summaryrefslogtreecommitdiff
path: root/plugin
diff options
context:
space:
mode:
authorAlexey Botchkov <holyfoot@askmonty.org>2014-02-24 23:40:16 +0400
committerAlexey Botchkov <holyfoot@askmonty.org>2014-02-24 23:40:16 +0400
commit222e73c7a1849be1bc8236fe70050c72cd7c7336 (patch)
treea50e2b72d96e853adf2d1fc72a86dee71a8c28ff /plugin
parentff2e82f4a175b7b023cd167b2fa6e6fcd1bd192e (diff)
downloadmariadb-git-222e73c7a1849be1bc8236fe70050c72cd7c7336.tar.gz
MariaDB Audit plugin added.
Diffstat (limited to 'plugin')
-rw-r--r--plugin/server_audit/CMakeLists.txt16
-rw-r--r--plugin/server_audit/COPYING339
-rw-r--r--plugin/server_audit/server_audit.c1836
3 files changed, 2191 insertions, 0 deletions
diff --git a/plugin/server_audit/CMakeLists.txt b/plugin/server_audit/CMakeLists.txt
new file mode 100644
index 00000000000..527d0d702da
--- /dev/null
+++ b/plugin/server_audit/CMakeLists.txt
@@ -0,0 +1,16 @@
+# Copyright (C) 2013 Alexey Botchkov and SkySQL Ab
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+MYSQL_ADD_PLUGIN(server_audit server_audit.c MODULE_ONLY)
diff --git a/plugin/server_audit/COPYING b/plugin/server_audit/COPYING
new file mode 100644
index 00000000000..d511905c164
--- /dev/null
+++ b/plugin/server_audit/COPYING
@@ -0,0 +1,339 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c
new file mode 100644
index 00000000000..31af84f2b76
--- /dev/null
+++ b/plugin/server_audit/server_audit.c
@@ -0,0 +1,1836 @@
+/* Copyright (C) 2013 Alexey Botchkov and SkySQL Ab
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
+
+
+#define PLUGIN_VERSION 0x101
+#define PLUGIN_STR_VERSION "1.1.5"
+
+#include <stdio.h>
+#include <time.h>
+#include <string.h>
+
+#ifndef _WIN32
+#include <syslog.h>
+#else
+#define syslog(PRIORITY, FORMAT, INFO, MESSAGE_LEN, MESSAGE) do {}while(0)
+static void closelog() {}
+#define openlog(IDENT, LOG_NOWAIT, LOG_USER) do {}while(0)
+
+/* priorities */
+#define LOG_EMERG 0 /* system is unusable */
+#define LOG_ALERT 1 /* action must be taken immediately */
+#define LOG_CRIT 2 /* critical conditions */
+#define LOG_ERR 3 /* error conditions */
+#define LOG_WARNING 4 /* warning conditions */
+#define LOG_NOTICE 5 /* normal but significant condition */
+#define LOG_INFO 6 /* informational */
+#define LOG_DEBUG 7 /* debug-level messages */
+
+#define LOG_MAKEPRI(fac, pri) (((fac) << 3) | (pri))
+
+/* facility codes */
+#define LOG_KERN (0<<3) /* kernel messages */
+#define LOG_USER (1<<3) /* random user-level messages */
+#define LOG_MAIL (2<<3) /* mail system */
+#define LOG_DAEMON (3<<3) /* system daemons */
+#define LOG_AUTH (4<<3) /* security/authorization messages */
+#define LOG_SYSLOG (5<<3) /* messages generated internally by syslogd */
+#define LOG_LPR (6<<3) /* line printer subsystem */
+#define LOG_NEWS (7<<3) /* network news subsystem */
+#define LOG_UUCP (8<<3) /* UUCP subsystem */
+#define LOG_CRON (9<<3) /* clock daemon */
+#define LOG_AUTHPRIV (10<<3) /* security/authorization messages (private) */
+#define LOG_FTP (11<<3) /* ftp daemon */
+#define LOG_LOCAL0 (16<<3) /* reserved for local use */
+#define LOG_LOCAL1 (17<<3) /* reserved for local use */
+#define LOG_LOCAL2 (18<<3) /* reserved for local use */
+#define LOG_LOCAL3 (19<<3) /* reserved for local use */
+#define LOG_LOCAL4 (20<<3) /* reserved for local use */
+#define LOG_LOCAL5 (21<<3) /* reserved for local use */
+#define LOG_LOCAL6 (22<<3) /* reserved for local use */
+#define LOG_LOCAL7 (23<<3) /* reserved for local use */
+
+#endif /*!_WIN32*/
+
+/*
+ Defines that can be used to reshape the pluging:
+ #define MARIADB_ONLY
+ #define USE_MARIA_PLUGIN_INTERFACE
+*/
+
+#if !defined(MYSQL_DYNAMIC_PLUGIN) && !defined(MARIADB_ONLY)
+#define MARIADB_ONLY
+#endif /*MYSQL_PLUGIN_DYNAMIC*/
+
+#ifndef MARIADB_ONLY
+#define MYSQL_SERVICE_LOGGER_INCLUDED
+#endif /*MARIADB_ONLY*/
+
+#include <my_base.h>
+//#include <hash.h>
+#include <my_dir.h>
+#include <typelib.h>
+#include <mysql/plugin.h>
+#include <mysql/plugin_audit.h>
+
+#undef my_init_dynamic_array_ci
+#define init_dynamic_array2 loc_init_dynamic_array2
+#define my_init_dynamic_array_ci(A,B,C,D) loc_init_dynamic_array2(A,B,NULL,C,D)
+#define _my_hash_init loc_my_hash_init
+#define my_hash_search loc_my_hash_search
+#define my_hash_insert loc_my_hash_insert
+#define my_hash_delete loc_my_hash_delete
+#define my_hash_update loc_my_hash_update
+#define my_hash_free loc_my_hash_free
+#define my_hash_first loc_my_hash_first
+#define my_hash_reset loc_my_hash_reset
+#define my_hash_search_using_hash_value loc_my_hash_search_using_hash_value
+#define my_hash_first_from_hash_value loc_my_hash_first_from_hash_value
+#define my_calc_hash loc_my_calc_hash
+#undef my_hash_first_from_hash_value
+#define my_hash_first_from_hash_value loc_my_my_hash_first_from_hash_value
+#define my_hash_next loc_my_hash_next
+#define my_hash_element loc_my_hash_element
+#define my_hash_replace loc_my_hash_replace
+#define my_hash_iterate loc_my_hash_iterate
+
+#define alloc_dynamic loc_alloc_dynamic
+#define pop_dynamic loc_pop_dynamic
+#define delete_dynamic loc_delete_dynamic
+uchar *loc_alloc_dynamic(DYNAMIC_ARRAY *array);
+
+#include "../../mysys/array.c"
+#include "../../mysys/hash.c"
+
+#ifndef MARIADB_ONLY
+#undef MYSQL_SERVICE_LOGGER_INCLUDED
+#undef MYSQL_DYNAMIC_PLUGIN
+#define FLOGGER_NO_PSI
+#define flogger_mutex_init(A,B,C) pthread_mutex_init(&(B)->m_mutex, C)
+#define flogger_mutex_destroy(A) pthread_mutex_destroy(&(A)->m_mutex)
+#define flogger_mutex_lock(A) pthread_mutex_lock(&(A)->m_mutex)
+#define flogger_mutex_unlock(A) pthread_mutex_unlock(&(A)->m_mutex)
+
+#include "../../mysys/file_logger.c"
+#endif /*!MARIADB_ONLY*/
+
+#ifndef DBUG_OFF
+#define PLUGIN_DEBUG_VERSION "-debug"
+#else
+#define PLUGIN_DEBUG_VERSION ""
+#endif /*DBUG_OFF*/
+/*
+ Disable __attribute__() on non-gcc compilers.
