mariadb/sql/sql_audit.cc
2014-09-05 09:26:57 +04:00

533 lines
13 KiB
C++

/* Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#include "sql_priv.h"
#include "sql_audit.h"
extern int initialize_audit_plugin(st_plugin_int *plugin);
extern int finalize_audit_plugin(st_plugin_int *plugin);
#ifndef EMBEDDED_LIBRARY
struct st_mysql_event_generic
{
unsigned int event_class;
const void *event;
};
unsigned long mysql_global_audit_mask[MYSQL_AUDIT_CLASS_MASK_SIZE];
static mysql_mutex_t LOCK_audit_mask;
static void event_class_dispatch(THD *thd, unsigned int event_class,
const void *event);
static inline
void set_audit_mask(unsigned long *mask, uint event_class)
{
mask[0]= 1;
mask[0]<<= event_class;
}
static inline
void add_audit_mask(unsigned long *mask, const unsigned long *rhs)
{
mask[0]|= rhs[0];
}
static inline
bool check_audit_mask(const unsigned long *lhs,
const unsigned long *rhs)
{
return !(lhs[0] & rhs[0]);
}
typedef void (*audit_handler_t)(THD *thd, uint event_subtype, va_list ap);
/**
MYSQL_AUDIT_GENERAL_CLASS handler
@param[in] thd
@param[in] event_subtype
@param[in] error_code
@param[in] ap
*/
static void general_class_handler(THD *thd, uint event_subtype, va_list ap)
{
mysql_event_general event;
event.event_subclass= event_subtype;
event.general_error_code= va_arg(ap, int);
event.general_thread_id= thd ? thd->thread_id : 0;
event.general_time= va_arg(ap, time_t);
event.general_user= va_arg(ap, const char *);
event.general_user_length= va_arg(ap, unsigned int);
event.general_command= va_arg(ap, const char *);
event.general_command_length= va_arg(ap, unsigned int);
event.general_query= va_arg(ap, const char *);
event.general_query_length= va_arg(ap, unsigned int);
event.general_charset= va_arg(ap, struct charset_info_st *);
event.general_rows= (unsigned long long) va_arg(ap, ha_rows);
event.general_sql_command= va_arg(ap, MYSQL_LEX_STRING);
event.general_host= va_arg(ap, MYSQL_LEX_STRING);
event.general_external_user= va_arg(ap, MYSQL_LEX_STRING);
event.general_ip= va_arg(ap, MYSQL_LEX_STRING);
event_class_dispatch(thd, MYSQL_AUDIT_GENERAL_CLASS, &event);
}
static void connection_class_handler(THD *thd, uint event_subclass, va_list ap)
{
mysql_event_connection event;
event.event_subclass= event_subclass;
event.status= va_arg(ap, int);
event.thread_id= va_arg(ap, unsigned long);
event.user= va_arg(ap, const char *);
event.user_length= va_arg(ap, unsigned int);
event.priv_user= va_arg(ap, const char *);
event.priv_user_length= va_arg(ap, unsigned int);
event.external_user= va_arg(ap, const char *);
event.external_user_length= va_arg(ap, unsigned int);
event.proxy_user= va_arg(ap, const char *);
event.proxy_user_length= va_arg(ap, unsigned int);
event.host= va_arg(ap, const char *);
event.host_length= va_arg(ap, unsigned int);
event.ip= va_arg(ap, const char *);
event.ip_length= va_arg(ap, unsigned int);
event.database= va_arg(ap, const char *);
event.database_length= va_arg(ap, unsigned int);
event_class_dispatch(thd, MYSQL_AUDIT_CONNECTION_CLASS, &event);
}
static audit_handler_t audit_handlers[] =
{
general_class_handler, connection_class_handler
};
static const uint audit_handlers_count=
(sizeof(audit_handlers) / sizeof(audit_handler_t));
/**
Acquire and lock any additional audit plugins as required
@param[in] thd
@param[in] plugin
@param[in] arg
@retval FALSE Always
*/
static my_bool acquire_plugins(THD *thd, plugin_ref plugin, void *arg)
{
uint event_class= *(uint*) arg;
unsigned long event_class_mask[MYSQL_AUDIT_CLASS_MASK_SIZE];
st_mysql_audit *data= plugin_data(plugin, struct st_mysql_audit *);
set_audit_mask(event_class_mask, event_class);
/* Check if this plugin is interested in the event */
if (check_audit_mask(data->class_mask, event_class_mask))
return 0;
/*
Check if this plugin may already be registered. This will fail to
acquire a newly installed plugin on a specific corner case where
one or more event classes already in use by the calling thread
are an event class of which the audit plugin has interest.
