MySQL 8.3.0
Source Code Documentation
sql_audit.h
Go to the documentation of this file.
1#ifndef SQL_AUDIT_INCLUDED
2#define SQL_AUDIT_INCLUDED
3
4/* Copyright (c) 2007, 2023, Oracle and/or its affiliates.
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License, version 2.0,
8 as published by the Free Software Foundation.
9
10 This program is also distributed with certain software (including
11 but not limited to OpenSSL) that is licensed under separate terms,
12 as designated in a particular file or component or in included license
13 documentation. The authors of MySQL hereby grant you an additional
14 permission to link the program and your derivative works with the
15 separately licensed software that they have included with MySQL.
16
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License, version 2.0, for more details.
21
22 You should have received a copy of the GNU General Public License
23 along with this program; if not, write to the Free Software
24 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
25
26#include <string.h>
27
28#include "lex_string.h"
29#include "my_command.h"
30#include "mysql/plugin_audit.h"
31#include "sql/error_handler.h"
32
45
47
48class THD;
50class Table_ref;
51
52static const size_t MAX_USER_HOST_SIZE = 512;
53
57 const void *event;
59};
60
63 const void *event;
64};
65
66/**
67 Audit API event to string expanding macro.
68*/
69#define AUDIT_EVENT(x) x, #x
70
71bool is_audit_plugin_class_active(THD *thd, unsigned long event_class);
73
74size_t make_user_name(Security_context *sctx, char *buf);
75
76struct st_plugin_int;
77
80
83
84void mysql_audit_init_thd(THD *thd);
85void mysql_audit_free_thd(THD *thd);
87 unsigned long event_subclass,
88 bool check_audited = true);
89void mysql_audit_release(THD *thd);
90
91/**
92 Enable auditing of the specified THD.
93
94 @param[in] thd THD whose auditing capability is turned on.
95*/
97
98/**
99 Notify consumers of AUTHENTICATION event tracking events.
100
101 @param[in] thd Current thread data.
102 @param[in] subclass Type of the authentication audit event.
103 @param[in] subclass_name Name of the subclass.
104 @param[in] status Status of the event.
105 @param[in] user Name of the user.
106 @param[in] host Name of the host.
107 @param[in] authentication_plugin Current authentication plugin for user.
108 @param[in] is_role Whether given AuthID is a role or not
109 @param[in] new_user Name of the new user - In case of rename
110 @param[in] new_host Name of the new host - In case of rename
111
112 @return 0 continue server flow, otherwise abort.
113*/
116 const char *subclass_name, int status, const char *user, const char *host,
117 const char *authentication_plugin, bool is_role, const char *new_user,
118 const char *new_host);
119
120/**
121 Notify consumers of COMMAND event tracking events.
122
123 Internal connection info is extracted from the thd object.
124
125 @param[in] thd Current thread data.
126 @param[in] subclass Type of the command audit event.
127 @param[in] subclass_name Name of the subclass.
128 @param[in] command Command id value.
129 @param[in] command_text Command string value.
130
131 @return 0 continue server flow, otherwise abort.
132*/
133
136 const char *subclass_name, enum_server_command command,
137 const char *command_text);
138
139/**
140 Notify consumers of CONNECTION event tracking events.
141
142 @param[in] thd Current thread context.
143 @param[in] subclass Type of the connection audit event.
144 @param[in] subclass_name Name of the subclass.
145 @param[in] errcode Error code.
146
147 @return 0 continue server flow, otherwise abort.
148*/
151 const char *subclass_name, int errcode);
152
153/**
154 Notify consumers of CONNECTION event tracking events.
155
156 Internal connection info is extracted from the thd object.
157
158 @param[in] thd Current thread data.
159 @param[in] subclass Type of the connection audit event.
160 @param[in] subclass_name Name of the subclass.
161
162 @return 0 continue server flow, otherwise abort.
163*/
166 const char *subclass_name);
167
168/**
169 Notify consumers of GENERAL event tracking events.
170
171 @param[in] thd Current thread data.
172 @param[in] subclass Type of general audit event.
173 @param[in] subclass_name Subclass name.
174 @param[in] error_code Error code
175 @param[in] msg Message
176 @param[in] msg_len Message length.
177
178 @return Value returned is not taken into consideration by the server.
179*/
182 const char *subclass_name, int error_code, const char *msg, size_t msg_len);
183
184/**
185 Notify consumers of GENERAL event tracking events.
186
187 @param[in] thd Current thread data.