+*/
+#if !defined(__attribute__) && !defined(__GNUC__)
+#define __attribute__(A)
+#endif
+
+#ifdef _WIN32
+#define localtime_r(a, b) localtime_s(b, a)
+#endif /*WIN32*/
+
+
+extern char server_version[];
+static const char *serv_ver= NULL;
+static int started_mysql= 0;
+static int maria_above_5= 0;
+static char *incl_users, *excl_users,
+ *file_path, *syslog_info;
+static char path_buffer[FN_REFLEN];
+static unsigned int mode, mode_readonly= 0;
+static ulong output_type;
+static ulong syslog_facility, syslog_priority;
+
+static ulonglong events; /* mask for events to log */
+static unsigned long long file_rotate_size;
+static unsigned int rotations;
+static my_bool rotate= TRUE;
+static char logging;
+static int internal_stop_logging= 0;
+static char incl_user_buffer[1024];
+static char excl_user_buffer[1024];
+
+static char servhost[256];
+static size_t servhost_len;
+static char *syslog_ident;
+static char syslog_ident_buffer[128]= "mysql-server_auditing";
+#define DEFAULT_FILENAME_LEN 16
+static char default_file_name[DEFAULT_FILENAME_LEN+1]= "server_audit.log";
+
+static void update_file_path(MYSQL_THD thd, struct st_mysql_sys_var *var,
+ void *var_ptr, const void *save);
+static void update_incl_users(MYSQL_THD thd, struct st_mysql_sys_var *var,
+ void *var_ptr, const void *save);
+static void update_excl_users(MYSQL_THD thd, struct st_mysql_sys_var *var,
+ void *var_ptr, const void *save);
+static void update_output_type(MYSQL_THD thd, struct st_mysql_sys_var *var,
+ void *var_ptr, const void *save);
+static void update_syslog_facility(MYSQL_THD thd, struct st_mysql_sys_var *var,
+ void *var_ptr, const void *save);
+static void update_syslog_priority(MYSQL_THD thd, struct st_mysql_sys_var *var,
+ void *var_ptr, const void *save);
+static void update_mode(MYSQL_THD thd, struct st_mysql_sys_var *var,
+ void *var_ptr, const void *save);
+static void update_logging(MYSQL_THD thd, struct st_mysql_sys_var *var,
+ void *var_ptr, const void *save);
+static void update_syslog_ident(MYSQL_THD thd, struct st_mysql_sys_var *var,
+ void *var_ptr, const void *save);
+static void rotate_log(MYSQL_THD thd, struct st_mysql_sys_var *var,
+ void *var_ptr, const void *save);
+
+static MYSQL_SYSVAR_STR(incl_users, incl_users, PLUGIN_VAR_RQCMDARG,
+ "Comma separated list of users to monitor.",
+ NULL, update_incl_users, NULL);
+static MYSQL_SYSVAR_STR(excl_users, excl_users, PLUGIN_VAR_RQCMDARG,
+ "Comma separated list of users to exclude from auditing.",
+ NULL, update_excl_users, NULL);
+/* bits in the event filter. */
+#define EVENT_CONNECT 1
+#define EVENT_QUERY 2
+#define EVENT_TABLE 4
+static const char *event_names[]=
+{
+ "CONNECT", "QUERY", "TABLE",
+ NULL
+};
+static TYPELIB events_typelib=
+{
+ array_elements(event_names) - 1, "", event_names, NULL
+};
+static MYSQL_SYSVAR_SET(events, events, PLUGIN_VAR_RQCMDARG,
+ "Specifies the set of events to monitor. Can be CONNECT, QUERY, TABLE.",
+ NULL, NULL, 0, &events_typelib);
+#define OUTPUT_SYSLOG 0
+#define OUTPUT_FILE 1
+#define OUTPUT_NO 0xFFFF
+static const char *output_type_names[]= { "syslog", "file", 0 };
+static TYPELIB output_typelib=
+{
+ array_elements(output_type_names) - 1, "output_typelib",
+ output_type_names, NULL
+};
+static MYSQL_SYSVAR_ENUM(output_type, output_type, PLUGIN_VAR_RQCMDARG,
+ "Desired output type. Possible values - 'syslog', 'file'"
+ " or 'null' as no output.", 0, update_output_type, OUTPUT_FILE,
+ &output_typelib);
+static MYSQL_SYSVAR_STR(file_path, file_path, PLUGIN_VAR_RQCMDARG,
+ "Path to the log file.", NULL, update_file_path, default_file_name);
+static MYSQL_SYSVAR_ULONGLONG(file_rotate_size, file_rotate_size,
+ PLUGIN_VAR_RQCMDARG, "Maximum size of the log to start the rotation.",
+ NULL, NULL,
+ 1000000, 100, ((long long) 0x7FFFFFFFFFFFFFFFLL), 1);
+static MYSQL_SYSVAR_UINT(file_rotations, rotations,
+ PLUGIN_VAR_RQCMDARG, "Number of rotations before log is removed.",
+ NULL, NULL, 9, 0, 999, 1);
+static MYSQL_SYSVAR_BOOL(file_rotate_now, rotate, PLUGIN_VAR_OPCMDARG,
+ "Force log rotation now.", NULL, rotate_log, FALSE);
+static MYSQL_SYSVAR_BOOL(logging, logging,
+ PLUGIN_VAR_OPCMDARG, "Turn on/off the logging.", NULL,
+ update_logging, 0);
+static MYSQL_SYSVAR_UINT(mode, mode,
+ PLUGIN_VAR_OPCMDARG, "Auditing mode.", NULL, update_mode, 0, 0, 1, 1);
+static MYSQL_SYSVAR_STR(syslog_ident, syslog_ident, PLUGIN_VAR_RQCMDARG,
+ "The SYSLOG identifier - the beginning of each SYSLOG record.",
+ NULL, update_syslog_ident, syslog_ident_buffer);
+static MYSQL_SYSVAR_STR(syslog_info, syslog_info,
+ PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_MEMALLOC,
+ "The <info> string to be added to the SYSLOG record.", NULL, NULL, "");
+
+static const char *syslog_facility_names[]=
+{
+ "LOG_USER", "LOG_MAIL", "LOG_DAEMON", "LOG_AUTH",
+ "LOG_SYSLOG", "LOG_LPR", "LOG_NEWS", "LOG_UUCP",
+ "LOG_CRON", "LOG_AUTHPRIV", "LOG_FTP",
+ "LOG_LOCAL0", "LOG_LOCAL1", "LOG_LOCAL2", "LOG_LOCAL3",
+ "LOG_LOCAL4", "LOG_LOCAL5", "LOG_LOCAL6", "LOG_LOCAL7",
+ 0
+};
+static unsigned int syslog_facility_codes[]=
+{
+ LOG_USER, LOG_MAIL, LOG_DAEMON, LOG_AUTH,
+ LOG_SYSLOG, LOG_LPR, LOG_NEWS, LOG_UUCP,
+ LOG_CRON, LOG_AUTHPRIV, LOG_FTP,
+ LOG_LOCAL0, LOG_LOCAL1, LOG_LOCAL2, LOG_LOCAL3,
+ LOG_LOCAL4, LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7,
+};
+static TYPELIB syslog_facility_typelib=
+{
+ array_elements(syslog_facility_names) - 1, "syslog_facility_typelib",
+ syslog_facility_names, NULL
+};
+static MYSQL_SYSVAR_ENUM(syslog_facility, syslog_facility, PLUGIN_VAR_RQCMDARG,
+ "The 'facility' parameter of the SYSLOG record."
+ " The default is LOG_USER.", 0, update_syslog_facility, 0/*LOG_USER*/,
+ &syslog_facility_typelib);
+
+static const char *syslog_priority_names[]=
+{
+ "LOG_EMERG", "LOG_ALERT", "LOG_CRIT", "LOG_ERR",
+ "LOG_WARNING", "LOG_NOTICE", "LOG_INFO", "LOG_DEBUG",
+ 0
+};
+
+static unsigned int syslog_priority_codes[]=
+{
+ LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR,
+ LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG,
+};
+
+static TYPELIB syslog_priority_typelib=
+{
+ array_elements(syslog_priority_names) - 1, "syslog_priority_typelib",
+ syslog_priority_names, NULL
+};
+static MYSQL_SYSVAR_ENUM(syslog_priority, syslog_priority, PLUGIN_VAR_RQCMDARG,
+ "The 'priority' parameter of the SYSLOG record."
