Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
b9b3d533
Commit
b9b3d533
authored
Apr 19, 2013
by
Sergei Golubchik
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
MDEV-260 auditing table accesses
parent
4d78392b
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
372 additions
and
33 deletions
+372
-33
include/mysql/plugin_audit.h
include/mysql/plugin_audit.h
+45
-1
include/mysql/plugin_audit.h.pp
include/mysql/plugin_audit.h.pp
+21
-0
mysql-test/suite/plugins/r/audit_null.result
mysql-test/suite/plugins/r/audit_null.result
+72
-1
mysql-test/suite/plugins/t/audit_null.test
mysql-test/suite/plugins/t/audit_null.test
+29
-0
plugin/audit_null/audit_null.c
plugin/audit_null/audit_null.c
+65
-24
sql/handler.cc
sql/handler.cc
+10
-3
sql/handler.h
sql/handler.h
+1
-0
sql/sql_audit.cc
sql/sql_audit.cc
+29
-3
sql/sql_audit.h
sql/sql_audit.h
+90
-1
sql/sql_table.cc
sql/sql_table.cc
+10
-0
No files found.
include/mysql/plugin_audit.h
View file @
b9b3d533
...
@@ -25,7 +25,7 @@
...
@@ -25,7 +25,7 @@
#define MYSQL_AUDIT_CLASS_MASK_SIZE 1
#define MYSQL_AUDIT_CLASS_MASK_SIZE 1
#define MYSQL_AUDIT_INTERFACE_VERSION 0x030
0
#define MYSQL_AUDIT_INTERFACE_VERSION 0x030
1
/*************************************************************************
/*************************************************************************
...
@@ -97,6 +97,50 @@ struct mysql_event_connection
...
@@ -97,6 +97,50 @@ struct mysql_event_connection
unsigned
int
database_length
;
unsigned
int
database_length
;
};
};
/*
AUDIT CLASS : TABLE
LOCK occurs when a connection "locks" (this does not necessarily mean a table
lock and also happens for row-locking engines) the table at the beginning of
a statement. This event is generated at the beginning of every statement for
every affected table, unless there's a LOCK TABLES statement in effect (in
which case it is generated once for LOCK TABLES and then is suppressed until
the tables are unlocked).
CREATE/DROP/RENAME occur when a table is created, dropped, or renamed.
*/
#define MYSQL_AUDIT_TABLE_CLASS 15
#define MYSQL_AUDIT_TABLE_CLASSMASK (1 << MYSQL_AUDIT_TABLE_CLASS)
#define MYSQL_AUDIT_TABLE_LOCK 0
#define MYSQL_AUDIT_TABLE_CREATE 1
#define MYSQL_AUDIT_TABLE_DROP 2
#define MYSQL_AUDIT_TABLE_RENAME 3
#define MYSQL_AUDIT_TABLE_ALTER 4
struct
mysql_event_table
{
unsigned
int
event_subclass
;
unsigned
long
thread_id
;
const
char
*
user
;
const
char
*
priv_user
;
const
char
*
priv_host
;
const
char
*
external_user
;
const
char
*
proxy_user
;
const
char
*
host
;
const
char
*
ip
;
const
char
*
database
;
unsigned
int
database_length
;
const
char
*
table
;
unsigned
int
table_length
;
/* for MYSQL_AUDIT_TABLE_LOCK, true if read-only, false if read/write */
int
read_only
;
/* for MYSQL_AUDIT_TABLE_RENAME */
const
char
*
new_database
;
unsigned
int
new_database_length
;
const
char
*
new_table
;
unsigned
int
new_table_length
;
};
/*************************************************************************
/*************************************************************************
Here we define the descriptor structure, that is referred from
Here we define the descriptor structure, that is referred from
...
...
include/mysql/plugin_audit.h.pp
View file @
b9b3d533
...
@@ -279,6 +279,27 @@ struct mysql_event_connection
...
@@ -279,6 +279,27 @@ struct mysql_event_connection
const
char
*
database
;
const
char
*
database
;
unsigned
int
database_length
;
unsigned
int
database_length
;
};
};
struct
mysql_event_table
{
unsigned
int
event_subclass
;
unsigned
long
thread_id
;
const
char
*
user
;
const
char
*
priv_user
;
const
char
*
priv_host
;
const
char
*
external_user
;
const
char
*
proxy_user
;
const
char
*
host
;
const
char
*
ip
;
const
char
*
database
;
unsigned
int
database_length
;
const
char
*
table
;
unsigned
int
table_length
;
int
read_only
;
const
char
*
new_database
;
unsigned
int
new_database_length
;
const
char
*
new_table
;
unsigned
int
new_table_length
;
};
struct
st_mysql_audit
struct
st_mysql_audit
{
{
int
interface_version
;
int
interface_version
;
...
