MySQL  8.0.17
Source Code Documentation
sql_audit.h
Go to the documentation of this file.
1 #ifndef SQL_AUDIT_INCLUDED
2 #define SQL_AUDIT_INCLUDED
3 
4 /* Copyright (c) 2007, 2018, Oracle and/or its affiliates. All rights reserved.
5 
6  This program is free software; you can redistribute it and/or modify
7  it under the terms of the GNU General Public License, version 2.0,
8  as published by the Free Software Foundation.
9 
10  This program is also distributed with certain software (including
11  but not limited to OpenSSL) that is licensed under separate terms,
12  as designated in a particular file or component or in included license
13  documentation. The authors of MySQL hereby grant you an additional
14  permission to link the program and your derivative works with the
15  separately licensed software that they have included with MySQL.
16 
17  This program is distributed in the hope that it will be useful,
18  but WITHOUT ANY WARRANTY; without even the implied warranty of
19  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20  GNU General Public License, version 2.0, for more details.
21 
22  You should have received a copy of the GNU General Public License
23  along with this program; if not, write to the Free Software
24  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
25 
26 #include <string.h>
27 
28 #include "lex_string.h"
29 #include "m_string.h"
30 #include "my_command.h"
31 #include "mysql/plugin_audit.h"
32 
33 class THD;
34 class Security_context;
35 struct TABLE_LIST;
36 
37 static const size_t MAX_USER_HOST_SIZE = 512;
38 
39 /**
40  Audit API event to string expanding macro.
41 */
42 #define AUDIT_EVENT(x) x, #x
43 
44 bool is_audit_plugin_class_active(THD *thd, unsigned long event_class);
46 
47 size_t make_user_name(Security_context *sctx, char *buf);
48 
49 struct st_plugin_int;
50 
53 
56 
57 void mysql_audit_init_thd(THD *thd);
58 void mysql_audit_free_thd(THD *thd);
60  unsigned long event_subclass);
61 void mysql_audit_release(THD *thd);
62 
63 /**
64  Call audit plugins of GENERAL audit class.
65 
66  @param[in] thd Current thread data.
67  @param[in] subclass Type of general audit event.
68  @param[in] subclass_name Subclass name.
69  @param[in] error_code Error code
70  @param[in] msg Message
71  @param[in] msg_len Message length.
72 
73  @return Value returned is not taken into consideration by the server.
74 */
76  const char *subclass_name, int error_code,
77  const char *msg, size_t msg_len);
78 /**
79  Call audit plugins of GENERAL LOG audit class.
80 
81  @param[in] thd Current thread data.
82  @param[in] cmd Command text.
83  @param[in] cmdlen Command text length.
84 
85  @return Value returned is not taken into consideration by the server.
86 */
87 inline static int mysql_audit_general_log(THD *thd, const char *cmd,
88  size_t cmdlen) {
90  cmdlen);
91 }
92 
93 /**
94  Call audit plugins of CONNECTION audit class.
95 
96  @param[in] thd Current thread context.
97  @param[in] subclass Type of the connection audit event.
98  @param[in] subclass_name Name of the subclass.
99  @param[in] errcode Error code.
100 
101  @return 0 continue server flow, otherwise abort.
102 */
104  const char *subclass_name, int errcode);
105 
106 /**
107  Call audit plugins of PARSE audit class.
108 
109  @param[in] thd Current thread context.
110  @param[in] subclass Type of the parse audit event.
111  @param[in] subclass_name Name of the subclass.
112  @param[out] flags Rewritten query flags.
113  @param[out] rewritten_query Rewritten query
114 
115  @return 0 continue server flow, otherwise abort.
116 */
118  const char *subclass_name,
120  LEX_CSTRING *rewritten_query);
121 
122 /**
123  Call audit plugins of AUTHORIZATION audit class.
124 
125  @param[in] thd Thread data.
126  @param[in] subclass Type of the connection audit event.