+ " The default is LOG_INFO.", 0, update_syslog_priority, 6/*LOG_INFO*/,
+ &syslog_priority_typelib);
+
+
+static struct st_mysql_sys_var* vars[] = {
+ MYSQL_SYSVAR(incl_users),
+ MYSQL_SYSVAR(excl_users),
+ MYSQL_SYSVAR(events),
+ MYSQL_SYSVAR(output_type),
+ MYSQL_SYSVAR(file_path),
+ MYSQL_SYSVAR(file_rotate_size),
+ MYSQL_SYSVAR(file_rotations),
+ MYSQL_SYSVAR(file_rotate_now),
+ MYSQL_SYSVAR(logging),
+ MYSQL_SYSVAR(mode),
+ MYSQL_SYSVAR(syslog_info),
+ MYSQL_SYSVAR(syslog_ident),
+ MYSQL_SYSVAR(syslog_facility),
+ MYSQL_SYSVAR(syslog_priority),
+ NULL
+};
+
+
+/* Status variables for SHOW STATUS */
+static int is_active= 0;
+static long log_write_failures= 0;
+static char current_log_buf[FN_REFLEN]= "";
+static char last_error_buf[512]= "";
+
+static struct st_mysql_show_var audit_status[]=
+{
+ {"server_audit_active", (char *)&is_active, SHOW_BOOL},
+ {"server_audit_current_log", current_log_buf, SHOW_CHAR},
+ {"server_audit_writes_failed", (char *)&log_write_failures, SHOW_LONG},
+ {"server_audit_last_error", last_error_buf, SHOW_CHAR},
+ {0,0,0}
+};
+
+#if defined(HAVE_PSI_INTERFACE) && !defined(FLOGGER_NO_PSI)
+/* These belong to the service initialization */
+static PSI_mutex_key key_LOCK_operations;
+static PSI_mutex_info mutex_key_list[]=
+{{ &key_LOCK_operations, "SERVER_AUDIT_plugin::lock_operations",
+ PSI_FLAG_GLOBAL}};
+#endif
+static mysql_mutex_t lock_operations;
+
+/* The Percona server and partly MySQL don't support */
+/* launching client errors in the 'update_variable' methods. */
+/* So the client errors just disabled for them. */
+/* The possible solution is to implement the 'check_variable'*/
+/* methods there properly, but at the moment i'm not sure it */
+/* worths doing. */
+#define CLIENT_ERROR if (!started_mysql) my_printf_error
+
+static uchar *getkey_user(const char *entry, size_t *length,
+ my_bool nu __attribute__((unused)) )
+{
+ const char *e= entry;
+ while (*e && *e != ' ' && *e != ',')
+ ++e;
+ *length= e - entry;
+ return (uchar *) entry;
+}
+
+
+static void blank_user(uchar *user)
+{
+ for (; *user && *user != ','; user++)
+ *user= ' ';
+}
+
+
+static void remove_user(char *user)
+{
+ char *start_user= user;
+ while (*user != ',')
+ {
+ if (*user == 0)
+ {
+ *start_user= 0;
+ return;
+ }
+ user++;
+ }
+ user++;
+ while (*user == ' ')
+ user++;
+
+ do {
+ *(start_user++)= *user;
+ } while (*(user++));
+}
+
+
+static void remove_blanks(char *user)
+{
+ char *user_orig= user;
+ char *user_to= user;
+ char *start_tok;
+ int blank_name;
+
+ while (*user != 0)
+ {
+ start_tok= user;
+ blank_name= 1;
+ while (*user !=0 && *user != ',')
+ {
+ if (*user != ' ')
+ blank_name= 0;
+ user++;
+ }
+ if (!blank_name)
+ {
+ while (start_tok <= user)
+ *(user_to++)= *(start_tok++);
+ }
+ if (*user == ',')
+ user++;
+ }
+ if (user_to > user_orig && user_to[-1] == ',')
+ user_to--;
+ *user_to= 0;
+}
+
+
+static int user_hash_fill(HASH *h, char *users,
+ HASH *cmp_hash, int take_over_cmp)
+{
+ char *orig_users= users;
+ uchar *cmp_user= 0;
+ size_t cmp_length;
+ int refill_cmp_hash= 0;
+
+ if (my_hash_inited(h))
+ my_hash_reset(h);
+ else
+ loc_my_hash_init(h, 0, &my_charset_bin, 0x100, 0, 0,
+ (my_hash_get_key) getkey_user, 0, 0);
+
+ while (*users)
+ {
+ while (*users == ' ')
+ users++;
+ if (!*users)
+ return 0;
+
+
+ if (cmp_hash)
+ {
+ (void) getkey_user(users, &cmp_length, FALSE);
+ cmp_user= my_hash_search(cmp_hash, (const uchar *) users, cmp_length);
+
+ if (cmp_user && take_over_cmp)
+ {
+ internal_stop_logging= 1;
+ CLIENT_ERROR(1, "User '%.*s' was removed from the"
+ " server_audit_excl_users.",
+ MYF(ME_JUST_WARNING), (int) cmp_length, users);
+ internal_stop_logging= 0;
+ blank_user(cmp_user);
+ refill_cmp_hash= 1;
+ }
+ else if (cmp_user)
+ {
+ internal_stop_logging= 1;
+ CLIENT_ERROR(1, "User '%.*s' is in the server_audit_incl_users, "
+ "so wasn't added.", MYF(ME_JUST_WARNING), (int) cmp_length, users);
+ internal_stop_logging= 0;
+ remove_user(users);
+ continue;
+ }
+ }
+ if (my_hash_insert(h, (const uchar *) users))
+ return 1;
+ while (*users && *users != ',')
+ users++;
+ if (!*users)
+ break;
+ users++;
+ }
+
+ if (refill_cmp_hash)
+ {
+ remove_blanks(excl_users);
+ return user_hash_fill(cmp_hash, excl_users, 0, 0);
+ }
+
+ if (users > orig_users && users[-1] == ',')
+ users[-1]= 0;
+
+ return 0;
+}
+
+
+static void error_header()
+{
+ struct tm tm_time;
+ time_t curtime;
+
+ (void) time(&curtime);
+ (void) localtime_r(&curtime, &tm_time);
+
+ (void) fprintf(stderr,"%02d%02d%02d %2d:%02d:%02d server_audit: ",
+ tm_time.tm_year % 100, tm_time.tm_mon + 1,
+ tm_time.tm_mday, tm_time.tm_hour, tm_time.tm_min, tm_time.tm_sec);
+}
+
+
+static LOGGER_HANDLE *logfile;
+static HASH incl_user_hash, excl_user_hash;
+static unsigned long long query_counter= 1;
+
+struct connection_info
+{
+ unsigned long thread_id;
+ unsigned long long query_id;
+ char db[256];
+ int db_length;
+ char user[64];
+ int user_length;
+ char host[64];
+ int host_length;
+ char ip[64];
+ int ip_length;
+ const char *query;
+ int query_length;
+ char query_buffer[1024];
+ time_t query_time;
+ int log_always;
+};
+
+static HASH connection_hash;
+
+
+struct connection_info *alloc_connection()
+{
+ return malloc(ALIGN_SIZE(sizeof(struct connection_info)));
+}
+
+
+void free_connection(void* pconn)
+{
+ (void) free(pconn);
+}
+
+
+static struct connection_info *find_connection(unsigned long id)
+{
+ return (struct connection_info *)
+ my_hash_search(&connection_hash, (const uchar *) &id, sizeof(id));
+}
+
+
+static void get_str_n(char *dest, int *dest_len, size_t dest_size,
+ const char *src, size_t src_len)
+{
+ if (src_len >= dest_size)
+ src_len= dest_size - 1;
+
+ memcpy(dest, src, src_len);
+ dest[src_len]= 0;
+ *dest_len= src_len;
+}
+
+
+static int get_user_host(const char *uh_line, unsigned int uh_len,
+ char *buffer, size_t buf_len,
+ size_t *user_len, size_t *host_len, size_t *ip_len)
+{
+ const char *buf_end= buffer + buf_len - 1;
+ const char *buf_start;
+ const char *uh_end= uh_line + uh_len;
+
+ while (uh_line < uh_end && *uh_line != '[')
+ ++uh_line;
+
+ if (uh_line == uh_end)
+ return 1;
+ ++uh_line;
+
+ buf_start= buffer;
+ while (uh_line < uh_end && *uh_line != ']')
+ {
+ if (buffer == buf_end)
+ return 1;
+ *(buffer++)= *(uh_line++);
+ }
+ if (uh_line == uh_end)
+ return 1;
+ *user_len= buffer - buf_start;
+ *(buffer++)= 0;
+
+ while (uh_line < uh_end && *uh_line != '@')
+ ++uh_line;
+ if (uh_line == uh_end || *(++uh_line) == 0)
+ return 1;
+ ++uh_line;
+
+ buf_start= buffer;
+ while (uh_line < uh_end && *uh_line != ' ' && *uh_line != '[')
+ {
+ if (buffer == buf_end)
+ break;
+ *(buffer++)= *(uh_line++);
