MySQL  8.0.27
Source Code Documentation
sql_audit.h File Reference
#include <string.h>
#include "lex_string.h"
#include "m_string.h"
#include "my_command.h"
#include "mysql/plugin_audit.h"

Go to the source code of this file.

Macros

#define AUDIT_EVENT(x)   x, #x
 Audit API event to string expanding macro. More...
 

Functions

bool is_audit_plugin_class_active (THD *thd, unsigned long event_class)
 
bool is_global_audit_mask_set ()
 Checks presence of active audit plugin. More...
 
size_t make_user_name (Security_context *sctx, char *buf)
 
int initialize_audit_plugin (st_plugin_int *plugin)
 Initialize an Audit plug-in. More...
 
int finalize_audit_plugin (st_plugin_int *plugin)
 Finalize an Audit plug-in. More...
 
void mysql_audit_initialize ()
 Initialize Audit global variables. More...
 
void mysql_audit_finalize ()
 Finalize Audit global variables. More...
 
void mysql_audit_init_thd (THD *thd)
 Initialize thd variables used by Audit. More...
 
void mysql_audit_free_thd (THD *thd)
 Free thd variables used by Audit. More...
 
int mysql_audit_acquire_plugins (THD *thd, mysql_event_class_t event_class, unsigned long event_subclass, bool check_audited=true)
 Acquire audit plugins. More...
 
void mysql_audit_release (THD *thd)
 Release any resources associated with the current thd. More...
 
void mysql_audit_enable_auditing (THD *thd)
 Enable auditing of the specified THD. More...
 
int mysql_audit_notify (THD *thd, mysql_event_general_subclass_t subclass, const char *subclass_name, int error_code, const char *msg, size_t msg_len)
 Call audit plugins of GENERAL audit class. More...
 
static int mysql_audit_general_log (THD *thd, const char *cmd, size_t cmdlen)
 Call audit plugins of GENERAL LOG audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_connection_subclass_t subclass, const char *subclass_name, int errcode)
 Call audit plugins of CONNECTION audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_parse_subclass_t subclass, const char *subclass_name, mysql_event_parse_rewrite_plugin_flag *flags, LEX_CSTRING *rewritten_query)
 Call audit plugins of PARSE audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_authorization_subclass_t subclass, const char *subclass_name, const char *database, unsigned int database_length, const char *name, unsigned int name_length)
 Call audit plugins of AUTHORIZATION audit class. More...
 
int mysql_audit_table_access_notify (THD *thd, TABLE_LIST *table)
 Call audit plugins of TABLE ACCESS audit class events for all tables available in the list. More...
 
int mysql_audit_notify (THD *thd, mysql_event_global_variable_subclass_t subclass, const char *subclass_name, const char *name, const char *value, const unsigned int value_length)
 Call audit plugins of GLOBAL VARIABLE audit class. More...
 
int mysql_audit_notify (mysql_event_server_startup_subclass_t subclass, const char *subclass_name, const char **argv, unsigned int argc)
 Call audit plugins of SERVER STARTUP audit class. More...
 
int mysql_audit_notify (mysql_event_server_shutdown_subclass_t subclass, mysql_server_shutdown_reason_t reason, int exit_code)
 Call audit plugins of SERVER SHUTDOWN audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_connection_subclass_t subclass, const char *subclass_name)
 Call audit plugins of CONNECTION audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_command_subclass_t subclass, const char *subclass_name, enum_server_command command, const char *command_text)
 Call audit plugins of COMMAND audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_query_subclass_t subclass, const char *subclass_name)
 Call audit plugins of QUERY audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_stored_program_subclass_t subclass, const char *subclass_name, const char *database, const char *name, void *parameters)
 Call audit plugins of STORED PROGRAM audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_authentication_subclass_t subclass, const char *subclass_name, int status, const char *user, const char *host, const char *authentication_plugin, bool is_role, const char *new_user, const char *new_host)
 Call audit plugins of AUTHENTICATION audit class. More...
 
int mysql_audit_notify (THD *thd, mysql_event_message_subclass_t subclass, const char *subclass_name, const char *component, size_t component_length, const char *producer, size_t producer_length, const char *message, size_t message_length, mysql_event_message_key_value_t *key_value_map, size_t key_value_map_length)
 Call audit plugins of MESSAGE audit class. More...
 

Variables

static const size_t MAX_USER_HOST_SIZE = 512
 

Macro Definition Documentation

◆ AUDIT_EVENT

#define AUDIT_EVENT (   x)    x, #x

Audit API event to string expanding macro.

Function Documentation

◆ finalize_audit_plugin()

int finalize_audit_plugin ( st_plugin_int plugin)

Finalize an Audit plug-in.

Parameters
[in]pluginPlugin data pointer to be deinitialized.
Return values
falseOK
trueThere was an error.