127  @param[in] subclass_name Name of the subclass.
128  @param[in] database object database
129  @param[in] database_length object database length
130  @param[in] name object name
131  @param[in] name_length object name length
132 
133  @return 0 continue server flow, otherwise abort.
134 */
136  const char *subclass_name, const char *database,
137  unsigned int database_length, const char *name,
138  unsigned int name_length);
139 /**
140  Call audit plugins of TABLE ACCESS audit class events for all tables
141  available in the list.
142 
143  Event subclass value depends on the thd->lex->sql_command value.
144 
145  The event is generated for 'USER' and 'SYS' tables only.
146 
147  @param[in] thd Current thread data.
148  @param[in] table Connected list of tables, for which event is generated.
149 
150  @return 0 - continue server flow, otherwise abort.
151 */
153 
154 /**
155  Call audit plugins of GLOBAL VARIABLE audit class.
156 
157  @param[in] thd Current thread data.
158  @param[in] subclass Type of the global variable audit event.
159  @param[in] subclass_name Name of the subclass.
160  @param[in] name Name of the variable.
161  @param[in] value Textual value of the variable.
162  @param[in] value_length Textual value length.
163 
164  @return 0 continue server flow, otherwise abort.
165 */
166 int mysql_audit_notify(THD *thd,
168  const char *subclass_name, const char *name,
169  const char *value, const unsigned int value_length);
170 /**
171  Call audit plugins of SERVER STARTUP audit class.
172 
173  @param[in] subclass Type of the server startup audit event.
174  @param[in] subclass_name Name of the subclass.
175  @param[in] argv Array of program arguments.
176  @param[in] argc Program arguments array length.
177 
178  @return 0 continue server start, otherwise abort.
179 */
181  const char *subclass_name, const char **argv,
182  unsigned int argc);
183 
184 /**
185  Call audit plugins of SERVER SHUTDOWN audit class.
186 
187  @param[in] subclass Type of the server abort audit event.
188  @param[in] reason Reason code of the shutdown.
189  @param[in] exit_code Abort exit code.
190 
191  @return Value returned is not taken into consideration by the server.
192 */
194  mysql_server_shutdown_reason_t reason, int exit_code);
195 
196 #if 0 /* Function commented out. No Audit API calls yet. */
197 /**
198  Call audit plugins of AUTHORIZATION audit class.
199 
200  @param[in] thd Current thread data.
201  @param[in] subclass Type of the authorization audit event.
202  @param[in] subclass_name Name of the subclass.
203  @param[in] database Database name.
204  @param[in] table Table name.
205  @param[in] object Object name associated with the authorization event.
206 
207  @return 0 continue server flow, otherwise abort.
208 */
209 
210 int mysql_audit_notify(THD *thd,
212  const char *subclass_name,
213  const char *database,
214  const char *table,
215  const char *object);
216 #endif
217 
218 /**
219  Call audit plugins of CONNECTION audit class.
220 
221  Internal connection info is extracted from the thd object.
222 
223  @param[in] thd Current thread data.
224  @param[in] subclass Type of the connection audit event.
225  @param[in] subclass_name Name of the subclass.
226 
227  @return 0 continue server flow, otherwise abort.
228 */
230  const char *subclass_name);
231 
232 /**
233  Call audit plugins of COMMAND audit class.
234 
235  Internal connection info is extracted from the thd object.
236 
237  @param[in] thd Current thread data.
238  @param[in] subclass Type of the command audit event.
239  @param[in] subclass_name Name of the subclass.
240  @param[in] command Command id value.
241  @param[in] command_text Command string value.
242 
243  @return 0 continue server flow, otherwise abort.
244 */
246  const char *subclass_name, enum_server_command command,
247  const char *command_text);
248 /**
249  Call audit plugins of QUERY audit class.
250 
251  Internal query info is extracted from the thd object.
252 
253  @param[in] thd Current thread data.
254  @param[in] subclass Type of the query audit event.