+ }
+ *host_len= buffer - buf_start;
+ *(buffer++)= 0;
+
+ while (uh_line < uh_end && *uh_line != '[')
+ ++uh_line;
+
+ buf_start= buffer;
+ if (*uh_line == '[')
+ {
+ ++uh_line;
+ while (uh_line < uh_end && *uh_line != ']')
+ *(buffer++)= *(uh_line++);
+ }
+ *ip_len= buffer - buf_start;
+ return 0;
+}
+
+#if defined(__WIN__) && !defined(S_ISDIR)
+#define S_ISDIR(x) ((x) & _S_IFDIR)
+#endif /*__WIN__ && !S_ISDIR*/
+
+static int start_logging()
+{
+ last_error_buf[0]= 0;
+ log_write_failures= 0;
+ if (output_type == OUTPUT_FILE)
+ {
+ char alt_path_buffer[FN_REFLEN+1+DEFAULT_FILENAME_LEN];
+ MY_STAT *f_stat;
+ const char *alt_fname= file_path;
+
+ while (*alt_fname == ' ')
+ alt_fname++;
+
+ if (*alt_fname == 0)
+ {
+ /* Empty string means the default file name. */
+ alt_fname= default_file_name;
+ }
+ else
+ {
+ /* See if the directory exists with the name of file_path. */
+ /* Log file name should be [file_path]/server_audit.log then. */
+ if ((f_stat= my_stat(file_path, (MY_STAT *)alt_path_buffer, MYF(0))) &&
+ S_ISDIR(f_stat->st_mode))
+ {
+ size_t p_len= strlen(file_path);
+ memcpy(alt_path_buffer, file_path, p_len);
+ if (alt_path_buffer[p_len-1] != FN_LIBCHAR)
+ {
+ alt_path_buffer[p_len]= FN_LIBCHAR;
+ p_len++;
+ }
+ memcpy(alt_path_buffer+p_len, default_file_name, DEFAULT_FILENAME_LEN);
+ alt_path_buffer[p_len+DEFAULT_FILENAME_LEN]= 0;
+ alt_fname= alt_path_buffer;
+ }
+ }
+
+ logfile= logger_open(alt_fname, file_rotate_size, rotations);
+
+ if (logfile == NULL)
+ {
+ error_header();
+ fprintf(stderr, "Could not create file '%s'.\n",
+ alt_fname);
+ logging= 0;
+ my_snprintf(last_error_buf, sizeof(last_error_buf),
+ "Could not create file '%s'.", alt_fname);
+ is_active= 0;
+ CLIENT_ERROR(1, "SERVER AUDIT plugin can't create file '%s'.",
+ MYF(ME_JUST_WARNING), alt_fname);
+ return 1;
+ }
+ error_header();
+ fprintf(stderr, "logging started to the file %s.\n", alt_fname);
+ strncpy(current_log_buf, alt_fname, sizeof(current_log_buf));
+ }
+ else if (output_type == OUTPUT_SYSLOG)
+ {
+ openlog(syslog_ident, LOG_NOWAIT, syslog_facility_codes[syslog_facility]);
+ error_header();
+ fprintf(stderr, "logging started to the syslog.\n");
+ strncpy(current_log_buf, "[SYSLOG]", sizeof(current_log_buf));
+ }
+ is_active= 1;
+ return 0;
+}
+
+
+static int stop_logging()
+{
+ last_error_buf[0]= 0;
+ if (output_type == OUTPUT_FILE && logfile)
+ {
+ logger_close(logfile);
+ logfile= NULL;
+ }
+ else if (output_type == OUTPUT_SYSLOG)
+ {
+ closelog();
+ }
+ error_header();
+ fprintf(stderr, "logging was stopped.\n");
+ is_active= 0;
+ return 0;
+}
+
+static struct connection_info *
+ add_connection(const struct mysql_event_connection *event)
+{
+ struct connection_info *cn= alloc_connection();
+ if (!cn)
+ return 0;
+ cn->thread_id= event->thread_id;
+ cn->query_id= 0;
+ cn->log_always= 0;
+ get_str_n(cn->db, &cn->db_length, sizeof(cn->db),
+ event->database, event->database_length);
+ get_str_n(cn->user, &cn->user_length, sizeof(cn->db),
+ event->user, event->user_length);
+ get_str_n(cn->host, &cn->host_length, sizeof(cn->host),
+ event->host, event->host_length);
+ get_str_n(cn->ip, &cn->ip_length, sizeof(cn->ip),
+ event->ip, event->ip_length);
+
+ if (my_hash_insert(&connection_hash, (const uchar *) cn))
+ return 0;
+
+ return cn;
+}
+
+
+#define SAFE_STRLEN(s) (s ? strlen(s) : 0)
+
+
+static struct connection_info *
+ add_connection_initdb(const struct mysql_event_general *event)
+{
+ struct connection_info *cn;
+ size_t user_len, host_len, ip_len;
+ char uh_buffer[512];
+
+ if (get_user_host(event->general_user, event->general_user_length,
+ uh_buffer, sizeof(uh_buffer),
+ &user_len, &host_len, &ip_len) ||
+ (cn= alloc_connection()) == NULL)
+ return 0;
+
+ cn->thread_id= event->general_thread_id;
+ cn->query_id= 0;
+ cn->log_always= 0;
+ get_str_n(cn->db, &cn->db_length, sizeof(cn->db),
+ event->general_query, event->general_query_length);
+ get_str_n(cn->user, &cn->user_length, sizeof(cn->db),
+ uh_buffer, user_len);
+ get_str_n(cn->host, &cn->host_length, sizeof(cn->host),
+ uh_buffer+user_len+1, host_len);
+ get_str_n(cn->ip, &cn->ip_length, sizeof(cn->ip),
+ uh_buffer+user_len+1+host_len+1, ip_len);
+
+ if (my_hash_insert(&connection_hash, (const uchar *) cn))
+ return 0;
+
+ return cn;
+}
+
+
+static struct connection_info *
+ add_connection_table(const struct mysql_event_table *event)
+{
+ struct connection_info *cn;
+
+ if ((cn= alloc_connection()) == NULL)
+ return 0;
+
+ cn->thread_id= event->thread_id;
+ cn->query_id= query_counter++;
+ cn->log_always= 0;
+ get_str_n(cn->db, &cn->db_length, sizeof(cn->db),
+ event->database, event->database_length);
+ get_str_n(cn->user, &cn->user_length, sizeof(cn->db),
+ event->user, SAFE_STRLEN(event->user));
+ get_str_n(cn->host, &cn->host_length, sizeof(cn->host),
+ event->host, SAFE_STRLEN(event->host));
+ get_str_n(cn->ip, &cn->ip_length, sizeof(cn->ip),
+ event->ip, SAFE_STRLEN(event->ip));
+
+ if (my_hash_insert(&connection_hash, (const uchar *) cn))
+ return 0;
+
+ return cn;
+}
+
+
+static struct connection_info *
+ add_connection_query(const struct mysql_event_general *event)
+{
+ struct connection_info *cn;
+ size_t user_len, host_len, ip_len;
+ char uh_buffer[512];
+
+ if (get_user_host(event->general_user, event->general_user_length,
+ uh_buffer, sizeof(uh_buffer),
+ &user_len, &host_len, &ip_len) ||
+ (cn= alloc_connection()) == NULL)
+ return 0;
+
+ cn->thread_id= event->general_thread_id;
+ cn->query_id= query_counter++;
+ cn->log_always= 0;
+ get_str_n(cn->db, &cn->db_length, sizeof(cn->db), "", 0);
+ get_str_n(cn->user, &cn->user_length, sizeof(cn->db),
+ uh_buffer, user_len);
+ get_str_n(cn->host, &cn->host_length, sizeof(cn->host),
+ uh_buffer+user_len+1, host_len);
+ get_str_n(cn->ip, &cn->ip_length, sizeof(cn->ip),
+ uh_buffer+user_len+1+host_len+1, ip_len);
+
+ if (my_hash_insert(&connection_hash, (const uchar *) cn))
+ return 0;
+
+ return cn;
+}
+
+
+static void change_connection(struct connection_info *cn,
+ const struct mysql_event_connection *event)
+{
+ get_str_n(cn->user, &cn->user_length, sizeof(cn->user),
+ event->user, event->user_length);
+ get_str_n(cn->ip, &cn->ip_length, sizeof(cn->ip),
+ event->ip, event->ip_length);
+}
+
+static int write_log(const char *message, int len)
+{
+ if (output_type == OUTPUT_FILE)
+ {
+ if (logfile &&
+ (is_active= (logger_write(logfile, message, len) == len)))
+ return 0;
+ ++log_write_failures;
+ return 1;
+ }
+ else if (output_type == OUTPUT_SYSLOG)
+ {
+ syslog(syslog_facility_codes[syslog_facility] |
+ syslog_priority_codes[syslog_priority],
+ "%s %.*s", syslog_info, len, message);
+ }
+ return 0;
