsigned long event_class)
There's at least one active audit plugin tracking a specified class.
Definition: sql_audit.cc:797
void mysql_audit_init_thd(THD *thd)
Initialize thd variables used by Audit.
Definition: sql_audit.cc:648
int mysql_event_tracking_general_notify(THD *thd, mysql_event_tracking_general_subclass_t subclass, const char *subclass_name, int error_code, const char *msg, size_t msg_len)
Notify consumers of GENERAL event tracking events.
Definition: sql_audit.cc:961
void mysql_audit_free_thd(THD *thd)
Free thd variables used by Audit.
Definition: sql_audit.cc:659
int initialize_audit_plugin(st_plugin_int *plugin)
Initialize an Audit plug-in.
Definition: sql_audit.cc:708
int finalize_audit_plugin(st_plugin_int *plugin)
Finalize an Audit plug-in.
Definition: sql_audit.cc:767
int mysql_event_tracking_table_access_notify(THD *thd, Table_ref *table)
Notify consumers of TABLE ACCESS event tracking events for all tables available in the list.
Definition: sql_audit.cc:1299
int mysql_event_tracking_shutdown_notify(mysql_event_tracking_shutdown_subclass_t subclass, const char *subclass_name, mysql_event_tracking_shutdown_reason_t reason, int exit_code)
Notify consumers of LIFECYCLE (Shutdown) event tracking events.
Definition: sql_audit.cc:1149
int mysql_event_tracking_connection_notify(THD *thd, mysql_event_tracking_connection_subclass_t subclass, const char *subclass_name, int errcode)
Notify consumers of CONNECTION event tracking events.
Definition: sql_audit.cc:905
void mysql_audit_initialize()
Initialize Audit global variables.
Definition: sql_audit.cc:684
int mysql_audit_acquire_plugins(THD *thd, mysql_event_class_t event_class, unsigned long event_subclass, bool check_audited=true)
Acquire audit plugins.
Definition: sql_audit.cc:549
int mysql_event_tracking_command_notify(THD *thd, mysql_event_tracking_command_subclass_t subclass, const char *subclass_name, enum_server_command command, const char *command_text)
Notify consumers of COMMAND event tracking events.
Definition: sql_audit.cc:869
int mysql_event_tracking_authentication_notify(THD *thd, mysql_event_tracking_authentication_subclass_t subclass, const char *subclass_name, int status, const char *user, const char *host, const char *authentication_plugin, bool is_role, const char *new_user, const char *new_host)
Notify consumers of AUTHENTICATION event tracking events.
Definition: sql_audit.cc:836
int mysql_event_tracking_stored_program_notify(THD *thd, mysql_event_tracking_stored_program_subclass_t subclass, const char *subclass_name, const char *database, const char *name, void *parameters)
Notify consumers of STORED PROGRAM event tracking events.
Definition: sql_audit.cc:1186
static const size_t MAX_USER_HOST_SIZE
Definition: sql_audit.h:53
int mysql_event_tracking_startup_notify(mysql_event_tracking_startup_subclass_t subclass, const char *subclass_name, const char **argv, unsigned int argc)
Notify consumers of LIFECYCLE (Starup) event tracking events.
Definition: sql_audit.cc:1164
Event_tracking_class
Event tracking classes If a new event tracking class is introduced, this class should be kept in sync...
Definition: sql_event_tracking_to_audit_event_mapping.h:41
case opt name
Definition: sslopt-case.h:29
Definition: mysql_lex_string.h:40
String with length information.
Definition: mysql_string_defs.h:33
Structure that stores key-value pair of the Message event.
Definition: event_tracking_message_defs.h:67
Definition: sql_audit.h:56
const void * event
Definition: sql_audit.h:58
Event_tracking_class event_class
Definition: sql_audit.h:57
const Event_tracking_information * event_information
Definition: sql_audit.h:59
Definition: sql_audit.h:62
const void * event
Definition: sql_audit.h:64
mysql_event_class_t event_class
Definition: sql_audit.h:63
Definition: sql_plugin_ref.h:45
st_mysql_plugin * plugin
Definition: sql_plugin_ref.h:47
command
Definition: version_token.cc:280