255  @param[in] subclass_name Name of the subclass.
256 
257  @return 0 continue server flow, otherwise abort.
258 */
260  const char *subclass_name);
261 
262 /**
263  Call audit plugins of STORED PROGRAM audit class.
264 
265  @param[in] thd Current thread data.
266  @param[in] subclass Type of the stored program audit event.
267  @param[in] subclass_name Name of the subclass.
268  @param[in] database Stored program database name.
269  @param[in] name Name of the stored program.
270  @param[in] parameters Parameters of the stored program execution.
271 
272  @return 0 continue server flow, otherwise abort.
273 */
275  const char *subclass_name, const char *database,
276  const char *name, void *parameters);
277 
278 /**
279  Call audit plugins of AUTHENTICATION audit class
280 
281  @param[in] thd Current thread data.
282  @param[in] subclass Type of the authentication audit event.
283  @param[in] subclass_name Name of the subclass.
284  @param[in] status Status of the event.
285  @param[in] user Name of the user.
286  @param[in] host Name of the host.
287  @param[in] authentication_plugin Current authentication plugin for user.
288  @param[in] is_role Whether given AuthID is a role or not
289  @param[in] new_user Name of the new user - In case of rename
290  @param[in] new_host Name of the new host - In case of rename
291 
292  @return 0 continue server flow, otherwise abort.
293 */
295  const char *subclass_name, int status, const char *user,
296  const char *host, const char *authentication_plugin,
297  bool is_role, const char *new_user,
298  const char *new_host);
299 
300 /**
301  Call audit plugins of MESSAGE audit class.
302 
303  @param[in] thd Current thread data.
304  @param[in] subclass Message class subclass name.
305  @param[in] subclass_name Subclass name length.
306  @param[in] component Component name.
307  @param[in] component_length Component name length.
308  @param[in] producer Producer name.
309  @param[in] producer_length Producer name length.
310  @param[in] message Message text.
311  @param[in] message_length Message text length.
312  @param[in] key_value_map Key value map pointer.
313  @param[in] key_value_map_length Key value map length.
314 
315  @return 0 continue server flow.
316 */
318  const char *subclass_name, const char *component,
319  size_t component_length, const char *producer,
320  size_t producer_length, const char *message,
321  size_t message_length,
322  mysql_event_message_key_value_t *key_value_map,
323  size_t key_value_map_length);
324 
325 #endif /* SQL_AUDIT_INCLUDED */
Definition: sql_plugin_ref.h:44
mysql_event_global_variable_subclass_t
Events for MYSQL_AUDIT_GLOBAL_VARIABLE_CLASS event class.
Definition: plugin_audit.h:344
get_options & argc
Definition: do_ctype.cc:51
char * user
Definition: mysqladmin.cc:58
const string name("\ame\)
int initialize_audit_plugin(st_plugin_int *plugin)
Initialize an Audit plug-in.
Definition: sql_audit.cc:1209
int mysql_audit_notify(THD *thd, mysql_event_general_subclass_t subclass, const char *subclass_name, int error_code, const char *msg, size_t msg_len)
Call audit plugins of GENERAL audit class.
Definition: sql_audit.cc:353
const char * host
Definition: mysqladmin.cc:57
mysql_event_class_t
Audit event classes.
Definition: plugin_audit.h:46
Definition: mysql_lex_string.h:39
int mysql_audit_table_access_notify(THD *thd, TABLE_LIST *table)
Call audit plugins of TABLE ACCESS audit class events for all tables available in the list...
Definition: sql_audit.cc:556
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:52
static struct st_mysql_daemon plugin
Definition: test_services_host_application_signal.cc:130
Definition: plugin_audit_message_types.h:65
void mysql_audit_init_thd(THD *thd)
Initialize thd variables used by Audit.
Definition: sql_audit.cc:1149
static int mysql_audit_general_log(THD *thd, const char *cmd, size_t cmdlen)
Call audit plugins of GENERAL LOG audit class.
