Commit cd26cdcd authored by Alexey Botchkov's avatar Alexey Botchkov

MDEV-19141 server_audit_excl_users accepts only values with less than 1024 chars.

Since this limit is imposed by the SHOW_VAR_FUNC_BUFF_SIZE, we just
launch the error message.
parent 00377147
...@@ -21,6 +21,16 @@ set global server_audit_incl_users=null; ...@@ -21,6 +21,16 @@ set global server_audit_incl_users=null;
set global server_audit_file_path='server_audit.log'; set global server_audit_file_path='server_audit.log';
set global server_audit_output_type=file; set global server_audit_output_type=file;
set global server_audit_logging=on; set global server_audit_logging=on;
set global server_audit_incl_users= repeat("'root',", 10000);
ERROR 42000: Variable 'server_audit_incl_users' can't be set to the value of ''root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','roo'
show variables like 'server_audit_incl_users';
Variable_name Value
server_audit_incl_users
set global server_audit_excl_users= repeat("'root',", 10000);
ERROR 42000: Variable 'server_audit_excl_users' can't be set to the value of ''root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','root','roo'
show variables like 'server_audit_excl_users';
Variable_name Value
server_audit_excl_users
connect con1,localhost,root,,mysql; connect con1,localhost,root,,mysql;
connection default; connection default;
disconnect con1; disconnect con1;
...@@ -251,6 +261,10 @@ uninstall plugin server_audit; ...@@ -251,6 +261,10 @@ uninstall plugin server_audit;
Warnings: Warnings:
Warning 1620 Plugin is busy and will be uninstalled on shutdown Warning 1620 Plugin is busy and will be uninstalled on shutdown
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_logging=on',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_logging=on',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_incl_users= repeat("\'root\',", 10000)',ID
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'show variables like \'server_audit_incl_users\'',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_excl_users= repeat("\'root\',", 10000)',ID
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'show variables like \'server_audit_excl_users\'',0
TIME,HOSTNAME,root,localhost,ID,0,CONNECT,mysql,,0 TIME,HOSTNAME,root,localhost,ID,0,CONNECT,mysql,,0
TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,mysql,,0 TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,mysql,,0
TIME,HOSTNAME,no_such_user,localhost,ID,0,FAILED_CONNECT,,,ID TIME,HOSTNAME,no_such_user,localhost,ID,0,FAILED_CONNECT,,,ID
......
...@@ -13,6 +13,14 @@ set global server_audit_incl_users=null; ...@@ -13,6 +13,14 @@ set global server_audit_incl_users=null;
set global server_audit_file_path='server_audit.log'; set global server_audit_file_path='server_audit.log';
set global server_audit_output_type=file; set global server_audit_output_type=file;
set global server_audit_logging=on; set global server_audit_logging=on;
--error ER_WRONG_VALUE_FOR_VAR
set global server_audit_incl_users= repeat("'root',", 10000);
show variables like 'server_audit_incl_users';
--error ER_WRONG_VALUE_FOR_VAR
set global server_audit_excl_users= repeat("'root',", 10000);
show variables like 'server_audit_excl_users';
--sleep 2 --sleep 2
connect (con1,localhost,root,,mysql); connect (con1,localhost,root,,mysql);
connection default; connection default;
......
...@@ -335,6 +335,10 @@ static void update_file_rotations(MYSQL_THD thd, struct st_mysql_sys_var *var, ...@@ -335,6 +335,10 @@ static void update_file_rotations(MYSQL_THD thd, struct st_mysql_sys_var *var,
void *var_ptr, const void *save); void *var_ptr, const void *save);
static void update_incl_users(MYSQL_THD thd, struct st_mysql_sys_var *var, static void update_incl_users(MYSQL_THD thd, struct st_mysql_sys_var *var,
void *var_ptr, const void *save); void *var_ptr, const void *save);
static int check_incl_users(MYSQL_THD thd, struct st_mysql_sys_var *var, void *save,
struct st_mysql_value *value);
static int check_excl_users(MYSQL_THD thd, struct st_mysql_sys_var *var, void *save,
struct st_mysql_value *value);
static void update_excl_users(MYSQL_THD thd, struct st_mysql_sys_var *var, static void update_excl_users(MYSQL_THD thd, struct st_mysql_sys_var *var,
void *var_ptr, const void *save); void *var_ptr, const void *save);
static void update_output_type(MYSQL_THD thd, struct st_mysql_sys_var *var, static void update_output_type(MYSQL_THD thd, struct st_mysql_sys_var *var,
...@@ -354,10 +358,10 @@ static void rotate_log(MYSQL_THD thd, struct st_mysql_sys_var *var, ...@@ -354,10 +358,10 @@ static void rotate_log(MYSQL_THD thd, struct st_mysql_sys_var *var,
static MYSQL_SYSVAR_STR(incl_users, incl_users, PLUGIN_VAR_RQCMDARG, static MYSQL_SYSVAR_STR(incl_users, incl_users, PLUGIN_VAR_RQCMDARG,
"Comma separated list of users to monitor.", "Comma separated list of users to monitor.",
NULL, update_incl_users, NULL); check_incl_users, update_incl_users, NULL);
static MYSQL_SYSVAR_STR(excl_users, excl_users, PLUGIN_VAR_RQCMDARG, static MYSQL_SYSVAR_STR(excl_users, excl_users, PLUGIN_VAR_RQCMDARG,
"Comma separated list of users to exclude from auditing.", "Comma separated list of users to exclude from auditing.",
NULL, update_excl_users, NULL); check_excl_users, update_excl_users, NULL);
/* bits in the event filter. */ /* bits in the event filter. */
#define EVENT_CONNECT 1 #define EVENT_CONNECT 1
#define EVENT_QUERY_ALL 2 #define EVENT_QUERY_ALL 2
...@@ -2643,16 +2647,56 @@ static void update_file_rotate_size(MYSQL_THD thd __attribute__((unused)), ...@@ -2643,16 +2647,56 @@ static void update_file_rotate_size(MYSQL_THD thd __attribute__((unused)),
} }
static int check_users(void *save, struct st_mysql_value *value,
size_t s, const char *name)
{
const char *users;
int len= 0;
users= value->val_str(value, NULL, &len);
if ((size_t) len > s)
{
error_header();
fprintf(stderr,
"server_audit_%s_users value can't be longer than %ld characters.\n",
name, s);
return 1;
}
*((const char**)save)= users;
return 0;
}
static int check_incl_users(MYSQL_THD thd __attribute__((unused)),
struct st_mysql_sys_var *var __attribute__((unused)),
void *save, struct st_mysql_value *value)
{
return check_users(save, value, sizeof(incl_user_buffer), "incl");
}
static int check_excl_users(MYSQL_THD thd __attribute__((unused)),
struct st_mysql_sys_var *var __attribute__((unused)),
void *save, struct st_mysql_value *value)
{
return check_users(save, value, sizeof(excl_user_buffer), "excl");
}
static void update_incl_users(MYSQL_THD thd, static void update_incl_users(MYSQL_THD thd,
struct st_mysql_sys_var *var __attribute__((unused)), struct st_mysql_sys_var *var __attribute__((unused)),
void *var_ptr __attribute__((unused)), const void *save) void *var_ptr __attribute__((unused)), const void *save)
{ {
char *new_users= (*(char **) save) ? *(char **) save : empty_str; char *new_users= (*(char **) save) ? *(char **) save : empty_str;
size_t new_len= strlen(new_users) + 1;
if (!maria_55_started || !debug_server_started) if (!maria_55_started || !debug_server_started)
flogger_mutex_lock(&lock_operations); flogger_mutex_lock(&lock_operations);
mark_always_logged(thd); mark_always_logged(thd);
strncpy(incl_user_buffer, new_users, sizeof(incl_user_buffer)-1);
incl_user_buffer[sizeof(incl_user_buffer)-1]= 0; if (new_len > sizeof(incl_user_buffer))
new_len= sizeof(incl_user_buffer);
memcpy(incl_user_buffer, new_users, new_len - 1);
incl_user_buffer[new_len - 1]= 0;
incl_users= incl_user_buffer; incl_users= incl_user_buffer;
user_coll_fill(&incl_user_coll, incl_users, &excl_user_coll, 1); user_coll_fill(&incl_user_coll, incl_users, &excl_user_coll, 1);
error_header(); error_header();
...@@ -2667,11 +2711,17 @@ static void update_excl_users(MYSQL_THD thd __attribute__((unused)), ...@@ -2667,11 +2711,17 @@ static void update_excl_users(MYSQL_THD thd __attribute__((unused)),
void *var_ptr __attribute__((unused)), const void *save) void *var_ptr __attribute__((unused)), const void *save)
{ {
char *new_users= (*(char **) save) ? *(char **) save : empty_str; char *new_users= (*(char **) save) ? *(char **) save : empty_str;
size_t new_len= strlen(new_users) + 1;
if (!maria_55_started || !debug_server_started) if (!maria_55_started || !debug_server_started)
flogger_mutex_lock(&lock_operations); flogger_mutex_lock(&lock_operations);
mark_always_logged(thd); mark_always_logged(thd);
strncpy(excl_user_buffer, new_users, sizeof(excl_user_buffer)-1);
excl_user_buffer[sizeof(excl_user_buffer)-1]= 0; if (new_len > sizeof(excl_user_buffer))
new_len= sizeof(excl_user_buffer);
memcpy(excl_user_buffer, new_users, new_len - 1);
excl_user_buffer[new_len - 1]= 0;
excl_users= excl_user_buffer; excl_users= excl_user_buffer;
user_coll_fill(&excl_user_coll, excl_users, &incl_user_coll, 0); user_coll_fill(&excl_user_coll, excl_users, &incl_user_coll, 0);
error_header(); error_header();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment