1 /* Copyright (c) 2007, 2018, Oracle and/or its affiliates. All rights reserved.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23 #ifndef SQL_AUDIT_INCLUDED
24 #define SQL_AUDIT_INCLUDED
25
26 #include <my_global.h>
27
28 #include <mysql/plugin_audit.h>
29 #include "sql_class.h"
30 #include "sql_rewrite.h"
31
32 extern unsigned long mysql_global_audit_mask[];
33
34
35 extern void mysql_audit_initialize();
36 extern void mysql_audit_finalize();
37
38
39 extern void mysql_audit_init_thd(THD *thd);
40 extern void mysql_audit_free_thd(THD *thd);
41 extern void mysql_audit_acquire_plugins(THD *thd, uint event_class);
42
43
44 #ifndef EMBEDDED_LIBRARY
45 extern void mysql_audit_notify(THD *thd, uint event_class,
46 uint event_subtype, ...);
47 bool is_any_audit_plugin_active(THD *thd MY_ATTRIBUTE((unused)));
48 bool is_global_audit_mask_set();
49 #else
50 #define mysql_audit_notify(...)
51 #endif
52 extern void mysql_audit_release(THD *thd);
53
54 #define MAX_USER_HOST_SIZE 512
make_user_name(THD * thd,char * buf)55 static inline uint make_user_name(THD *thd, char *buf)
56 {
57 Security_context *sctx= thd->security_ctx;
58 return strxnmov(buf, MAX_USER_HOST_SIZE,
59 sctx->priv_user[0] ? sctx->priv_user : "", "[",
60 sctx->user ? sctx->user : "", "] @ ",
61 sctx->get_host()->length() ? sctx->get_host()->ptr() :
62 "", " [", sctx->get_ip()->length() ? sctx->get_ip()->ptr() :
63 "", "]", NullS) - buf;
64 }
65
66 /**
67 Call audit plugins of GENERAL audit class, MYSQL_AUDIT_GENERAL_LOG subtype.
68
69 @param[in] thd
70 @param[in] cmd Command name
71 @param[in] cmdlen Command name length
72 @param[in] query_str query text. Leave empty to fetch it from THD
73 @param[in] query_len query text length. 0 to fetch it from THD
74 */
75
76 static inline
mysql_audit_general_log(THD * thd,const char * cmd,uint cmdlen,const char * query_str,size_t query_len)77 void mysql_audit_general_log(THD *thd, const char *cmd, uint cmdlen,
78 const char *query_str, size_t query_len)
79 {
80 #ifndef EMBEDDED_LIBRARY
81 if (mysql_global_audit_mask[0] & MYSQL_AUDIT_GENERAL_CLASSMASK)
82 {
83 MYSQL_LEX_STRING sql_command, ip, host, external_user;
84 MYSQL_LEX_STRING query={ (char *)query_str, query_len };
85 static MYSQL_LEX_STRING empty= { C_STRING_WITH_LEN("") };
86 ha_rows rows= 0;
87 int error_code= 0;
88 char user_buff[MAX_USER_HOST_SIZE + 1];
89 const char *user= user_buff;
90 uint userlen= make_user_name(thd, user_buff);
91 time_t time= (time_t) thd->start_time.tv_sec;
92
93 if (thd)
94 {
95 if (!query_len)
96 {
97 /* no query specified, fetch from THD */
98 if (!thd->rewritten_query.length())
99 mysql_rewrite_query(thd);
100 if (thd->rewritten_query.length())
101 {
102 query.str= (char *) thd->rewritten_query.ptr();
103 query.length= thd->rewritten_query.length();
104 }
105 else
106 {
107 query.str= thd->query();
108 query.length= thd->query_length();
109 }
110 }
111 ip.str= (char *) thd->security_ctx->get_ip()->ptr();
112 ip.length= thd->security_ctx->get_ip()->length();
113 host.str= (char *) thd->security_ctx->get_host()->ptr();
114 host.length= thd->security_ctx->get_host()->length();
115 external_user.str= (char *) thd->security_ctx->get_external_user()->ptr();
116 external_user.length= thd->security_ctx->get_external_user()->length();
117 sql_command.str= (char *) sql_statement_names[thd->lex->sql_command].str;
118 sql_command.length= sql_statement_names[thd->lex->sql_command].length;
119 }
120 else
121 {
122 ip= empty;
123 host= empty;
124 external_user= empty;
125 sql_command= empty;
126 }
127 const CHARSET_INFO *clientcs= thd ? thd->variables.character_set_client
128 : global_system_variables.character_set_client;
129
130 mysql_audit_notify(thd, MYSQL_AUDIT_GENERAL_CLASS, MYSQL_AUDIT_GENERAL_LOG,
131 error_code, time, user, userlen, cmd, cmdlen, query.str,
132 query.length, clientcs, rows, sql_command, host,
133 external_user, ip);
134 }
135 #endif
136 }
137
138
139 /**
140 Call audit plugins of GENERAL audit class.
141 event_subtype should be set to one of:
142 MYSQL_AUDIT_GENERAL_ERROR
143 MYSQL_AUDIT_GENERAL_RESULT
144 MYSQL_AUDIT_GENERAL_STATUS
145
146 @param[in] thd
147 @param[in] event_subtype Type of general audit event.