*/
if (!check_audit_mask(data->class_mask, thd->audit_class_mask))
return 0;
/* Check if we need to initialize the array of acquired plugins */
if (unlikely(!thd->audit_class_plugins.buffer))
{
/* specify some reasonable initialization defaults */
my_init_dynamic_array(&thd->audit_class_plugins,
sizeof(plugin_ref), 16, 16);
}
/* lock the plugin and add it to the list */
plugin= my_plugin_lock(NULL, &plugin);
insert_dynamic(&thd->audit_class_plugins, (uchar*) &plugin);
return 0;
}
/**
@brief Acquire audit plugins
@param[in] thd MySQL thread handle
@param[in] event_class Audit event class
@details Ensure that audit plugins interested in given event
class are locked by current thread.
*/
void mysql_audit_acquire_plugins(THD *thd, uint event_class)
{
unsigned long event_class_mask[MYSQL_AUDIT_CLASS_MASK_SIZE];
DBUG_ENTER("mysql_audit_acquire_plugins");
set_audit_mask(event_class_mask, event_class);
if (thd && !check_audit_mask(mysql_global_audit_mask, event_class_mask) &&
check_audit_mask(thd->audit_class_mask, event_class_mask))
{
plugin_foreach(thd, acquire_plugins, MYSQL_AUDIT_PLUGIN, &event_class);
add_audit_mask(thd->audit_class_mask, event_class_mask);
}
DBUG_VOID_RETURN;
}
/**
Notify the audit system of an event
@param[in] thd
@param[in] event_class
@param[in] event_subtype
@param[in] error_code
*/
void mysql_audit_notify(THD *thd, uint event_class, uint event_subtype, ...)
{
va_list ap;
audit_handler_t *handlers= audit_handlers + event_class;
DBUG_ASSERT(event_class < audit_handlers_count);
mysql_audit_acquire_plugins(thd, event_class);
va_start(ap, event_subtype);
(*handlers)(thd, event_subtype, ap);
va_end(ap);
}
/**
Release any resources associated with the current thd.
@param[in] thd
*/
void mysql_audit_release(THD *thd)
{
plugin_ref *plugins, *plugins_last;
if (!thd || !(thd->audit_class_plugins.elements))
return;
plugins= (plugin_ref*) thd->audit_class_plugins.buffer;
plugins_last= plugins + thd->audit_class_plugins.elements;
for (; plugins < plugins_last; plugins++)
{
st_mysql_audit *data= plugin_data(*plugins, struct st_mysql_audit *);
/* Check to see if the plugin has a release method */
if (!(data->release_thd))
continue;
/* Tell the plugin to release its resources */
data->release_thd(thd);
}
/* Now we actually unlock the plugins */
plugin_unlock_list(NULL, (plugin_ref*) thd->audit_class_plugins.buffer,
thd->audit_class_plugins.elements);
/* Reset the state of thread values */
reset_dynamic(&thd->audit_class_plugins);
bzero(thd->audit_class_mask, sizeof(thd->audit_class_mask));
}
/**
Initialize thd variables used by Audit
@param[in] thd
*/
void mysql_audit_init_thd(THD *thd)
{
bzero(&thd->audit_class_plugins, sizeof(thd->audit_class_plugins));
bzero(thd->audit_class_mask, sizeof(thd->audit_class_mask));
}
/**
Free thd variables used by Audit
@param[in] thd
@param[in] plugin
@param[in] arg
@retval FALSE Always
*/
void mysql_audit_free_thd(THD *thd)
{
mysql_audit_release(thd);
DBUG_ASSERT(thd->audit_class_plugins.elements == 0);
delete_dynamic(&thd->audit_class_plugins);
}
#ifdef HAVE_PSI_INTERFACE
static PSI_mutex_key key_LOCK_audit_mask;
static PSI_mutex_info all_audit_mutexes[]=
{
{ &key_LOCK_audit_mask, "LOCK_audit_mask", PSI_FLAG_GLOBAL}
};
static void init_audit_psi_keys(void)
{
const char* category= "sql";
int count;
if (PSI_server == NULL)
return;
count= array_elements(all_audit_mutexes);
PSI_server->register_mutex(category, all_audit_mutexes, count);
}
#endif /* HAVE_PSI_INTERFACE */
/**
Initialize Audit global variables
*/
void mysql_audit_initialize()
{
#ifdef HAVE_PSI_INTERFACE
init_audit_psi_keys();
#endif
mysql_mutex_init(key_LOCK_audit_mask, &LOCK_audit_mask, MY_MUTEX_INIT_FAST);
bzero(mysql_global_audit_mask, sizeof(mysql_global_audit_mask));
}
/**
Finalize Audit global variables
*/
void mysql_audit_finalize()
{
mysql_mutex_destroy(&LOCK_audit_mask);
}
/**
Initialize an Audit plug-in
@param[in] plugin
@retval FALSE OK
@retval TRUE There was an error.
*/
int initialize_audit_plugin(st_plugin_int *plugin)
{
st_mysql_audit *data= (st_mysql_audit*) plugin->plugin->info;
if (!data->class_mask || !data->event_notify ||
!data->class_mask[0])
{
sql_print_error("Plugin '%s' has invalid data.",
plugin->name.str);
return 1;
}
if (plugin->plugin->init && plugin->plugin->init(NULL))
{
sql_print_error("Plugin '%s' init function returned error.",
plugin->name.str);
return 1;
}
/* Make the interface info more easily accessible */
plugin->data= plugin->plugin->info;
/* Add the bits the plugin is interested in to the global mask */
mysql_mutex_lock(&LOCK_audit_mask);
add_audit_mask(mysql_global_audit_mask, data->class_mask);
mysql_mutex_unlock(&LOCK_audit_mask);
return 0;
}
/**
Performs a bitwise OR of the installed plugins event class masks
@param[in] thd
@param[in] plugin
@param[in] arg
@retval FALSE always
*/
static my_bool calc_class_mask(THD *thd, plugin_ref plugin, void *arg)
{
st_mysql_audit *data= plugin_data(plugin, struct st_mysql_audit *);
if ((data= plugin_data(plugin, struct st_mysql_audit *)))
add_audit_mask((unsigned long *) arg, data->class_mask);
return 0;
}
/**
Finalize an Audit plug-in
@param[in] plugin
@retval FALSE OK
@retval TRUE There was an error.
*/
int finalize_audit_plugin(st_plugin_int *plugin)
{
unsigned long event_class_mask[MYSQL_AUDIT_CLASS_MASK_SIZE];
if (plugin->plugin->deinit && plugin->plugin->deinit(NULL))
{
DBUG_PRINT("warning", ("Plugin '%s' deinit function returned error.",
plugin->name.str));
DBUG_EXECUTE("finalize_audit_plugin", return 1; );
}
plugin->data= NULL;
bzero(&event_class_mask, sizeof(event_class_mask));
/* Iterate through all the installed plugins to create new mask */
/*
LOCK_audit_mask/LOCK_plugin order is not fixed, but serialized with table
lock on mysql.plugin.
*/
mysql_mutex_lock(&LOCK_audit_mask);
plugin_foreach(current_thd, calc_class_mask, MYSQL_AUDIT_PLUGIN,
&event_class_mask);
/* Set the global audit mask */
bmove(mysql_global_audit_mask, event_class_mask, sizeof(event_class_mask));
mysql_mutex_unlock(&LOCK_audit_mask);
return 0;
}
/**
Dispatches an event by invoking the plugin's event_notify method.
@param[in] thd
@param[in] plugin
@param[in] arg
@retval FALSE always
*/
static my_bool plugins_dispatch(THD *thd, plugin_ref plugin, void *arg)
{
const struct st_mysql_event_generic *event_generic=
(const struct st_mysql_event_generic *) arg;
unsigned long event_class_mask[MYSQL_AUDIT_CLASS_MASK_SIZE];
st_mysql_audit *data= plugin_data(plugin, struct st_mysql_audit *);
set_audit_mask(event_class_mask, event_generic->event_class);
/* Check to see if the plugin is interested in this event */
if (check_audit_mask(data->class_mask, event_class_mask))
return 0;
/* Actually notify the plugin */
data->event_notify(thd, event_generic->event_class, event_generic->event);
return 0;
}
/**
Distributes an audit event to plug-ins
@param[in] thd
@param[in] event
*/
static void event_class_dispatch(THD *thd, unsigned int event_class,
const void *event)
{
struct st_mysql_event_generic event_generic;
event_generic.event_class= event_class;
event_generic.event= event;
/*
Check if we are doing a slow global dispatch. This event occurs when
thd == NULL as it is not associated with any particular thread.
*/
if (unlikely(!thd))
{
plugin_foreach(thd, plugins_dispatch, MYSQL_AUDIT_PLUGIN, &event_generic);
}
else
{
plugin_ref *plugins, *plugins_last;
/* Use the cached set of audit plugins */
plugins= (plugin_ref*) thd->audit_class_plugins.buffer;
plugins_last= plugins + thd->audit_class_plugins.elements;
for (; plugins < plugins_last; plugins++)
plugins_dispatch(thd, *plugins, &event_generic);
}
}
#else /* EMBEDDED_LIBRARY */
void mysql_audit_acquire_plugins(THD *thd, uint event_class)
{
}
void mysql_audit_initialize()
{
}
void mysql_audit_finalize()
{
}
int initialize_audit_plugin(st_plugin_int *plugin)
{
return 1;
}
int finalize_audit_plugin(st_plugin_int *plugin)
{
return 0;
}
void mysql_audit_release(THD *thd)
{
}
#endif /* EMBEDDED_LIBRARY */