188 @param[in] cmd Command text.
189 @param[in] cmdlen Command text length.
190
191 @return Value returned is not taken into consideration by the server.
192*/
193inline static int mysql_event_tracking_general_notify(THD *thd, const char *cmd,
194 size_t cmdlen) {
196 thd, AUDIT_EVENT(EVENT_TRACKING_GENERAL_LOG), 0, cmd, cmdlen);
197}
198
199/**
200 Notify consumers of GLOBAL VARIABLE event tracking events.
201
202 @param[in] thd Current thread data.
203 @param[in] subclass Type of the global variable audit event.
204 @param[in] subclass_name Name of the subclass.
205 @param[in] name Name of the variable.
206 @param[in] value Textual value of the variable.
207 @param[in] value_length Textual value length.
208
209 @return 0 continue server flow, otherwise abort.
210*/
213 const char *subclass_name, const char *name, const char *value,
214 const unsigned int value_length);
215
216/**
217 Notify consumers of MESSAGE event tracking events.
218
219 @param[in] thd Current thread data.
220 @param[in] subclass Message class subclass name.
221 @param[in] subclass_name Subclass name length.
222 @param[in] component Component name.
223 @param[in] component_length Component name length.
224 @param[in] producer Producer name.
225 @param[in] producer_length Producer name length.
226 @param[in] message Message text.
227 @param[in] message_length Message text length.
228 @param[in] key_value_map Key value map pointer.
229 @param[in] key_value_map_length Key value map length.
230
231 @return 0 continue server flow.
232*/
235 const char *subclass_name, const char *component, size_t component_length,
236 const char *producer, size_t producer_length, const char *message,
237 size_t message_length,
239 size_t key_value_map_length);
240
241/**
242 Notify consumers of PARSE event tracking events.
243
244 @param[in] thd Current thread context.
245 @param[in] subclass Type of the parse audit event.
246 @param[in] subclass_name Name of the subclass.
247 @param[out] flags Rewritten query flags.
248 @param[out] rewritten_query Rewritten query
249
250 @return 0 continue server flow, otherwise abort.
251*/
254 const char *subclass_name,
256 mysql_cstring_with_length *rewritten_query);
257
258/**
259 Notify consumers of QUERY event tracking events.
260
261 Internal query info is extracted from the thd object.
262
263 @param[in] thd Current thread data.
264 @param[in] subclass Type of the query audit event.
265 @param[in] subclass_name Name of the subclass.
266
267 @return 0 continue server flow, otherwise abort.
268*/
271 const char *subclass_name);
272
273/**
274 Notify consumers of LIFECYCLE (Shutdown) event tracking events.
275
276 @param[in] subclass Type of the server abort audit event.
277 @param[in] subclass_name Name of the subclass
278 @param[in] reason Reason code of the shutdown.
279 @param[in] exit_code Abort exit code.
280
281 @return Value returned is not taken into consideration by the server.
282*/
285 const char *subclass_name, mysql_event_tracking_shutdown_reason_t reason,
286 int exit_code);
287
288/**
289 Notify consumers of LIFECYCLE (Starup) event tracking events.
290
291 @param[in] subclass Type of the server startup audit event.
292 @param[in] subclass_name Name of the subclass.
293 @param[in] argv Array of program arguments.
294 @param[in] argc Program arguments array length.
295
296 @return 0 continue server start, otherwise abort.
297*/
299 mysql_event_tracking_startup_subclass_t subclass, const char *subclass_name,
300 const char **argv, unsigned int argc);
301
302/**
303 Notify consumers of STORED PROGRAM event tracking events.
304
305 @param[in] thd Current thread data.
306 @param[in] subclass Type of the stored program audit event.
307 @param[in] subclass_name Name of the subclass.
308 @param[in] database Stored program database name.
309 @param[in] name Name of the stored program.
310 @param[in] parameters Parameters of the stored program execution.
311
312 @return 0 continue server flow, otherwise abort.
313*/
316 const char *subclass_name, const char *database, const char *name,
317 void *parameters);
318
319/**
320 Notify consumers of TABLE ACCESS event tracking events for all tables
321 available in the list.
322
323 Event subclass value depends on the thd->lex->sql_command value.
324
325 The event is generated for 'USER' and 'SYS' tables only.
326
327 @param[in] thd Current thread data.
328 @param[in] table Connected list of tables, for which event is generated.
329
330 @return 0 - continue server flow, otherwise abort.
