MySQL  8.0.17
Source Code Documentation
sql_audit.cc File Reference
#include "sql/sql_audit.h"
#include <sys/types.h>
#include "lex_string.h"
#include "m_ctype.h"
#include "my_compiler.h"
#include "my_dbug.h"
#include "my_inttypes.h"
#include "my_loglevel.h"
#include "my_macros.h"
#include "my_psi_config.h"
#include "my_sqlcommand.h"
#include "my_sys.h"
#include "mysql/components/services/log_builtins.h"
#include "mysql/components/services/log_shared.h"
#include "mysql/components/services/mysql_mutex_bits.h"
#include "mysql/components/services/psi_mutex_bits.h"
#include "mysql/mysql_lex_string.h"
#include "mysql/plugin.h"
#include "mysql/psi/mysql_mutex.h"
#include "mysql/psi/psi_base.h"
#include "mysqld_error.h"
#include "prealloced_array.h"
#include "sql/auto_thd.h"
#include "sql/current_thd.h"
#include "sql/error_handler.h"
#include "sql/log.h"
#include "sql/mysqld.h"
#include "sql/sql_class.h"
#include "sql/sql_error.h"
#include "sql/sql_lex.h"
#include "sql/sql_plugin.h"
#include "sql/sql_plugin_ref.h"
#include "sql/sql_rewrite.h"
#include "sql/table.h"
#include "sql_string.h"
#include "thr_mutex.h"

Classes

class  Audit_error_handler
 Error handler that controls error reporting by plugin. More...
 
struct  st_mysql_event_generic
 
struct  st_mysql_subscribe_event
 Plugin event subscription structure. More...
 
class  Ignore_event_error_handler
 Ignore all errors notified from within plugin. More...
 
class  Ignore_command_start_error_handler
 Ignore error for specified commands. More...
 

Functions

static int event_class_dispatch (THD *thd, mysql_event_class_t event_class, const void *event)
 Distributes an audit event to plug-ins. More...
 
static int event_class_dispatch_error (THD *thd, mysql_event_class_t event_class, const char *event_name, const void *event)
 
static void add_audit_mask (unsigned long *mask, unsigned long rhs)
 Add mask specified by the rhs parameter to the mask parameter. More...
 
static void add_audit_mask (unsigned long *dst, const unsigned long *src)
 Add entire audit mask specified by the src to dst. More...
 
static bool check_audit_mask (const unsigned long lhs, const unsigned long rhs)
 Check, whether masks specified by lhs parameter and rhs parameters overlap. More...
 
static bool check_audit_mask (const unsigned long *lhs, const unsigned long *rhs)
 Check, whether mask arrays specified by the lhs parameter and rhs parameter overlap. More...
 
void thd_get_audit_query (THD *thd, MYSQL_LEX_CSTRING *query, const CHARSET_INFO **charset)
 Fill query and query charset info extracted from the thread object. More...
 
int mysql_audit_notify (THD *thd, mysql_event_general_subclass_t subclass, const char *subclass_name, int error_code, const char *msg, size_t msg_len)
 Call audit plugins of GENERAL audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_connection_subclass_t subclass, const char *subclass_name, int errcode)
 Call audit plugins of CONNECTION audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_connection_subclass_t subclass, const char *subclass_name)
 Call audit plugins of CONNECTION audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_parse_subclass_t subclass, const char *subclass_name, mysql_event_parse_rewrite_plugin_flag *flags, LEX_CSTRING *rewritten_query)
 Call audit plugins of PARSE audit class. More...
 
bool generate_table_access_event (TABLE_LIST *table)
 Check whether the table access event for a specified table will be generated. More...
 
static void set_table_access_subclass (mysql_event_table_access_subclass_t *out_subclass, const char **out_subclass_name, mysql_event_table_access_subclass_t subclass, const char *subclass_name)
 Function that allows to use AUDIT_EVENT macro for setting subclass and subclass name values. More...
 
static int mysql_audit_notify (THD *thd, mysql_event_table_access_subclass_t subclass, const char *subclass_name, TABLE_LIST *table)
 Generate table access event for a specified table. More...
 
int mysql_audit_table_access_notify (THD *thd, TABLE_LIST *table)
 Call audit plugins of TABLE ACCESS audit class events for all tables available in the list. More...
 
int mysql_audit_notify (THD *thd, mysql_event_global_variable_subclass_t subclass, const char *subclass_name, const char *name, const char *value, const unsigned int value_length)
 Call audit plugins of GLOBAL VARIABLE audit class. More...
 