...
mysql-test/suite/plugins/r/audit_null.result
View file @
b9b3d533
set @old_global_general_log=@@global.general_log;
set @old_global_general_log=@@global.general_log;
set global general_log=OFF;
set global general_log=OFF;
grant select on *.* to testuser@localhost;
install plugin audit_null soname 'adt_null';
install plugin audit_null soname 'adt_null';
select 1;
select 1;
1
1
...
@@ -18,12 +19,82 @@ concat("test1", x)
...
@@ -18,12 +19,82 @@ concat("test1", x)
test1-12
test1-12
show status like 'audit_null%';
show status like 'audit_null%';
Variable_name Value
Variable_name Value
Audit_null_called
19
Audit_null_called
21
Audit_null_general_error 1
Audit_null_general_error 1
Audit_null_general_log 7
Audit_null_general_log 7
Audit_null_general_result 5
Audit_null_general_result 5
create table t1 (a int);
insert t1 values (1), (2);
select * from t1;
a
1
2
rename table t1 to t2;
alter table t2 add column b int;
create definer=testuser@localhost view v1 as select t2.a+1, t2_copy.a+2 from t2, t2 as t2_copy;
select * from v1;
t2.a+1 t2_copy.a+2
2 3
3 3
2 4
3 4
drop view v1;
create temporary table t2 (a date);
insert t2 values ('2020-10-09');
select * from t2;
a
2020-10-09
drop table t2;
explain select distinct * from t2;
id select_type table type possible_keys key key_len ref rows Extra
1 SIMPLE t2 ALL NULL NULL NULL NULL 2 Using temporary
select distinct * from t2;
a b
1 NULL
2 NULL
drop table t2;
uninstall plugin audit_null;
uninstall plugin audit_null;
Warnings:
Warnings:
Warning 1620 Plugin is busy and will be uninstalled on shutdown
Warning 1620 Plugin is busy and will be uninstalled on shutdown
drop procedure au1;
drop procedure au1;
drop user testuser@localhost;
set global general_log=@old_global_general_log;
set global general_log=@old_global_general_log;
root[root] @ localhost [] >> select 1
root[root] @ localhost [] >> select foobar
root[root] @ localhost [] >> show status like 'audit_null%'
root[root] @ localhost [] >> create procedure au1(x char(16)) select concat("test1", x)
root[root] @ localhost [] mysql.proc : write
root[root] @ localhost [] >> call au1("-12")
root[root] @ localhost [] mysql.proc : read
root[root] @ localhost [] >> select concat("test1", NAME_CONST('x',_latin1'-12' COLLATE 'latin1_swedish_ci'))
root[root] @ localhost [] >> show status like 'audit_null%'
root[root] @ localhost [] >> create table t1 (a int)
root[root] @ localhost [] test.t1 : create
root[root] @ localhost [] >> insert t1 values (1), (2)
root[root] @ localhost [] test.t1 : write
root[root] @ localhost [] >> select * from t1
root[root] @ localhost [] test.t1 : read
root[root] @ localhost [] >> rename table t1 to t2
root[root] @ localhost [] test.t1 : rename to test.t2
root[root] @ localhost [] >> alter table t2 add column b int
root[root] @ localhost [] test.t2 : alter
root[root] @ localhost [] test.t2 : read
root[root] @ localhost [] >> create definer=testuser@localhost view v1 as select t2.a+1, t2_copy.a+2 from t2, t2 as t2_copy
root[root] @ localhost [] test.t2 : read
root[root] @ localhost [] test.t2 : read
root[root] @ localhost [] >> select * from v1
root[root] @ localhost [] test.t2 : read
root[root] @ localhost [] test.t2 : read
root[root] @ localhost [] >> drop view v1
root[root] @ localhost [] >> create temporary table t2 (a date)
root[root] @ localhost [] >> insert t2 values ('2020-10-09')
root[root] @ localhost [] >> select * from t2
root[root] @ localhost [] >> drop table t2
root[root] @ localhost [] >> explain select distinct * from t2
root[root] @ localhost [] test.t2 : read
root[root] @ localhost [] >> select distinct * from t2
root[root] @ localhost [] test.t2 : read
root[root] @ localhost [] >> drop table t2
root[root] @ localhost [] test.t2 : drop
root[root] @ localhost [] >> uninstall plugin audit_null
root[root] @ localhost [] mysql.plugin : write
mysql-test/suite/plugins/t/audit_null.test
View file @
b9b3d533
...
@@ -8,6 +8,8 @@ if (!$ADT_NULL_SO) {
...
