MySQL 8.0.32
Source Code Documentation
sql_audit.h
Go to the documentation of this file.
1#ifndef SQL_AUDIT_INCLUDED
2#define SQL_AUDIT_INCLUDED
3
4/* Copyright (c) 2007, 2022, Oracle and/or its affiliates.
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License, version 2.0,
8 as published by the Free Software Foundation.
9
10 This program is also distributed with certain software (including
11 but not limited to OpenSSL) that is licensed under separate terms,
12 as designated in a particular file or component or in included license
13 documentation. The authors of MySQL hereby grant you an additional
14 permission to link the program and your derivative works with the
15 separately licensed software that they have included with MySQL.
16
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License, version 2.0, for more details.
21
22 You should have received a copy of the GNU General Public License
23 along with this program; if not, write to the Free Software
24 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
25
26#include <string.h>
27
28#include "lex_string.h"
29#include "m_string.h"
30#include "my_command.h"
31#include "mysql/plugin_audit.h"
32
33class THD;
34class Security_context;
35class Table_ref;
36
37static const size_t MAX_USER_HOST_SIZE = 512;
38
39/**
40 Audit API event to string expanding macro.
41*/
42#define AUDIT_EVENT(x) x, #x
43
44bool is_audit_plugin_class_active(THD *thd, unsigned long event_class);
45bool is_global_audit_mask_set();
46
47size_t make_user_name(Security_context *sctx, char *buf);
48
49struct st_plugin_int;
50
51int initialize_audit_plugin(st_plugin_int *plugin);
52int finalize_audit_plugin(st_plugin_int *plugin);
53
54void mysql_audit_initialize();
55void mysql_audit_finalize();
56
57void mysql_audit_init_thd(THD *thd);
58void mysql_audit_free_thd(THD *thd);
59int mysql_audit_acquire_plugins(THD *thd, mysql_event_class_t event_class,
60 unsigned long event_subclass,
61 bool check_audited = true);
62void mysql_audit_release(THD *thd);
63
64/**
65 Enable auditing of the specified THD.
66
67 @param[in] thd THD whose auditing capability is turned on.
68*/
69void mysql_audit_enable_auditing(THD *thd);
70
71/**
72 Call audit plugins of GENERAL audit class.
73
74 @param[in] thd Current thread data.
75 @param[in] subclass Type of general audit event.
76 @param[in] subclass_name Subclass name.
77 @param[in] error_code Error code
78 @param[in] msg Message
79 @param[in] msg_len Message length.
80
81 @return Value returned is not taken into consideration by the server.
82*/
83int mysql_audit_notify(THD *thd, mysql_event_general_subclass_t subclass,
84 const char *subclass_name, int error_code,
85 const char *msg, size_t msg_len);
86/**
87 Call audit plugins of GENERAL LOG audit class.
88
89 @param[in] thd Current thread data.
90 @param[in] cmd Command text.
91 @param[in] cmdlen Command text length.
92
93 @return Value returned is not taken into consideration by the server.
94*/
95inline static int mysql_audit_general_log(THD *thd, const char *cmd,
96 size_t cmdlen) {
97 return mysql_audit_notify(thd, AUDIT_EVENT(MYSQL_AUDIT_GENERAL_LOG), 0, cmd,
98 cmdlen);
99}
100
101/**
102 Call audit plugins of CONNECTION audit class.
103
104 @param[in] thd Current thread context.
105 @param[in] subclass Type of the connection audit event.
106 @param[in] subclass_name Name of the subclass.
107 @param[in] errcode Error code.
108
109 @return 0 continue server flow, otherwise abort.
110*/
111int mysql_audit_notify(THD *thd, mysql_event_connection_subclass_t subclass,
112 const char *subclass_name, int errcode);
113
114/**
115 Call audit plugins of PARSE audit class.
116
117 @param[in] thd Current thread context.
118 @param[in] subclass Type of the parse audit event.
119 @param[in] subclass_name Name of the subclass.
120 @param[out] flags Rewritten query flags.
121 @param[out] rewritten_query Rewritten query
122
123 @return 0 continue server flow, otherwise abort.
124*/
125int mysql_audit_notify(THD *thd, mysql_event_parse_subclass_t subclass,
126 const char *subclass_name,
127 mysql_event_parse_rewrite_plugin_flag *flags,
128 LEX_CSTRING *rewritten_query);
129
130/**
131 Call audit plugins of AUTHORIZATION audit class.
132
133 @param[in] thd Thread data.
134 @param[in] subclass Type of the connection audit event.
135 @param[in] subclass_name Name of the subclass.
136 @param[in] database object database
137 @param[in] database_length object database length
138 @param[in] name object name
139 @param[in] name_length object name length
140
141 @return 0 continue server flow, otherwise abort.
