WL#5571: Audit interface: MYSQL_AUDIT_GENERAL_STATUS event

Affects: Server-5.5   —   Status: Complete   —   Priority: Low

This worklog aims to address two deficiencies in audit interface:

1. Currently there is no way to audit client connections when general log is
off. There is no good excuse for this requirement. But there is at least one
good reason not to have this requirement: performance.

2. If an error occurs during query execution, MYSQL_AUDIT_GENERAL_ERROR is
triggered before transmitting errors. If no error occurred,
MYSQL_AUDIT_GENERAL_RESULT event is triggered after transmitting a result set.
This is rather inconsistent - there is no way to reliably determine when query
processing has actually finished. MYSQL_AUDIT_GENERAL_LOG solves this
deficiency, but it requires general log on.
We will add new event within general class: MYSQL_AUDIT_GENERAL_STATUS.

Comparing to MYSQL_AUDIT_GENERAL_LOG it will be triggered independently of
general log state.

Comparing to MYSQL_AUDIT_GENERAL_RESULT it will be triggered independently of
diagnostics area state.

mysql_event_general::general_command shall always store proper command name as
defined in command_name array (see sql_parse.cc). Not error string as with
MYSQL_AUDIT_GENERAL_ERROR, not NULL as with MYSQL_AUDIT_GENERAL_RESULT.

mysql_event_general::general_error_code shall always store command execution
status. 0 - success, non-0 - error code.


We will add new audit class for auditing connections: MYSQL_AUDIT_CONNECTION_CLASS.
It'll consist of 3 events: MYSQL_AUDIT_CONNECTION_CONNECT,
MYSQL_AUDIT_CONNECTION_DISCONNECT, MYSQL_AUDIT_CONNECTION_CHANGE_USER.
MYSQL_AUDIT_CONNECTION_CONNECT handler arguments are: event class, event
subclass, authentication status, authenticated user name, authorized user name,
external user, proxy user, originating host, database name, connection id.
MYSQL_AUDIT_CONNECTION_CONNECT is to be triggered after authentication phase is
completed.


MYSQL_AUDIT_CONNECTION_CHANGE_USER handler arguments are: event class, event
subclass, authentication status, authenticated user name, authorized user name,
external user, proxy user, originating host, database name, connection id.
MYSQL_AUDIT_CONNECTION_CHANGE_USER is to be triggered after COM_CHANGE_USER RPC
is completed.


MYSQL_AUDIT_CONNECTION_DISCONNECT handler arguments are: event class, event
subclass, connection id.
MYSQL_AUDIT_CONNECTION_DISCONNECT is to be triggered after connection is terminated.