◆ initialize_audit_plugin()

int initialize_audit_plugin ( st_plugin_int plugin)

Initialize an Audit plug-in.

Parameters
[in]pluginPlugin structure pointer to be initialized.
Return values
falseOK
trueThere was an error.

◆ is_audit_plugin_class_active()

bool is_audit_plugin_class_active ( THD thd,
unsigned long  event_class 
)

◆ is_global_audit_mask_set()

bool is_global_audit_mask_set ( )

Checks presence of active audit plugin.

Return values
TRUEAt least one audit plugin is present
FALSENo audit plugin is present

◆ make_user_name()

size_t make_user_name ( Security_context sctx,
char *  buf 
)

◆ mysql_audit_acquire_plugins()

int mysql_audit_acquire_plugins ( THD thd,
mysql_event_class_t  event_class,
unsigned long  event_subclass,
bool  check_audited 
)

Acquire audit plugins.

Ensure that audit plugins interested in given event class are locked by current thread.

Parameters
thdMySQL thread handle.
event_classAudit event class.
event_subclassAudit event subclass.
check_auditedTake into account m_auditing_activated flag of the THD.
Returns
Zero, when there is a plugins interested in the event specified by event_class and event_subclass. Otherwise non zero value is returned.

◆ mysql_audit_enable_auditing()

void mysql_audit_enable_auditing ( THD thd)

Enable auditing of the specified THD.

Parameters
[in]thdTHD whose auditing capability is turned on.

◆ mysql_audit_finalize()

void mysql_audit_finalize ( )

Finalize Audit global variables.

◆ mysql_audit_free_thd()

void mysql_audit_free_thd ( THD thd)

Free thd variables used by Audit.

Parameters
thdCurrent thread

◆ mysql_audit_general_log()

static int mysql_audit_general_log ( THD thd,
const char *  cmd,
size_t  cmdlen 
)
inlinestatic

Call audit plugins of GENERAL LOG audit class.

Parameters
[in]thdCurrent thread data.
[in]cmdCommand text.
[in]cmdlenCommand text length.
Returns
Value returned is not taken into consideration by the server.

◆ mysql_audit_init_thd()

void mysql_audit_init_thd ( THD thd)

Initialize thd variables used by Audit.

Parameters
[in]thdCurrent thread

◆ mysql_audit_initialize()

void mysql_audit_initialize ( )

Initialize Audit global variables.

◆ mysql_audit_notify() [1/13]

int mysql_audit_notify ( mysql_event_server_shutdown_subclass_t  subclass,
mysql_server_shutdown_reason_t  reason,
int  exit_code 
)

Call audit plugins of SERVER SHUTDOWN audit class.

Parameters
[in]subclassType of the server abort audit event.
[in]reasonReason code of the shutdown.
[in]exit_codeAbort exit code.
Returns
Value returned is not taken into consideration by the server.

◆ mysql_audit_notify() [2/13]

int mysql_audit_notify ( mysql_event_server_startup_subclass_t  subclass,
const char *  subclass_name,
const char **  argv,
unsigned int  argc 
)

Call audit plugins of SERVER STARTUP audit class.

Parameters
[in]subclassType of the server startup audit event.
[in]subclass_nameName of the subclass.
[in]argvArray of program arguments.
[in]argcProgram arguments array length.
Returns
0 continue server start, otherwise abort.

◆ mysql_audit_notify() [3/13]

int mysql_audit_notify ( THD thd,
mysql_event_authentication_subclass_t  subclass,
const char *  subclass_name,
int  status,
const char *  user,
const char *  host,
const char *  authentication_plugin,
bool  is_role,
const char *  new_user,
const char *  new_host 
)

Call audit plugins of AUTHENTICATION audit class.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the authentication audit event.
[in]subclass_nameName of the subclass.
[in]statusStatus of the event.
[in]userName of the user.
[in]hostName of the host.
[in]authentication_pluginCurrent authentication plugin for user.
[in]is_roleWhether given AuthID is a role or not
[in]new_userName of the new user - In case of rename
[in]new_hostName of the new host - In case of rename
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [4/13]

int mysql_audit_notify ( THD thd,
mysql_event_authorization_subclass_t  subclass,
const char *  subclass_name,
const char *  database,
unsigned int  database_length,
const char *  name,
unsigned int  name_length 
)

Call audit plugins of AUTHORIZATION audit class.

Parameters
[in]thdThread data.
[in]subclassType of the connection audit event.
[in]subclass_nameName of the subclass.
[in]databaseobject database
[in]database_lengthobject database length
[in]nameobject name
[in]name_lengthobject name length
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [5/13]

int mysql_audit_notify ( THD thd,
mysql_event_command_subclass_t  subclass,
const char *  subclass_name,
enum_server_command  command,
const char *  command_text 
)

Call audit plugins of COMMAND audit class.