+}
+
+
+static size_t log_header(char *message, size_t message_len,
+ time_t *ts,
+ const char *serverhost, unsigned int serverhost_len,
+ const char *username, unsigned int username_len,
+ const char *host, unsigned int host_len,
+ const char *userip, unsigned int userip_len,
+ unsigned int connection_id, long long query_id,
+ const char *operation)
+{
+ struct tm tm_time;
+
+ if (host_len == 0 && userip_len != 0)
+ {
+ host_len= userip_len;
+ host= userip;
+ }
+
+ if (output_type == OUTPUT_SYSLOG)
+ return my_snprintf(message, message_len,
+ "%.*s,%.*s,%.*s,%d,%lld,%s",
+ serverhost_len, serverhost,
+ username_len, username,
+ host_len, host,
+ connection_id, query_id, operation);
+
+ (void) localtime_r(ts, &tm_time);
+ return my_snprintf(message, message_len,
+ "%04d%02d%02d %02d:%02d:%02d,%.*s,%.*s,%.*s,%d,%lld,%s",
+ tm_time.tm_year+1900, tm_time.tm_mon+1, tm_time.tm_mday,
+ tm_time.tm_hour, tm_time.tm_min, tm_time.tm_sec,
+ serverhost_len, serverhost,
+ username_len, username,
+ host_len, host,
+ connection_id, query_id, operation);
+}
+
+
+static int log_connection(const struct connection_info *cn,
+ const struct mysql_event_connection *event,
+ const char *type)
+{
+ time_t ctime;
+ size_t csize;
+ char message[1024];
+
+ (void) time(&ctime);
+ csize= log_header(message, sizeof(message)-1, &ctime,
+ servhost, servhost_len,
+ cn->user, cn->user_length,
+ cn->host, cn->host_length,
+ cn->ip, cn->ip_length,
+ event->thread_id, 0, type);
+ csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
+ ",%.*s,,%d", cn->db_length, cn->db, event->status);
+ message[csize]= '\n';
+ return write_log(message, csize + 1);
+}
+
+
+static size_t escape_string(const char *str, unsigned int len,
+ char *result, size_t result_len)
+{
+ const char *res_start= result;
+ const char *res_end= result + result_len - 2;
+ while (len)
+ {
+ if (result >= res_end)
+ break;
+ if (*str == '\'')
+ {
+ *(result++)= '\\';
+ *(result++)= '\'';
+ }
+ else if (*str == '\\')
+ {
+ *(result++)= '\\';
+ *(result++)= '\\';
+ }
+ else
+ *(result++)= *str;
+ str++;
+ len--;
+ }
+ *result= 0;
+ return result - res_start;
+}
+
+
+static int do_log_user(const char *name)
+{
+ size_t len;
+
+ if (!name)
+ return 0;
+ len= strlen(name);
+
+ if (incl_user_hash.records)
+ return my_hash_search(&incl_user_hash, (const uchar *) name, len) != 0;
+
+ if (excl_user_hash.records)
+ return my_hash_search(&excl_user_hash, (const uchar *) name, len) == 0;
+
+ return 1;
+}
+
+
+static int log_statement_ex(const struct connection_info *cn,
+ time_t ev_time, unsigned long thd_id,
+ const char *query, unsigned int query_len,
+ int error_code, const char *type)
+{
+ size_t csize, esc_q_len;
+ char message[1024];
+ char uh_buffer[768];
+ const char *db;
+ unsigned int db_length;
+ long long query_id;
+
+ if ((db= cn->db))
+ db_length= cn->db_length;
+ else
+ {
+ db= "";
+ db_length= 0;
+ }
+
+ if (!(query_id= cn->query_id))
+ query_id= query_counter++;
+
+ csize= log_header(message, sizeof(message)-1, &ev_time,
+ servhost, servhost_len,
+ cn->user, cn->user_length,cn->host, cn->host_length,
+ cn->ip, cn->ip_length, thd_id, query_id, type);
+
+ csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
+ ",%.*s", db_length, db);
+
+ if (query == 0)
+ {
+ /* Can happen after the error in mysqld_prepare_stmt() */
+ query= cn->query;
+ query_len= cn->query_length;
+ }
+
+ esc_q_len= escape_string(query, query_len,
+ uh_buffer, sizeof(uh_buffer));
+ csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
+ ",\'%.*s\',%d", esc_q_len, uh_buffer, error_code);
+ message[csize]= '\n';
+ return write_log(message, csize + 1);
+}
+
+
+static int log_statement(const struct connection_info *cn,
+ const struct mysql_event_general *event,
+ const char *type)
+{
+ return log_statement_ex(cn, event->general_time, event->general_thread_id,
+ event->general_query, event->general_query_length,
+ event->general_error_code, type);
+}
+
+
+static int log_table(const struct connection_info *cn,
+ const struct mysql_event_table *event, const char *type)
+{
+ size_t csize;
+ char message[1024];
+ time_t ctime;
+
+ (void) time(&ctime);
+ csize= log_header(message, sizeof(message)-1, &ctime,
+ servhost, servhost_len,
+ event->user, SAFE_STRLEN(event->user),
+ event->host, SAFE_STRLEN(event->host),
+ event->ip, SAFE_STRLEN(event->ip),
+ event->thread_id, cn->query_id, type);
+ csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
+ ",%.*s,%.*s,",event->database_length, event->database,
+ event->table_length, event->table);
+ message[csize]= '\n';
+ return write_log(message, csize + 1);
+}
+
+
+static int log_rename(const struct connection_info *cn,
+ const struct mysql_event_table *event)
+{
+ size_t csize;
+ char message[1024];
+ time_t ctime;
+
+ (void) time(&ctime);
+ csize= log_header(message, sizeof(message)-1, &ctime,
+ servhost, servhost_len,
+ event->user, SAFE_STRLEN(event->user),
+ event->host, SAFE_STRLEN(event->host),
+ event->ip, SAFE_STRLEN(event->ip),
+ event->thread_id, cn->query_id, "RENAME");
+ csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
+ ",%.*s,%.*s|%.*s.%.*s,",event->database_length, event->database,
+ event->table_length, event->table,
+ event->new_database_length, event->new_database,
+ event->new_table_length, event->new_table);
+ message[csize]= '\n';
+ return write_log(message, csize + 1);
+}
+
+
+static int event_query_command(const struct mysql_event_general *event)
+{
+ return (event->general_command_length == 5 &&
+ strncmp(event->general_command, "Query", 5) == 0) ||
+ (event->general_command_length == 7 &&
+ (strncmp(event->general_command, "Execute", 7) == 0 ||
+ (event->general_error_code != 0 &&
+ strncmp(event->general_command, "Prepare", 7) == 0)));
+}
+
+
+static void update_general_user(struct connection_info *cn,
+ const struct mysql_event_general *event)
+{
+ char uh_buffer[768];
+ size_t user_len, host_len, ip_len;
+ if (cn->user_length == 0 && cn->host_length == 0 && cn->ip_length == 0 &&
+ get_user_host(event->general_user, event->general_user_length,
+ uh_buffer, sizeof(uh_buffer),
+ &user_len, &host_len, &ip_len) == 0)
+ {
+ get_str_n(cn->user, &cn->user_length, sizeof(cn->user),
+ uh_buffer, user_len);
+ get_str_n(cn->host, &cn->host_length, sizeof(cn->host),
+ uh_buffer+user_len+1, host_len);
+ get_str_n(cn->ip, &cn->ip_length, sizeof(cn->ip),
+ uh_buffer+user_len+1+host_len+1, ip_len);
+ }
+
+}
+
+
+#define AA_FREE_CONNECTION 1
+#define AA_CHANGE_USER 2
+
+static struct connection_info *update_connection_hash(unsigned int event_class,
+ const void *ev,
+ int *after_action)
+{
+ struct connection_info *cn= NULL;
+ *after_action= 0;
+
+ switch (event_class) {
