1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
|
#ifndef SQL_AUDIT_INCLUDED
#define SQL_AUDIT_INCLUDED
/* Copyright (c) 2007, 2025, Oracle and/or its affiliates.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, version 2.0,
as published by the Free Software Foundation.
This program is designed to work with certain software (including
but not limited to OpenSSL) that is licensed under separate terms,
as designated in a particular file or component or in included license
documentation. The authors of MySQL hereby grant you an additional
permission to link the program and your derivative works with the
separately licensed software that they have either included with
the program or referenced in the documentation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License, version 2.0, for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#include <string.h>
#include "lex_string.h"
#include "m_string.h"
#include "my_command.h"
#include "mysql/plugin_audit.h"
class THD;
class Security_context;
class Table_ref;
static const size_t MAX_USER_HOST_SIZE = 512;
/**
Audit API event to string expanding macro.
*/
#define AUDIT_EVENT(x) x, #x
bool is_audit_plugin_class_active(THD *thd, unsigned long event_class);
bool is_global_audit_mask_set();
size_t make_user_name(Security_context *sctx, char *buf);
struct st_plugin_int;
int initialize_audit_plugin(st_plugin_int *plugin);
int finalize_audit_plugin(st_plugin_int *plugin);
void mysql_audit_initialize();
void mysql_audit_finalize();
void mysql_audit_init_thd(THD *thd);
void mysql_audit_free_thd(THD *thd);
int mysql_audit_acquire_plugins(THD *thd, mysql_event_class_t event_class,
unsigned long event_subclass,
bool check_audited = true);
void mysql_audit_release(THD *thd);
/**
Enable auditing of the specified THD.
@param[in] thd THD whose auditing capability is turned on.
*/
void mysql_audit_enable_auditing(THD *thd);
/**
Call audit plugins of GENERAL audit class.
@param[in] thd Current thread data.
@param[in] subclass Type of general audit event.
@param[in] subclass_name Subclass name.
@param[in] error_code Error code
@param[in] msg Message
@param[in] msg_len Message length.
@return Value returned is not taken into consideration by the server.
*/
int mysql_audit_notify(THD *thd, mysql_event_general_subclass_t subclass,
const char *subclass_name, int error_code,
const char *msg, size_t msg_len);
/**
Call audit plugins of GENERAL LOG audit class.
@param[in] thd Current thread data.
@param[in] cmd Command text.
@param[in] cmdlen Command text length.
@return Value returned is not taken into consideration by the server.
*/
inline static int mysql_audit_general_log(THD *thd, const char *cmd,
size_t cmdlen) {
return mysql_audit_notify(thd, AUDIT_EVENT(MYSQL_AUDIT_GENERAL_LOG), 0, cmd,
cmdlen);
}
/**
Call audit plugins of CONNECTION audit class.
@param[in] thd Current thread context.
@param[in] subclass Type of the connection audit event.
@param[in] subclass_name Name of the subclass.
@param[in] errcode Error code.
@return 0 continue server flow, otherwise abort.
*/
int mysql_audit_notify(THD *thd, mysql_event_connection_subclass_t subclass,
const char *subclass_name, int errcode);
/**
Call audit plugins of PARSE audit class.
@param[in] thd Current thread context.
@param[in] subclass Type of the parse audit event.
@param[in] subclass_name Name of the subclass.
@param[out] flags Rewritten query flags.
@param[out] rewritten_query Rewritten query
@return 0 continue server flow, otherwise abort.
*/
int mysql_audit_notify(THD *thd, mysql_event_parse_subclass_t subclass,
const char *subclass_name,
mysql_event_parse_rewrite_plugin_flag *flags,
LEX_CSTRING *rewritten_query);
/**
Call audit plugins of AUTHORIZATION audit class.
@param[in] thd Thread data.
@param[in] subclass Type of the connection audit event.
@param[in] subclass_name Name of the subclass.
@param[in] database object database
@param[in] database_length object database length
@param[in] name object name
@param[in] name_length object name length
@return 0 continue server flow, otherwise abort.
*/
int mysql_audit_notify(THD *thd, mysql_event_authorization_subclass_t subclass,
const char *subclass_name, const char *database,
unsigned int database_length, const char *name,
unsigned int name_length);
/**
Call audit plugins of TABLE ACCESS audit class events for all tables
available in the list.
Event subclass value depends on the thd->lex->sql_command value.
The event is generated for 'USER' and 'SYS' tables only.
@param[in] thd Current thread data.
@param[in] table Connected list of tables, for which event is generated.
@return 0 - continue server flow, otherwise abort.
*/
int mysql_audit_table_access_notify(THD *thd, Table_ref *table);
/**
Call audit plugins of GLOBAL VARIABLE audit class.
@param[in] thd Current thread data.
@param[in] subclass Type of the global variable audit event.
@param[in] subclass_name Name of the subclass.
@param[in] name Name of the variable.
@param[in] value Textual value of the variable.
@param[in] value_length Textual value length.
@return 0 continue server flow, otherwise abort.
