1#ifndef SQL_AUDIT_INCLUDED
2#define SQL_AUDIT_INCLUDED
3
4/* Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
5 Copyright (c) 2017, MariaDB Corporation.
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; version 2 of the License.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
19
20
21#include <mysql/plugin_audit.h>
22#include "sql_class.h"
23
24extern unsigned long mysql_global_audit_mask[];
25
26
27extern void mysql_audit_initialize();
28extern void mysql_audit_finalize();
29
30
31extern void mysql_audit_init_thd(THD *thd);
32extern void mysql_audit_free_thd(THD *thd);
33extern void mysql_audit_acquire_plugins(THD *thd, ulong *event_class_mask);
34
35
36#ifndef EMBEDDED_LIBRARY
37extern void mysql_audit_notify(THD *thd, uint event_class, const void *event);
38
39static inline bool mysql_audit_general_enabled()
40{
41 return mysql_global_audit_mask[0] & MYSQL_AUDIT_GENERAL_CLASSMASK;
42}
43
44static inline bool mysql_audit_connection_enabled()
45{
46 return mysql_global_audit_mask[0] & MYSQL_AUDIT_CONNECTION_CLASSMASK;
47}
48
49static inline bool mysql_audit_table_enabled()
50{
51 return mysql_global_audit_mask[0] & MYSQL_AUDIT_TABLE_CLASSMASK;
52}
53
54#else
55static inline void mysql_audit_notify(THD *thd, uint event_class,
56 const void *event) {}
57#define mysql_audit_general_enabled() 0
58#define mysql_audit_connection_enabled() 0
59#define mysql_audit_table_enabled() 0
60#endif
61extern void mysql_audit_release(THD *thd);
62
63static inline unsigned int strlen_uint(const char *s)
64{
65 return (uint)strlen(s);
66}
67
68static inline unsigned int safe_strlen_uint(const char *s)
69{
70 return (uint)safe_strlen(s);
71}
72
73#define MAX_USER_HOST_SIZE 512
74static inline uint make_user_name(THD *thd, char *buf)
75{
76 const Security_context *sctx= thd->security_ctx;
77 char *end= strxnmov(buf, MAX_USER_HOST_SIZE,
78 sctx->priv_user[0] ? sctx->priv_user : "", "[",
79 sctx->user ? sctx->user : "", "] @ ",
80 sctx->host ? sctx->host : "", " [",
81 sctx->ip ? sctx->ip : "", "]", NullS);
82 return (uint)(end-buf);
83}
84
85/**
86 Call audit plugins of GENERAL audit class, MYSQL_AUDIT_GENERAL_LOG subtype.
87
88 @param[in] thd
89 @param[in] time time that event occurred
90 @param[in] user User name
91 @param[in] userlen User name length
92 @param[in] cmd Command name
93 @param[in] cmdlen Command name length
94 @param[in] query Query string
95 @param[in] querylen Query string length
96*/
97
98static inline
99void mysql_audit_general_log(THD *thd, time_t time,
100 const char *user, uint userlen,
101 const char *cmd, uint cmdlen,
102 const char *query, uint querylen)
103{
104 if (mysql_audit_general_enabled())
105 {
106 mysql_event_general event;
107
108 event.event_subclass= MYSQL_AUDIT_GENERAL_LOG;
109 event.general_error_code= 0;
110 event.general_time= time;
111 event.general_user= user;
112 event.general_user_length= userlen;
113 event.general_command= cmd;
114 event.general_command_length= cmdlen;
115 event.general_query= query;
116 event.general_query_length= querylen;
117 event.general_rows= 0;
118
119 if (thd)
120 {
121 event.general_thread_id= (unsigned long)thd->thread_id;
122 event.general_charset= thd->variables.character_set_client;
123 event.database= thd->db;
124 event.query_id= thd->query_id;
125 }
126 else
127 {
128 event.general_thread_id= 0;
129 event.general_charset= global_system_variables.character_set_client;
130 event.database= null_clex_str;
131 event.query_id= 0;
132 }
133
134 mysql_audit_notify(thd, MYSQL_AUDIT_GENERAL_CLASS, &event);
135 }
136}
137
138/**
139 Call audit plugins of GENERAL audit class.
140 event_subtype should be set to one of:
141 MYSQL_AUDIT_GENERAL_ERROR
142 MYSQL_AUDIT_GENERAL_RESULT
143 MYSQL_AUDIT_GENERAL_STATUS
144
145 @param[in] thd
146 @param[in] event_subtype Type of general audit event.
147 @param[in] error_code Error code
148 @param[in] msg Message
149*/
150static inline
151void mysql_audit_general(THD *thd, uint event_subtype,
152 int error_code, const char *msg)
153{
154 DBUG_ENTER("mysql_audit_general");
155 if (mysql_audit_general_enabled())
156 {
157 char user_buff[MAX_USER_HOST_SIZE];
158 mysql_event_general event;
159
160 event.event_subclass= event_subtype;
161 event.general_error_code= error_code;
162 event.general_time= my_time(0);
163 event.general_command= msg;
164 event.general_command_length= safe_strlen_uint(msg);
165
166 if (thd)
167 {
168 event.general_user= user_buff;
169 event.general_user_length= make_user_name(thd, user_buff);
170 event.general_thread_id= (unsigned long)thd->thread_id;
171 event.general_query= thd->query_string.str();
172 event.general_query_length= (unsigned) thd->query_string.length();
173 event.general_charset= thd->query_string.charset();
174 event.general_rows= thd->get_stmt_da()->current_row_for_warning();
175 event.database= thd->db;
176 event.query_id= thd->query_id;
177 }
178 else
179 {
180 event.general_user= NULL;
181 event.general_user_length= 0;
182 event.general_thread_id= 0;
183 event.general_query= NULL;
184 event.general_query_length= 0;
185 event.general_charset= &my_charset_bin;
186 event.general_rows= 0;
187 event.database= null_clex_str;
188 event.query_id= 0;
189 }
190
191 mysql_audit_notify(thd, MYSQL_AUDIT_GENERAL_CLASS, &event);
192 }
193 DBUG_VOID_RETURN;
194}
195
196static inline
197void mysql_audit_notify_connection_connect(THD *thd)
198{
199 if (mysql_audit_connection_enabled())
200 {
201 const Security_context *sctx= thd->security_ctx;
202 mysql_event_connection event;
203
204 event.event_subclass= MYSQL_AUDIT_CONNECTION_CONNECT;
205 event.status= thd->get_stmt_da()->is_error() ?
206 thd->get_stmt_da()->sql_errno() : 0;
207 event.thread_id= (unsigned long)thd->thread_id;
208 event.user= sctx->user;
209 event.user_length= safe_strlen_uint(sctx->user);
210 event.priv_user= sctx->priv_user;
211 event.priv_user_length= strlen_uint(sctx->priv_user);
212 event.external_user= sctx->external_user;
213 event.external_user_length= safe_strlen_uint(sctx->external_user);
214 event.proxy_user= sctx->proxy_user;
215 event.proxy_user_length= strlen_uint(sctx->proxy_user);
216 event.host= sctx->host;
217 event.host_length= safe_strlen_uint(sctx->host);
218 event.ip= sctx->ip;
219 event.ip_length= safe_strlen_uint(sctx->ip);
220 event.database= thd->db;
221
222 mysql_audit_notify(thd, MYSQL_AUDIT_CONNECTION_CLASS, &event);
223 }
224}
225
226static inline
227void mysql_audit_notify_connection_disconnect(THD *thd, int errcode)
228{
229 if (mysql_audit_connection_enabled())
230 {
231 const Security_context *sctx= thd->security_ctx;
232 mysql_event_connection event;
233
234 event.event_subclass= MYSQL_AUDIT_CONNECTION_DISCONNECT;