Internal connection info is extracted from the thd object.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the command audit event.
[in]subclass_nameName of the subclass.
[in]commandCommand id value.
[in]command_textCommand string value.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [6/13]

int mysql_audit_notify ( THD thd,
mysql_event_connection_subclass_t  subclass,
const char *  subclass_name 
)

Call audit plugins of CONNECTION audit class.

Internal connection info is extracted from the thd object.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the connection audit event.
[in]subclass_nameName of the subclass.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [7/13]

int mysql_audit_notify ( THD thd,
mysql_event_connection_subclass_t  subclass,
const char *  subclass_name,
int  errcode 
)

Call audit plugins of CONNECTION audit class.

Parameters
[in]thdCurrent thread context.
[in]subclassType of the connection audit event.
[in]subclass_nameName of the subclass.
[in]errcodeError code.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [8/13]

int mysql_audit_notify ( THD thd,
mysql_event_general_subclass_t  subclass,
const char *  subclass_name,
int  error_code,
const char *  msg,
size_t  msg_len 
)

Call audit plugins of GENERAL audit class.

Parameters
[in]thdCurrent thread data.
[in]subclassType of general audit event.
[in]subclass_nameSubclass name.
[in]error_codeError code
[in]msgMessage
[in]msg_lenMessage length.
Returns
Value returned is not taken into consideration by the server.

◆ mysql_audit_notify() [9/13]

int mysql_audit_notify ( THD thd,
mysql_event_global_variable_subclass_t  subclass,
const char *  subclass_name,
const char *  name,
const char *  value,
const unsigned int  value_length 
)

Call audit plugins of GLOBAL VARIABLE audit class.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the global variable audit event.
[in]subclass_nameName of the subclass.
[in]nameName of the variable.
[in]valueTextual value of the variable.
[in]value_lengthTextual value length.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [10/13]

int mysql_audit_notify ( THD thd,
mysql_event_message_subclass_t  subclass,
const char *  subclass_name,
const char *  component,
size_t  component_length,
const char *  producer,
size_t  producer_length,
const char *  message,
size_t  message_length,
mysql_event_message_key_value_t key_value_map,
size_t  key_value_map_length 
)

Call audit plugins of MESSAGE audit class.

Parameters
[in]thdCurrent thread data.
[in]subclassMessage class subclass name.
[in]subclass_nameSubclass name length.
[in]componentComponent name.
[in]component_lengthComponent name length.
[in]producerProducer name.
[in]producer_lengthProducer name length.
[in]messageMessage text.
[in]message_lengthMessage text length.
[in]key_value_mapKey value map pointer.
[in]key_value_map_lengthKey value map length.
Returns
0 continue server flow.

◆ mysql_audit_notify() [11/13]

int mysql_audit_notify ( THD thd,
mysql_event_parse_subclass_t  subclass,
const char *  subclass_name,
mysql_event_parse_rewrite_plugin_flag flags,
LEX_CSTRING rewritten_query 
)

Call audit plugins of PARSE audit class.

Parameters
[in]thdCurrent thread context.
[in]subclassType of the parse audit event.
[in]subclass_nameName of the subclass.
[out]flagsRewritten query flags.
[out]rewritten_queryRewritten query
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [12/13]

int mysql_audit_notify ( THD thd,
mysql_event_query_subclass_t  subclass,
const char *  subclass_name 
)

Call audit plugins of QUERY audit class.

Internal query info is extracted from the thd object.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the query audit event.
[in]subclass_nameName of the subclass.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_notify() [13/13]

int mysql_audit_notify ( THD thd,
mysql_event_stored_program_subclass_t  subclass,
const char *  subclass_name,
const char *  database,
const char *  name,
void *  parameters 
)

Call audit plugins of STORED PROGRAM audit class.

Parameters
[in]thdCurrent thread data.
[in]subclassType of the stored program audit event.
[in]subclass_nameName of the subclass.
[in]databaseStored program database name.
[in]nameName of the stored program.
[in]parametersParameters of the stored program execution.
Returns
0 continue server flow, otherwise abort.

◆ mysql_audit_release()

void mysql_audit_release ( THD thd)

Release any resources associated with the current thd.

Parameters
[in]thdCurrent thread

◆ mysql_audit_table_access_notify()

int mysql_audit_table_access_notify ( THD thd,
TABLE_LIST table 
)

Call audit plugins of TABLE ACCESS audit class events for all tables available in the list.

Event subclass value depends on the thd->lex->sql_command value.

The event is generated for 'USER' and 'SYS' tables only.

Parameters
[in]thdCurrent thread data.
[in]tableConnected list of tables, for which event is generated.
Returns
0 - continue server flow, otherwise abort.

Variable Documentation

◆ MAX_USER_HOST_SIZE

const size_t MAX_USER_HOST_SIZE = 512
static