MySQL 9.0.0
Source Code Documentation
sql_audit.cc File Reference
#include "sql/sql_audit.h"
#include <sys/types.h>
#include "lex_string.h"
#include "m_string.h"
#include "my_compiler.h"
#include "my_dbug.h"
#include "my_inttypes.h"
#include "my_macros.h"
#include "my_psi_config.h"
#include "my_sqlcommand.h"
#include "my_sys.h"
#include "mysql/components/services/bits/mysql_mutex_bits.h"
#include "mysql/components/services/bits/psi_bits.h"
#include "mysql/components/services/bits/psi_mutex_bits.h"
#include "mysql/components/services/log_builtins.h"
#include "mysql/components/services/log_shared.h"
#include "mysql/my_loglevel.h"
#include "mysql/mysql_lex_string.h"
#include "mysql/plugin.h"
#include "mysql/psi/mysql_mutex.h"
#include "mysql/strings/m_ctype.h"
#include "mysqld_error.h"
#include "nulls.h"
#include "prealloced_array.h"
#include "sql/auto_thd.h"
#include "sql/command_mapping.h"
#include "sql/current_thd.h"
#include "sql/error_handler.h"
#include "sql/log.h"
#include "sql/mysqld.h"
#include "sql/sql_class.h"
#include "sql/sql_error.h"
#include "sql/sql_lex.h"
#include "sql/sql_plugin.h"
#include "sql/sql_plugin_ref.h"
#include "sql/sql_rewrite.h"
#include "sql/table.h"
#include "sql_string.h"
#include "strxnmov.h"
#include "thr_mutex.h"

Classes

class  anonymous_namespace{sql_audit.cc}::Event_tracking_error_handler
 Error handler that controls error reporting by plugin. More...
 
class  anonymous_namespace{sql_audit.cc}::Ignore_event_tracking_error_handler
 Ignore all errors notified from within plugin. More...
 
class  anonymous_namespace{sql_audit.cc}::Ignore_command_start_error_handler
 Ignore error for specified commands. More...
 
struct  st_mysql_subscribe_event
 Plugin event subscription structure. More...
 

Namespaces

namespace  anonymous_namespace{sql_audit.cc}
 

Functions

static bool anonymous_namespace{sql_audit.cc}::check_audit_mask (const unsigned long lhs, const unsigned long rhs)
 Check, whether masks specified by lhs parameter and rhs parameters overlap. More...
 
static bool anonymous_namespace{sql_audit.cc}::check_audit_mask (const unsigned long *lhs, const unsigned long *rhs)
 Check, whether mask arrays specified by the lhs parameter and rhs parameter overlap. More...
 
int anonymous_namespace{sql_audit.cc}::event_tracking_dispatch (THD *thd, st_mysql_event_generic *generic_event)
 Distributes an audit event to components. More...
 
int anonymous_namespace{sql_audit.cc}::event_tracking_dispatch_error (THD *thd, const char *event_name, st_mysql_event_generic *generic_event)
 
static void add_audit_mask (unsigned long *mask, unsigned long rhs)
 Add mask specified by the rhs parameter to the mask parameter. More...
 
static void add_audit_mask (unsigned long *dst, const unsigned long *src)
 Add entire audit mask specified by the src to dst. More...
 
const char * thd_get_audit_query (THD *thd, mysql_cstring_with_length *query)
 Fill query info extracted from the thread object and return the thread object charset info. More...
 
static bool acquire_lookup_mask (THD *, plugin_ref plugin, void *arg)
 Acquire plugin masks subscribing to the specified event of the specified class, passed by arg parameter. More...
 
static bool acquire_plugins (THD *thd, plugin_ref plugin, void *arg)
 Acquire and lock any additional audit plugins, whose subscription mask overlaps with the lookup_mask. More...
 
int mysql_audit_acquire_plugins (THD *thd, mysql_event_class_t event_class, unsigned long event_subclass, bool check_audited)
 Acquire audit plugins. More...
 
void mysql_audit_release (THD *thd)
 Release any resources associated with the current thd. More...
 
void mysql_audit_enable_auditing (THD *thd)
 Enable auditing of the specified THD. More...
 
