summaryrefslogtreecommitdiff
path: root/plugin/server_audit/plugin_audit_v4.h
blob: a2a38806f4f21ba0eb9782c05592ca030f2fdb8f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
/* Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public License
   as published by the Free Software Foundation; version 2 of
   the License.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335  USA */

#ifndef _my_audit_h
#define _my_audit_h

#ifndef PLUGIN_CONTEXT
#include "plugin.h"
#include "mysql/mysql_lex_string.h"
#ifndef MYSQL_ABI_CHECK
#include "m_string.h"
#endif
#include "my_command.h"
#include "my_sqlcommand.h"
#endif /*PLUGIN_CONTEXT*/

#define MYSQL_AUDIT_INTERFACE_VERSION 0x0401

/**
 @enum mysql_event_class_t

 Audit event classes.
*/
typedef enum
{
  MYSQL_AUDIT_GENERAL_CLASS          = 0,
  MYSQL_AUDIT_CONNECTION_CLASS       = 1,
  MYSQL_AUDIT_PARSE_CLASS            = 2,
  MYSQL_AUDIT_AUTHORIZATION_CLASS    = 3,
  MYSQL_AUDIT_TABLE_ACCESS_CLASS     = 4,
  MYSQL_AUDIT_GLOBAL_VARIABLE_CLASS  = 5,
  MYSQL_AUDIT_SERVER_STARTUP_CLASS   = 6,
  MYSQL_AUDIT_SERVER_SHUTDOWN_CLASS  = 7,
  MYSQL_AUDIT_COMMAND_CLASS          = 8,
  MYSQL_AUDIT_QUERY_CLASS            = 9,
  MYSQL_AUDIT_STORED_PROGRAM_CLASS   = 10,
  /* This item must be last in the list. */
  MYSQL_AUDIT_CLASS_MASK_SIZE
} mysql_event_class_t;

/**
  @struct st_mysql_audit

  The descriptor structure that is referred from st_mysql_plugin.
*/
struct st_mysql_audit
{
  /**
    Interface version.
  */
  int interface_version;

  /**
    Event occurs when the event class consumer is to be
    disassociated from the specified THD.This would typically occur
    before some operation which may require sleeping - such as when
    waiting for the next query from the client.
  */
  void (*release_thd)(MYSQL_THD);

  /**
    Invoked whenever an event occurs which is of any
    class for which the plugin has interest.The second argument
    indicates the specific event class and the third argument is data
    as required for that class.
  */
  int (*event_notify)(MYSQL_THD, mysql_event_class_t, const void *);

  /**
    An array of bits used to indicate what event classes
    that this plugin wants to receive.
  */
  unsigned long class_mask[MYSQL_AUDIT_CLASS_MASK_SIZE];
};

/**
  @typedef enum_sql_command_t

  SQL command type definition.
*/
typedef enum enum_sql_command enum_sql_command_t;

/**
  @enum mysql_event_general_subclass_t

  Events for the MYSQL_AUDIT_GENERAL_CLASS event class.
*/
typedef enum
{
  /** occurs before emitting to the general query log. */
  MYSQL_AUDIT_GENERAL_LOG    = 1 << 0,
  /** occurs before transmitting errors to the user. */
  MYSQL_AUDIT_GENERAL_ERROR  = 1 << 1,
  /** occurs after transmitting a resultset to the user. */
  MYSQL_AUDIT_GENERAL_RESULT = 1 << 2,
  /** occurs after transmitting a resultset or errors */
  MYSQL_AUDIT_GENERAL_STATUS = 1 << 3
} mysql_event_general_subclass_t;

#define MYSQL_AUDIT_GENERAL_ALL (MYSQL_AUDIT_GENERAL_LOG | \
                                 MYSQL_AUDIT_GENERAL_ERROR | \
                                 MYSQL_AUDIT_GENERAL_RESULT | \
                                 MYSQL_AUDIT_GENERAL_STATUS)
/**
  @struct mysql_event_general