142*/
143int mysql_audit_notify(THD *thd, mysql_event_authorization_subclass_t subclass,
144 const char *subclass_name, const char *database,
145 unsigned int database_length, const char *name,
146 unsigned int name_length);
147/**
148 Call audit plugins of TABLE ACCESS audit class events for all tables
149 available in the list.
150
151 Event subclass value depends on the thd->lex->sql_command value.
152
153 The event is generated for 'USER' and 'SYS' tables only.
154
155 @param[in] thd Current thread data.
156 @param[in] table Connected list of tables, for which event is generated.
157
158 @return 0 - continue server flow, otherwise abort.
159*/
160int mysql_audit_table_access_notify(THD *thd, Table_ref *table);
161
162/**
163 Call audit plugins of GLOBAL VARIABLE audit class.
164
165 @param[in] thd Current thread data.
166 @param[in] subclass Type of the global variable audit event.
167 @param[in] subclass_name Name of the subclass.
168 @param[in] name Name of the variable.
169 @param[in] value Textual value of the variable.
170 @param[in] value_length Textual value length.
171
172 @return 0 continue server flow, otherwise abort.
173*/
174int mysql_audit_notify(THD *thd,
175 mysql_event_global_variable_subclass_t subclass,
176 const char *subclass_name, const char *name,
177 const char *value, const unsigned int value_length);
178/**
179 Call audit plugins of SERVER STARTUP audit class.
180
181 @param[in] subclass Type of the server startup audit event.
182 @param[in] subclass_name Name of the subclass.
183 @param[in] argv Array of program arguments.
184 @param[in] argc Program arguments array length.
185
186 @return 0 continue server start, otherwise abort.
187*/
188int mysql_audit_notify(mysql_event_server_startup_subclass_t subclass,
189 const char *subclass_name, const char **argv,
190 unsigned int argc);
191
192/**
193 Call audit plugins of SERVER SHUTDOWN audit class.
194
195 @param[in] subclass Type of the server abort audit event.
196 @param[in] reason Reason code of the shutdown.
197 @param[in] exit_code Abort exit code.
198
199 @return Value returned is not taken into consideration by the server.
200*/
201int mysql_audit_notify(mysql_event_server_shutdown_subclass_t subclass,
202 mysql_server_shutdown_reason_t reason, int exit_code);
203
204#if 0 /* Function commented out. No Audit API calls yet. */
205/**
206 Call audit plugins of AUTHORIZATION audit class.
207
208 @param[in] thd Current thread data.
209 @param[in] subclass Type of the authorization audit event.
210 @param[in] subclass_name Name of the subclass.
211 @param[in] database Database name.
212 @param[in] table Table name.
213 @param[in] object Object name associated with the authorization event.
214
215 @return 0 continue server flow, otherwise abort.
216*/
217
218int mysql_audit_notify(THD *thd,
219 mysql_event_authorization_subclass_t subclass,
220 const char *subclass_name,
221 const char *database,
222 const char *table,
223 const char *object);
224#endif
225
226/**
227 Call audit plugins of CONNECTION audit class.
228
229 Internal connection info is extracted from the thd object.
230
231 @param[in] thd Current thread data.
232 @param[in] subclass Type of the connection audit event.
233 @param[in] subclass_name Name of the subclass.
234
235 @return 0 continue server flow, otherwise abort.
236*/
237int mysql_audit_notify(THD *thd, mysql_event_connection_subclass_t subclass,
238 const char *subclass_name);
239
240/**
241 Call audit plugins of COMMAND audit class.
242
243 Internal connection info is extracted from the thd object.
244
245 @param[in] thd Current thread data.
246 @param[in] subclass Type of the command audit event.
247 @param[in] subclass_name Name of the subclass.
248 @param[in] command Command id value.
249 @param[in] command_text Command string value.
250
251 @return 0 continue server flow, otherwise abort.
252*/
253int mysql_audit_notify(THD *thd, mysql_event_command_subclass_t subclass,
254 const char *subclass_name, enum_server_command command,
255 const char *command_text);
256/**
257 Call audit plugins of QUERY audit class.
258
259 Internal query info is extracted from the thd object.
260
261 @param[in] thd Current thread data.
262 @param[in] subclass Type of the query audit event.
263 @param[in] subclass_name Name of the subclass.
264
265 @return 0 continue server flow, otherwise abort.
266*/
267int mysql_audit_notify(THD *thd, mysql_event_query_subclass_t subclass,
268 const char *subclass_name);
269
270/**
271 Call audit plugins of STORED PROGRAM audit class.
272
273 @param[in] thd Current thread data.
