MySQL  8.0.27
Source Code Documentation
sql_audit.h
Go to the documentation of this file.
1 #ifndef SQL_AUDIT_INCLUDED
2 #define SQL_AUDIT_INCLUDED
3 
4 /* Copyright (c) 2007, 2021, Oracle and/or its affiliates.
5 
6  This program is free software; you can redistribute it and/or modify
7  it under the terms of the GNU General Public License, version 2.0,
8  as published by the Free Software Foundation.
9 
10  This program is also distributed with certain software (including
11  but not limited to OpenSSL) that is licensed under separate terms,
12  as designated in a particular file or component or in included license
13  documentation. The authors of MySQL hereby grant you an additional
14  permission to link the program and your derivative works with the
15  separately licensed software that they have included with MySQL.
16 
17  This program is distributed in the hope that it will be useful,
18  but WITHOUT ANY WARRANTY; without even the implied warranty of
19  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20  GNU General Public License, version 2.0, for more details.
21 
22  You should have received a copy of the GNU General Public License
23  along with this program; if not, write to the Free Software
24  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
25 
26 #include <string.h>
27 
28 #include "lex_string.h"
29 #include "m_string.h"
30 #include "my_command.h"
31 #include "mysql/plugin_audit.h"
32 
33 class THD;
34 class Security_context;
35 struct TABLE_LIST;
36 
37 static const size_t MAX_USER_HOST_SIZE = 512;
38 
39 /**
40  Audit API event to string expanding macro.
41 */
42 #define AUDIT_EVENT(x) x, #x
43 
44 bool is_audit_plugin_class_active(THD *thd, unsigned long event_class);
46 
47 size_t make_user_name(Security_context *sctx, char *buf);
48 
49 struct st_plugin_int;
50 
53 
56 
57 void mysql_audit_init_thd(THD *thd);
58 void mysql_audit_free_thd(THD *thd);
60  unsigned long event_subclass,
61  bool check_audited = true);
62 void mysql_audit_release(THD *thd);
63 
64 /**
65  Enable auditing of the specified THD.
66 
67  @param[in] thd THD whose auditing capability is turned on.
68 */
70 
71 /**
72  Call audit plugins of GENERAL audit class.
73 
74  @param[in] thd Current thread data.
75  @param[in] subclass Type of general audit event.
76  @param[in] subclass_name Subclass name.
77  @param[in] error_code Error code
78  @param[in] msg Message
79  @param[in] msg_len Message length.
80 
81  @return Value returned is not taken into consideration by the server.
82 */
84  const char *subclass_name, int error_code,
85  const char *msg, size_t msg_len);
86 /**
87  Call audit plugins of GENERAL LOG audit class.
88 
89  @param[in] thd Current thread data.
90  @param[in] cmd Command text.
91  @param[in] cmdlen Command text length.
92 
93  @return Value returned is not taken into consideration by the server.
94 */
95 inline static int mysql_audit_general_log(THD *thd, const char *cmd,
96  size_t cmdlen) {
98  cmdlen);
99 }
100 
101 /**
102  Call audit plugins of CONNECTION audit class.
103 
104  @param[in] thd Current thread context.
105  @param[in] subclass Type of the connection audit event.
106  @param[in] subclass_name Name of the subclass.
107  @param[in] errcode Error code.
108 
109  @return 0 continue server flow, otherwise abort.
110 */
112  const char *subclass_name, int errcode);
113 
114 /**
115  Call audit plugins of PARSE audit class.
116 
117  @param[in] thd Current thread context.
118  @param[in] subclass Type of the parse audit event.
119  @param[in] subclass_name Name of the subclass.
120  @param[out] flags Rewritten query flags.
121  @param[out] rewritten_query Rewritten query
122 
123  @return 0 continue server flow, otherwise abort.
124 */
126  const char *subclass_name,
128  LEX_CSTRING *rewritten_query);
129 
130 /**
131  Call audit plugins of AUTHORIZATION audit class.
132 
133  @param[in] thd Thread data.