  Structure for the MYSQL_AUDIT_GENERAL_CLASS event class.
*/
struct mysql_event_general
{
  mysql_event_general_subclass_t event_subclass;
  int                            general_error_code;
  unsigned long                  general_thread_id;
  MYSQL_LEX_CSTRING              general_user;
  MYSQL_LEX_CSTRING              general_command;
  MYSQL_LEX_CSTRING              general_query;
  struct charset_info_st         *general_charset;
  unsigned long long             general_time;
  unsigned long long             general_rows;
  MYSQL_LEX_CSTRING              general_host;
  MYSQL_LEX_CSTRING              general_sql_command;
  MYSQL_LEX_CSTRING              general_external_user;
  MYSQL_LEX_CSTRING              general_ip;
};

/**
  @enum mysql_event_connection_subclass_t

  Events for MYSQL_AUDIT_CONNECTION_CLASS event class.
*/
typedef enum
{
  /** occurs after authentication phase is completed. */
  MYSQL_AUDIT_CONNECTION_CONNECT          = 1 << 0,
  /** occurs after connection is terminated. */
  MYSQL_AUDIT_CONNECTION_DISCONNECT       = 1 << 1,
  /** occurs after COM_CHANGE_USER RPC is completed. */
  MYSQL_AUDIT_CONNECTION_CHANGE_USER      = 1 << 2,
  /** occurs before authentication. */
  MYSQL_AUDIT_CONNECTION_PRE_AUTHENTICATE = 1 << 3
} mysql_event_connection_subclass_t;

#define MYSQL_AUDIT_CONNECTION_ALL (MYSQL_AUDIT_CONNECTION_CONNECT | \
                                    MYSQL_AUDIT_CONNECTION_DISCONNECT | \
                                    MYSQL_AUDIT_CONNECTION_CHANGE_USER | \
                                    MYSQL_AUDIT_CONNECTION_PRE_AUTHENTICATE)
/**
  @struct mysql_event_connection

  Structure for the MYSQL_AUDIT_CONNECTION_CLASS event class.
*/
struct mysql_event_connection
{
  /** Event subclass. */
  mysql_event_connection_subclass_t event_subclass;
  /** Current status of the connection. */
  int                               status;
  /** Connection id. */
  unsigned long                     connection_id;
  /** User name of this connection. */
  MYSQL_LEX_CSTRING                 user;
  /** Priv user name. */
  MYSQL_LEX_CSTRING                 priv_user;
  /** External user name. */
  MYSQL_LEX_CSTRING                 external_user;
  /** Proxy user used for this connection. */
  MYSQL_LEX_CSTRING                 proxy_user;
  /** Connection host. */
  MYSQL_LEX_CSTRING                 host;
  /** IP of the connection. */
  MYSQL_LEX_CSTRING                 ip;
  /** Database name specified at connection time. */
  MYSQL_LEX_CSTRING                 database;
  /** Connection type:
        - 0 Undefined
        - 1 TCP/IP
        - 2 Socket
        - 3 Named pipe
        - 4 SSL
        - 5 Shared memory
  */
  int                               connection_type;
};

/**
@enum mysql_event_parse_subclass_t

Events for MYSQL_AUDIT_PARSE_CLASS event class.
*/
typedef enum
{
  /** occurs before the query parsing. */
  MYSQL_AUDIT_PARSE_PREPARSE  = 1 << 0,
  /** occurs after the query parsing. */
  MYSQL_AUDIT_PARSE_POSTPARSE = 1 << 1
} mysql_event_parse_subclass_t;

#define MYSQL_AUDIT_PARSE_ALL (MYSQL_AUDIT_PARSE_PREPARSE | \
                               MYSQL_AUDIT_PARSE_POSTPARSE)

typedef enum
{
  MYSQL_AUDIT_PARSE_REWRITE_PLUGIN_NONE                  = 0,
  /// mysql_event_parse::flags Must be set by a plugin if the query is rewritten.
  MYSQL_AUDIT_PARSE_REWRITE_PLUGIN_QUERY_REWRITTEN       = 1 << 0,
  /// mysql_event_parse::flags Is set by the server if the query is prepared statement.
  MYSQL_AUDIT_PARSE_REWRITE_PLUGIN_IS_PREPARED_STATEMENT = 1 << 1
} mysql_event_parse_rewrite_plugin_flag;