@@ -8,6 +8,8 @@ if (!$ADT_NULL_SO) {
set
@
old_global_general_log
=@@
global
.
general_log
;
set
@
old_global_general_log
=@@
global
.
general_log
;
set
global
general_log
=
OFF
;
set
global
general_log
=
OFF
;
grant
select
on
*.*
to
testuser
@
localhost
;
--
disable_ps_protocol
--
disable_ps_protocol
install
plugin
audit_null
soname
'adt_null'
;
install
plugin
audit_null
soname
'adt_null'
;
...
@@ -22,9 +24,36 @@ call au1("-12");
...
@@ -22,9 +24,36 @@ call au1("-12");
show
status
like
'audit_null%'
;
show
status
like
'audit_null%'
;
create
table
t1
(
a
int
);
insert
t1
values
(
1
),
(
2
);
select
*
from
t1
;
rename
table
t1
to
t2
;
alter
table
t2
add
column
b
int
;
create
definer
=
testuser
@
localhost
view
v1
as
select
t2
.
a
+
1
,
t2_copy
.
a
+
2
from
t2
,
t2
as
t2_copy
;
select
*
from
v1
;
drop
view
v1
;
# temp table generates no audit events
create
temporary
table
t2
(
a
date
);
insert
t2
values
(
'2020-10-09'
);
select
*
from
t2
;
drop
table
t2
;
# internal temp table generates no audit events
explain
select
distinct
*
from
t2
;
select
distinct
*
from
t2
;
drop
table
t2
;
uninstall
plugin
audit_null
;
uninstall
plugin
audit_null
;
--
enable_ps_protocol
--
enable_ps_protocol
drop
procedure
au1
;
drop
procedure
au1
;
drop
user
testuser
@
localhost
;
set
global
general_log
=@
old_global_general_log
;
set
global
general_log
=@
old_global_general_log
;
let
$MYSQLD_DATADIR
=
`SELECT @@datadir`
;
--
replace_regex
/
#sql-[0-9a-f_]*/#sql-temporary/ /#sql2-[-0-9a-f_]*/#sql2-temporary/
cat_file
$MYSQLD_DATADIR
/
audit_null_tables
.
log
;
plugin/audit_null/audit_null.c
View file @
b9b3d533
...
@@ -22,11 +22,12 @@
...
@@ -22,11 +22,12 @@
#define __attribute__(A)
#define __attribute__(A)
#endif
#endif
static
volatile
int
n
umber_of_
calls
;
/* for SHOW STATUS, see below */
static
volatile
int
ncalls
;
/* for SHOW STATUS, see below */
static
volatile
int
n
umber_of_
calls_general_log
;
static
volatile
int
ncalls_general_log
;
static
volatile
int
n
umber_of_
calls_general_error
;
static
volatile
int
ncalls_general_error
;
static
volatile
int
n
umber_of_
calls_general_result
;
static
volatile
int
ncalls_general_result
;
FILE
*
f
;
/*
/*
Initialize the plugin at server start or plugin installation.
Initialize the plugin at server start or plugin installation.
...
@@ -44,11 +45,16 @@ static volatile int number_of_calls_general_result;
...
@@ -44,11 +45,16 @@ static volatile int number_of_calls_general_result;
static
int
audit_null_plugin_init
(
void
*
arg
__attribute__
((
unused
)))
static
int
audit_null_plugin_init
(
void
*
arg
__attribute__
((
unused
)))
{
{
number_of_calls
=
0
;
ncalls
=
0
;
number_of_calls_general_log
=
0
;
ncalls_general_log
=
0
;
number_of_calls_general_error
=
0
;
ncalls_general_error
=
0
;
number_of_calls_general_result
=
0
;
ncalls_general_result
=
0
;
return
(
0
);
f
=
fopen
(
"audit_null_tables.log"
,
"w"
);
if
(
!
f
)
return
1
;
return
0
;
}
}
...
@@ -67,7 +73,8 @@ static int audit_null_plugin_init(void *arg __attribute__((unused)))
...
@@ -67,7 +73,8 @@ static int audit_null_plugin_init(void *arg __attribute__((unused)))
static
int
audit_null_plugin_deinit
(
void
*
arg
__attribute__
((
unused
)))
static
int
audit_null_plugin_deinit
(
void
*
arg
__attribute__
((
unused
)))
{
{
return
(
0
);
fclose
(
f
);
return
0
;
}
}
...
@@ -86,7 +93,7 @@ static void audit_null_notify(MYSQL_THD thd __attribute__((unused)),
...
@@ -86,7 +93,7 @@ static void audit_null_notify(MYSQL_THD thd __attribute__((unused)),
const
void
*
event
)
const
void
*
event
)
{
{
/* prone to races, oh well */
/* prone to races, oh well */
n
umber_of_
calls
++
;
ncalls
++
;
if
(
event_class
==
MYSQL_AUDIT_GENERAL_CLASS
)
if
(
event_class
==
MYSQL_AUDIT_GENERAL_CLASS
)
{
{
const
struct
mysql_event_general
*
event_general
=
const
struct
mysql_event_general
*
event_general
=
...