void mysql_audit_init_thd (THD *thd)
 Initialize thd variables used by Audit. More...
 
void mysql_audit_free_thd (THD *thd)
 Free thd variables used by Audit. More...
 
static void init_audit_psi_keys (void)
 
void mysql_audit_initialize ()
 Initialize Audit global variables. More...
 
void mysql_audit_finalize ()
 Finalize Audit global variables. More...
 
int initialize_audit_plugin (st_plugin_int *plugin)
 Initialize an Audit plug-in. More...
 
static bool calc_class_mask (THD *, plugin_ref plugin, void *arg)
 Performs a bitwise OR of the installed plugins event class masks. More...
 
int finalize_audit_plugin (st_plugin_int *plugin)
 Finalize an Audit plug-in. More...
 
bool is_audit_plugin_class_active (THD *thd, unsigned long event_class)
 There's at least one active audit plugin tracking a specified class. More...
 
bool is_global_audit_mask_set ()
 Checks presence of active audit plugin. More...
 
size_t make_user_name (Security_context *sctx, char *buf)
 
void set_cstring_with_length (mysql_cstring_with_length &cstr, const char *str)
 
int mysql_event_tracking_authentication_notify (THD *thd, mysql_event_tracking_authentication_subclass_t subclass, const char *subclass_name, int status, const char *user, const char *host, const char *authentication_plugin, bool is_role, const char *new_user, const char *new_host)
 Notify consumers of AUTHENTICATION event tracking events. More...
 
int mysql_event_tracking_command_notify (THD *thd, mysql_event_tracking_command_subclass_t subclass, const char *subclass_name, enum_server_command command, const char *command_text)
 Notify consumers of COMMAND event tracking events. More...
 
int mysql_event_tracking_connection_notify (THD *thd, mysql_event_tracking_connection_subclass_t subclass, const char *subclass_name, int errcode)
 Notify consumers of CONNECTION event tracking events. More...
 
int mysql_event_tracking_connection_notify (THD *thd, mysql_event_tracking_connection_subclass_t subclass, const char *subclass_name)
 Notify consumers of CONNECTION event tracking events. More...
 
int mysql_event_tracking_general_notify (THD *thd, mysql_event_tracking_general_subclass_t subclass, const char *subclass_name, int error_code, const char *msg, size_t msg_len)
 Notify consumers of GENERAL event tracking events. More...
 
int mysql_event_tracking_global_variable_notify (THD *thd, mysql_event_tracking_global_variable_subclass_t subclass, const char *subclass_name, const char *name, const char *value, const unsigned int value_length)
 Notify consumers of GLOBAL VARIABLE event tracking events. More...
 
int mysql_event_tracking_message_notify (THD *thd, mysql_event_tracking_message_subclass_t subclass, const char *subclass_name, const char *component, size_t component_length, const char *producer, size_t producer_length, const char *message, size_t message_length, mysql_event_tracking_message_key_value_t *key_value_map, size_t key_value_map_length)
 Notify consumers of MESSAGE event tracking events. More...
 
int mysql_event_tracking_parse_notify (THD *thd, mysql_event_tracking_parse_subclass_t subclass, const char *subclass_name, mysql_event_tracking_parse_rewrite_plugin_flag *flags, mysql_cstring_with_length *rewritten_query)
 Notify consumers of PARSE event tracking events. More...
 
int mysql_event_tracking_query_notify (THD *thd, mysql_event_tracking_query_subclass_t subclass, const char *subclass_name)
 Notify consumers of QUERY event tracking events. More...
 
int mysql_event_tracking_shutdown_notify (THD *thd, mysql_event_tracking_shutdown_subclass_t subclass, const char *subclass_name, mysql_event_tracking_shutdown_reason_t reason, int exit_code)
 Call audit plugins of SERVER SHUTDOWN audit class. More...
 
int mysql_event_tracking_shutdown_notify (mysql_event_tracking_shutdown_subclass_t subclass, const char *subclass_name, mysql_event_tracking_shutdown_reason_t reason, int exit_code)
 Notify consumers of LIFECYCLE (Shutdown) event tracking events. More...
 
int mysql_event_tracking_startup_notify (mysql_event_tracking_startup_subclass_t subclass, const char *subclass_name, const char **argv, unsigned int argc)
 Notify consumers of LIFECYCLE (Starup) event tracking events. More...
 
int mysql_event_tracking_stored_program_notify (THD *thd, mysql_event_tracking_stored_program_subclass_t subclass, const char *subclass_name, const char *database, const char *name, void *parameters)
 Notify consumers of STORED PROGRAM event tracking events. More...
 
bool generate_table_access_event (THD *thd, Table_ref *table)
 Check whether the table access event for a specified table will be generated. More...
 
static void set_table_access_subclass (mysql_event_tracking_table_access_subclass_t *out_subclass, const char **out_subclass_name, mysql_event_tracking_table_access_subclass_t subclass, const char *subclass_name)
 Function that allows to use AUDIT_EVENT macro for setting subclass and subclass name values. More...
 
static int mysql_event_tracking_table_access_notify (THD *thd, mysql_event_tracking_table_access_subclass_t subclass, const char *subclass_name, Table_ref *table)
 Generate table access event for a specified table. More...
 
int mysql_event_tracking_table_access_notify (THD *thd, Table_ref *table)
 Notify consumers of TABLE ACCESS event tracking events for all tables available in the list. More...
 

Variables

unsigned long mysql_global_audit_mask [MYSQL_AUDIT_CLASS_MASK_SIZE]
 
static mysql_mutex_t LOCK_audit_mask
 
static PSI_mutex_key key_LOCK_audit_mask
 
static PSI_mutex_info all_audit_mutexes []
 

Function Documentation

◆ acquire_lookup_mask()

static bool acquire_lookup_mask ( THD ,
plugin_ref  plugin,
void *  arg 
)
static

Acquire plugin masks subscribing to the specified event of the specified class, passed by arg parameter.

lookup_mask of the st_mysql_subscribe_event structure is filled, when the plugin is interested in receiving the event.

Parameters
pluginPlugin reference.
[in,out]argOpaque st_mysql_subscribe_event pointer.
Returns
false is always returned.

◆ acquire_plugins()

static bool acquire_plugins ( THD thd,
plugin_ref  plugin,
void *  arg 
)
static

Acquire and lock any additional audit plugins, whose subscription mask overlaps with the lookup_mask.

Parameters
thdCurrent session THD.
pluginPlugin reference.
[in,out]argOpaque st_mysql_subscribe_event pointer.
Returns
This function always returns false.

◆ add_audit_mask() [1/2]

static void add_audit_mask ( unsigned long *  dst,
const unsigned long *  src 
)
inlinestatic

Add entire audit mask specified by the src to dst.

Parameters
dstDestination mask array pointer.
srcSource mask array pointer.

◆ add_audit_mask() [2/2]

static void add_audit_mask ( unsigned long *  mask,
unsigned long  rhs 
)
inlinestatic

Add mask specified by the rhs parameter to the mask parameter.

Parameters
maskMask, to which rhs mask is to be added.
rhsMask to be added to mask parameter.

◆ calc_class_mask()

static bool calc_class_mask ( THD ,
plugin_ref  plugin,
void *  arg 
)
static

Performs a bitwise OR of the installed plugins event class masks.

Parameters
[in]pluginSource of the audit mask.
[in]argDestination, where the audit mask is copied.
Return values
falsealways

◆ finalize_audit_plugin()

int finalize_audit_plugin ( st_plugin_int plugin)

Finalize an Audit plug-in.

Parameters
[in]pluginPlugin data pointer to be deinitialized.
Return values
falseOK
trueThere was an error.

◆ generate_table_access_event()

bool generate_table_access_event ( THD thd,
Table_ref table 
)
inline

Check whether the table access event for a specified table will be generated.

Events for Views, table catogories other than 'SYSTEM' or 'USER' and temporary tables are not generated.

Parameters
thdThread handler
tableTable that is to be check.
Return values
true- generate event, otherwise not.

◆ init_audit_psi_keys()

static void init_audit_psi_keys ( void  )
static

◆ initialize_audit_plugin()

int initialize_audit_plugin ( st_plugin_int plugin)

Initialize an Audit plug-in.

Parameters
[in]pluginPlugin structure pointer to be initialized.
Return values
falseOK
trueThere was an error.

◆ is_audit_plugin_class_active()

bool is_audit_plugin_class_active ( THD thd,
unsigned long  event_class 
)

There's at least one active audit plugin tracking a specified class.

◆ is_global_audit_mask_set()

bool is_global_audit_mask_set ( )

Checks presence of active audit plugin.

Return values
TRUEAt least one audit plugin is present
FALSENo audit plugin is present

◆ make_user_name()

size_t make_user_name ( Security_context sctx,
char *  buf 
)

◆ mysql_audit_acquire_plugins()

int mysql_audit_acquire_plugins ( THD thd,
mysql_event_class_t  event_class,
unsigned long  event_subclass,
bool  check_audited 
)

Acquire audit plugins.

Ensure that audit plugins interested in given event class are locked by current thread.

Parameters
thdMySQL thread handle.
event_classAudit event class.
event_subclassAudit event subclass.
check_auditedTake into account m_auditing_activated flag of the THD.
Returns
Zero, when there is a plugins interested in the event specified by event_class and event_subclass. Otherwise non zero value is returned.

◆ mysql_audit_enable_auditing()

void mysql_audit_enable_auditing ( THD thd)

Enable auditing of the specified THD.

Parameters
[in]thdTHD whose auditing capability is turned on.

◆ mysql_audit_finalize()

void mysql_audit_finalize ( )

Finalize Audit global variables.

◆ mysql_audit_free_thd()

void mysql_audit_free_thd ( THD thd)

Free thd variables used by Audit.

Parameters
thdCurrent thread

◆ mysql_audit_init_thd()

void mysql_audit_init_thd ( THD thd)

Initialize thd variables used by Audit.

Parameters
[in]thdCurrent thread

◆ mysql_audit_initialize()

void mysql_audit_initialize ( )

Initialize Audit global variables.

◆ mysql_audit_release()

void mysql_audit_release ( THD thd)

Release any resources associated with the current thd.

Parameters
[in]thdCurrent thread

◆ mysql_event_tracking_authentication_notify()

int mysql_event_tracking_authentication_notify ( THD thd,
mysql_event_tracking_authentication_subclass_t  subclass,
const char *  subclass_name,
int  status,
const char *  user,
const char *  host,
const char *  authentication_plugin,
bool  is_role,
const char *  new_user,
const char *  new_host 
)

Notify consumers of AUTHENTICATION event tracking events.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the authentication audit event.
[in]subclass_nameName of the subclass.
[in]statusStatus of the event.
[in]userName of the user.
[in]hostName of the host.
[in]authentication_pluginCurrent authentication plugin for user.
[in]is_roleWhether given AuthID is a role or not
[in]new_userName of the new user - In case of rename
[in]new_hostName of the new host - In case of rename
Returns
0 continue server flow, otherwise abort.

◆ mysql_event_tracking_command_notify()

int mysql_event_tracking_command_notify ( THD thd,
mysql_event_tracking_command_subclass_t  subclass,
const char *  subclass_name,
enum_server_command  command,
const char *  command_text 
)

Notify consumers of COMMAND event tracking events.

Internal connection info is extracted from the thd object.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the command audit event.
[in]subclass_nameName of the subclass.
[in]commandCommand id value.
[in]command_textCommand string value.
Returns
0 continue server flow, otherwise abort.

◆ mysql_event_tracking_connection_notify() [1/2]

int mysql_event_tracking_connection_notify ( THD thd,
mysql_event_tracking_connection_subclass_t  subclass,
const char *  subclass_name 
)

Notify consumers of CONNECTION event tracking events.

Internal connection info is extracted from the thd object.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the connection audit event.
[in]subclass_nameName of the subclass.
Returns
0 continue server flow, otherwise abort.

◆ mysql_event_tracking_connection_notify() [2/2]

int mysql_event_tracking_connection_notify ( THD thd,
mysql_event_tracking_connection_subclass_t  subclass,
const char *  subclass_name,
int  errcode 
)

Notify consumers of CONNECTION event tracking events.

Parameters
[in]thdCurrent thread context.
[in]subclassType of the connection audit event.
[in]subclass_nameName of the subclass.
[in]errcodeError code.
Returns
0 continue server flow, otherwise abort.

◆ mysql_event_tracking_general_notify()

int mysql_event_tracking_general_notify ( THD thd,
mysql_event_tracking_general_subclass_t  subclass,
const char *  subclass_name,
int  error_code,
const char *  msg,
size_t  msg_len 
)

Notify consumers of GENERAL event tracking events.

Parameters
[in]thdCurrent thread data.
[in]subclassType of general audit event.
[in]subclass_nameSubclass name.
[in]error_codeError code
[in]msgMessage
[in]msg_lenMessage length.
Returns
Value returned is not taken into consideration by the server.

◆ mysql_event_tracking_global_variable_notify()

int mysql_event_tracking_global_variable_notify ( THD thd,
mysql_event_tracking_global_variable_subclass_t  subclass,
const char *  subclass_name,
const char *  name,
const char *  value,
const unsigned int  value_length 
)

Notify consumers of GLOBAL VARIABLE event tracking events.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the global variable audit event.
[in]subclass_nameName of the subclass.
[in]nameName of the variable.
[in]valueTextual value of the variable.
[in]value_lengthTextual value length.
Returns
0 continue server flow, otherwise abort.

◆ mysql_event_tracking_message_notify()

int mysql_event_tracking_message_notify ( THD thd,
mysql_event_tracking_message_subclass_t  subclass,
const char *  subclass_name,
const char *  component,
size_t  component_length,
const char *  producer,
size_t  producer_length,
const char *  message,
size_t  message_length,
mysql_event_tracking_message_key_value_t key_value_map,
size_t  key_value_map_length 
)

Notify consumers of MESSAGE event tracking events.

Parameters
[in]thdCurrent thread data.
[in]subclassMessage class subclass name.
[in]subclass_nameSubclass name length.
[in]componentComponent name.
[in]component_lengthComponent name length.
[in]producerProducer name.
[in]producer_lengthProducer name length.
[in]messageMessage text.
[in]message_lengthMessage text length.
[in]key_value_mapKey value map pointer.
[in]key_value_map_lengthKey value map length.
Returns
0 continue server flow.

◆ mysql_event_tracking_parse_notify()

int mysql_event_tracking_parse_notify ( THD thd,
mysql_event_tracking_parse_subclass_t  subclass,
const char *  subclass_name,
mysql_event_tracking_parse_rewrite_plugin_flag flags,
mysql_cstring_with_length rewritten_query 
)

Notify consumers of PARSE event tracking events.

Parameters
[in]thdCurrent thread context.
[in]subclassType of the parse audit event.
[in]subclass_nameName of the subclass.
[out]flagsRewritten query flags.
[out]rewritten_queryRewritten query
Returns
0 continue server flow, otherwise abort.

◆ mysql_event_tracking_query_notify()

int mysql_event_tracking_query_notify ( THD thd,
mysql_event_tracking_query_subclass_t  subclass,
const char *  subclass_name 
)

Notify consumers of QUERY event tracking events.

Internal query info is extracted from the thd object.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the query audit event.
[in]subclass_nameName of the subclass.
Returns
0 continue server flow, otherwise abort.

◆ mysql_event_tracking_shutdown_notify() [1/2]

int mysql_event_tracking_shutdown_notify ( mysql_event_tracking_shutdown_subclass_t  subclass,
const char *  subclass_name,
mysql_event_tracking_shutdown_reason_t  reason,
int  exit_code 
)

Notify consumers of LIFECYCLE (Shutdown) event tracking events.

Parameters
[in]subclassType of the server abort audit event.
[in]subclass_nameName of the subclass
[in]reasonReason code of the shutdown.
[in]exit_codeAbort exit code.
Returns
Value returned is not taken into consideration by the server.

◆ mysql_event_tracking_shutdown_notify() [2/2]

int mysql_event_tracking_shutdown_notify ( THD thd,
mysql_event_tracking_shutdown_subclass_t  subclass,
const char *  subclass_name,
mysql_event_tracking_shutdown_reason_t  reason,
int  exit_code 
)

Call audit plugins of SERVER SHUTDOWN audit class.