274 @param[in] subclass Type of the stored program audit event.
275 @param[in] subclass_name Name of the subclass.
276 @param[in] database Stored program database name.
277 @param[in] name Name of the stored program.
278 @param[in] parameters Parameters of the stored program execution.
279
280 @return 0 continue server flow, otherwise abort.
281*/
282int mysql_audit_notify(THD *thd, mysql_event_stored_program_subclass_t subclass,
283 const char *subclass_name, const char *database,
284 const char *name, void *parameters);
285
286/**
287 Call audit plugins of AUTHENTICATION audit class
288
289 @param[in] thd Current thread data.
290 @param[in] subclass Type of the authentication audit event.
291 @param[in] subclass_name Name of the subclass.
292 @param[in] status Status of the event.
293 @param[in] user Name of the user.
294 @param[in] host Name of the host.
295 @param[in] authentication_plugin Current authentication plugin for user.
296 @param[in] is_role Whether given AuthID is a role or not
297 @param[in] new_user Name of the new user - In case of rename
298 @param[in] new_host Name of the new host - In case of rename
299
300 @return 0 continue server flow, otherwise abort.
301*/
302int mysql_audit_notify(THD *thd, mysql_event_authentication_subclass_t subclass,
303 const char *subclass_name, int status, const char *user,
304 const char *host, const char *authentication_plugin,
305 bool is_role, const char *new_user,
306 const char *new_host);
307
308/**
309 Call audit plugins of MESSAGE audit class.
310
311 @param[in] thd Current thread data.
312 @param[in] subclass Message class subclass name.
313 @param[in] subclass_name Subclass name length.
314 @param[in] component Component name.
315 @param[in] component_length Component name length.
316 @param[in] producer Producer name.
317 @param[in] producer_length Producer name length.
318 @param[in] message Message text.
319 @param[in] message_length Message text length.
320 @param[in] key_value_map Key value map pointer.
321 @param[in] key_value_map_length Key value map length.
322
323 @return 0 continue server flow.
324*/
325int mysql_audit_notify(THD *thd, mysql_event_message_subclass_t subclass,
326 const char *subclass_name, const char *component,
327 size_t component_length, const char *producer,
328 size_t producer_length, const char *message,
329 size_t message_length,
330 mysql_event_message_key_value_t *key_value_map,
331 size_t key_value_map_length);
332
333#endif /* SQL_AUDIT_INCLUDED */
Security_context
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:53
THD
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:33
Table_ref
Definition: table.h:2755
flags
static int flags[50]
Definition: hp_test1.cc:39
lex_string.h
m_string.h
my_command.h
enum_server_command
enum_server_command
A list of all MySQL protocol commands.
Definition: my_command.h:47
user
char * user
Definition: mysqladmin.cc:59
host
const char * host
Definition: mysqladmin.cc:58
buf
Definition: buf0block_hint.cc:29
plugin_audit.h
mysql_event_global_variable_subclass_t
mysql_event_global_variable_subclass_t
Events for MYSQL_AUDIT_GLOBAL_VARIABLE_CLASS event class.
Definition: plugin_audit.h:329
mysql_event_server_startup_subclass_t
mysql_event_server_startup_subclass_t
Events for MYSQL_AUDIT_SERVER_STARTUP_CLASS event class.
Definition: plugin_audit.h:358
mysql_event_general_subclass_t
mysql_event_general_subclass_t
Events for the MYSQL_AUDIT_GENERAL_CLASS event class.
Definition: plugin_audit.h:111
MYSQL_AUDIT_GENERAL_LOG
@ MYSQL_AUDIT_GENERAL_LOG
occurs before emitting to the general query log.
Definition: plugin_audit.h:113
mysql_event_command_subclass_t
mysql_event_command_subclass_t
Events for MYSQL_AUDIT_COMMAND_CLASS event class.
Definition: plugin_audit.h:422
mysql_event_authentication_subclass_t
mysql_event_authentication_subclass_t
Events for MYSQL_AUDIT_AUTHENTICATION_CLASS event class.
Definition: plugin_audit.h:538
mysql_event_authorization_subclass_t
mysql_event_authorization_subclass_t
Events for MYSQL_AUDIT_AUTHORIZATION_CLASS event class.
Definition: plugin_audit.h:233
mysql_event_query_subclass_t
mysql_event_query_subclass_t
Events for MYSQL_AUDIT_QUERY_CLASS event class.
Definition: plugin_audit.h:460
mysql_event_parse_rewrite_plugin_flag
mysql_event_parse_rewrite_plugin_flag
Definition: plugin_audit.h:202
mysql_event_server_shutdown_subclass_t
mysql_event_server_shutdown_subclass_t
Events for MYSQL_AUDIT_SERVER_SHUTDOWN_CLASS event class.
Definition: plugin_audit.h:384
mysql_event_parse_subclass_t
mysql_event_parse_subclass_t
Events for MYSQL_AUDIT_PARSE_CLASS event class.
Definition: plugin_audit.h:192
mysql_event_class_t
mysql_event_class_t
Audit event classes.
Definition: plugin_audit.h:47
mysql_server_shutdown_reason_t
mysql_server_shutdown_reason_t
Server shutdown reason.
Definition: plugin_audit.h:396
mysql_event_stored_program_subclass_t
mysql_event_stored_program_subclass_t
Events for MYSQL_AUDIT_STORED_PROGRAM_CLASS event class.
Definition: plugin_audit.h:499
mysql_event_connection_subclass_t
mysql_event_connection_subclass_t
Events for MYSQL_AUDIT_CONNECTION_CLASS event class.
Definition: plugin_audit_connection_types.h:36
mysql_event_message_subclass_t
mysql_event_message_subclass_t
Events for MYSQL_AUDIT_MESSAGE_CLASS event class.
Definition: plugin_audit_message_types.h:40
status
required uint32 status
Definition: replication_asynchronous_connection_failover.proto:60
make_user_name
size_t make_user_name(Security_context *sctx, char *buf)
Definition: sql_audit.cc:1441
mysql_audit_enable_auditing
void mysql_audit_enable_auditing(THD *thd)
Enable auditing of the specified THD.
Definition: sql_audit.cc:1167
mysql_audit_finalize
void mysql_audit_finalize()
Finalize Audit global variables.
Definition: sql_audit.cc:1225
is_global_audit_mask_set
bool is_global_audit_mask_set()
Checks presence of active audit plugin.
Definition: sql_audit.cc:1433
mysql_audit_general_log
static int mysql_audit_general_log(THD *thd, const char *cmd, size_t cmdlen)
Call audit plugins of GENERAL LOG audit class.
Definition: sql_audit.h:95
AUDIT_EVENT
#define AUDIT_EVENT(x)
Audit API event to string expanding macro.
Definition: sql_audit.h:42
mysql_audit_release
void mysql_audit_release(THD *thd)
Release any resources associated with the current thd.
Definition: sql_audit.cc:1140
mysql_audit_notify
int mysql_audit_notify(THD *thd, mysql_event_general_subclass_t subclass, const char *subclass_name, int error_code, const char *msg, size_t msg_len)
Call audit plugins of GENERAL audit class.
Definition: sql_audit.cc:363
is_audit_plugin_class_active
bool is_audit_plugin_class_active(THD *thd, unsigned long event_class)
There's at least one active audit plugin tracking a specified class.
Definition: sql_audit.cc:1422
mysql_audit_init_thd
void mysql_audit_init_thd(THD *thd)
Initialize thd variables used by Audit.
Definition: sql_audit.cc:1176
mysql_audit_free_thd
void mysql_audit_free_thd(THD *thd)
Free thd variables used by Audit.
Definition: sql_audit.cc:1187
initialize_audit_plugin
int initialize_audit_plugin(st_plugin_int *plugin)
Initialize an Audit plug-in.
Definition: sql_audit.cc:1236
finalize_audit_plugin
int finalize_audit_plugin(st_plugin_int *plugin)
Finalize an Audit plug-in.
Definition: sql_audit.cc:1295
mysql_audit_initialize
void mysql_audit_initialize()
Initialize Audit global variables.
Definition: sql_audit.cc:1212
mysql_audit_acquire_plugins
int mysql_audit_acquire_plugins(THD *thd, mysql_event_class_t event_class, unsigned long event_subclass, bool check_audited=true)
Acquire audit plugins.
Definition: sql_audit.cc:1080
mysql_audit_table_access_notify
int mysql_audit_table_access_notify(THD *thd, Table_ref *table)
Call audit plugins of TABLE ACCESS audit class events for all tables available in the list.
Definition: sql_audit.cc:574
MAX_USER_HOST_SIZE
static const size_t MAX_USER_HOST_SIZE
Definition: sql_audit.h:37
name
case opt name
Definition: sslopt-case.h:32
MYSQL_LEX_CSTRING
Definition: mysql_lex_string.h:39
mysql_event_message_key_value_t
Structure that stores key-value pair of the MYSQL_AUDIT_MESSAGE_CLASS event class.
Definition: plugin_audit_message_types.h:63
st_plugin_int
Definition: sql_plugin_ref.h:44
st_plugin_int::plugin
st_mysql_plugin * plugin
Definition: sql_plugin_ref.h:46
command
command
Definition: version_token.cc:279