@@ -94,18 +101,56 @@ static void audit_null_notify(MYSQL_THD thd __attribute__((unused)),
...
@@ -94,18 +101,56 @@ static void audit_null_notify(MYSQL_THD thd __attribute__((unused)),
switch
(
event_general
->
event_subclass
)
switch
(
event_general
->
event_subclass
)
{
{
case
MYSQL_AUDIT_GENERAL_LOG
:
case
MYSQL_AUDIT_GENERAL_LOG
:
number_of_calls_general_log
++
;
ncalls_general_log
++
;
fprintf
(
f
,
"%s
\t
>> %s
\n
"
,
event_general
->
general_user
,
event_general
->
general_query
);
break
;
break
;
case
MYSQL_AUDIT_GENERAL_ERROR
:
case
MYSQL_AUDIT_GENERAL_ERROR
:
n
umber_of_
calls_general_error
++
;
ncalls_general_error
++
;
break
;
break
;
case
MYSQL_AUDIT_GENERAL_RESULT
:
case
MYSQL_AUDIT_GENERAL_RESULT
:
n
umber_of_
calls_general_result
++
;
ncalls_general_result
++
;
break
;
break
;
default:
default:
break
;
break
;
}
}
}
}
else
if
(
event_class
==
MYSQL_AUDIT_TABLE_CLASS
)
{
const
struct
mysql_event_table
*
event_table
=
(
const
struct
mysql_event_table
*
)
event
;
const
char
*
ip
=
event_table
->
ip
?
event_table
->
ip
:
""
;
const
char
*
op
=
0
;
char
buf
[
1024
];
switch
(
event_table
->
event_subclass
)
{
case
MYSQL_AUDIT_TABLE_LOCK
:
op
=
event_table
->
read_only
?
"read"
:
"write"
;
break
;
case
MYSQL_AUDIT_TABLE_CREATE
:
op
=
"create"
;
break
;
case
MYSQL_AUDIT_TABLE_DROP
:
op
=
"drop"
;
break
;
case
MYSQL_AUDIT_TABLE_ALTER
:
op
=
"alter"
;
break
;
case
MYSQL_AUDIT_TABLE_RENAME
:
snprintf
(
buf
,
sizeof
(
buf
),
"rename to %s.%s"
,
event_table
->
new_database
,
event_table
->
new_table
);
buf
[
sizeof
(
buf
)
-
1
]
=
0
;
op
=
buf
;
break
;
}
fprintf
(
f
,
"%s[%s] @ %s [%s]
\t
%s.%s : %s
\n
"
,
event_table
->
priv_user
,
event_table
->
user
,
event_table
->
host
,
ip
,
event_table
->
database
,
event_table
->
table
,
op
);
}
}
}
...
@@ -115,10 +160,8 @@ static void audit_null_notify(MYSQL_THD thd __attribute__((unused)),
...
@@ -115,10 +160,8 @@ static void audit_null_notify(MYSQL_THD thd __attribute__((unused)),
static
struct
st_mysql_audit
audit_null_descriptor
=
static
struct
st_mysql_audit
audit_null_descriptor
=
{
{
MYSQL_AUDIT_INTERFACE_VERSION
,
/* interface version */
MYSQL_AUDIT_INTERFACE_VERSION
,
NULL
,
audit_null_notify
,
NULL
,
/* release_thd function */
{
MYSQL_AUDIT_GENERAL_CLASSMASK
|
MYSQL_AUDIT_TABLE_CLASSMASK
}
audit_null_notify
,
/* notify function */
{
(
unsigned
long
)
MYSQL_AUDIT_GENERAL_CLASSMASK
}
/* class mask */
};
};
/*
/*
...
@@ -127,12 +170,10 @@ static struct st_mysql_audit audit_null_descriptor=
...
@@ -127,12 +170,10 @@ static struct st_mysql_audit audit_null_descriptor=
static
struct
st_mysql_show_var
simple_status
[]
=
static
struct
st_mysql_show_var
simple_status
[]
=
{
{
{
"Audit_null_called"
,
(
char
*
)
&
number_of_calls
,
SHOW_INT
},
{
"Audit_null_called"
,
(
char
*
)
&
ncalls
,
SHOW_INT
},
{
"Audit_null_general_log"
,
(
char
*
)
&
number_of_calls_general_log
,
SHOW_INT
},
{
"Audit_null_general_log"
,
(
char
*
)
&
ncalls_general_log
,
SHOW_INT
},
{
"Audit_null_general_error"
,
(
char
*
)
&
number_of_calls_general_error
,
{
"Audit_null_general_error"
,
(
char
*
)
&
ncalls_general_error
,
SHOW_INT
},
SHOW_INT
},
{
"Audit_null_general_result"
,
(
char
*
)
&
ncalls_general_result
,
SHOW_INT
},
{
"Audit_null_general_result"
,
(
char
*
)
&
number_of_calls_general_result
,
SHOW_INT
},
{
0
,
0
,
0
}
{
0
,
0
,
0
}
};
};
...