*/
int mysql_audit_notify(THD *thd,
mysql_event_global_variable_subclass_t subclass,
const char *subclass_name, const char *name,
const char *value, const unsigned int value_length);
/**
Call audit plugins of SERVER STARTUP audit class.
@param[in] subclass Type of the server startup audit event.
@param[in] subclass_name Name of the subclass.
@param[in] argv Array of program arguments.
@param[in] argc Program arguments array length.
@return 0 continue server start, otherwise abort.
*/
int mysql_audit_notify(mysql_event_server_startup_subclass_t subclass,
const char *subclass_name, const char **argv,
unsigned int argc);
/**
Call audit plugins of SERVER SHUTDOWN audit class.
@param[in] subclass Type of the server abort audit event.
@param[in] reason Reason code of the shutdown.
@param[in] exit_code Abort exit code.
@return Value returned is not taken into consideration by the server.
*/
int mysql_audit_notify(mysql_event_server_shutdown_subclass_t subclass,
mysql_server_shutdown_reason_t reason, int exit_code);
#if 0 /* Function commented out. No Audit API calls yet. */
/**
Call audit plugins of AUTHORIZATION audit class.
@param[in] thd Current thread data.
@param[in] subclass Type of the authorization audit event.
@param[in] subclass_name Name of the subclass.
@param[in] database Database name.
@param[in] table Table name.
@param[in] object Object name associated with the authorization event.
@return 0 continue server flow, otherwise abort.
*/
int mysql_audit_notify(THD *thd,
mysql_event_authorization_subclass_t subclass,
const char *subclass_name,
const char *database,
const char *table,
const char *object);
#endif
/**
Call audit plugins of CONNECTION audit class.
Internal connection info is extracted from the thd object.
@param[in] thd Current thread data.
@param[in] subclass Type of the connection audit event.
@param[in] subclass_name Name of the subclass.
@return 0 continue server flow, otherwise abort.
*/
int mysql_audit_notify(THD *thd, mysql_event_connection_subclass_t subclass,
const char *subclass_name);
/**
Call audit plugins of COMMAND audit class.
Internal connection info is extracted from the thd object.
@param[in] thd Current thread data.
@param[in] subclass Type of the command audit event.
@param[in] subclass_name Name of the subclass.
@param[in] command Command id value.
@param[in] command_text Command string value.
@return 0 continue server flow, otherwise abort.
*/
int mysql_audit_notify(THD *thd, mysql_event_command_subclass_t subclass,
const char *subclass_name, enum_server_command command,
const char *command_text);
/**
Call audit plugins of QUERY audit class.
Internal query info is extracted from the thd object.
@param[in] thd Current thread data.
@param[in] subclass Type of the query audit event.
@param[in] subclass_name Name of the subclass.
@return 0 continue server flow, otherwise abort.
*/
int mysql_audit_notify(THD *thd, mysql_event_query_subclass_t subclass,
const char *subclass_name);
/**
Call audit plugins of STORED PROGRAM audit class.
@param[in] thd Current thread data.
@param[in] subclass Type of the stored program audit event.
@param[in] subclass_name Name of the subclass.
@param[in] database Stored program database name.
@param[in] name Name of the stored program.
@param[in] parameters Parameters of the stored program execution.
@return 0 continue server flow, otherwise abort.
*/
int mysql_audit_notify(THD *thd, mysql_event_stored_program_subclass_t subclass,
const char *subclass_name, const char *database,
const char *name, void *parameters);
/**
Call audit plugins of AUTHENTICATION audit class
@param[in] thd Current thread data.
@param[in] subclass Type of the authentication audit event.
@param[in] subclass_name Name of the subclass.
@param[in] status Status of the event.
@param[in] user Name of the user.
@param[in] host Name of the host.
@param[in] authentication_plugin Current authentication plugin for user.
@param[in] is_role Whether given AuthID is a role or not
@param[in] new_user Name of the new user - In case of rename
@param[in] new_host Name of the new host - In case of rename
@return 0 continue server flow, otherwise abort.
*/
int mysql_audit_notify(THD *thd, mysql_event_authentication_subclass_t subclass,
const char *subclass_name, int status, const char *user,
const char *host, const char *authentication_plugin,
bool is_role, const char *new_user,
const char *new_host);
/**
Call audit plugins of MESSAGE audit class.
@param[in] thd Current thread data.
@param[in] subclass Message class subclass name.
@param[in] subclass_name Subclass name length.
@param[in] component Component name.
@param[in] component_length Component name length.
@param[in] producer Producer name.
@param[in] producer_length Producer name length.
@param[in] message Message text.
@param[in] message_length Message text length.
@param[in] key_value_map Key value map pointer.
@param[in] key_value_map_length Key value map length.
@return 0 continue server flow.
*/
int mysql_audit_notify(THD *thd, mysql_event_message_subclass_t subclass,
const char *subclass_name, const char *component,
size_t component_length, const char *producer,
size_t producer_length, const char *message,
size_t message_length,
mysql_event_message_key_value_t *key_value_map,
size_t key_value_map_length);
#endif /* SQL_AUDIT_INCLUDED */
|