+ case MYSQL_AUDIT_GENERAL_CLASS:
+ {
+ const struct mysql_event_general *event =
+ (const struct mysql_event_general *) ev;
+ switch (event->event_subclass) {
+ case MYSQL_AUDIT_GENERAL_LOG:
+ {
+ int init_db_command= event->general_command_length == 7 &&
+ strncmp(event->general_command, "Init DB", 7) == 0;
+ if ((cn= find_connection(event->general_thread_id)))
+ {
+ if (init_db_command)
+ {
+ /* Change DB */
+ get_str_n(cn->db, &cn->db_length, sizeof(cn->db),
+ event->general_query, event->general_query_length);
+ }
+ cn->query_id= mode ? query_counter++ : event->query_id;
+ cn->query= event->general_query;
+ cn->query_length= event->general_query_length;
+ cn->query_time= (time_t) event->general_time;
+ update_general_user(cn, event);
+ }
+ else if (init_db_command)
+ cn= add_connection_initdb(event);
+ else if (event_query_command(event))
+ cn= add_connection_query(event);
+ break;
+ }
+
+ case MYSQL_AUDIT_GENERAL_STATUS:
+ if (event_query_command(event))
+ {
+ if (!(cn= find_connection(event->general_thread_id)) &&
+ !(cn= add_connection_query(event)))
+ return 0;
+
+ if (mode == 0 && cn->db_length == 0 && event->database_length > 0)
+ get_str_n(cn->db, &cn->db_length, sizeof(cn->db),
+ event->database, event->database_length);
+
+ if (event->general_error_code == 0)
+ {
+ /* We need to check if it's the USE command to change the DB */
+ int use_command= event->general_query_length > 4 &&
+ strncasecmp(event->general_query, "use ", 4) == 0;
+ if (use_command)
+ {
+ /* Change DB */
+ if (mode)
+ get_str_n(cn->db, &cn->db_length, sizeof(cn->db),
+ event->general_query + 4, event->general_query_length - 4);
+ else
+ get_str_n(cn->db, &cn->db_length, sizeof(cn->db),
+ event->database, event->database_length);
+ }
+ }
+ update_general_user(cn, event);
+ }
+ break;
+ case MYSQL_AUDIT_GENERAL_ERROR:
+ /* We need this because of a bug in the MariaDB */
+ /* that it returns NULL query field for the */
+ /* MYSQL_AUDIT_GENERAL_STATUS in the mysqld_stmt_prepare. */
+ /* As a result we get empty QUERY field for errors. */
+ if (!(cn= find_connection(event->general_thread_id)) &&
+ !(cn= add_connection_query(event)))
+ return 0;
+ cn->query_id= mode ? query_counter++ : event->query_id;
+ get_str_n(cn->query_buffer, &cn->query_length, sizeof(cn->query_buffer),
+ event->general_query, event->general_query_length);
+ cn->query= cn->query_buffer;
+ cn->query_time= (time_t) event->general_time;
+ break;
+ default:;
+ }
+ break;
+ }
+ case MYSQL_AUDIT_TABLE_CLASS:
+ {
+ const struct mysql_event_table *event =
+ (const struct mysql_event_table *) ev;
+ if (!(cn= find_connection(event->thread_id)) &&
+ !(cn= add_connection_table(event)))
+ return 0;
+ if (cn->user_length == 0 && cn->host_length == 0 && cn->ip_length == 0)
+ {
+ get_str_n(cn->user, &cn->user_length, sizeof(cn->user),
+ event->user, SAFE_STRLEN(event->user));
+ get_str_n(cn->host, &cn->host_length, sizeof(cn->host),
+ event->host, SAFE_STRLEN(event->host));
+ get_str_n(cn->ip, &cn->ip_length, sizeof(cn->ip),
+ event->ip, SAFE_STRLEN(event->ip));
+ }
+
+ if (cn->db_length == 0 && event->database_length != 0)
+ get_str_n(cn->db, &cn->db_length, sizeof(cn->db),
+ event->database, event->database_length);
+
+ if (mode == 0)
+ cn->query_id= event->query_id;
+ break;
+ }
+ case MYSQL_AUDIT_CONNECTION_CLASS:
+ {
+ const struct mysql_event_connection *event =
+ (const struct mysql_event_connection *) ev;
+ switch (event->event_subclass)
+ {
+ case MYSQL_AUDIT_CONNECTION_CONNECT:
+ cn= add_connection(ev);
+ break;
+ case MYSQL_AUDIT_CONNECTION_DISCONNECT:
+ cn= find_connection(event->thread_id);
+ if (cn)
+ *after_action= AA_FREE_CONNECTION;
+ break;
+ case MYSQL_AUDIT_CONNECTION_CHANGE_USER:
+ cn= find_connection(event->thread_id);
+ if (cn)
+ *after_action= AA_CHANGE_USER;
+ break;
+ default:;
+ }
+ break;
+ }
+ default:
+ break;
+ }
+ return cn;
+}
+
+
+#define FILTER(MASK) (events == 0 || (events & MASK))
+static void auditing(MYSQL_THD thd __attribute__((unused)),
+ unsigned int event_class,
+ const void *ev)
+{
+ struct connection_info *cn;
+ int after_action;
+
+ /* That one is important as this function can be called with */
+ /* &lock_operations locked when the server logs an error reported */
+ /* by this plugin. */
+ if (internal_stop_logging)
+ return;
+
+ flogger_mutex_lock(&lock_operations);
+
+ if (!(cn= update_connection_hash(event_class, ev, &after_action)))
+ goto exit_func;
+
+ if (!logging)
+ goto exit_func;
+
+ if (event_class == MYSQL_AUDIT_GENERAL_CLASS && FILTER(EVENT_QUERY) &&
+ cn && do_log_user(cn->user))
+ {
+ const struct mysql_event_general *event =
+ (const struct mysql_event_general *) ev;
+
+ /*
+ Only one subclass is logged.
+ */
+ if (event->event_subclass == MYSQL_AUDIT_GENERAL_STATUS)
+ log_statement(cn, event, "QUERY");
+ }
+ else if (event_class == MYSQL_AUDIT_TABLE_CLASS && FILTER(EVENT_TABLE) && cn)
+ {
+ const struct mysql_event_table *event =
+ (const struct mysql_event_table *) ev;
+ if (do_log_user(event->user))
+ {
+ switch (event->event_subclass)
+ {
+ case MYSQL_AUDIT_TABLE_LOCK:
+ log_table(cn, event, event->read_only ? "READ" : "WRITE");
+ break;
+ case MYSQL_AUDIT_TABLE_CREATE:
+ log_table(cn, event, "CREATE");
+ break;
+ case MYSQL_AUDIT_TABLE_DROP:
+ log_table(cn, event, "DROP");
+ break;
+ case MYSQL_AUDIT_TABLE_RENAME:
+ log_rename(cn, event);
+ break;
+ case MYSQL_AUDIT_TABLE_ALTER:
+ log_table(cn, event, "ALTER");
+ break;
+ default:
+ break;
+ }
+ }
+ }
+ else if (event_class == MYSQL_AUDIT_CONNECTION_CLASS &&
+ FILTER(EVENT_CONNECT) && cn)
+ {
+ const struct mysql_event_connection *event =
+ (const struct mysql_event_connection *) ev;
+ switch (event->event_subclass)
+ {
+ case MYSQL_AUDIT_CONNECTION_CONNECT:
+ log_connection(cn, event, event->status ? "FAILED_CONNECT": "CONNECT");
+ break;
+ case MYSQL_AUDIT_CONNECTION_DISCONNECT:
+ log_connection(cn, event, "DISCONNECT");
+ break;
+ case MYSQL_AUDIT_CONNECTION_CHANGE_USER:
+ log_connection(cn, event, "CHANGEUSER");
+ break;
+ default:;
+ }
+ }
+exit_func:
+ /*
+ This must work always, whether logging is ON or not.
+ */
+ if (after_action)
+ {
+ switch (after_action) {
+ case AA_FREE_CONNECTION:
+ my_hash_delete(&connection_hash, (uchar *) cn);
+ break;
+ case AA_CHANGE_USER:
+ {
+ const struct mysql_event_connection *event =
+ (const struct mysql_event_connection *) ev;
+ change_connection(cn, event);
+ break;
+ }
+ default:
+ break;
+ }
+ }
+ if (cn)
+ cn->log_always= 0;
+ flogger_mutex_unlock(&lock_operations);
+}
+
+
+/*
+ As it's just too difficult to #include "sql_class.h",
+ let's just copy the necessary part of the system_variables
+ structure here.
+*/
+typedef struct loc_system_variables
+{
+ ulong dynamic_variables_version;
+ char* dynamic_variables_ptr;
+ uint dynamic_variables_head; /* largest valid variable offset */
+ uint dynamic_variables_size; /* how many bytes are in use */
+
+ ulonglong max_heap_table_size;
+ ulonglong tmp_table_size;
+ ulonglong long_query_time;
+ ulonglong optimizer_switch;
+ ulonglong sql_mode; ///< which non-standard SQL behaviour should be enabled
+ ulonglong option_bits; ///< OPTION_xxx constants, e.g. OPTION_PROFILING
+ ulonglong join_buff_space_limit;
+ ulonglong log_slow_filter;
+ ulonglong log_slow_verbosity;
+ ulonglong bulk_insert_buff_size;
+ ulonglong join_buff_size;
+ ulonglong sortbuff_size;
+ ulonglong group_concat_max_len;
+ ha_rows select_limit;
+ ha_rows max_join_size;
+ ha_rows expensive_subquery_limit;
+ ulong auto_increment_increment, auto_increment_offset;
+ ulong lock_wait_timeout;
+ ulong join_cache_level;
+ ulong max_allowed_packet;
+ ulong max_error_count;
+ ulong max_length_for_sort_data;
+ ulong max_sort_length;
+ ulong max_tmp_tables;
+ ulong max_insert_delayed_threads;
+ ulong min_examined_row_limit;
+ ulong multi_range_count;
+ ulong net_buffer_length;
+ ulong net_interactive_timeout;
+ ulong net_read_timeout;
+ ulong net_retry_count;
+ ulong net_wait_timeout;
+ ulong net_write_timeout;
+ ulong optimizer_prune_level;
+ ulong optimizer_search_depth;
+ ulong preload_buff_size;
+ ulong profiling_history_size;
+ ulong read_buff_size;
+ ulong read_rnd_buff_size;
+ ulong mrr_buff_size;
+ ulong div_precincrement;
+ /* Total size of all buffers used by the subselect_rowid_merge_engine. */
+ ulong rowid_merge_buff_size;
+ ulong max_sp_recursion_depth;
+ ulong default_week_format;
+ ulong max_seeks_for_key;
+ ulong range_alloc_block_size;
+ ulong query_alloc_block_size;
+ ulong query_prealloc_size;
+ ulong trans_alloc_block_size;
+ ulong trans_prealloc_size;
+ ulong log_warnings;
+ /* Flags for slow log filtering */
+ ulong log_slow_rate_limit;
+ ulong binlog_format; ///< binlog format for this thd (see enum_binlog_format)
+ ulong progress_report_time;
+ my_bool binlog_annotate_row_events;
+ my_bool binlog_direct_non_trans_update;
+ my_bool sql_log_bin;
+ ulong completion_type;
+ ulong query_cache_type;
+} LOC_SV;
+
+static int server_audit_init(void *p __attribute__((unused)))
+{
+ const void *my_hash_init_ptr;
+#ifdef _WIN32
+ serv_ver= (const char *) GetProcAddress(0, "server_version");
+#else
+ serv_ver= server_version;
+#endif /*_WIN32*/
+
+ my_hash_init_ptr= dlsym(NULL, "_my_hash_init");
+ if (!my_hash_init_ptr)
+ {
+ maria_above_5= 1;
+ my_hash_init_ptr= dlsym(NULL, "my_hash_init2");
+ }
+
+ if (!serv_ver || !my_hash_init_ptr)
+ return 0;
+
+ if (!started_mysql)
+ {
+ if (!maria_above_5 && serv_ver[4]=='3' && serv_ver[5]<'3')
+ {
+ mode= 1;
+ mode_readonly= 1;
+ }
+ }
+
+
+ if (gethostname(servhost, sizeof(servhost)))
+ strcpy(servhost, "unknown");
+
+ servhost_len= strlen(servhost);
+
+ logger_init_mutexes();
+#if defined(HAVE_PSI_INTERFACE) && !defined(FLOGGER_NO_PSI)
+ if (PSI_server)
+ PSI_server->register_mutex("server_audit", mutex_key_list, 1);
+#endif
+ flogger_mutex_init(key_LOCK_operations, &lock_operations, MY_MUTEX_INIT_FAST);
+
+ my_hash_clear(&incl_user_hash);
+ my_hash_clear(&excl_user_hash);
+
+ if (incl_users)
+ {
+ if (excl_users)
+ {
+ incl_users= excl_users= NULL;
+ error_header();
+ fprintf(stderr, "INCL_DML_USERS and EXCL_DML_USERS specified"
+ " simultaneously - both set to empty\n");
+ }
+ update_incl_users(NULL, NULL, NULL, &incl_users);
+ }
+ else if (excl_users)
+ {
+ update_excl_users(NULL, NULL, NULL, &excl_users);
+ }
+
+ loc_my_hash_init(&connection_hash, 0, &my_charset_bin, 0x100, 0,
+ sizeof(unsigned long), 0, free_connection, 0);
+
+ error_header();
+ fprintf(stderr, "MariaDB Audit Plugin version %s%s STARTED.\n",
+ PLUGIN_STR_VERSION, PLUGIN_DEBUG_VERSION);
+
+ /* The Query Cache shadows TABLE events if the result is taken from it */
+ /* so we warn users if both Query Cashe and TABLE events enabled. */
+ if (!started_mysql && FILTER(EVENT_TABLE))
+ {
+ ulonglong *qc_size= (ulonglong *) dlsym(NULL, "query_cache_size");
+ if (qc_size == NULL || *qc_size != 0)
+ {
+ struct loc_system_variables *g_sys_var=
+ (struct loc_system_variables *) dlsym(NULL, "global_system_variables");
+ if (g_sys_var && g_sys_var->query_cache_type != 0)
+ {
+ error_header();
+ fprintf(stderr, "Query cache is enabled with the TABLE events. Some table reads can be veiled.");
+ }
+ }
+ }
+
+ if (logging)
+ start_logging();
+
+ return 0;
+}
+
+
+static int server_audit_init_mysql(void *p)
+{
+ started_mysql= 1;
+ mode= 1;
+ mode_readonly= 1;
+ return server_audit_init(p);
+}
+
+
+static int server_audit_deinit(void *p __attribute__((unused)))
+{
+ if (my_hash_inited(&incl_user_hash))
+ my_hash_free(&incl_user_hash);
+
+ if (my_hash_inited(&excl_user_hash))
+ my_hash_free(&excl_user_hash);
+
+ my_hash_free(&connection_hash);
+
+ if (output_type == OUTPUT_FILE && logfile)
+ logger_close(logfile);
+ else if (output_type == OUTPUT_SYSLOG)
+ closelog();
+ flogger_mutex_destroy(&lock_operations);
+
+ error_header();
+ fprintf(stderr, "STOPPED\n");
+ return 0;
+}
+
+
+static void rotate_log(MYSQL_THD thd __attribute__((unused)),
+ struct st_mysql_sys_var *var __attribute__((unused)),
+ void *var_ptr __attribute__((unused)),
+ const void *save __attribute__((unused)))
+{
+ if (output_type == OUTPUT_FILE && logfile && *(my_bool*) save)
+ (void) logger_rotate(logfile);
+}
+
+
+static struct st_mysql_audit mysql_descriptor =
+{
+ MYSQL_AUDIT_INTERFACE_VERSION,
+ NULL,
+ auditing,
+ { MYSQL_AUDIT_GENERAL_CLASSMASK | MYSQL_AUDIT_CONNECTION_CLASSMASK }
+};
+
+mysql_declare_plugin(server_audit)
+{
+ MYSQL_AUDIT_PLUGIN,
+ &mysql_descriptor,
+ "SERVER_AUDIT",
+ " Alexey Botchkov (MariaDB)",
+ "Audit the server activity.",
+ PLUGIN_LICENSE_GPL,
+ server_audit_init_mysql,
+ server_audit_deinit,
+ PLUGIN_VERSION,
+ audit_status,
+ vars,
+ NULL,
+ 0
+}
+mysql_declare_plugin_end;
+
+
+static struct st_mysql_audit maria_descriptor =
+{
+ MYSQL_AUDIT_INTERFACE_VERSION,
+ NULL,
+ auditing,
+ { MYSQL_AUDIT_GENERAL_CLASSMASK |
+ MYSQL_AUDIT_TABLE_CLASSMASK |
+ MYSQL_AUDIT_CONNECTION_CLASSMASK }
+};
+maria_declare_plugin(server_audit)
+{
+ MYSQL_AUDIT_PLUGIN,
+ &maria_descriptor,
+ "SERVER_AUDIT",
+ "Alexey Botchkov (MariaDB)",
+ "Audit the server activity.",
+ PLUGIN_LICENSE_GPL,
+ server_audit_init,
+ server_audit_deinit,
+ PLUGIN_VERSION,
+ audit_status,
+ vars,
+ PLUGIN_STR_VERSION,
+ MariaDB_PLUGIN_MATURITY_BETA
+}
+maria_declare_plugin_end;
+
+
+static void mark_always_logged(MYSQL_THD thd)
+{
+ struct connection_info *cn;
+ if (thd && (cn= find_connection(thd_get_thread_id(thd))))
+ cn->log_always= 1;
+}
+
+
+static void log_current_query(MYSQL_THD thd)
+{
+ unsigned long thd_id;
+ struct connection_info *cn;
+ if (!thd ||
+ !(cn= find_connection((thd_id= thd_get_thread_id(thd)))))
+ return;
+ if (FILTER(EVENT_QUERY) && do_log_user(cn->user))
+ {
+ log_statement_ex(cn, cn->query_time, thd_id, cn->query, cn->query_length,
+ 0, "QUERY");
+ cn->log_always= 1;
+ }
+}
+
+
+static void update_file_path(MYSQL_THD thd,
+ struct st_mysql_sys_var *var __attribute__((unused)),
+ void *var_ptr __attribute__((unused)), const void *save)
+{
+ flogger_mutex_lock(&lock_operations);
+ internal_stop_logging= 1;
+ error_header();
+ fprintf(stderr, "Log file name was changed to '%s'.\n", *(const char **) save);
+
+ if (logging)
+ log_current_query(thd);
+
+ if (logging && output_type == OUTPUT_FILE)
+ {
+ char *sav_path= file_path;
+
+ file_path= *(char **) save;
+ internal_stop_logging= 1;
+ stop_logging();
+ if (start_logging())
+ {
+ file_path= sav_path;
+ error_header();
+ fprintf(stderr, "Reverting log filename back to '%s'.\n", file_path);
+ logging= (start_logging() == 0);
+ if (!logging)
+ {
+ error_header();
+ fprintf(stderr, "Logging was disabled..\n");
+ CLIENT_ERROR(1, "Logging was disabled.", MYF(ME_JUST_WARNING));
+ }
+ goto exit_func;
+ }
+ internal_stop_logging= 0;
+ }
+
+ strncpy(path_buffer, *(const char **) save, sizeof(path_buffer));
+ file_path= path_buffer;
+exit_func:
+ internal_stop_logging= 0;
+ flogger_mutex_unlock(&lock_operations);
+}
+
+
+static void update_incl_users(MYSQL_THD thd,
+ struct st_mysql_sys_var *var __attribute__((unused)),
+ void *var_ptr __attribute__((unused)), const void *save)
+{
+ flogger_mutex_lock(&lock_operations);
+ mark_always_logged(thd);
+ strncpy(incl_user_buffer, *(const char **) save, sizeof(incl_user_buffer));
+ incl_users= incl_user_buffer;
+ user_hash_fill(&incl_user_hash, incl_users, &excl_user_hash, 1);
+ error_header();
+ fprintf(stderr, "server_audit_incl_users set to '%s'.\n", incl_users);
+ flogger_mutex_unlock(&lock_operations);
+}
+
+
+static void update_excl_users(MYSQL_THD thd __attribute__((unused)),
+ struct st_mysql_sys_var *var __attribute__((unused)),
+ void *var_ptr __attribute__((unused)), const void *save)
+{
+ flogger_mutex_lock(&lock_operations);
+ mark_always_logged(thd);
+ strncpy(excl_user_buffer, *(const char **) save, sizeof(excl_user_buffer));
+ excl_users= excl_user_buffer;
+ user_hash_fill(&excl_user_hash, excl_users, &incl_user_hash, 0);
+ error_header();
+ fprintf(stderr, "server_audit_excl_users set to '%s'.\n", excl_users);
+ flogger_mutex_unlock(&lock_operations);
+}
+
+
+static void update_output_type(MYSQL_THD thd,
+ struct st_mysql_sys_var *var __attribute__((unused)),
+ void *var_ptr __attribute__((unused)), const void *save)
+{
+ ulong new_output_type= *((ulong *) save);
+ if (output_type == new_output_type)
+ return;
+
+ flogger_mutex_lock(&lock_operations);
+ internal_stop_logging= 1;
+ if (logging)
+ {
+ log_current_query(thd);
+ stop_logging();
+ }
+
+ output_type= new_output_type;
+ error_header();
+ fprintf(stderr, "Output was redirected to '%s'\n",
+ output_type_names[output_type]);
+
+ if (logging)
+ start_logging();
+ internal_stop_logging= 0;
+ flogger_mutex_unlock(&lock_operations);
+}
+
+
+static void update_syslog_facility(MYSQL_THD thd __attribute__((unused)),
+ struct st_mysql_sys_var *var __attribute__((unused)),
+ void *var_ptr __attribute__((unused)), const void *save)
+{
+ ulong new_facility= *((ulong *) save);
+ if (syslog_facility == new_facility)
+ return;
+
+ mark_always_logged(thd);
+ error_header();
+ fprintf(stderr, "SysLog facility was changed from '%s' to '%s'.\n",
+ syslog_facility_names[syslog_facility],
+ syslog_facility_names[new_facility]);
+ syslog_facility= new_facility;
+}
+
+
+static void update_syslog_priority(MYSQL_THD thd __attribute__((unused)),
+ struct st_mysql_sys_var *var __attribute__((unused)),
+ void *var_ptr __attribute__((unused)), const void *save)
+{
+ ulong new_priority= *((ulong *) save);
+ if (syslog_priority == new_priority)
+ return;
+
+ flogger_mutex_lock(&lock_operations);
+ mark_always_logged(thd);
+ flogger_mutex_unlock(&lock_operations);
+ error_header();
+ fprintf(stderr, "SysLog priority was changed from '%s' to '%s'.\n",
+ syslog_priority_names[syslog_priority],
+ syslog_priority_names[new_priority]);
+ syslog_priority= new_priority;
+}
+
+
+static void update_logging(MYSQL_THD thd,
+ struct st_mysql_sys_var *var __attribute__((unused)),
+ void *var_ptr __attribute__((unused)), const void *save)
+{
+ char new_logging= *(char *) save;
+ if (new_logging == logging)
+ return;
+
+ flogger_mutex_lock(&lock_operations);
+ internal_stop_logging= 1;
+ if ((logging= new_logging))
+ {
+ start_logging();
+ if (!logging)
+ {
+ CLIENT_ERROR(1, "Logging was disabled.", MYF(ME_JUST_WARNING));
+ }
+ }
+ else
+ {
+ log_current_query(thd);
+ stop_logging();
+ }
+
+ internal_stop_logging= 0;
+ flogger_mutex_unlock(&lock_operations);
+}
+
+
+static void update_mode(MYSQL_THD thd __attribute__((unused)),
+ struct st_mysql_sys_var *var __attribute__((unused)),
+ void *var_ptr __attribute__((unused)), const void *save)
+{
+ unsigned int new_mode= *(unsigned int *) save;
+ if (mode_readonly || new_mode == mode)
+ return;
+
+ flogger_mutex_lock(&lock_operations);
+ internal_stop_logging= 1;
+ mark_always_logged(thd);
+ error_header();
+ fprintf(stderr, "Logging mode was changed from %d to %d.\n", mode, new_mode);
+ mode= new_mode;
+ internal_stop_logging= 0;
+ flogger_mutex_unlock(&lock_operations);
+}
+
+static void update_syslog_ident(MYSQL_THD thd __attribute__((unused)),
+ struct st_mysql_sys_var *var __attribute__((unused)),
+ void *var_ptr __attribute__((unused)), const void *save)
+{
+ strncpy(syslog_ident_buffer, *(const char **) save,
+ sizeof(syslog_ident_buffer));
+ syslog_ident= syslog_ident_buffer;
+ flogger_mutex_lock(&lock_operations);
+ mark_always_logged(thd);
+ flogger_mutex_unlock(&lock_operations);
+}
+
+