134  @param[in] subclass Type of the connection audit event.
135  @param[in] subclass_name Name of the subclass.
136  @param[in] database object database
137  @param[in] database_length object database length
138  @param[in] name object name
139  @param[in] name_length object name length
140 
141  @return 0 continue server flow, otherwise abort.
142 */
144  const char *subclass_name, const char *database,
145  unsigned int database_length, const char *name,
146  unsigned int name_length);
147 /**
148  Call audit plugins of TABLE ACCESS audit class events for all tables
149  available in the list.
150 
151  Event subclass value depends on the thd->lex->sql_command value.
152 
153  The event is generated for 'USER' and 'SYS' tables only.
154 
155  @param[in] thd Current thread data.
156  @param[in] table Connected list of tables, for which event is generated.
157 
158  @return 0 - continue server flow, otherwise abort.
159 */
161 
162 /**
163  Call audit plugins of GLOBAL VARIABLE audit class.
164 
165  @param[in] thd Current thread data.
166  @param[in] subclass Type of the global variable audit event.
167  @param[in] subclass_name Name of the subclass.
168  @param[in] name Name of the variable.
169  @param[in] value Textual value of the variable.
170  @param[in] value_length Textual value length.
171 
172  @return 0 continue server flow, otherwise abort.
173 */
174 int mysql_audit_notify(THD *thd,
176  const char *subclass_name, const char *name,
177  const char *value, const unsigned int value_length);
178 /**
179  Call audit plugins of SERVER STARTUP audit class.
180 
181  @param[in] subclass Type of the server startup audit event.
182  @param[in] subclass_name Name of the subclass.
183  @param[in] argv Array of program arguments.
184  @param[in] argc Program arguments array length.
185 
186  @return 0 continue server start, otherwise abort.
187 */
189  const char *subclass_name, const char **argv,
190  unsigned int argc);
191 
192 /**
193  Call audit plugins of SERVER SHUTDOWN audit class.
194 
195  @param[in] subclass Type of the server abort audit event.
196  @param[in] reason Reason code of the shutdown.
197  @param[in] exit_code Abort exit code.
198 
199  @return Value returned is not taken into consideration by the server.
200 */
202  mysql_server_shutdown_reason_t reason, int exit_code);
203 
204 #if 0 /* Function commented out. No Audit API calls yet. */
205 /**
206  Call audit plugins of AUTHORIZATION audit class.
207 
208  @param[in] thd Current thread data.
209  @param[in] subclass Type of the authorization audit event.
210  @param[in] subclass_name Name of the subclass.
211  @param[in] database Database name.
212  @param[in] table Table name.
213  @param[in] object Object name associated with the authorization event.
214 
215  @return 0 continue server flow, otherwise abort.
216 */
217 
218 int mysql_audit_notify(THD *thd,
220  const char *subclass_name,
221  const char *database,
222  const char *table,
223  const char *object);
224 #endif
225 
226 /**
227  Call audit plugins of CONNECTION audit class.
228 
229  Internal connection info is extracted from the thd object.
230 
231  @param[in] thd Current thread data.
232  @param[in] subclass Type of the connection audit event.
233  @param[in] subclass_name Name of the subclass.
234 
235  @return 0 continue server flow, otherwise abort.
236 */
238  const char *subclass_name);
239 
240 /**
241  Call audit plugins of COMMAND audit class.
242 
243  Internal connection info is extracted from the thd object.
244 
245  @param[in] thd Current thread data.
246  @param[in] subclass Type of the command audit event.
247  @param[in] subclass_name Name of the subclass.
248  @param[in] command Command id value.
249  @param[in] command_text Command string value.
250 
251  @return 0 continue server flow, otherwise abort.
252 */
254  const char *subclass_name, enum_server_command command,
255  const char *command_text);
256 /**
257  Call audit plugins of QUERY audit class.
258 
259  Internal query info is extracted from the thd object.
260 
261  @param[in] thd Current thread data.
262  @param[in] subclass Type of the query audit event.
