1/* Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
2
3 This program is free software; you can redistribute it and/or
4 modify it under the terms of the GNU General Public License
5 as published by the Free Software Foundation; version 2 of
6 the License.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program; if not, write to the Free Software
15 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
16
17#ifndef _my_audit_h
18#define _my_audit_h
19
20/*************************************************************************
21 API for Audit plugin. (MYSQL_AUDIT_PLUGIN)
22*/
23
24#include "plugin.h"
25
26#ifdef __cplusplus
27extern "C" {
28#endif
29
30#define MYSQL_AUDIT_CLASS_MASK_SIZE 1
31
32#define MYSQL_AUDIT_INTERFACE_VERSION 0x0302
33
34
35/*************************************************************************
36 AUDIT CLASS : GENERAL
37
38 LOG events occurs before emitting to the general query log.
39 ERROR events occur before transmitting errors to the user.
40 RESULT events occur after transmitting a resultset to the user.
41 STATUS events occur after transmitting a resultset or errors
42 to the user.
43*/
44
45#define MYSQL_AUDIT_GENERAL_CLASS 0
46#define MYSQL_AUDIT_GENERAL_CLASSMASK (1 << MYSQL_AUDIT_GENERAL_CLASS)
47#define MYSQL_AUDIT_GENERAL_LOG 0
48#define MYSQL_AUDIT_GENERAL_ERROR 1
49#define MYSQL_AUDIT_GENERAL_RESULT 2
50#define MYSQL_AUDIT_GENERAL_STATUS 3
51
52struct mysql_event_general
53{
54 unsigned int event_subclass;
55 int general_error_code;
56 unsigned long general_thread_id;
57 const char *general_user;
58 unsigned int general_user_length;
59 const char *general_command;
60 unsigned int general_command_length;
61 const char *general_query;
62 unsigned int general_query_length;
63 const struct charset_info_st *general_charset;
64 unsigned long long general_time;
65 unsigned long long general_rows;
66 /* Added in version 0x302 */
67 unsigned long long query_id;
68 MYSQL_CONST_LEX_STRING database;
69};
70
71
72/*
73 AUDIT CLASS : CONNECTION
74
75 CONNECT occurs after authentication phase is completed.
76 DISCONNECT occurs after connection is terminated.
77 CHANGE_USER occurs after COM_CHANGE_USER RPC is completed.
78*/
79
80#define MYSQL_AUDIT_CONNECTION_CLASS 1
81#define MYSQL_AUDIT_CONNECTION_CLASSMASK (1 << MYSQL_AUDIT_CONNECTION_CLASS)
82#define MYSQL_AUDIT_CONNECTION_CONNECT 0
83#define MYSQL_AUDIT_CONNECTION_DISCONNECT 1
84#define MYSQL_AUDIT_CONNECTION_CHANGE_USER 2
85
86struct mysql_event_connection
87{
88 unsigned int event_subclass;
89 int status;
90 unsigned long thread_id;
91 const char *user;
92 unsigned int user_length;
93 const char *priv_user;
94 unsigned int priv_user_length;
95 const char *external_user;
96 unsigned int external_user_length;
97 const char *proxy_user;
98 unsigned int proxy_user_length;
99 const char *host;
100 unsigned int host_length;
101 const char *ip;
102 unsigned int ip_length;
103 MYSQL_CONST_LEX_STRING database;
104};
105
106/*
107 AUDIT CLASS : TABLE
108
109 LOCK occurs when a connection "locks" (this does not necessarily mean a table
110 lock and also happens for row-locking engines) the table at the beginning of
111 a statement. This event is generated at the beginning of every statement for
112 every affected table, unless there's a LOCK TABLES statement in effect (in
113 which case it is generated once for LOCK TABLES and then is suppressed until
114 the tables are unlocked).
115
116 CREATE/DROP/RENAME occur when a table is created, dropped, or renamed.
117*/
118
119#define MYSQL_AUDIT_TABLE_CLASS 15
120#define MYSQL_AUDIT_TABLE_CLASSMASK (1 << MYSQL_AUDIT_TABLE_CLASS)
121#define MYSQL_AUDIT_TABLE_LOCK 0
122#define MYSQL_AUDIT_TABLE_CREATE 1
123#define MYSQL_AUDIT_TABLE_DROP 2
124#define MYSQL_AUDIT_TABLE_RENAME 3
125#define MYSQL_AUDIT_TABLE_ALTER 4
126
127struct mysql_event_table
128{
129 unsigned int event_subclass;
130 unsigned long thread_id;
131 const char *user;
132 const char *priv_user;
133 const char *priv_host;
134 const char *external_user;
135 const char *proxy_user;
136 const char *host;
137 const char *ip;
138 MYSQL_CONST_LEX_STRING database;
139 MYSQL_CONST_LEX_STRING table;
140 /* for MYSQL_AUDIT_TABLE_RENAME */
141 MYSQL_CONST_LEX_STRING new_database;
142 MYSQL_CONST_LEX_STRING new_table;
143 /* for MYSQL_AUDIT_TABLE_LOCK, true if read-only, false if read/write */
144 int read_only;
145 /* Added in version 0x302 */
146 unsigned long long query_id;
147};
148
149/*************************************************************************
150 Here we define the descriptor structure, that is referred from
151 st_mysql_plugin.
152
153 release_thd() event occurs when the event class consumer is to be
154 disassociated from the specified THD. This would typically occur
155 before some operation which may require sleeping - such as when
156 waiting for the next query from the client.
157
158 event_notify() is invoked whenever an event occurs which is of any
159 class for which the plugin has interest. The second argument
160 indicates the specific event class and the third argument is data
161 as required for that class.
162
163 class_mask is an array of bits used to indicate what event classes
164 that this plugin wants to receive.
165*/
166
167struct st_mysql_audit
168{
169 int interface_version;
170 void (*release_thd)(MYSQL_THD);
171 void (*event_notify)(MYSQL_THD, unsigned int, const void *);
172 unsigned long class_mask[MYSQL_AUDIT_CLASS_MASK_SIZE];
173};
174
175
176#ifdef __cplusplus
177}
178#endif
179
180#endif
181