Definition: sql_audit.h:87
void mysql_audit_release(THD *thd)
Release any resources associated with the current thd.
Definition: sql_audit.cc:1115
size_t make_user_name(Security_context *sctx, char *buf)
Definition: sql_audit.cc:1413
mysql_server_shutdown_reason_t
Server shutdown reason.
Definition: plugin_audit.h:411
bool is_global_audit_mask_set()
Checks presence of active audit plugin.
Definition: sql_audit.cc:1405
mysql_event_message_subclass_t
Events for MYSQL_AUDIT_MESSAGE_CLASS event class.
Definition: plugin_audit_message_types.h:40
void mysql_audit_initialize()
Initialize Audit global variables.
Definition: sql_audit.cc:1185
char * argv[]
Definition: example1.cc:2
mysql_event_authorization_subclass_t
Events for MYSQL_AUDIT_AUTHORIZATION_CLASS event class.
Definition: plugin_audit.h:248
mysql_event_server_startup_subclass_t
Events for MYSQL_AUDIT_SERVER_STARTUP_CLASS event class.
Definition: plugin_audit.h:373
mysql_event_query_subclass_t
Events for MYSQL_AUDIT_QUERY_CLASS event class.
Definition: plugin_audit.h:475
occurs before emitting to the general query log.
Definition: plugin_audit.h:112
mysql_event_authentication_subclass_t
Events for MYSQL_AUDIT_AUTHENTICATION_CLASS event class.
Definition: plugin_audit.h:553
static const size_t MAX_USER_HOST_SIZE
Definition: sql_audit.h:37
void mysql_audit_finalize()
Finalize Audit global variables.
Definition: sql_audit.cc:1198
char msg[1024]
Definition: test_sql_9_sessions.cc:282
mysql_event_parse_rewrite_plugin_flag
Definition: plugin_audit.h:217
mysql_event_server_shutdown_subclass_t
Events for MYSQL_AUDIT_SERVER_SHUTDOWN_CLASS event class.
Definition: plugin_audit.h:399
enum_server_command
A list of all MySQL protocol commands.
Definition: my_command.h:47
command
Definition: version_token.cc:278
mysql_event_connection_subclass_t
Events for MYSQL_AUDIT_CONNECTION_CLASS event class.
Definition: plugin_audit.h:150
mysql_event_general_subclass_t
Events for the MYSQL_AUDIT_GENERAL_CLASS event class.
Definition: plugin_audit.h:110
void mysql_audit_free_thd(THD *thd)
Free thd variables used by Audit.
Definition: sql_audit.cc:1160
int mysql_audit_acquire_plugins(THD *thd, mysql_event_class_t event_class, unsigned long event_subclass)
Acquire audit plugins.
Definition: sql_audit.cc:1060
#define AUDIT_EVENT(x)
Audit API event to string expanding macro.
Definition: sql_audit.h:42
COM_DATA cmd
Definition: test_session_info.cc:95
const string value("\alue\)
static STATUS status
Definition: mysql.cc:191
Definition: table.h:2442
mysql_event_parse_subclass_t
Events for MYSQL_AUDIT_PARSE_CLASS event class.
Definition: plugin_audit.h:207
static int flags[50]
Definition: hp_test1.cc:39
mysql_event_stored_program_subclass_t
Events for MYSQL_AUDIT_STORED_PROGRAM_CLASS event class.
Definition: plugin_audit.h:514
bool is_audit_plugin_class_active(THD *thd, unsigned long event_class)
There&#39;s at least one active audit plugin tracking a specified class.
Definition: sql_audit.cc:1394
mysql_event_command_subclass_t
Events for MYSQL_AUDIT_COMMAND_CLASS event class.
Definition: plugin_audit.h:437
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:777
int finalize_audit_plugin(st_plugin_int *plugin)
Finalize an Audit plug-in.
Definition: sql_audit.cc:1268