263  @param[in] subclass_name Name of the subclass.
264 
265  @return 0 continue server flow, otherwise abort.
266 */
268  const char *subclass_name);
269 
270 /**
271  Call audit plugins of STORED PROGRAM audit class.
272 
273  @param[in] thd Current thread data.
274  @param[in] subclass Type of the stored program audit event.
275  @param[in] subclass_name Name of the subclass.
276  @param[in] database Stored program database name.
277  @param[in] name Name of the stored program.
278  @param[in] parameters Parameters of the stored program execution.
279 
280  @return 0 continue server flow, otherwise abort.
281 */
283  const char *subclass_name, const char *database,
284  const char *name, void *parameters);
285 
286 /**
287  Call audit plugins of AUTHENTICATION audit class
288 
289  @param[in] thd Current thread data.
290  @param[in] subclass Type of the authentication audit event.
291  @param[in] subclass_name Name of the subclass.
292  @param[in] status Status of the event.
293  @param[in] user Name of the user.
294  @param[in] host Name of the host.
295  @param[in] authentication_plugin Current authentication plugin for user.
296  @param[in] is_role Whether given AuthID is a role or not
297  @param[in] new_user Name of the new user - In case of rename
298  @param[in] new_host Name of the new host - In case of rename
299 
300  @return 0 continue server flow, otherwise abort.
301 */
303  const char *subclass_name, int status, const char *user,
304  const char *host, const char *authentication_plugin,
305  bool is_role, const char *new_user,
306  const char *new_host);
307 
308 /**
309  Call audit plugins of MESSAGE audit class.
310 
311  @param[in] thd Current thread data.
312  @param[in] subclass Message class subclass name.
313  @param[in] subclass_name Subclass name length.
314  @param[in] component Component name.
315  @param[in] component_length Component name length.
316  @param[in] producer Producer name.
317  @param[in] producer_length Producer name length.
318  @param[in] message Message text.
319  @param[in] message_length Message text length.
320  @param[in] key_value_map Key value map pointer.
321  @param[in] key_value_map_length Key value map length.
322 
323  @return 0 continue server flow.
324 */
326  const char *subclass_name, const char *component,
327  size_t component_length, const char *producer,
328  size_t producer_length, const char *message,
329  size_t message_length,
330  mysql_event_message_key_value_t *key_value_map,
331  size_t key_value_map_length);
332 
333 #endif /* SQL_AUDIT_INCLUDED */
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:53
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:821
char * argv[]
Definition: do_ctype.cc:45
get_options & argc
Definition: do_ctype.cc:51
static int flags[50]
Definition: hp_test1.cc:39
enum_server_command
A list of all MySQL protocol commands.
Definition: my_command.h:47
char * user
Definition: mysqladmin.cc:59
const char * host
Definition: mysqladmin.cc:58
Definition: buf0block_hint.cc:29
const string value("\"Value\"")
mysql_event_global_variable_subclass_t
Events for MYSQL_AUDIT_GLOBAL_VARIABLE_CLASS event class.
Definition: plugin_audit.h:329
mysql_event_server_startup_subclass_t
Events for MYSQL_AUDIT_SERVER_STARTUP_CLASS event class.
Definition: plugin_audit.h:358
mysql_event_general_subclass_t
Events for the MYSQL_AUDIT_GENERAL_CLASS event class.
Definition: plugin_audit.h:111
@ MYSQL_AUDIT_GENERAL_LOG
occurs before emitting to the general query log.
Definition: plugin_audit.h:113
mysql_event_command_subclass_t
Events for MYSQL_AUDIT_COMMAND_CLASS event class.
Definition: plugin_audit.h:422
mysql_event_authentication_subclass_t
Events for MYSQL_AUDIT_AUTHENTICATION_CLASS event class.
Definition: plugin_audit.h:538
mysql_event_authorization_subclass_t
Events for MYSQL_AUDIT_AUTHORIZATION_CLASS event class.
Definition: plugin_audit.h:233
mysql_event_query_subclass_t
Events for MYSQL_AUDIT_QUERY_CLASS event class.