331*/
333
334#if 0 /* Function commented out. No Audit API calls yet. */
335/**
336 Call audit plugins of AUTHORIZATION audit class.
337
338 @param[in] thd Thread data.
339 @param[in] subclass Type of the connection audit event.
340 @param[in] subclass_name Name of the subclass.
341 @param[in] database object database
342 @param[in] database_length object database length
343 @param[in] name object name
344 @param[in] name_length object name length
345
346 @return 0 continue server flow, otherwise abort.
347*/
348int mysql_audit_notify(THD *thd, mysql_event_authorization_subclass_t subclass,
349 const char *subclass_name, const char *database,
350 unsigned int database_length, const char *name,
351 unsigned int name_length);
352
353/**
354 Call audit plugins of AUTHORIZATION audit class.
355
356 @param[in] thd Current thread data.
357 @param[in] subclass Type of the authorization audit event.
358 @param[in] subclass_name Name of the subclass.
359 @param[in] database Database name.
360 @param[in] table Table name.
361 @param[in] object Object name associated with the authorization event.
362
363 @return 0 continue server flow, otherwise abort.
364*/
365
366int mysql_audit_notify(THD *thd,
368 const char *subclass_name,
369 const char *database,
370 const char *table,
371 const char *object);
372#endif /* 0 */
373
375 public:
378 Event_tracking_information(const char *command_name, size_t command_length)
379 : command_{command_name, command_length} {}
382};
383
386 public:
388 std::vector<const char *> authentication_methods_;
392
395 std::vector<const char *> &auth_methods, bool is_role,
396 const char *new_user, const char *new_host)
398 subclass_(subclass),
399 authentication_methods_{auth_methods},
400 is_role_{is_role},
401 new_user_{new_user, new_user ? strlen(new_user) : 0},
402 new_host_{new_host, new_host ? strlen(new_host) : 0} {}
403};
404
407 public:
409 uint64_t rows_;
410 uint64_t time_;
412
414 mysql_event_tracking_general_subclass_t subclass, uint64_t rows,
415 uint64_t time, LEX_CSTRING external_user, const char *command_name,
416 size_t command_length)
417 : Event_tracking_information{command_name, command_length},
418 subclass_{subclass},
419 rows_{rows},
420 time_{time},
421 external_user_{external_user.str, external_user.length} {}
422};
423
424#endif /* SQL_AUDIT_INCLUDED */
Kerberos Client Authentication nullptr
Definition: auth_kerberos_client_plugin.cc:250
mysql_cstring_with_length new_host_
Definition: sql_audit.h:391
mysql_cstring_with_length new_user_
Definition: sql_audit.h:390
Event_tracking_authentication_information(mysql_event_tracking_authentication_subclass_t subclass, std::vector< const char * > &auth_methods, bool is_role, const char *new_user, const char *new_host)
Definition: sql_audit.h:393
mysql_event_tracking_authentication_subclass_t subclass_
Definition: sql_audit.h:387
std::vector< const char * > authentication_methods_
Definition: sql_audit.h:388
bool is_role_
Definition: sql_audit.h:389
Definition: sql_audit.h:406
uint64_t rows_
Definition: sql_audit.h:409
Event_tracking_general_information(mysql_event_tracking_general_subclass_t subclass, uint64_t rows, uint64_t time, LEX_CSTRING external_user, const char *command_name, size_t command_length)
Definition: sql_audit.h:413
mysql_event_tracking_general_subclass_t subclass_
Definition: sql_audit.h:408
mysql_cstring_with_length external_user_
Definition: sql_audit.h:411
uint64_t time_
Definition: sql_audit.h:410
Definition: sql_audit.h:374
virtual ~Event_tracking_information()
Definition: sql_audit.h:381
Event_tracking_information(const Event_tracking_information &src)=default
mysql_cstring_with_length command_
Definition: sql_audit.h:376
Event_tracking_information(const char *command_name, size_t command_length)
Definition: sql_audit.h:378
Event_tracking_information()
Definition: sql_audit.h:377
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:52
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:35
Definition: table.h:2853
Data for authentication event tracking.
unsigned long mysql_event_tracking_authentication_subclass_t
Events for Authentication event tracking.
Definition: event_tracking_authentication_defs.h:71
Data for RPC command event tracking.
unsigned long mysql_event_tracking_command_subclass_t
Events for Command event tracking.
Definition: event_tracking_command_defs.h:46
Common data used for tracking various types of events.