...
sql/handler.cc
View file @
b9b3d533
...
@@ -43,6 +43,7 @@
...
@@ -43,6 +43,7 @@
#include "myisam.h"
#include "myisam.h"
#include "probes_mysql.h"
#include "probes_mysql.h"
#include "debug_sync.h" // DEBUG_SYNC
#include "debug_sync.h" // DEBUG_SYNC
#include "sql_audit.h"
#ifdef WITH_PARTITION_STORAGE_ENGINE
#ifdef WITH_PARTITION_STORAGE_ENGINE
#include "ha_partition.h"
#include "ha_partition.h"
...
@@ -3689,7 +3690,6 @@ int
...
@@ -3689,7 +3690,6 @@ int
handler
::
ha_delete_table
(
const
char
*
name
)
handler
::
ha_delete_table
(
const
char
*
name
)
{
{
mark_trx_read_write
();
mark_trx_read_write
();
return
delete_table
(
name
);
return
delete_table
(
name
);
}
}
...
@@ -3722,8 +3722,11 @@ int
...
@@ -3722,8 +3722,11 @@ int
handler
::
ha_create
(
const
char
*
name
,
TABLE
*
form
,
HA_CREATE_INFO
*
info
)
handler
::
ha_create
(
const
char
*
name
,
TABLE
*
form
,
HA_CREATE_INFO
*
info
)
{
{
mark_trx_read_write
();
mark_trx_read_write
();
int
error
=
create
(
name
,
form
,
info
);
return
create
(
name
,
form
,
info
);
if
(
!
error
&&
!
(
info
->
options
&
(
HA_LEX_CREATE_TMP_TABLE
|
HA_CREATE_TMP_ALTER
)))
mysql_audit_create_table
(
form
);
return
error
;
}
}
...
@@ -5099,7 +5102,11 @@ int handler::ha_external_lock(THD *thd, int lock_type)
...
@@ -5099,7 +5102,11 @@ int handler::ha_external_lock(THD *thd, int lock_type)
int
error
=
external_lock
(
thd
,
lock_type
);
int
error
=
external_lock
(
thd
,
lock_type
);
if
(
error
==
0
)
if
(
error
==
0
)
{
cached_table_flags
=
table_flags
();
cached_table_flags
=
table_flags
();
if
(
table_share
->
tmp_table
==
NO_TMP_TABLE
)
mysql_audit_external_lock
(
thd
,
table_share
,
lock_type
);
}
if
(
MYSQL_HANDLER_RDLOCK_DONE_ENABLED
()
||
if
(
MYSQL_HANDLER_RDLOCK_DONE_ENABLED
()
||
MYSQL_HANDLER_WRLOCK_DONE_ENABLED
()
||
MYSQL_HANDLER_WRLOCK_DONE_ENABLED
()
||
...
...
sql/handler.h
View file @
b9b3d533
...
@@ -318,6 +318,7 @@
...
@@ -318,6 +318,7 @@
#define HA_LEX_CREATE_TMP_TABLE 1
#define HA_LEX_CREATE_TMP_TABLE 1
#define HA_LEX_CREATE_IF_NOT_EXISTS 2
#define HA_LEX_CREATE_IF_NOT_EXISTS 2
#define HA_LEX_CREATE_TABLE_LIKE 4
#define HA_LEX_CREATE_TABLE_LIKE 4
#define HA_CREATE_TMP_ALTER 8
#define HA_MAX_REC_LENGTH 65535
#define HA_MAX_REC_LENGTH 65535
/* Table caching type */
/* Table caching type */
...
...
sql/sql_audit.cc
View file @
b9b3d533
...
@@ -31,8 +31,7 @@ unsigned long mysql_global_audit_mask[MYSQL_AUDIT_CLASS_MASK_SIZE];
...
@@ -31,8 +31,7 @@ unsigned long mysql_global_audit_mask[MYSQL_AUDIT_CLASS_MASK_SIZE];
static
mysql_mutex_t
LOCK_audit_mask
;
static
mysql_mutex_t
LOCK_audit_mask
;
static
void
event_class_dispatch
(
THD
*
thd
,
unsigned
int
event_class
,
static
void
event_class_dispatch
(
THD
*
,
unsigned
int
,
const
void
*
);
const
void
*
event
);
static
inline
static
inline
...