/** Data for the MYSQL_AUDIT_PARSE events */
struct mysql_event_parse
{
  /** MYSQL_AUDIT_[PRE|POST]_PARSE event id */
  mysql_event_parse_subclass_t           event_subclass;

  /** one of FLAG_REWRITE_PLUGIN_* */
  mysql_event_parse_rewrite_plugin_flag *flags;

  /** input: the original query text */
  MYSQL_LEX_CSTRING                     query;

  /** output: returns the null-terminated rewritten query allocated by my_malloc() */
  MYSQL_LEX_CSTRING                     *rewritten_query;
};

/**
  @enum mysql_event_authorization_subclass_t

  Events for MYSQL_AUDIT_AUTHORIZATION_CLASS event class.
*/
typedef enum
{
  MYSQL_AUDIT_AUTHORIZATION_USER      = 1 << 0,
  /** Occurs when database privilege is checked. */
  MYSQL_AUDIT_AUTHORIZATION_DB        = 1 << 1,
  /** Occurs when table privilege is checked. */
  MYSQL_AUDIT_AUTHORIZATION_TABLE     = 1 << 2,
  /** Occurs when column privilege is checked. */
  MYSQL_AUDIT_AUTHORIZATION_COLUMN    = 1 << 3,
  /** Occurs when procedure privilege is checked. */
  MYSQL_AUDIT_AUTHORIZATION_PROCEDURE = 1 << 4,
  /** Occurs when proxy privilege is checked. */
  MYSQL_AUDIT_AUTHORIZATION_PROXY     = 1 << 5
} mysql_event_authorization_subclass_t;

#define MYSQL_AUDIT_AUTHORIZATION_ALL (MYSQL_AUDIT_AUTHORIZATION_USER | \
                                       MYSQL_AUDIT_AUTHORIZATION_DB | \
                                       MYSQL_AUDIT_AUTHORIZATION_TABLE | \
                                       MYSQL_AUDIT_AUTHORIZATION_COLUMN  | \
                                       MYSQL_AUDIT_AUTHORIZATION_PROCEDURE | \
                                       MYSQL_AUDIT_AUTHORIZATION_PROXY)
/**
  @struct mysql_event_authorization

  Structure for MYSQL_AUDIT_AUTHORIZATION_CLASS event class.
*/
struct mysql_event_authorization
{
  /** Event subclass. */
  mysql_event_authorization_subclass_t event_subclass;
  /** Event status. */
  int                                  status;
  /** Connection id. */
  unsigned int                         connection_id;
  /** SQL command id. */
  enum_sql_command_t                   sql_command_id;
  /** SQL query text. */
  MYSQL_LEX_CSTRING                    query;
  /** SQL query charset. */
  const struct charset_info_st         *query_charset;
  /** Database name. */
  MYSQL_LEX_CSTRING                    database;
  /** Table name. */
  MYSQL_LEX_CSTRING                    table;
  /** Other name associated with the event. */
  MYSQL_LEX_CSTRING                    object;
  /** Requested authorization privileges. */
  unsigned long                        requested_privilege;
  /** Currently granted authorization privileges. */
  unsigned long                        granted_privilege;
};

/**
  @enum mysql_event_table_row_access_subclass_t

  Events for MYSQL_AUDIT_TABLE_ACCES_CLASS event class.
*/
typedef enum
{
  /** Occurs when table data are read. */
  MYSQL_AUDIT_TABLE_ACCESS_READ   = 1 << 0,
  /** Occurs when table data are inserted. */
  MYSQL_AUDIT_TABLE_ACCESS_INSERT = 1 << 1,
  /** Occurs when table data are updated. */
  MYSQL_AUDIT_TABLE_ACCESS_UPDATE = 1 << 2,
  /** Occurs when table data are deleted. */
  MYSQL_AUDIT_TABLE_ACCESS_DELETE = 1 << 3
} mysql_event_table_access_subclass_t;