148 @param[in] error_code Error code
149 @param[in] msg Message
150 */
151 static inline
mysql_audit_general(THD * thd,uint event_subtype,int error_code,const char * msg)152 void mysql_audit_general(THD *thd, uint event_subtype,
153 int error_code, const char *msg)
154 {
155 #ifndef EMBEDDED_LIBRARY
156 if (mysql_global_audit_mask[0] & MYSQL_AUDIT_GENERAL_CLASSMASK)
157 {
158 time_t time= my_time(0);
159 uint msglen= msg ? strlen(msg) : 0;
160 uint userlen;
161 const char *user;
162 char user_buff[MAX_USER_HOST_SIZE];
163 CSET_STRING query;
164 MYSQL_LEX_STRING ip, host, external_user, sql_command;
165 ha_rows rows;
166 static MYSQL_LEX_STRING empty= { C_STRING_WITH_LEN("") };
167
168 if (thd)
169 {
170 if (!thd->rewritten_query.length())
171 mysql_rewrite_query(thd);
172 if (thd->rewritten_query.length())
173 query= CSET_STRING((char *) thd->rewritten_query.ptr(),
174 thd->rewritten_query.length(),
175 thd->rewritten_query.charset());
176 else
177 query= thd->query_string;
178 user= user_buff;
179 userlen= make_user_name(thd, user_buff);
180 rows= thd->get_stmt_da()->current_row_for_warning();
181 ip.str= (char *) thd->security_ctx->get_ip()->ptr();
182 ip.length= thd->security_ctx->get_ip()->length();
183 host.str= (char *) thd->security_ctx->get_host()->ptr();
184 host.length= thd->security_ctx->get_host()->length();
185 external_user.str= (char *) thd->security_ctx->get_external_user()->ptr();
186 external_user.length= thd->security_ctx->get_external_user()->length();
187 sql_command.str= (char *) sql_statement_names[thd->lex->sql_command].str;
188 sql_command.length= sql_statement_names[thd->lex->sql_command].length;
189 }
190 else
191 {
192 user= 0;
193 userlen= 0;
194 ip= empty;
195 host= empty;
196 external_user= empty;
197 sql_command= empty;
198 rows= 0;
199 }
200
201 mysql_audit_notify(thd, MYSQL_AUDIT_GENERAL_CLASS, event_subtype,
202 error_code, time, user, userlen, msg, msglen,
203 query.str(), query.length(), query.charset(), rows,
204 sql_command, host, external_user, ip);
205 }
206 #endif
207 }
208
209 #define MYSQL_AUDIT_NOTIFY_CONNECTION_CONNECT(thd) mysql_audit_notify(\
210 (thd), MYSQL_AUDIT_CONNECTION_CLASS, MYSQL_AUDIT_CONNECTION_CONNECT,\
211 (thd)->get_stmt_da()->is_error() ? (thd)->get_stmt_da()->sql_errno() : 0,\
212 (thd)->thread_id, (thd)->security_ctx->user,\
213 (thd)->security_ctx->user ? strlen((thd)->security_ctx->user) : 0,\
214 (thd)->security_ctx->priv_user, strlen((thd)->security_ctx->priv_user),\
215 (thd)->security_ctx->get_external_user()->ptr(),\
216 (thd)->security_ctx->get_external_user()->length(),\
217 (thd)->security_ctx->proxy_user, strlen((thd)->security_ctx->proxy_user),\
218 (thd)->security_ctx->get_host()->ptr(),\
219 (thd)->security_ctx->get_host()->length(),\
220 (thd)->security_ctx->get_ip()->ptr(),\
221 (thd)->security_ctx->get_ip()->length(),\
222 (thd)->db, (thd)->db ? strlen((thd)->db) : 0)
223
224 #define MYSQL_AUDIT_NOTIFY_CONNECTION_DISCONNECT(thd, errcode)\
225 mysql_audit_notify(\
226 (thd), MYSQL_AUDIT_CONNECTION_CLASS, MYSQL_AUDIT_CONNECTION_DISCONNECT,\
227 (errcode), (thd)->thread_id,\
228 (thd)->security_ctx->user,\
229 (thd)->security_ctx->user ? strlen((thd)->security_ctx->user) : 0,\
230 (thd)->security_ctx->priv_user, strlen((thd)->security_ctx->priv_user),\
231 (thd)->security_ctx->get_external_user()->ptr(),\
232 (thd)->security_ctx->get_external_user()->length(),\
233 (thd)->security_ctx->proxy_user, strlen((thd)->security_ctx->proxy_user),\
234 (thd)->security_ctx->get_host()->ptr(),\
235 (thd)->security_ctx->get_host()->length(),\
236 (thd)->security_ctx->get_ip()->ptr(),\
237 (thd)->security_ctx->get_ip()->length(),\
238 (thd)->db, (thd)->db ? strlen((thd)->db) : 0)
239
240 #define MYSQL_AUDIT_NOTIFY_CONNECTION_CHANGE_USER(thd) mysql_audit_notify(\
241 (thd), MYSQL_AUDIT_CONNECTION_CLASS, MYSQL_AUDIT_CONNECTION_CHANGE_USER,\
242 (thd)->get_stmt_da()->is_error() ? (thd)->get_stmt_da()->sql_errno() : 0,\
243 (thd)->thread_id, (thd)->security_ctx->user,\
244 (thd)->security_ctx->user ? strlen((thd)->security_ctx->user) : 0,\
245 (thd)->security_ctx->priv_user, strlen((thd)->security_ctx->priv_user),\
246 (thd)->security_ctx->get_external_user()->ptr(),\
247 (thd)->security_ctx->get_external_user()->length(),\
248 (thd)->security_ctx->proxy_user, strlen((thd)->security_ctx->proxy_user),\
249 (thd)->security_ctx->get_host()->ptr(),\
250 (thd)->security_ctx->get_host()->length(),\
251 (thd)->security_ctx->get_ip()->ptr(),\
252 (thd)->security_ctx->get_ip()->length(),\
253 (thd)->db, (thd)->db ? strlen((thd)->db) : 0)
254
255 #endif /* SQL_AUDIT_INCLUDED */
256