Data for connection event tracking.
unsigned long mysql_event_tracking_connection_subclass_t
Events for Connection event tracking.
Definition: event_tracking_connection_defs.h:52
Data for general event tracking.
#define EVENT_TRACKING_GENERAL_LOG
occurs before emitting to the general query log.
Definition: event_tracking_general_defs.h:34
unsigned long mysql_event_tracking_general_subclass_t
Events for the General event tracking.
Definition: event_tracking_general_defs.h:51
Data for global variable event tracking.
unsigned long mysql_event_tracking_global_variable_subclass_t
Events for Global variable event tracking.
Definition: event_tracking_global_variable_defs.h:46
Data for program lifecycle events.
unsigned long mysql_event_tracking_shutdown_subclass_t
Events for Shutdown event tracking.
Definition: event_tracking_lifecycle_defs.h:67
unsigned long mysql_event_tracking_startup_subclass_t
Events for Startup event tracking.
Definition: event_tracking_lifecycle_defs.h:41
int mysql_event_tracking_shutdown_reason_t
Server shutdown reason.
Definition: event_tracking_lifecycle_defs.h:79
Data for message event tracking.
unsigned long mysql_event_tracking_message_subclass_t
Events for Message event tracking.
Definition: event_tracking_message_defs.h:46
Data for parse event tracking.
unsigned int mysql_event_tracking_parse_rewrite_plugin_flag
Query rewritting flags.
Definition: event_tracking_parse_defs.h:60
unsigned long mysql_event_tracking_parse_subclass_t
Events for Parse event tracking.
Definition: event_tracking_parse_defs.h:46
Data for query event tracking.
unsigned long mysql_event_tracking_query_subclass_t
Events for Query event tracking.
Definition: event_tracking_query_defs.h:51
Data for stored program event tracking.
unsigned long mysql_event_tracking_stored_program_subclass_t
Events for Stored program event tracking.
Definition: event_tracking_stored_program_defs.h:43
Data for query event tracking.
static int flags[50]
Definition: hp_test1.cc:39
enum_server_command
A list of all MySQL protocol commands.
Definition: my_command.h:47
static const char * command_name[]
Definition: myisamlog.cc:101
char * user
Definition: mysqladmin.cc:64
const char * host
Definition: mysqladmin.cc:63
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1065
static PFS_engine_table_share_proxy table
Definition: pfs.cc:60
Definition: buf0block_hint.cc:29
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:75
mysql_event_authorization_subclass_t
Events for MYSQL_AUDIT_AUTHORIZATION_CLASS event class.
Definition: plugin_audit.h:235
mysql_event_class_t
Audit event classes.
Definition: plugin_audit.h:49
required uint32 status
Definition: replication_asynchronous_connection_failover.proto:60
size_t make_user_name(Security_context *sctx, char *buf)
Definition: sql_audit.cc:815
void mysql_audit_enable_auditing(THD *thd)
Enable auditing of the specified THD.
Definition: sql_audit.cc:638
void mysql_audit_finalize()
Finalize Audit global variables.
Definition: sql_audit.cc:696
int mysql_event_tracking_query_notify(THD *thd, mysql_event_tracking_query_subclass_t subclass, const char *subclass_name)
Notify consumers of QUERY event tracking events.
Definition: sql_audit.cc:1091
bool is_global_audit_mask_set()
Checks presence of active audit plugin.
Definition: sql_audit.cc:807
int mysql_event_tracking_global_variable_notify(THD *thd, mysql_event_tracking_global_variable_subclass_t subclass, const char *subclass_name, const char *name, const char *value, const unsigned int value_length)
Notify consumers of GLOBAL VARIABLE event tracking events.
Definition: sql_audit.cc:1011
int mysql_event_tracking_parse_notify(THD *thd, mysql_event_tracking_parse_subclass_t subclass, const char *subclass_name, mysql_event_tracking_parse_rewrite_plugin_flag *flags, mysql_cstring_with_length *rewritten_query)
Notify consumers of PARSE event tracking events.
Definition: sql_audit.cc:1065
#define AUDIT_EVENT(x)
Audit API event to string expanding macro.
Definition: sql_audit.h:69
int mysql_event_tracking_message_notify(THD *thd, mysql_event_tracking_message_subclass_t subclass, const char *subclass_name, const char *component, size_t component_length, const char *producer, size_t producer_length, const char *message, size_t message_length, mysql_event_tracking_message_key_value_t *key_value_map, size_t key_value_map_length)
Notify consumers of MESSAGE event tracking events.