@@ -111,9 +110,36 @@ static void connection_class_handler(THD *thd, uint event_subclass, va_list ap)
...
@@ -111,9 +110,36 @@ static void connection_class_handler(THD *thd, uint event_subclass, va_list ap)
}
}
static
void
table_class_handler
(
THD
*
thd
,
uint
event_subclass
,
va_list
ap
)
{
mysql_event_table
event
;
event
.
event_subclass
=
event_subclass
;
event
.
read_only
=
va_arg
(
ap
,
int
);
event
.
thread_id
=
va_arg
(
ap
,
unsigned
long
);
event
.
user
=
va_arg
(
ap
,
const
char
*
);
event
.
priv_user
=
va_arg
(
ap
,
const
char
*
);
event
.
priv_host
=
va_arg
(
ap
,
const
char
*
);
event
.
external_user
=
va_arg
(
ap
,
const
char
*
);
event
.
proxy_user
=
va_arg
(
ap
,
const
char
*
);
event
.
host
=
va_arg
(
ap
,
const
char
*
);
event
.
ip
=
va_arg
(
ap
,
const
char
*
);
event
.
database
=
va_arg
(
ap
,
const
char
*
);
event
.
database_length
=
va_arg
(
ap
,
unsigned
int
);
event
.
table
=
va_arg
(
ap
,
const
char
*
);
event
.
table_length
=
va_arg
(
ap
,
unsigned
int
);
event
.
new_database
=
va_arg
(
ap
,
const
char
*
);
event
.
new_database_length
=
va_arg
(
ap
,
unsigned
int
);
event
.
new_table
=
va_arg
(
ap
,
const
char
*
);
event
.
new_table_length
=
va_arg
(
ap
,
unsigned
int
);
event_class_dispatch
(
thd
,
MYSQL_AUDIT_TABLE_CLASS
,
&
event
);
}
static
audit_handler_t
audit_handlers
[]
=
static
audit_handler_t
audit_handlers
[]
=
{
{
general_class_handler
,
connection_class_handler
general_class_handler
,
connection_class_handler
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
/* placeholders */
table_class_handler
};
};
static
const
uint
audit_handlers_count
=
static
const
uint
audit_handlers_count
=
...
...
sql/sql_audit.h
View file @
b9b3d533
...
@@ -43,17 +43,23 @@ static inline bool mysql_audit_general_enabled()
...
@@ -43,17 +43,23 @@ static inline bool mysql_audit_general_enabled()
return
mysql_global_audit_mask
[
0
]
&
MYSQL_AUDIT_GENERAL_CLASSMASK
;
return
mysql_global_audit_mask
[
0
]
&
MYSQL_AUDIT_GENERAL_CLASSMASK
;
}
}
static
inline
bool
mysql_audit_table_enabled
()
{
return
mysql_global_audit_mask
[
0
]
&
MYSQL_AUDIT_TABLE_CLASSMASK
;
}
#else
#else
static
inline
void
mysql_audit_notify
(
THD
*
thd
,
uint
event_class
,
static
inline
void
mysql_audit_notify
(
THD
*
thd
,
uint
event_class
,
uint
event_subtype
,
...)
{
}
uint
event_subtype
,
...)
{
}
#define mysql_audit_general_enabled() 0
#define mysql_audit_general_enabled() 0
#define mysql_audit_table_enabled() 0
#endif
#endif
extern
void
mysql_audit_release
(
THD
*
thd
);
extern
void
mysql_audit_release
(
THD
*
thd
);
#define MAX_USER_HOST_SIZE 512
#define MAX_USER_HOST_SIZE 512
static
inline
uint
make_user_name
(
THD
*
thd
,
char
*
buf
)
static
inline
uint
make_user_name
(
THD
*
thd
,
char
*
buf
)
{
{
Security_context
*
sctx
=
thd
->
security_ctx
;
const
Security_context
*
sctx
=
thd
->
security_ctx
;
return
strxnmov
(
buf
,
MAX_USER_HOST_SIZE
,
return
strxnmov
(
buf
,
MAX_USER_HOST_SIZE
,
sctx
->
priv_user
[
0
]
?
sctx
->
priv_user
:
""
,
"["
,
sctx
->
priv_user
[
0
]
?
sctx
->
priv_user
:
""
,
"["
,
sctx
->
user
?
sctx
->
user
:
""
,
"] @ "
,
sctx
->
user
?
sctx
->
user
:
""
,
"] @ "
,
...
@@ -174,4 +180,87 @@ void mysql_audit_general(THD *thd, uint event_subtype,
...
