MDEV-17456 Malicious SUPER user can possibly change audit log configuration without leaving traces.

The 'SET server_audit_logging ' statements should be logged no matter
what.

1 files changed, 4 insertions, 3 deletions

diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c
index 2f9cd99fbd8..f03564e21d4 100644
--- a/plugin/server_audit/server_audit.c
+++ b/plugin/server_audit/server_audit.c
@@ -15,7 +15,7 @@
 
 
 #define PLUGIN_VERSION 0x104
-#define PLUGIN_STR_VERSION "1.4.4"
+#define PLUGIN_STR_VERSION "1.4.5"
 
 #define _my_thread_var loc_thread_var
 
@@ -1623,7 +1623,7 @@ static int log_statement_ex(const struct connection_info *cn,
   }
 
   if (query && !(events & EVENT_QUERY_ALL) &&
-      (events & EVENT_QUERY))
+      (events & EVENT_QUERY && !cn->log_always))
   {
     const char *orig_query= query;
 
@@ -2556,9 +2556,10 @@ static void log_current_query(MYSQL_THD thd)
   if (!ci_needs_setup(cn) && cn->query_length &&
       FILTER(EVENT_QUERY) && do_log_user(cn->user))
   {
+    cn->log_always= 1;
     log_statement_ex(cn, cn->query_time, thd_get_thread_id(thd),
         cn->query, cn->query_length, 0, "QUERY");
-    cn->log_always= 1;
+    cn->log_always= 0;
   }
 }