Definition: sql_audit.cc:1036
void mysql_audit_release(THD *thd)
Release any resources associated with the current thd.
Definition: sql_audit.cc:608
bool is_audit_plugin_class_active(THD *thd, unsigned long event_class)
There's at least one active audit plugin tracking a specified class.
Definition: sql_audit.cc:796
void mysql_audit_init_thd(THD *thd)
Initialize thd variables used by Audit.
Definition: sql_audit.cc:647
int mysql_event_tracking_general_notify(THD *thd, mysql_event_tracking_general_subclass_t subclass, const char *subclass_name, int error_code, const char *msg, size_t msg_len)
Notify consumers of GENERAL event tracking events.
Definition: sql_audit.cc:960
void mysql_audit_free_thd(THD *thd)
Free thd variables used by Audit.
Definition: sql_audit.cc:658
int initialize_audit_plugin(st_plugin_int *plugin)
Initialize an Audit plug-in.
Definition: sql_audit.cc:707
int finalize_audit_plugin(st_plugin_int *plugin)
Finalize an Audit plug-in.
Definition: sql_audit.cc:766
int mysql_event_tracking_table_access_notify(THD *thd, Table_ref *table)
Notify consumers of TABLE ACCESS event tracking events for all tables available in the list.
Definition: sql_audit.cc:1298
int mysql_event_tracking_shutdown_notify(mysql_event_tracking_shutdown_subclass_t subclass, const char *subclass_name, mysql_event_tracking_shutdown_reason_t reason, int exit_code)
Notify consumers of LIFECYCLE (Shutdown) event tracking events.
Definition: sql_audit.cc:1148
int mysql_event_tracking_connection_notify(THD *thd, mysql_event_tracking_connection_subclass_t subclass, const char *subclass_name, int errcode)
Notify consumers of CONNECTION event tracking events.
Definition: sql_audit.cc:904
void mysql_audit_initialize()
Initialize Audit global variables.
Definition: sql_audit.cc:683
int mysql_audit_acquire_plugins(THD *thd, mysql_event_class_t event_class, unsigned long event_subclass, bool check_audited=true)
Acquire audit plugins.
Definition: sql_audit.cc:548
int mysql_event_tracking_command_notify(THD *thd, mysql_event_tracking_command_subclass_t subclass, const char *subclass_name, enum_server_command command, const char *command_text)
Notify consumers of COMMAND event tracking events.
Definition: sql_audit.cc:868
int mysql_event_tracking_authentication_notify(THD *thd, mysql_event_tracking_authentication_subclass_t subclass, const char *subclass_name, int status, const char *user, const char *host, const char *authentication_plugin, bool is_role, const char *new_user, const char *new_host)
Notify consumers of AUTHENTICATION event tracking events.
Definition: sql_audit.cc:835
int mysql_event_tracking_stored_program_notify(THD *thd, mysql_event_tracking_stored_program_subclass_t subclass, const char *subclass_name, const char *database, const char *name, void *parameters)
Notify consumers of STORED PROGRAM event tracking events.
Definition: sql_audit.cc:1185
static const size_t MAX_USER_HOST_SIZE
Definition: sql_audit.h:52
int mysql_event_tracking_startup_notify(mysql_event_tracking_startup_subclass_t subclass, const char *subclass_name, const char **argv, unsigned int argc)
Notify consumers of LIFECYCLE (Starup) event tracking events.
Definition: sql_audit.cc:1163
Event_tracking_class
Event tracking classes If a new event tracking class is introduced, this class should be kept in sync...
Definition: sql_event_tracking_to_audit_event_mapping.h:40
case opt name
Definition: sslopt-case.h:32
Definition: mysql_lex_string.h:39
String with length information.
Definition: mysql_string_defs.h:32
Structure that stores key-value pair of the Message event.
Definition: event_tracking_message_defs.h:66
Definition: sql_audit.h:55
const void * event
Definition: sql_audit.h:57
Event_tracking_class event_class
Definition: sql_audit.h:56
const Event_tracking_information * event_information
Definition: sql_audit.h:58
Definition: sql_audit.h:61
const void * event
Definition: sql_audit.h:63
mysql_event_class_t event_class
Definition: sql_audit.h:62
Definition: sql_plugin_ref.h:44
st_mysql_plugin * plugin
Definition: sql_plugin_ref.h:46
command
Definition: version_token.cc:279