@@ -174,4 +180,87 @@ void mysql_audit_general(THD *thd, uint event_subtype,
(thd)->security_ctx->ip ? strlen((thd)->security_ctx->ip) : 0,\
(thd)->security_ctx->ip ? strlen((thd)->security_ctx->ip) : 0,\
(thd)->db, (thd)->db ? strlen((thd)->db) : 0)
(thd)->db, (thd)->db ? strlen((thd)->db) : 0)
static
inline
void
mysql_audit_external_lock
(
THD
*
thd
,
TABLE_SHARE
*
share
,
int
lock
)
{
if
(
lock
!=
F_UNLCK
&&
mysql_audit_table_enabled
())
{
const
Security_context
*
sctx
=
thd
->
security_ctx
;
mysql_audit_notify
(
thd
,
MYSQL_AUDIT_TABLE_CLASS
,
MYSQL_AUDIT_TABLE_LOCK
,
(
int
)(
lock
==
F_RDLCK
),
(
ulong
)
thd
->
thread_id
,
sctx
->
user
,
sctx
->
priv_user
,
sctx
->
priv_host
,
sctx
->
external_user
,
sctx
->
proxy_user
,
sctx
->
host
,
sctx
->
ip
,
share
->
db
.
str
,
(
uint
)
share
->
db
.
length
,
share
->
table_name
.
str
,
(
uint
)
share
->
table_name
.
length
,
0
,
0
,
0
,
0
);
}
}
static
inline
void
mysql_audit_create_table
(
TABLE
*
table
)
{
if
(
mysql_audit_table_enabled
())
{
THD
*
thd
=
table
->
in_use
;
const
TABLE_SHARE
*
share
=
table
->
s
;
const
Security_context
*
sctx
=
thd
->
security_ctx
;
mysql_audit_notify
(
thd
,
MYSQL_AUDIT_TABLE_CLASS
,
MYSQL_AUDIT_TABLE_CREATE
,
0
,
(
ulong
)
thd
->
thread_id
,
sctx
->
user
,
sctx
->
priv_user
,
sctx
->
priv_host
,
sctx
->
external_user
,
sctx
->
proxy_user
,
sctx
->
host
,
sctx
->
ip
,
share
->
db
.
str
,
(
uint
)
share
->
db
.
length
,
share
->
table_name
.
str
,
(
uint
)
share
->
table_name
.
length
,
0
,
0
,
0
,
0
);
}
}
static
inline
void
mysql_audit_drop_table
(
THD
*
thd
,
TABLE_LIST
*
table
)
{
if
(
mysql_audit_table_enabled
())
{
const
Security_context
*
sctx
=
thd
->
security_ctx
;
mysql_audit_notify
(
thd
,
MYSQL_AUDIT_TABLE_CLASS
,
MYSQL_AUDIT_TABLE_DROP
,
0
,
(
ulong
)
thd
->
thread_id
,
sctx
->
user
,
sctx
->
priv_user
,
sctx
->
priv_host
,
sctx
->
external_user
,
sctx
->
proxy_user
,
sctx
->
host
,
sctx
->
ip
,
table
->
db
,
(
uint
)
table
->
db_length
,
table
->
table_name
,
(
uint
)
table
->
table_name_length
,
0
,
0
,
0
,
0
);
}
}
static
inline
void
mysql_audit_rename_table
(
THD
*
thd
,
const
char
*
old_db
,
const
char
*
old_tb
,
const
char
*
new_db
,
const
char
*
new_tb
)
{
if
(
mysql_audit_table_enabled
())
{
const
Security_context
*
sctx
=
thd
->
security_ctx
;
mysql_audit_notify
(
thd
,
MYSQL_AUDIT_TABLE_CLASS
,
MYSQL_AUDIT_TABLE_RENAME
,
0
,
(
ulong
)
thd
->
thread_id
,
sctx
->
user
,
sctx
->
priv_user
,
sctx
->
priv_host
,
sctx
->
external_user
,
sctx
->
proxy_user
,
sctx
->
host
,
sctx
->
ip
,
old_db
,
(
uint
)
strlen
(
old_db
),
old_tb
,
(
uint
)
strlen
(
old_tb
),
new_db
,
(
uint
)
strlen
(
new_db
),
new_tb
,
(
uint
)
strlen
(
new_tb
));
}
}
static
inline
void
mysql_audit_alter_table
(
THD
*
thd
,
TABLE_LIST
*
table
)
{
if
(
mysql_audit_table_enabled
())
{
const
Security_context
*
sctx
=
thd
->
security_ctx
;
mysql_audit_notify
(
thd
,
MYSQL_AUDIT_TABLE_CLASS
,
MYSQL_AUDIT_TABLE_ALTER
,
0
,
(
ulong
)
thd
->
thread_id
,
sctx
->
user
,
sctx
->
priv_user
,
sctx
->
priv_host
,
sctx
->
external_user
,
sctx
->
proxy_user
,
sctx
->
host
,
sctx
->
ip
,
table
->
db
,
(
uint
)
table
->
db_length
,
table
->
table_name
,
(
uint
)
table
->
table_name_length
,
0
,
0
,
0
,
0
);
}
}
#endif
/* SQL_AUDIT_INCLUDED */
#endif
/* SQL_AUDIT_INCLUDED */
sql/sql_table.cc
View file @
b9b3d533
...
