From: Sergey Vojtovich Date: November 17 2010 10:08am Subject: bzr commit into mysql-5.5-bugteam branch (sergey.vojtovich:3112) WL#5571 List-Archive: http://lists.mysql.com/commits/124126 Message-Id: <201011171009.oAH5qkhK005028@acsinet15.oracle.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4229737832806175296==" --===============4229737832806175296== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/svoj/mysql/server/mysql-5.5-bugteam-wl5571/ based on revid:alexander.nozdrin@stripped 3112 Sergey Vojtovich 2010-11-17 WL#5571 - Audit interface: MYSQL_AUDIT_GENERAL_STATUS event @ include/mysql/plugin_audit.h Connection auditing class. @ include/mysql/plugin_audit.h.pp Connection auditing class. @ sql/mysqld.cc Notify disconnect to auditing. @ sql/sql_audit.cc Connection class event dispatcher. @ sql/sql_audit.h mysql_audit_notify() is not available in embedded. @ sql/sql_connect.cc Notify connect to auditing. @ sql/sql_parse.cc Notify user change to auditing. modified: include/mysql/plugin_audit.h include/mysql/plugin_audit.h.pp sql/mysqld.cc sql/sql_audit.cc sql/sql_audit.h sql/sql_connect.cc sql/sql_parse.cc === modified file 'include/mysql/plugin_audit.h' --- a/include/mysql/plugin_audit.h 2010-04-15 09:05:17 +0000 +++ b/include/mysql/plugin_audit.h 2010-11-17 10:08:05 +0000 @@ -42,6 +42,8 @@ struct mysql_event LOG events occurs before emitting to the general query log. ERROR events occur before transmitting errors to the user. RESULT events occur after transmitting a resultset to the user. + STATUS events occur after transmitting a resultset or errors + to the user. */ #define MYSQL_AUDIT_GENERAL_CLASS 0 @@ -49,6 +51,7 @@ struct mysql_event #define MYSQL_AUDIT_GENERAL_LOG 0 #define MYSQL_AUDIT_GENERAL_ERROR 1 #define MYSQL_AUDIT_GENERAL_RESULT 2 +#define MYSQL_AUDIT_GENERAL_STATUS 3 struct mysql_event_general { @@ -68,6 +71,43 @@ struct mysql_event_general }; +/* + AUDIT CLASS : CONNECTION + + CONNECT occurs after authentication phase is completed. + DISCONNECT occurs after connection is terminated. + CHANGE_USER occurs after COM_CHANGE_USER RPC is completed. +*/ + +#define MYSQL_AUDIT_CONNECTION_CLASS 1 +#define MYSQL_AUDIT_CONNECTION_CLASSMASK (1 << MYSQL_AUDIT_CONNECTION_CLASS) +#define MYSQL_AUDIT_CONNECTION_CONNECT 0 +#define MYSQL_AUDIT_CONNECTION_DISCONNECT 1 +#define MYSQL_AUDIT_CONNECTION_CHANGE_USER 2 + +struct mysql_event_connection +{ + unsigned int event_class; + unsigned int event_subclass; + int status; + unsigned long thread_id; + const char *user; + unsigned int user_length; + const char *priv_user; + unsigned int priv_user_length; + const char *external_user; + unsigned int external_user_length; + const char *proxy_user; + unsigned int proxy_user_length; + const char *host; + unsigned int host_length; + const char *ip; + unsigned int ip_length; + const char *database; + unsigned int database_length; +}; + + /************************************************************************* Here we define the descriptor structure, that is referred from st_mysql_plugin. === modified file 'include/mysql/plugin_audit.h.pp' --- a/include/mysql/plugin_audit.h.pp 2010-08-30 14:07:40 +0000 +++ b/include/mysql/plugin_audit.h.pp 2010-11-17 10:08:05 +0000 @@ -208,6 +208,27 @@ struct mysql_event_general unsigned long long general_time; unsigned long long general_rows; }; +struct mysql_event_connection +{ + unsigned int event_class; + unsigned int event_subclass; + int status; + unsigned long thread_id; + const char *user; + unsigned int user_length; + const char *priv_user; + unsigned int priv_user_length; + const char *external_user; + unsigned int external_user_length; + const char *proxy_user; + unsigned int proxy_user_length; + const char *host; + unsigned int host_length; + const char *ip; + unsigned int ip_length; + const char *database; + unsigned int database_length; +}; struct st_mysql_audit { int interface_version; === modified file 'sql/mysqld.cc' --- a/sql/mysqld.cc 2010-10-08 14:52:39 +0000 +++ b/sql/mysqld.cc 2010-11-17 10:08:05 +0000 @@ -1992,6 +1992,9 @@ void close_connection(THD *thd, uint err { sleep(0); /* Workaround to avoid tailcall optimisation */ } + mysql_audit_notify( + thd, MYSQL_AUDIT_CONNECTION_CLASS, MYSQL_AUDIT_CONNECTION_DISCONNECT, + errcode, thd->thread_id, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); DBUG_VOID_RETURN; } #endif /* EMBEDDED_LIBRARY */ === modified file 'sql/sql_audit.cc' --- a/sql/sql_audit.cc 2010-08-20 09:58:28 +0000 +++ b/sql/sql_audit.cc 2010-11-17 10:08:05 +0000 @@ -81,9 +81,34 @@ static void general_class_handler(THD *t } +static void connection_class_handler(THD *thd, uint event_subclass, va_list ap) +{ + mysql_event_connection event; + event.event_class= MYSQL_AUDIT_CONNECTION_CLASS; + event.event_subclass= event_subclass; + event.status= va_arg(ap, int); + event.thread_id= va_arg(ap, unsigned long); + event.user= va_arg(ap, const char *); + event.user_length= va_arg(ap, unsigned int); + event.priv_user= va_arg(ap, const char *); + event.priv_user_length= va_arg(ap, unsigned int); + event.external_user= va_arg(ap, const char *); + event.external_user_length= va_arg(ap, unsigned int); + event.proxy_user= va_arg(ap, const char *); + event.proxy_user_length= va_arg(ap, unsigned int); + event.host= va_arg(ap, const char *); + event.host_length= va_arg(ap, unsigned int); + event.ip= va_arg(ap, const char *); + event.ip_length= va_arg(ap, unsigned int); + event.database= va_arg(ap, const char *); + event.database_length= va_arg(ap, unsigned int); + event_class_dispatch(thd, (const mysql_event*) &event); +} + + static audit_handler_t audit_handlers[] = { - general_class_handler + general_class_handler, connection_class_handler }; static const uint audit_handlers_count= === modified file 'sql/sql_audit.h' --- a/sql/sql_audit.h 2010-09-20 14:17:32 +0000 +++ b/sql/sql_audit.h 2010-11-17 10:08:05 +0000 @@ -32,8 +32,12 @@ extern void mysql_audit_free_thd(THD *th extern void mysql_audit_acquire_plugins(THD *thd, uint event_class); +#ifndef EMBEDDED_LIBRARY extern void mysql_audit_notify(THD *thd, uint event_class, uint event_subtype, ...); +#else +#define mysql_audit_notify(...) +#endif extern void mysql_audit_release(THD *thd); #define MAX_USER_HOST_SIZE 512 @@ -84,6 +88,7 @@ void mysql_audit_general_log(THD *thd, t event_subtype should be set to one of: MYSQL_AUDIT_GENERAL_ERROR MYSQL_AUDIT_GENERAL_RESULT + MYSQL_AUDIT_GENERAL_STATUS @param[in] thd @param[in] event_subtype Type of general audit event. === modified file 'sql/sql_connect.cc' --- a/sql/sql_connect.cc 2010-09-20 14:17:32 +0000 +++ b/sql/sql_connect.cc 2010-11-17 10:08:05 +0000 @@ -728,9 +728,26 @@ void do_handle_one_connection(THD *thd_a for (;;) { NET *net= &thd->net; + bool rc; lex_start(thd); - if (login_connection(thd)) + rc= login_connection(thd); + mysql_audit_notify( + thd, MYSQL_AUDIT_CONNECTION_CLASS, MYSQL_AUDIT_CONNECTION_CONNECT, + thd->stmt_da->is_error() ? thd->stmt_da->sql_errno() : 0, + thd->thread_id, thd->security_ctx->user, + thd->security_ctx->user ? strlen(thd->security_ctx->user) : 0, + thd->security_ctx->priv_user, strlen(thd->security_ctx->priv_user), + thd->security_ctx->external_user, + thd->security_ctx->external_user ? + strlen(thd->security_ctx->external_user) : 0, + thd->security_ctx->proxy_user, strlen(thd->security_ctx->proxy_user), + thd->security_ctx->host, + thd->security_ctx->host ? strlen(thd->security_ctx->host) : 0, + thd->security_ctx->ip, + thd->security_ctx->ip ? strlen(thd->security_ctx->ip) : 0, + thd->db, thd->db ? strlen(thd->db) : 0); + if (rc) goto end_thread; MYSQL_CONNECTION_START(thd->thread_id, thd->security_ctx->priv_user, === modified file 'sql/sql_parse.cc' --- a/sql/sql_parse.cc 2010-10-23 13:09:27 +0000 +++ b/sql/sql_parse.cc 2010-11-17 10:08:05 +0000 @@ -934,6 +934,7 @@ bool dispatch_command(enum enum_server_c #endif case COM_CHANGE_USER: { + bool rc; status_var_increment(thd->status_var.com_other); thd->change_user(); @@ -953,7 +954,23 @@ bool dispatch_command(enum enum_server_c CHARSET_INFO *save_character_set_results= thd->variables.character_set_results; - if (acl_authenticate(thd, 0, packet_length)) + rc= acl_authenticate(thd, 0, packet_length); + mysql_audit_notify( + thd, MYSQL_AUDIT_CONNECTION_CLASS, MYSQL_AUDIT_CONNECTION_CHANGE_USER, + thd->stmt_da->is_error() ? thd->stmt_da->sql_errno() : 0, + thd->thread_id, thd->security_ctx->user, + thd->security_ctx->user ? strlen(thd->security_ctx->user) : 0, + thd->security_ctx->priv_user, strlen(thd->security_ctx->priv_user), + thd->security_ctx->external_user, + thd->security_ctx->external_user ? + strlen(thd->security_ctx->external_user) : 0, + thd->security_ctx->proxy_user, strlen(thd->security_ctx->proxy_user), + thd->security_ctx->host, + thd->security_ctx->host ? strlen(thd->security_ctx->host) : 0, + thd->security_ctx->ip, + thd->security_ctx->ip ? strlen(thd->security_ctx->ip) : 0, + thd->db, thd->db ? strlen(thd->db) : 0); + if (rc) { my_free(thd->security_ctx->user); *thd->security_ctx= save_security_ctx; @@ -1387,6 +1404,10 @@ bool dispatch_command(enum enum_server_c if (!thd->is_error() && !thd->killed_errno()) mysql_audit_general(thd, MYSQL_AUDIT_GENERAL_RESULT, 0, 0); + mysql_audit_general(thd, MYSQL_AUDIT_GENERAL_STATUS, + thd->stmt_da->is_error() ? thd->stmt_da->sql_errno() : 0, + command_name[command].str); + log_slow_statement(thd); thd_proc_info(thd, "cleaning up"); --===============4229737832806175296== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/sergey.vojtovich@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: sergey.vojtovich@stripped\ # xvnr1achqny6j3i8 # target_branch: file:///home/svoj/mysql/server/mysql-5.5-bugteam-\ # wl5571/ # testament_sha1: 276154437e890ce10ad8f7f3d69ad01b8bee00b3 # timestamp: 2010-11-17 13:08:14 +0300 # base_revision_id: alexander.nozdrin@stripped\ # 72etkcvpqj4ae8rs # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWXVP9mAACFL/gFQQEABZd/// /u//qr////pgDw+3ePW8Z9tK5fZtrW0ra1HPTeNXddu3QHu7lABtqrQqhQGIIQmgAGTTQAAADQAA A0AAymSaaaaano1MTRIYjCAAANAAAABJQDSniRkamKeon6iPU0AA0ZBoPUAAaAJChAhKeaGEmU/V D0zVA2U9NR6mgPUANNGgARSmhSfqME2ij1PaU9JkfqnkNR6R6gaGQAANDIIpCAQ0AE0yDQE00anq kyGhiPUPUB6g0/VEhQBDoIQAAMAs/igrsEusyeWq4DFqYVTSWMANtIR0eDs4f7T8XP0/dR78A2Hc zAfoQdNfGL7UAug8tv4/WhIgAFW5mXKm+9q23x3NKIj+fk5qor7QCA85PREHTWu+EMNaErOrN8ZQ rOjbHvtyNy3pAiTkhDhCFH5Oy/cbkg87Ke6l9X5JcqTG22xsGxNpsw7EJiXsekLuqC/jDLUTVrju ObmqP7Krmx5qXJ4zPQnkZi6Fr89S1IMbzSFoizeeYOrQ2NvYhZX/rqOYQA7gcFBkXyiIMuTM1gsB haOBiIkzR1PralMXT+UFoTnJoRS4sX2y7WlkJYFnhdfYQUqR5M1jOBL98ZxLScAQHAWdFR8+trTT E6J/qpYM9SW7E0rRD9T9aATPgawgvoLMJsbNhXmjNkrkIQsEaqqjQAU9PTyI8ekv2dA2b+nfeEvQ wIb7wLIw7/S7EGqAA/x9xNmx3u5kTlvAJBq07+Uxcp0+Md3z6kjoOAO9Jo2rg22wbbbbbfFIeD0p crSXlxMjrLhmgqKpbrotOiITI0x2uArA4SpqdgOrPt1z9E0pSlKUsiGNhh6CdgRsA8La2vBeHpEO NgCQASYQkPnj5tz8vy+PO43erqt8cfOxKx15hBoOjFdF63m+1++10NxXl03aY1FEm5xppsSJINC1 1JMLo/7h0qHp5963nPeQZbKLQKRDVw5aOPOpXrhJFJJVBOGqAbZyBaRWM+phQY0XqIIO41OlG0Gs TQiJJNPGK9U5zIkOavj/6Uuz34CFeJDU33FrKCYjIpmJtcpIXcUgPeLtG6FURcycqSW2xQseEwMX WB6uXja9jOHkDeCYpaG10Z5bIyJelUGQ2PfswgcB98AVMIn9ELhDHdVwNk89tdjGLJEm2kCG4tsr UPIF4LjbZQYyux45RS8QcszE6uBZbCA1Asy5DdzeYNTx66w4oK1MoFakDBerCCpyDs7YN21KFBXg m4SdZ+9J7CDNK2Rv70UEzyFwsM59nGCtoZnaQhrhVh1GbXeX2sEkOowwOGXQ0upbMtc80EIib8C4 pXeLBsHbhG6w3C8SLI4VuzwK5PnrrEdDK65XcsziPR152zVWdq+j4Yw9RJQCQr3Gk6YFbHYKWi04 QnBaryoyERbjvWhzREvVmQZxlUdLK2ZwjmZjAsSovJGk1l+qhIncnAQ5vBJuDyHA9QU0pHXJjW50 2hTlZoUSwIQMxuKVCKDbkk2Fa8iTxy7FwJhA3GZ0o3h8Ec5TKnAdWb0R30hOqVwKiszcuLM3F5qg 1BcXH0Sj1O5x0OS/ZdSDRmhzmIJd/hymnFmNxKCBtd3MomMb+dYploipQtmeKuZI9lU2lLHc3UY8 Yx3tWMnxeOY2E5E5wE7M2aaFlMLTmazIHMvCwxCw5azu/m8W8ro9WNlU8ZTm/inWJaqtKG91CckR Msy0Fz4PY1wMVDZiiCIuQiNBv48Ogs2ggT2NI1mNwRLwjlnVU0HIrQsBBWSw3uVLLWwi2CCEhguM eBK5byw9O2kzbJBptGuQoKZnQdK1DrOJuPEeC4oGUznsRs9VZOGKaoIU+QyQVKjNFJ2zkQfYaZTg qkypUz4G1bZPLxqDaniKQkJt1BogOW+0cJ0NVbIBKMAkdTCgkUcNOskHJykOqTZUGdAkPclc3cZM Kcx9yNiMKFJqGL6Re9xWRobzgWLI45CV9zTQw/rDKN4BJ0YQgPklK7x84ToSAkBChBA9KU4uo+IF J404zGEsIpcYTx7h8JA9wFxEPN2wR5GDNIzqLHvkFQtgejV2AO2dvLDLKK2KWe12tpsY2mSiO6sK TREQW7FsHVCqF5HSbdTuKGk8HD4g9IP1eAHgjP/iAe3jTBtNDd37er13l7GxN7oyRoVQR3rRPGtn /Igrm/EEee+/1hmCwQKg8O4M9HCTIRT+5AU9CA/oJZXQv1cvQYBFArCaAam/ZAJCO+9AsA033a6o iCIgLGQTn/wgSAxa4wwLYCxPzkLYlECBDUlgW25eCBu8tyBqpAlyMEBuoGoP3gH9ad7BoGB0hCCi niAEF8FU0wkWdaEmmV0WSse57hIgJk5E4J3QV0S1LfOahMPQzEIQhCEkYyEk5LxegvAPE+Qqj4u4 +U8uzN5yspdfKYUDGcpfOrnOacxGQextViFhksQevgVh2hdQNCB2DB0AqI0yTzvguIfXiAGkvlPa 5wlc4wCSJfxIGkA98yZaIHAruHbGgx4yWmNIbxHKlcpFmQwfiY92urrORwJG076iZUkCB0IHgHE4 i7kaTLm+B4j7Bl56/GSOoZy4N84BexNhdkGjcQFOkhxnIbzIqaQuDAKHGsS8qznaAULy8mH+AXu8 14ZAyc+cgTkKTrUJQS34Id5iAkg0ht3EXp/llRoioCIhUtzOc5oFQAaJABD/FjRNFlwsKQkEAD6r UHmnM6Hbjd2nXgHadUiRaSOCHV2ZjNAaMyEgrz+HaWnJwEK8BjaMjO/oc+JHX+o5DXtdhtPLX05l cFmzT+i2ydO13Hs8ir2AymzfGYAKny93Ycfs52/8O3NePcBKVnh67660hBkQvHxPAq5Gc5FuD3nV J4nWdG005q8llLozFXZFhQ8TBsz3vBd66G3XJJT1i5BLHUYGkdl8zf9XegWgBjIFrbplvZKWYoNL 8XsoNLaoaSY+AgOQhQBMz7J63QjNk9p4l4ujvAqc5BIzLnYhNJi2jCIPwVi2oNg2SAohNqsLtE4D hJ2XqnBJkdegb+f66O4hu1WYC1q/nhJE+sSYCUFolbmV4D7ldZG0Ey5nqPBDxOXaUA4MzvO4sLDz Pq+W48jb2FZYfP2+p7NHEDEw03SsTfTifotHIsLYuRc7iSrslBTWEYnAUgaWxNgBCbms855fsywG IB78uUvFPgTJ8OYFxSl4p90+OhGuQyhJL9P2/ZmiVAn1ANDIU67H42tgC6sCRZi9r9B+hXuIrELB 5O15ok09s3sY0PJ6O8Q5dZsK24Epx5cFuhEivu+xAH1PyoBzBfE1dOaLUcTF2qX9hmPuJavCdw9u cwDwhB+fTC61DShBHQeh0uIgJuHESDZAAebqNgAeJAlbgtms9vYQ7WJ9htYBPOojv1uZJ9wnN2Hi 9jFzeVSVmGZzp5Qmig9KwDJbJAgHGtorROui9kUQYRNoucU4O8vbYpHL7u7U8g9XToq1mcMom9uB cnJ0M6Em/b7WtoGkDWfctut5J6uRhLrgJlicx3Ff0NRzlIjt3q3myOJptR8gk9gOjSqhMb0A1Lcn lemFgwQ1QyXUgcALVQbrQkmAinXQKY0QL3JkS08HyciQIfVsTQC5bxS0yQowIkQkQJDvOZk2iGdx VhidTyGPOmllZuDvsNXnpcjo2v4hQodbcIGxE2WPfRD+9hRk8RdykYIepBviZStn0TvCDlw87Ms4 JSJJ0lnOQQATZvHUAe95YOJ5wsIeCVklsAwv9tF/IWN+94OOQ6Vj1o2eysEdgdpbOPKoVJ0I9ntf B93cnTH1dZofQ3AL2CE03HdyRITdD1TlJhDshXMIQVkANFAglT8jYe5Y91j5OUcECzj8SAroAQCZ SO76OcANAmcXg2NmKQDdi/VLMLqBAlYFt7anw0pacmT73B1mx3OLHDvojMMbsmrmBLcR8OGKTF5Q AlwqeZ6AQu/5jLAGOtdoLiJJakM3dV5YLmeUkkmJpXxmdDqxha5yRuSgqVVOFVCtVSaaFdQG92mG UUkJTr6zHKOYSUz8ECVGtLPuFjkeLm1OWETMDjBLtL5jIgmQJBEqQwESGSsIza+E19hqktlbNNwt EsGiQz+ZVlXwHGWqwGBefs3XLCJ5P4POX2tJFAgYMYMYxjGDIQ+eBB6ToUOjuRm1vhOqYHE1bk4L ZDud40cgeDMTB/eCSpAs4Iyb5IWF7eAEgAofS90gezenFpgWB+eCrIT3za3nekwXMSxBDU9DeVwS AggJQPWQ8ICZASjK9z2JrfLrMwlyBZseKgdTH2pYCTE8HreIhdsNChsdrNyPF9aH5OlrcTgAHimd vflqbCbzfitRrcghuezaJra85ogYkoROwwEL/lzgBUJV6gmqx5GnK4rmYxzdTnyN12Oof+LuSKcK Eg6p/swA --===============4229737832806175296==--