int mysql_audit_notify (mysql_event_server_startup_subclass_t subclass, const char *subclass_name, const char **argv, unsigned int argc)
 Call audit plugins of SERVER STARTUP audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_server_shutdown_subclass_t subclass, mysql_server_shutdown_reason_t reason, int exit_code)
 Call audit plugins of SERVER SHUTDOWN audit class. More...
 
int mysql_audit_notify (mysql_event_server_shutdown_subclass_t subclass, mysql_server_shutdown_reason_t reason, int exit_code)
 Call audit plugins of SERVER SHUTDOWN audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_command_subclass_t subclass, const char *subclass_name, enum_server_command command, const char *command_text)
 Call audit plugins of COMMAND audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_query_subclass_t subclass, const char *subclass_name)
 Call audit plugins of QUERY audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_stored_program_subclass_t subclass, const char *subclass_name, const char *database, const char *name, void *parameters)
 Call audit plugins of STORED PROGRAM audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_authentication_subclass_t subclass, const char *subclass_name, int status, const char *user, const char *host, const char *authentication_plugin, bool is_role, const char *new_user, const char *new_host)
 Call audit plugins of AUTHENTICATION audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_message_subclass_t subclass, const char *subclass_name, const char *component, size_t component_length, const char *producer, size_t producer_length, const char *message, size_t message_length, mysql_event_message_key_value_t *key_value_map, size_t key_value_map_length)
 Call audit plugins of MESSAGE audit class. More...
 
static bool acquire_lookup_mask (THD *, plugin_ref plugin, void *arg)
 Acquire plugin masks subscribing to the specified event of the specified class, passed by arg parameter. More...
 
static bool acquire_plugins (THD *thd, plugin_ref plugin, void *arg)
 Acquire and lock any additional audit plugins, whose subscription mask overlaps with the lookup_mask. More...
 
int mysql_audit_acquire_plugins (THD *thd, mysql_event_class_t event_class, unsigned long event_subclass)
 Acquire audit plugins. More...
 
void mysql_audit_release (THD *thd)
 Release any resources associated with the current thd. More...
 
void mysql_audit_init_thd (THD *thd)
 Initialize thd variables used by Audit. More...
 
void mysql_audit_free_thd (THD *thd)
 Free thd variables used by Audit. More...
 
static void init_audit_psi_keys (void)
 
void mysql_audit_initialize ()
 Initialize Audit global variables. More...
 
void mysql_audit_finalize ()
 Finalize Audit global variables. More...
 
int initialize_audit_plugin (st_plugin_int *plugin)
 Initialize an Audit plug-in. More...
 
static bool calc_class_mask (THD *, plugin_ref plugin, void *arg)
 Performs a bitwise OR of the installed plugins event class masks. More...
 
int finalize_audit_plugin (st_plugin_int *plugin)
 Finalize an Audit plug-in. More...
 
static int plugins_dispatch (THD *thd, plugin_ref plugin, void *arg)
 Dispatches an event by invoking the plugin's event_notify method. More...
 
static bool plugins_dispatch_bool (THD *thd, plugin_ref plugin, void *arg)
 
bool is_audit_plugin_class_active (THD *thd, unsigned long event_class)
 There's at least one active audit plugin tracking a specified class. More...
 
bool is_global_audit_mask_set ()
 Checks presence of active audit plugin. More...
 
size_t make_user_name (Security_context *sctx, char *buf)
 

Variables

unsigned long mysql_global_audit_mask [MYSQL_AUDIT_CLASS_MASK_SIZE]
 
static mysql_mutex_t LOCK_audit_mask
 
static PSI_mutex_key key_LOCK_audit_mask
 
static PSI_mutex_info all_audit_mutexes []
 

Function Documentation

◆ acquire_lookup_mask()

static bool acquire_lookup_mask ( THD ,
plugin_ref  plugin,
void *  arg 
)
static

Acquire plugin masks subscribing to the specified event of the specified class, passed by arg parameter.

lookup_mask of the st_mysql_subscribe_event structure is filled, when the plugin is interested in receiving the event.

Parameters
pluginPlugin reference.
[in,out]argOpaque st_mysql_subscribe_event pointer.
Returns
false is always returned.

◆ acquire_plugins()

static bool acquire_plugins ( THD thd,
plugin_ref  plugin,
void *  arg 
)
static

Acquire and lock any additional audit plugins, whose subscription mask overlaps with the lookup_mask.

Parameters
thdCurrent session THD.
pluginPlugin reference.
[in,out]argOpaque st_mysql_subscribe_event pointer.
Returns
This function always returns false.

◆ add_audit_mask() [1/2]

static void add_audit_mask ( unsigned long *  mask,
unsigned long  rhs 
)
inlinestatic

Add mask specified by the rhs parameter to the mask parameter.