@@ -54,6 +54,7 @@
...
@@ -54,6 +54,7 @@
#include "sql_show.h"
#include "sql_show.h"
#include "transaction.h"
#include "transaction.h"
#include "datadict.h" // dd_frm_type()
#include "datadict.h" // dd_frm_type()
#include "sql_audit.h"
#ifdef __WIN__
#ifdef __WIN__
#include <io.h>
#include <io.h>
...
@@ -2344,6 +2345,10 @@ int mysql_rm_table_no_locks(THD *thd, TABLE_LIST *tables, bool if_exists,
...
@@ -2344,6 +2345,10 @@ int mysql_rm_table_no_locks(THD *thd, TABLE_LIST *tables, bool if_exists,
wrong_tables
.
append
(
','
);
wrong_tables
.
append
(
','
);
wrong_tables
.
append
(
String
(
table
->
table_name
,
system_charset_info
));
wrong_tables
.
append
(
String
(
table
->
table_name
,
system_charset_info
));
}
}
else
{
mysql_audit_drop_table
(
thd
,
table
);
}
DBUG_PRINT
(
"table"
,
(
"table: 0x%lx s: 0x%lx"
,
(
long
)
table
->
table
,
DBUG_PRINT
(
"table"
,
(
"table: 0x%lx s: 0x%lx"
,
(
long
)
table
->
table
,
table
->
table
?
(
long
)
table
->
table
->
s
:
(
long
)
-
1
));
table
->
table
?
(
long
)
table
->
table
->
s
:
(
long
)
-
1
));
...
@@ -4728,6 +4733,8 @@ mysql_rename_table(handlerton *base, const char *old_db,
...
@@ -4728,6 +4733,8 @@ mysql_rename_table(handlerton *base, const char *old_db,
my_error
(
ER_NOT_SUPPORTED_YET
,
MYF
(
0
),
"ALTER TABLE"
);
my_error
(
ER_NOT_SUPPORTED_YET
,
MYF
(
0
),
"ALTER TABLE"
);
else
if
(
error
)
else
if
(
error
)
my_error
(
ER_ERROR_ON_RENAME
,
MYF
(
0
),
from
,
to
,
error
);
my_error
(
ER_ERROR_ON_RENAME
,
MYF
(
0
),
from
,
to
,
error
);
else
if
(
!
(
flags
&
FN_IS_TMP
))
mysql_audit_rename_table
(
thd
,
old_db
,
old_name
,
new_db
,
new_name
);
DBUG_RETURN
(
error
!=
0
);
DBUG_RETURN
(
error
!=
0
);
}
}
...
@@ -6054,6 +6061,8 @@ bool mysql_alter_table(THD *thd,char *new_db, char *new_name,
...
@@ -6054,6 +6061,8 @@ bool mysql_alter_table(THD *thd,char *new_db, char *new_name,
mysql_ha_rm_tables
(
thd
,
table_list
);
mysql_ha_rm_tables
(
thd
,
table_list
);
mysql_audit_alter_table
(
thd
,
table_list
);
/* DISCARD/IMPORT TABLESPACE is always alone in an ALTER TABLE */
/* DISCARD/IMPORT TABLESPACE is always alone in an ALTER TABLE */
if
(
alter_info
->
tablespace_op
!=
NO_TABLESPACE_OP
)
if
(
alter_info
->
tablespace_op
!=
NO_TABLESPACE_OP
)
/* Conditionally writes to binlog. */
/* Conditionally writes to binlog. */
...
@@ -6716,6 +6725,7 @@ bool mysql_alter_table(THD *thd,char *new_db, char *new_name,
...
@@ -6716,6 +6725,7 @@ bool mysql_alter_table(THD *thd,char *new_db, char *new_name,
HA_OPTION_PACK_RECORD
));
HA_OPTION_PACK_RECORD
));
}
}
tmp_disable_binlog
(
thd
);
tmp_disable_binlog
(
thd
);
create_info
->
options
|=
HA_CREATE_TMP_ALTER
;
error
=
mysql_create_table_no_lock
(
thd
,
new_db
,
tmp_name
,
error
=
mysql_create_table_no_lock
(
thd
,
new_db
,
tmp_name
,
create_info
,
create_info
,
alter_info
,
alter_info
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment