diff options
| author | Alexey Botchkov <holyfoot@askmonty.org> | 2020-12-28 15:12:32 +0400 |
|---|---|---|
| committer | Alexey Botchkov <holyfoot@askmonty.org> | 2020-12-28 15:12:32 +0400 |
| commit | 78292047a4747ccd9210ba36a185a1dbe825de89 (patch) | |
| tree | d7e0f195048bc877f2175e4808bd7ce3e8d15011 /plugin | |
| parent | 5b9ee8d8193a8c7a8ebdd35eedcadc3ae78e7fc1 (diff) | |
| download | mariadb-git-78292047a4747ccd9210ba36a185a1dbe825de89.tar.gz | |
MDEV-19442 server_audit plugin doesn't consider proxy users in server_audit_excl_users/server_audit_incl_users.
Check the proxy user just as the connection user against the
incl_users_list and excl_users_list.
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/server_audit/server_audit.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c index fe8bf4478fc..ebb2c6c0a05 100644 --- a/plugin/server_audit/server_audit.c +++ b/plugin/server_audit/server_audit.c @@ -1578,22 +1578,27 @@ no_password: -static int do_log_user(const char *name, int take_lock) +static int do_log_user(const char *name, int len, + const char *proxy, int proxy_len, int take_lock) { - size_t len; int result; if (!name) return 0; - len= strlen(name); if (take_lock) flogger_mutex_lock(&lock_operations); if (incl_user_coll.n_users) - result= coll_search(&incl_user_coll, name, len) != 0; + { + result= coll_search(&incl_user_coll, name, len) != 0 || + (proxy && coll_search(&incl_user_coll, proxy, proxy_len) != 0); + } else if (excl_user_coll.n_users) - result= coll_search(&excl_user_coll, name, len) == 0; + { + result= coll_search(&excl_user_coll, name, len) == 0 && + (proxy && coll_search(&excl_user_coll, proxy, proxy_len) == 0); + } else result= 1; @@ -2134,7 +2139,9 @@ void auditing(MYSQL_THD thd, unsigned int event_class, const void *ev) } if (event_class == MYSQL_AUDIT_GENERAL_CLASS && FILTER(EVENT_QUERY) && - cn && (cn->log_always || do_log_user(cn->user, 1))) + cn && (cn->log_always || do_log_user(cn->user, cn->user_length, + cn->proxy, cn->proxy_length, + 1))) { const struct mysql_event_general *event = (const struct mysql_event_general *) ev; @@ -2154,7 +2161,8 @@ void auditing(MYSQL_THD thd, unsigned int event_class, const void *ev) { const struct mysql_event_table *event = (const struct mysql_event_table *) ev; - if (do_log_user(event->user, 1)) + if (do_log_user(event->user, SAFE_STRLEN(event->user), + cn->proxy, cn->proxy_length, 1)) { switch (event->event_subclass) { |