1 #ifndef SQL_AUDIT_INCLUDED
2 #define SQL_AUDIT_INCLUDED
3 
4 /* Copyright (c) 2007, 2021, Oracle and/or its affiliates.
5 
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License, version 2.0,
8    as published by the Free Software Foundation.
9 
10    This program is also distributed with certain software (including
11    but not limited to OpenSSL) that is licensed under separate terms,
12    as designated in a particular file or component or in included license
13    documentation.  The authors of MySQL hereby grant you an additional
14    permission to link the program and your derivative works with the
15    separately licensed software that they have included with MySQL.
16 
17    This program is distributed in the hope that it will be useful,
18    but WITHOUT ANY WARRANTY; without even the implied warranty of
19    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20    GNU General Public License, version 2.0, for more details.
21 
22    You should have received a copy of the GNU General Public License
23    along with this program; if not, write to the Free Software
24    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
25 
26 #include "my_global.h"
27 #include "mysql/plugin_audit.h"
28 #include "sql_security_ctx.h"       // Security_context
29 
30 static const size_t MAX_USER_HOST_SIZE= 512;
31 
32 /**
33   Audit API event to string expanding macro.
34 */
35 #define AUDIT_EVENT(x) x, #x
36 
37 bool is_audit_plugin_class_active(THD *thd, unsigned long event_class);
38 bool is_global_audit_mask_set();
39 
make_user_name(Security_context * sctx,char * buf)40 static inline size_t make_user_name(Security_context *sctx, char *buf)
41 {
42   LEX_CSTRING sctx_user= sctx->user();
43   LEX_CSTRING sctx_host= sctx->host();
44   LEX_CSTRING sctx_ip= sctx->ip();
45   LEX_CSTRING sctx_priv_user= sctx->priv_user();
46   return static_cast<size_t>(strxnmov(buf, MAX_USER_HOST_SIZE,
47                                       sctx_priv_user.str[0] ?
48                                         sctx_priv_user.str : "", "[",
49                                       sctx_user.length ? sctx_user.str :
50                                                          "", "] @ ",
51                                       sctx_host.length ? sctx_host.str :
52                                                          "", " [",
53                                       sctx_ip.length ? sctx_ip.str : "", "]",
54                                       NullS)
55                              - buf);
56 }
57 
58 #ifndef EMBEDDED_LIBRARY
59 struct st_plugin_int;
60 
61 int initialize_audit_plugin(st_plugin_int *plugin);
62 int finalize_audit_plugin(st_plugin_int *plugin);
63 
64 void mysql_audit_initialize();
65 void mysql_audit_finalize();
66 
67 void mysql_audit_init_thd(THD *thd);
68 void mysql_audit_free_thd(THD *thd);
69 int mysql_audit_acquire_plugins(THD *thd, mysql_event_class_t event_class,
70                                 unsigned long event_subclass);
71 void mysql_audit_release(THD *thd);
72 
73 /**
74   Call audit plugins of GENERAL audit class.
75 
76   @param[in] thd              Current thread data.
77   @param[in] subclass         Type of general audit event.
78   @param[in] subclass_name    Subclass name.
79   @param[in] error_code       Error code
80   @param[in] msg              Message
81   @param[in] msg_len          Message length.
82 
83   @result Value returned is not taken into consideration by the server.
84 */
85 int mysql_audit_notify(THD *thd, mysql_event_general_subclass_t subclass,
86                        const char* subclass_name,
87                        int error_code, const char *msg, size_t msg_len);
88 /**
89   Call audit plugins of GENERAL LOG audit class.
90 
91   @param[in] thd    Current thread data.
92   @param[in] cmd    Command text.
93   @param[in] cmdlen Command text length.
94 
95   @result Value returned is not taken into consideration by the server.
96 */
97 inline static
mysql_audit_general_log(THD * thd,const char * cmd,size_t cmdlen)98 int mysql_audit_general_log(THD *thd, const char *cmd, size_t cmdlen)
99 {
100   return mysql_audit_notify(thd, AUDIT_EVENT(MYSQL_AUDIT_GENERAL_LOG),
101                             0, cmd, cmdlen);
102 }
103 
104 /**
105   Call audit plugins of CONNECTION audit class.
106 
107   @param[in] thd              Current thread context.
108   @param[in] subclass         Type of the connection audit event.
109   @param[in] subclass_name    Name of the subclass.
110   @param[in] errcode          Error code.
111 
112   @result 0 - continue server flow, otherwise abort.
113 */
114 int mysql_audit_notify(THD *thd, mysql_event_connection_subclass_t subclass,
115                        const char *subclass_name, int errcode);
116 
117 /**
118   Call audit plugins of PARSE audit class.
119 
120   @param[in]  thd             Current thread context.
121   @param[in]  subclass        Type of the parse audit event.
122   @param[in]  subclass_name   Name of the subclass.
123   @param[out] flags           Rewritten query flags.
124   @param[out] rewritten_query Rewritten query
125 
126   @result 0 - continue server flow, otherwise abort.
127 */
128 int mysql_audit_notify(THD *thd, mysql_event_parse_subclass_t subclass,
129                        const char* subclass_name,
130                        mysql_event_parse_rewrite_plugin_flag *flags,
131                        LEX_CSTRING *rewritten_query);
132 
133 /**
134   Call audit plugins of AUTHORIZATION audit class.
135 
136   @param[in] thd
137   @param[in] subclass         Type of the connection audit event.
138   @param[in] subclass_name    Name of the subclass.
139   @param[in] database         object database
140   @param[in] database_length  object database length
141   @param[in] name             object name
142   @param[in] name_length      object name length
143 
144   @result 0 - continue server flow, otherwise abort.
145 */
146 int mysql_audit_notify(THD *thd, mysql_event_authorization_subclass_t subclass,
147                        const char *subclass_name,
148                        const char *database, unsigned int database_length,
149                        const char *name, unsigned int name_length);
150 /**
151   Call audit plugins of TABLE ACCESS audit class events for all tables
152   available in the list.
153 
154   Event subclass value depends on the thd->lex->sql_command value.
155 
156   The event is generated for 'USER' and 'SYS' tables only.
157 
158   @param[in] thd    Current thread data.
159   @param[in] table  Connected list of tables, for which event is generated.
160 
161   @result 0 - continue server flow, otherwise abort.
162 */
163 int mysql_audit_table_access_notify(THD *thd, TABLE_LIST *table);
164 
165 /**
166   Call audit plugins of GLOBAL VARIABLE audit class.
167 
168   @param[in] thd           Current thread data.
169   @param[in] subclass      Type of the global variable audit event.
170   @param[in] subclass_name Name of the subclass.
171   @param[in] name          Name of the variable.
172   @param[in] value         Textual value of the variable.
173   @param[in] value_length  Textual value length.
174 
175   @result 0 - continue server flow, otherwise abort.
176 */
177 int mysql_audit_notify(THD *thd, mysql_event_global_variable_subclass_t subclass,
178                        const char *subclass_name,
179                        const char *name,
180                        const char *value, const unsigned int value_length);
181 /**
182   Call audit plugins of SERVER STARTUP audit class.
183 
184   @param[in] subclass Type of the server startup audit event.
185   @param[in] subclass_name Name of the subclass.
186   @param[in] argv     Array of program arguments.
187   @parma[in] argc     Program arguments array length.
188 
189   @result 0 - continue server start, otherwise abort.
190 */
191 int mysql_audit_notify(mysql_event_server_startup_subclass_t subclass,
192                        const char *subclass_name,
193                        const char **argv,
194                        unsigned int argc);
195 
196 /**
197   Call audit plugins of SERVER SHUTDOWN audit class.
198 
199   @param[in] subclass  Type of the server abort audit event.
200   @param[in] reason    Reason code of the shutdown.
201   @param[in] exit_code Abort exit code.
202 
203   @result Value returned is not taken into consideration by the server.
204 */
205 int mysql_audit_notify(mysql_event_server_shutdown_subclass_t subclass,
206                        mysql_server_shutdown_reason_t reason, int exit_code);
207 
208 /**
209   Call audit plugins of AUTHORIZATION audit class.
210 
211   @param[in] thd           Current thread data.
212   @param[in] subclass      Type of the authorization audit event.
213   @param[in] subclass_name Name of the subclass.
214   @param[in] database      Database name.
215   @param[in] table         Table name.
216   @param[in] object        Object name associated with the authorization event.
217 
218   @result 0 - continue server flow, otherwise abort.
219 */
220 /*
221   Function commented out. No Audit API calls yet.
222 
223 int mysql_audit_notify(THD *thd,
224                        mysql_event_authorization_subclass_t subclass,
225                        const char *subclass_name,
226                        const char *database,
227                        const char *table,
228                        const char *object);
229 */
230 /**
231   Call audit plugins of CONNECTION audit class.
232 
233   Internal connection info is extracted from the thd object.
234 
235   @param[in] thd           Current thread data.
236   @param[in] subclass      Type of the connection audit event.
237   @param[in] subclass_name Name of the subclass.
238 
239   @result 0 - continue server flow, otherwise abort.
240 */
241 int mysql_audit_notify(THD *thd, mysql_event_connection_subclass_t subclass,
242                        const char *subclass_name);
243 
244 /**
245   Call audit plugins of COMMAND audit class.
246 
247   Internal connection info is extracted from the thd object.
248 
249   @param[in] thd           Current thread data.
250   @param[in] subclass      Type of the command audit event.
251   @param[in] subclass_name Name of the subclass.
252   @param[in] command       Command id value.
253   @param[in] command_text  Command string value.
254 
255   @result 0 - continue server flow, otherwise abort.
256 */
257 int mysql_audit_notify(THD *thd, mysql_event_command_subclass_t subclass,
258                        const char *subclass_name,
259                        enum_server_command command,
260                        const char *command_text);
261 /**
262   Call audit plugins of QUERY audit class.
263 
264   Internal query info is extracted from the thd object.
265 
266   @param[in] thd           Current thread data.
267   @param[in] subclass      Type of the query audit event.
268   @param[in] subclass_name Name of the subclass.
269 
270   @result 0 - continue server flow, otherwise abort.
271 */
272 int mysql_audit_notify(THD *thd, mysql_event_query_subclass_t subclass,
273                        const char *subclass_name);
274 
275 /**
276   Call audit plugins of STORED PROGRAM audit class.
277 
278   @param[in] thd           Current thread data.
279   @param[in] subclass      Type of the stored program audit event.
280   @param[in] subclass_name Name of the subclass.
281   @param[in] database      Stored program database name.
282   @param[in] name          Name of the stored program.
283   @param[in] parameters    Parameters of the stored program execution.
284 
285   @result 0 - continue server flow, otherwise abort.
286 */
287 int mysql_audit_notify(THD *thd,
288                        mysql_event_stored_program_subclass_t subclass,
289                        const char *subclass_name,
290                        const char *database,
291                        const char *name,
292                        void *parameters);
293 
294 #endif /* !EMBEDDED_LIBRARY */
295 #endif /* SQL_AUDIT_INCLUDED */
296