Parameters
maskMask, to which rhs mask is to be added.
rhsMask to be added to mask parameter.

◆ add_audit_mask() [2/2]

static void add_audit_mask ( unsigned long *  dst,
const unsigned long *  src 
)
inlinestatic

Add entire audit mask specified by the src to dst.

Parameters
dstDestination mask array pointer.
srcSource mask array pointer.

◆ calc_class_mask()

static bool calc_class_mask ( THD ,
plugin_ref  plugin,
void *  arg 
)
static

Performs a bitwise OR of the installed plugins event class masks.

Parameters
[in]plugin
[in]arg
Return values
falsealways

◆ check_audit_mask() [1/2]

static bool check_audit_mask ( const unsigned long  lhs,
const unsigned long  rhs 
)
inlinestatic

Check, whether masks specified by lhs parameter and rhs parameters overlap.

Parameters
lhsFirst mask to check.
rhsSecond mask to check.
Returns
false, when masks overlap, otherwise true.

◆ check_audit_mask() [2/2]

static bool check_audit_mask ( const unsigned long *  lhs,
const unsigned long *  rhs 
)
inlinestatic

Check, whether mask arrays specified by the lhs parameter and rhs parameter overlap.

Parameters
lhsFirst mask array to check.
rhsSecond mask array to check.
Returns
false, when mask array overlap, otherwise true.

◆ event_class_dispatch()

static int event_class_dispatch ( THD thd,
mysql_event_class_t  event_class,
const void *  event 
)
static

Distributes an audit event to plug-ins.

Parameters
[in]thd
event_class
[in]event

◆ event_class_dispatch_error()

static int event_class_dispatch_error ( THD thd,
mysql_event_class_t  event_class,
const char *  event_name,
const void *  event 
)
static

◆ finalize_audit_plugin()

int finalize_audit_plugin ( st_plugin_int plugin)

Finalize an Audit plug-in.

Parameters
[in]plugin
Return values
falseOK
trueThere was an error.

◆ generate_table_access_event()

bool generate_table_access_event ( TABLE_LIST table)
inline

Check whether the table access event for a specified table will be generated.

Events for Views, table catogories other than 'SYSTEM' or 'USER' and temporary tables are not generated.

Parameters
tableTable that is to be check.
Return values
true- generate event, otherwise not.

◆ init_audit_psi_keys()

static void init_audit_psi_keys ( void  )
static

◆ initialize_audit_plugin()

int initialize_audit_plugin ( st_plugin_int plugin)

Initialize an Audit plug-in.

Parameters
[in]plugin
Return values
falseOK
trueThere was an error.

◆ is_audit_plugin_class_active()

bool is_audit_plugin_class_active ( THD thd,
unsigned long  event_class 
)

There's at least one active audit plugin tracking a specified class.

◆ is_global_audit_mask_set()

bool is_global_audit_mask_set ( )

Checks presence of active audit plugin.

Return values
TRUEAt least one audit plugin is present
FALSENo audit plugin is present

◆ make_user_name()

size_t make_user_name ( Security_context sctx,
char *  buf 
)

◆ mysql_audit_acquire_plugins()

int mysql_audit_acquire_plugins ( THD thd,
mysql_event_class_t  event_class,
unsigned long  event_subclass 
)

Acquire audit plugins.

Ensure that audit plugins interested in given event class are locked by current thread.

Parameters
thdMySQL thread handle.
event_classAudit event class.
event_subclassAudit event subclass.
Returns
Zero, when there is a plugins interested in the event specified by event_class and event_subclass. Otherwise non zero value is returned.

◆ mysql_audit_finalize()

void mysql_audit_finalize ( )

Finalize Audit global variables.

◆ mysql_audit_free_thd()

void mysql_audit_free_thd ( THD thd)

Free thd variables used by Audit.

Parameters
thdCurrent thread

◆ mysql_audit_init_thd()

void mysql_audit_init_thd ( THD thd)

Initialize thd variables used by Audit.

Parameters
[in]thd

◆ mysql_audit_initialize()

void mysql_audit_initialize ( )

Initialize Audit global variables.

◆ mysql_audit_notify() [1/14]

int mysql_audit_notify ( THD thd,
mysql_event_general_subclass_t  subclass,
const char *  subclass_name,
int  error_code,
const char *  msg,
size_t  msg_len 
)

Call audit plugins of GENERAL audit class.

Parameters
[in]thdCurrent thread data.
[in]subclassType of general audit event.
[in]subclass_nameSubclass name.
[in]error_codeError code
[in]msgMessage
[in]msg_lenMessage length.
Returns
Value returned is not taken into consideration by the server.

◆ mysql_audit_notify() [2/14]

int mysql_audit_notify ( THD thd,
mysql_event_connection_subclass_t  subclass,
const char *  subclass_name,
int  errcode 
)

Call audit plugins of CONNECTION audit class.

Parameters
[in]thdCurrent thread context.
[in]subclassType of the connection audit event.
[in]subclass_nameName of the subclass.
[in]errcodeError code.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [3/14]

int mysql_audit_notify ( THD thd,
mysql_event_connection_subclass_t  subclass,
const char *  subclass_name 
)

Call audit plugins of CONNECTION audit class.

Internal connection info is extracted from the thd object.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the connection audit event.
[in]subclass_nameName of the subclass.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [4/14]

int mysql_audit_notify ( THD thd,
mysql_event_parse_subclass_t  subclass,
const char *  subclass_name,
mysql_event_parse_rewrite_plugin_flag flags,
LEX_CSTRING rewritten_query 
)

Call audit plugins of PARSE audit class.

Parameters
[in]thdCurrent thread context.
[in]subclassType of the parse audit event.
[in]subclass_nameName of the subclass.
[out]flagsRewritten query flags.
[out]rewritten_queryRewritten query
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [5/14]

static int mysql_audit_notify ( THD thd,
mysql_event_table_access_subclass_t  subclass,
const char *  subclass_name,
TABLE_LIST table 
)
static

Generate table access event for a specified table.

Table is being verified, whether the event for this table is to be generated.

See also
generate_event
Parameters
thdCurrent thread data.
subclassSubclass value.
subclass_nameSubclass name.
tableTable, for which table access event is to be generated.
Returns
Abort execution on 'true', otherwise continue execution.

◆ mysql_audit_notify() [6/14]

int mysql_audit_notify ( THD thd,
mysql_event_global_variable_subclass_t  subclass,
const char *  subclass_name,
const char *  name,
const char *  value,
const unsigned int  value_length 
)

Call audit plugins of GLOBAL VARIABLE audit class.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the global variable audit event.
[in]subclass_nameName of the subclass.
[in]nameName of the variable.
[in]valueTextual value of the variable.
[in]value_lengthTextual value length.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [7/14]

int mysql_audit_notify ( mysql_event_server_startup_subclass_t  subclass,
const char *  subclass_name,
const char **  argv,
unsigned int  argc 
)

Call audit plugins of SERVER STARTUP audit class.

Parameters
[in]subclassType of the server startup audit event.
[in]subclass_nameName of the subclass.
[in]argvArray of program arguments.
[in]argcProgram arguments array length.
Returns
0 continue server start, otherwise abort.

◆ mysql_audit_notify() [8/14]

int mysql_audit_notify ( THD thd,
mysql_event_server_shutdown_subclass_t  subclass,
mysql_server_shutdown_reason_t  reason,
int  exit_code 
)

Call audit plugins of SERVER SHUTDOWN audit class.

Parameters
[in]thdClient thread info or NULL.
[in]subclassType of the server abort audit event.
[in]reasonReason code of the shutdown.
[in]exit_codeAbort exit code.
Returns
Value returned is not taken into consideration by the server.

◆ mysql_audit_notify() [9/14]

int mysql_audit_notify ( mysql_event_server_shutdown_subclass_t  subclass,
mysql_server_shutdown_reason_t  reason,
int  exit_code 
)

Call audit plugins of SERVER SHUTDOWN audit class.

Parameters
[in]subclassType of the server abort audit event.
[in]reasonReason code of the shutdown.
[in]exit_codeAbort exit code.
Returns
Value returned is not taken into consideration by the server.

◆ mysql_audit_notify() [10/14]

int mysql_audit_notify ( THD thd,
mysql_event_command_subclass_t  subclass,
const char *  subclass_name,
enum_server_command  command,
const char *  command_text 
)

Call audit plugins of COMMAND audit class.

Internal connection info is extracted from the thd object.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the command audit event.
[in]subclass_nameName of the subclass.
[in]commandCommand id value.
[in]command_textCommand string value.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [11/14]

int mysql_audit_notify ( THD thd,
mysql_event_query_subclass_t  subclass,
const char *  subclass_name 
)

Call audit plugins of QUERY audit class.

Internal query info is extracted from the thd object.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the query audit event.
[in]subclass_nameName of the subclass.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [12/14]

int mysql_audit_notify ( THD thd,
mysql_event_stored_program_subclass_t  subclass,
const char *  subclass_name,
const char *  database,
const char *  name,
void *  parameters 
)

Call audit plugins of STORED PROGRAM audit class.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the stored program audit event.
[in]subclass_nameName of the subclass.
[in]databaseStored program database name.
[in]nameName of the stored program.
[in]parametersParameters of the stored program execution.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [13/14]

int mysql_audit_notify ( THD thd,
mysql_event_authentication_subclass_t  subclass,
const char *  subclass_name,
int  status,
const char *  user,
const char *  host,
const char *  authentication_plugin,
bool  is_role,
const char *  new_user,
const char *  new_host 
)

Call audit plugins of AUTHENTICATION audit class.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the authentication audit event.
[in]subclass_nameName of the subclass.
[in]statusStatus of the event.
[in]userName of the user.
[in]hostName of the host.
[in]authentication_pluginCurrent authentication plugin for user.
[in]is_roleWhether given AuthID is a role or not
[in]new_userName of the new user - In case of rename
[in]new_hostName of the new host - In case of rename
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [14/14]

int mysql_audit_notify ( THD thd,
mysql_event_message_subclass_t  subclass,
const char *  subclass_name,
const char *  component,
size_t  component_length,
const char *  producer,
size_t  producer_length,
const char *  message,
size_t  message_length,
mysql_event_message_key_value_t key_value_map,
size_t  key_value_map_length 
)

Call audit plugins of MESSAGE audit class.

Parameters
[in]thdCurrent thread data.
[in]subclassMessage class subclass name.
[in]subclass_nameSubclass name length.
[in]componentComponent name.
[in]component_lengthComponent name length.
[in]producerProducer name.
[in]producer_lengthProducer name length.
[in]messageMessage text.
[in]message_lengthMessage text length.
[in]key_value_mapKey value map pointer.
[in]key_value_map_lengthKey value map length.
Returns
0 continue server flow.

◆ mysql_audit_release()

void mysql_audit_release ( THD thd)

Release any resources associated with the current thd.

Parameters
[in]thd

◆ mysql_audit_table_access_notify()

int mysql_audit_table_access_notify ( THD thd,
TABLE_LIST table 
)

Call audit plugins of TABLE ACCESS audit class events for all tables available in the list.

Event subclass value depends on the thd->lex->sql_command value.

The event is generated for 'USER' and 'SYS' tables only.

Parameters
[in]thdCurrent thread data.
[in]tableConnected list of tables, for which event is generated.
Returns
0 - continue server flow, otherwise abort.

◆ plugins_dispatch()

static int plugins_dispatch ( THD thd,
plugin_ref  plugin,
void *  arg 
)
static

Dispatches an event by invoking the plugin's event_notify method.

Parameters
[in]thd
[in]plugin
[in]arg
Return values
falsealways

◆ plugins_dispatch_bool()

static bool plugins_dispatch_bool ( THD thd,
plugin_ref  plugin,
void *  arg 
)
static

◆ set_table_access_subclass()

static void set_table_access_subclass ( mysql_event_table_access_subclass_t out_subclass,
const char **  out_subclass_name,
mysql_event_table_access_subclass_t  subclass,
const char *  subclass_name 
)
inlinestatic

Function that allows to use AUDIT_EVENT macro for setting subclass and subclass name values.

Parameters
[out]out_subclassSubclass value pointer to be set.
[out]out_subclass_nameSubclass name pointer to be set.
subclassSubclass that sets out_subclass value.
subclass_nameSubclass name that sets out_subclass_name.

◆ thd_get_audit_query()

void thd_get_audit_query ( THD thd,
MYSQL_LEX_CSTRING query,
const CHARSET_INFO **  charset 
)
inline

Fill query and query charset info extracted from the thread object.

Parameters
[in]thdThread data.
[out]querySQL query text.
[out]charsetSQL query charset.

Variable Documentation

◆ all_audit_mutexes

PSI_mutex_info all_audit_mutexes[]
static
Initial value:
= {
{&key_LOCK_audit_mask, "LOCK_audit_mask", PSI_FLAG_SINGLETON, 0,
#define PSI_FLAG_SINGLETON
Singleton flag.
Definition: psi_base.h:54
static PSI_mutex_key key_LOCK_audit_mask
Definition: sql_audit.cc:1166
#define PSI_DOCUMENT_ME
Definition: psi_base.h:46

◆ key_LOCK_audit_mask

PSI_mutex_key key_LOCK_audit_mask
static

◆ LOCK_audit_mask

mysql_mutex_t LOCK_audit_mask
static

◆ mysql_global_audit_mask

unsigned long mysql_global_audit_mask[MYSQL_AUDIT_CLASS_MASK_SIZE]