Definition: plugin_audit.h:460
mysql_event_parse_rewrite_plugin_flag
Definition: plugin_audit.h:202
mysql_event_server_shutdown_subclass_t
Events for MYSQL_AUDIT_SERVER_SHUTDOWN_CLASS event class.
Definition: plugin_audit.h:384
mysql_event_parse_subclass_t
Events for MYSQL_AUDIT_PARSE_CLASS event class.
Definition: plugin_audit.h:192
mysql_event_class_t
Audit event classes.
Definition: plugin_audit.h:47
mysql_server_shutdown_reason_t
Server shutdown reason.
Definition: plugin_audit.h:396
mysql_event_stored_program_subclass_t
Events for MYSQL_AUDIT_STORED_PROGRAM_CLASS event class.
Definition: plugin_audit.h:499
mysql_event_connection_subclass_t
Events for MYSQL_AUDIT_CONNECTION_CLASS event class.
Definition: plugin_audit_connection_types.h:36
mysql_event_message_subclass_t
Events for MYSQL_AUDIT_MESSAGE_CLASS event class.
Definition: plugin_audit_message_types.h:40
required uint32 status
Definition: replication_asynchronous_connection_failover.proto:60
size_t make_user_name(Security_context *sctx, char *buf)
Definition: sql_audit.cc:1440
void mysql_audit_enable_auditing(THD *thd)
Enable auditing of the specified THD.
Definition: sql_audit.cc:1166
void mysql_audit_finalize()
Finalize Audit global variables.
Definition: sql_audit.cc:1224
bool is_global_audit_mask_set()
Checks presence of active audit plugin.
Definition: sql_audit.cc:1432
int mysql_audit_table_access_notify(THD *thd, TABLE_LIST *table)
Call audit plugins of TABLE ACCESS audit class events for all tables available in the list.
Definition: sql_audit.cc:573
static int mysql_audit_general_log(THD *thd, const char *cmd, size_t cmdlen)
Call audit plugins of GENERAL LOG audit class.
Definition: sql_audit.h:95
#define AUDIT_EVENT(x)
Audit API event to string expanding macro.
Definition: sql_audit.h:42
void mysql_audit_release(THD *thd)
Release any resources associated with the current thd.
Definition: sql_audit.cc:1139
int mysql_audit_notify(THD *thd, mysql_event_general_subclass_t subclass, const char *subclass_name, int error_code, const char *msg, size_t msg_len)
Call audit plugins of GENERAL audit class.
Definition: sql_audit.cc:362
bool is_audit_plugin_class_active(THD *thd, unsigned long event_class)
void mysql_audit_init_thd(THD *thd)
Initialize thd variables used by Audit.
Definition: sql_audit.cc:1175
void mysql_audit_free_thd(THD *thd)
Free thd variables used by Audit.
Definition: sql_audit.cc:1186
int initialize_audit_plugin(st_plugin_int *plugin)
Initialize an Audit plug-in.
Definition: sql_audit.cc:1235
int finalize_audit_plugin(st_plugin_int *plugin)
Finalize an Audit plug-in.
Definition: sql_audit.cc:1294
void mysql_audit_initialize()
Initialize Audit global variables.
Definition: sql_audit.cc:1211
int mysql_audit_acquire_plugins(THD *thd, mysql_event_class_t event_class, unsigned long event_subclass, bool check_audited=true)
Acquire audit plugins.
Definition: sql_audit.cc:1079
static const size_t MAX_USER_HOST_SIZE
Definition: sql_audit.h:37
case opt name
Definition: sslopt-case.h:32
Definition: mysql_lex_string.h:39
Definition: table.h:2694
Structure that stores key-value pair of the MYSQL_AUDIT_MESSAGE_CLASS event class.
Definition: plugin_audit_message_types.h:63
Definition: sql_plugin_ref.h:44
st_mysql_plugin * plugin
Definition: sql_plugin_ref.h:46
command
Definition: version_token.cc:279