235 event.status= errcode;
236 event.thread_id= (unsigned long)thd->thread_id;
237 event.user= sctx->user;
238 event.user_length= safe_strlen_uint(sctx->user);
239 event.priv_user= sctx->priv_user;
240 event.priv_user_length= strlen_uint(sctx->priv_user);
241 event.external_user= sctx->external_user;
242 event.external_user_length= safe_strlen_uint(sctx->external_user);
243 event.proxy_user= sctx->proxy_user;
244 event.proxy_user_length= strlen_uint(sctx->proxy_user);
245 event.host= sctx->host;
246 event.host_length= safe_strlen_uint(sctx->host);
247 event.ip= sctx->ip;
248 event.ip_length= safe_strlen_uint(sctx->ip) ;
249 event.database= thd->db;
250
251 mysql_audit_notify(thd, MYSQL_AUDIT_CONNECTION_CLASS, &event);
252 }
253}
254
255static inline
256void mysql_audit_notify_connection_change_user(THD *thd)
257{
258 if (mysql_audit_connection_enabled())
259 {
260 const Security_context *sctx= thd->security_ctx;
261 mysql_event_connection event;
262
263 event.event_subclass= MYSQL_AUDIT_CONNECTION_CHANGE_USER;
264 event.status= thd->get_stmt_da()->is_error() ?
265 thd->get_stmt_da()->sql_errno() : 0;
266 event.thread_id= (unsigned long)thd->thread_id;
267 event.user= sctx->user;
268 event.user_length= safe_strlen_uint(sctx->user);
269 event.priv_user= sctx->priv_user;
270 event.priv_user_length= strlen_uint(sctx->priv_user);
271 event.external_user= sctx->external_user;
272 event.external_user_length= safe_strlen_uint(sctx->external_user);
273 event.proxy_user= sctx->proxy_user;
274 event.proxy_user_length= strlen_uint(sctx->proxy_user);
275 event.host= sctx->host;
276 event.host_length= safe_strlen_uint(sctx->host);
277 event.ip= sctx->ip;
278 event.ip_length= safe_strlen_uint(sctx->ip);
279 event.database= thd->db;
280
281 mysql_audit_notify(thd, MYSQL_AUDIT_CONNECTION_CLASS, &event);
282 }
283}
284
285static inline
286void mysql_audit_external_lock(THD *thd, TABLE_SHARE *share, int lock)
287{
288 if (lock != F_UNLCK && mysql_audit_table_enabled())
289 {
290 const Security_context *sctx= thd->security_ctx;
291 mysql_event_table event;
292
293 event.event_subclass= MYSQL_AUDIT_TABLE_LOCK;
294 event.read_only= lock == F_RDLCK;
295 event.thread_id= (unsigned long)thd->thread_id;
296 event.user= sctx->user;
297 event.priv_user= sctx->priv_user;
298 event.priv_host= sctx->priv_host;
299 event.external_user= sctx->external_user;
300 event.proxy_user= sctx->proxy_user;
301 event.host= sctx->host;
302 event.ip= sctx->ip;
303 event.database= share->db;
304 event.table= share->table_name;
305 event.new_database= null_clex_str;
306 event.new_table= null_clex_str;
307 event.query_id= thd->query_id;
308
309 mysql_audit_notify(thd, MYSQL_AUDIT_TABLE_CLASS, &event);
310 }
311}
312
313static inline
314void mysql_audit_create_table(TABLE *table)
315{
316 if (mysql_audit_table_enabled())
317 {
318 THD *thd= table->in_use;
319 const TABLE_SHARE *share= table->s;
320 const Security_context *sctx= thd->security_ctx;
321 mysql_event_table event;
322
323 event.event_subclass= MYSQL_AUDIT_TABLE_CREATE;
324 event.read_only= 0;
325 event.thread_id= (unsigned long)thd->thread_id;
326 event.user= sctx->user;
327 event.priv_user= sctx->priv_user;
328 event.priv_host= sctx->priv_host;
329 event.external_user= sctx->external_user;
330 event.proxy_user= sctx->proxy_user;
331 event.host= sctx->host;
332 event.ip= sctx->ip;
333 event.database= share->db;
334 event.table= share->table_name;
335 event.new_database= null_clex_str;
336 event.new_table= null_clex_str;
337 event.query_id= thd->query_id;
338
339 mysql_audit_notify(thd, MYSQL_AUDIT_TABLE_CLASS, &event);
340 }
341}
342
343static inline
344void mysql_audit_drop_table(THD *thd, TABLE_LIST *table)
345{
346 if (mysql_audit_table_enabled())
347 {
348 const Security_context *sctx= thd->security_ctx;
349 mysql_event_table event;
350
351 event.event_subclass= MYSQL_AUDIT_TABLE_DROP;
352 event.read_only= 0;
353 event.thread_id= (unsigned long)thd->thread_id;
354 event.user= sctx->user;
355 event.priv_user= sctx->priv_user;
356 event.priv_host= sctx->priv_host;
357 event.external_user= sctx->external_user;
358 event.proxy_user= sctx->proxy_user;
359 event.host= sctx->host;
360 event.ip= sctx->ip;
361 event.database= table->db;
362 event.table= table->table_name;
363 event.new_database= null_clex_str;
364 event.new_table= null_clex_str;
365 event.query_id= thd->query_id;
366
367 mysql_audit_notify(thd, MYSQL_AUDIT_TABLE_CLASS, &event);
368 }
369}
370
371static inline
372void mysql_audit_rename_table(THD *thd, const LEX_CSTRING *old_db,
373 const LEX_CSTRING *old_tb,
374 const LEX_CSTRING *new_db, const LEX_CSTRING *new_tb)
375{
376 if (mysql_audit_table_enabled())
377 {
378 const Security_context *sctx= thd->security_ctx;
379 mysql_event_table event;
380
381 event.event_subclass= MYSQL_AUDIT_TABLE_RENAME;
382 event.read_only= 0;
383 event.thread_id= (unsigned long)thd->thread_id;
384 event.user= sctx->user;
385 event.priv_user= sctx->priv_user;
386 event.priv_host= sctx->priv_host;
387 event.external_user= sctx->external_user;
388 event.proxy_user= sctx->proxy_user;
389 event.host= sctx->host;
390 event.ip= sctx->ip;
391 event.database= *old_db;
392 event.table= *old_tb;
393 event.new_database= *new_db;
394 event.new_table= *new_tb;
395 event.query_id= thd->query_id;
396
397 mysql_audit_notify(thd, MYSQL_AUDIT_TABLE_CLASS, &event);
398 }
399}
400
401static inline
402void mysql_audit_alter_table(THD *thd, TABLE_LIST *table)
403{
404 if (mysql_audit_table_enabled())
405 {
406 const Security_context *sctx= thd->security_ctx;
407 mysql_event_table event;
408
409 event.event_subclass= MYSQL_AUDIT_TABLE_ALTER;
410 event.read_only= 0;
411 event.thread_id= (unsigned long)thd->thread_id;
412 event.user= sctx->user;
413 event.priv_user= sctx->priv_user;
414 event.priv_host= sctx->priv_host;
415 event.external_user= sctx->external_user;
416 event.proxy_user= sctx->proxy_user;
417 event.host= sctx->host;
418 event.ip= sctx->ip;
419 event.database= table->db;
420 event.table= table->table_name;
421 event.new_database= null_clex_str;
422 event.new_table= null_clex_str;
423 event.query_id= thd->query_id;
424
425 mysql_audit_notify(thd, MYSQL_AUDIT_TABLE_CLASS, &event);
426 }
427}
428
429#endif /* SQL_AUDIT_INCLUDED */
430