Parameters
[in]thdClient thread info or NULL.
[in]subclassType of the server abort audit event.
[in]subclass_nameName of the subclass
[in]reasonReason code of the shutdown.
[in]exit_codeAbort exit code.
Returns
Value returned is not taken into consideration by the server.

◆ mysql_event_tracking_startup_notify()

int mysql_event_tracking_startup_notify ( mysql_event_tracking_startup_subclass_t  subclass,
const char *  subclass_name,
const char **  argv,
unsigned int  argc 
)

Notify consumers of LIFECYCLE (Starup) event tracking events.

Parameters
[in]subclassType of the server startup audit event.
[in]subclass_nameName of the subclass.
[in]argvArray of program arguments.
[in]argcProgram arguments array length.
Returns
0 continue server start, otherwise abort.

◆ mysql_event_tracking_stored_program_notify()

int mysql_event_tracking_stored_program_notify ( THD thd,
mysql_event_tracking_stored_program_subclass_t  subclass,
const char *  subclass_name,
const char *  database,
const char *  name,
void *  parameters 
)

Notify consumers of STORED PROGRAM event tracking events.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the stored program audit event.
[in]subclass_nameName of the subclass.
[in]databaseStored program database name.
[in]nameName of the stored program.
[in]parametersParameters of the stored program execution.
Returns
0 continue server flow, otherwise abort.

◆ mysql_event_tracking_table_access_notify() [1/2]

static int mysql_event_tracking_table_access_notify ( THD thd,
mysql_event_tracking_table_access_subclass_t  subclass,
const char *  subclass_name,
Table_ref table 
)
static

Generate table access event for a specified table.

Table is being verified, whether the event for this table is to be generated.

See also
generate_event
Parameters
thdCurrent thread data.
subclassSubclass value.
subclass_nameSubclass name.
tableTable, for which table access event is to be generated.
Returns
Abort execution on 'true', otherwise continue execution.

◆ mysql_event_tracking_table_access_notify() [2/2]

int mysql_event_tracking_table_access_notify ( THD thd,
Table_ref table 
)

Notify consumers of TABLE ACCESS event tracking events for all tables available in the list.

Event subclass value depends on the thd->lex->sql_command value.

The event is generated for 'USER' and 'SYS' tables only.

Parameters
[in]thdCurrent thread data.
[in]tableConnected list of tables, for which event is generated.
Returns
0 - continue server flow, otherwise abort.

◆ set_cstring_with_length()

void set_cstring_with_length ( mysql_cstring_with_length cstr,
const char *  str 
)
inline

◆ set_table_access_subclass()

static void set_table_access_subclass ( mysql_event_tracking_table_access_subclass_t out_subclass,
const char **  out_subclass_name,
mysql_event_tracking_table_access_subclass_t  subclass,
const char *  subclass_name 
)
inlinestatic

Function that allows to use AUDIT_EVENT macro for setting subclass and subclass name values.

Parameters
[out]out_subclassSubclass value pointer to be set.
[out]out_subclass_nameSubclass name pointer to be set.
subclassSubclass that sets out_subclass value.
subclass_nameSubclass name that sets out_subclass_name.

◆ thd_get_audit_query()

const char * thd_get_audit_query ( THD thd,
mysql_cstring_with_length query 
)
inline

Fill query info extracted from the thread object and return the thread object charset info.

Parameters
[in]thdThread data.
[out]querySQL query text.
Returns
SQL query charset.

Variable Documentation

◆ all_audit_mutexes

PSI_mutex_info all_audit_mutexes[]
static
Initial value:
= {
{&key_LOCK_audit_mask, "LOCK_audit_mask", PSI_FLAG_SINGLETON, 0,
#define PSI_DOCUMENT_ME
Definition: component_common.h:29
#define PSI_FLAG_SINGLETON
Singleton flag.
Definition: component_common.h:35
static PSI_mutex_key key_LOCK_audit_mask
Definition: sql_audit.cc:665

◆ key_LOCK_audit_mask

PSI_mutex_key key_LOCK_audit_mask
static

◆ LOCK_audit_mask

mysql_mutex_t LOCK_audit_mask
static

◆ mysql_global_audit_mask

unsigned long mysql_global_audit_mask[MYSQL_AUDIT_CLASS_MASK_SIZE]