#define MYSQL_AUDIT_TABLE_ACCESS_ALL (MYSQL_AUDIT_TABLE_ACCESS_READ | \
                                      MYSQL_AUDIT_TABLE_ACCESS_INSERT | \
                                      MYSQL_AUDIT_TABLE_ACCESS_UPDATE | \
                                      MYSQL_AUDIT_TABLE_ACCESS_DELETE)

/**
  @struct mysql_event_table_row_access

  Structure for MYSQL_AUDIT_TABLE_ACCES_CLASS event class.
*/
struct mysql_event_table_access
{
  /** Event subclass. */
  mysql_event_table_access_subclass_t event_subclass;
  /** Connection id. */
  unsigned long                           connection_id;
  /** SQL command id. */
  enum_sql_command_t                      sql_command_id;
  /** SQL query. */
  MYSQL_LEX_CSTRING                       query;
  /** SQL query charset. */
  const struct charset_info_st            *query_charset;
  /** Database name. */
  MYSQL_LEX_CSTRING                       table_database;
  /** Table name. */
  MYSQL_LEX_CSTRING                       table_name;
};

/**
  @enum mysql_event_global_variable_subclass_t

  Events for MYSQL_AUDIT_GLOBAL_VARIABLE_CLASS event class.
*/
typedef enum
{
  /** Occurs when global variable is retrieved. */
  MYSQL_AUDIT_GLOBAL_VARIABLE_GET = 1 << 0,
  /** Occurs when global variable is set. */
  MYSQL_AUDIT_GLOBAL_VARIABLE_SET = 1 << 1
} mysql_event_global_variable_subclass_t;

#define MYSQL_AUDIT_GLOBAL_VARIABLE_ALL (MYSQL_AUDIT_GLOBAL_VARIABLE_GET | \
                                         MYSQL_AUDIT_GLOBAL_VARIABLE_SET)

/** Events for MYSQL_AUDIT_GLOBAL_VARIABLE_CLASS event class. */
struct mysql_event_global_variable
{
  /** Event subclass. */
  mysql_event_global_variable_subclass_t event_subclass;
  /** Connection id. */
  unsigned long                          connection_id;
  /** SQL command id. */
  enum_sql_command_t                     sql_command_id;
  /** Variable name. */
  MYSQL_LEX_CSTRING                      variable_name;
  /** Variable value. */
  MYSQL_LEX_CSTRING                      variable_value;
};

/**
  @enum mysql_event_server_startup_subclass_t

  Events for MYSQL_AUDIT_SERVER_STARTUP_CLASS event class.
*/
typedef enum
{
  /** Occurs after all subsystem are initialized during system start. */
  MYSQL_AUDIT_SERVER_STARTUP_STARTUP = 1 << 0
} mysql_event_server_startup_subclass_t;

#define MYSQL_AUDIT_SERVER_STARTUP_ALL (MYSQL_AUDIT_SERVER_STARTUP_STARTUP)

/**
  @struct mysql_event_server_startup

  Structure for MYSQL_AUDIT_SERVER_STARTUP_CLASS event class.
*/
struct mysql_event_server_startup
{
  /** Event subclass. */
  mysql_event_server_startup_subclass_t event_subclass;
  /** Command line arguments. */
  const char                            **argv;
  /** Command line arguments count. */
  unsigned int                          argc;
};

/**
  @enum mysql_event_server_shutdown_subclass_t

  Events for MYSQL_AUDIT_SERVER_SHUTDOWN_CLASS event class.
*/
typedef enum
{
  /** Occurs when global variable is set. */
  MYSQL_AUDIT_SERVER_SHUTDOWN_SHUTDOWN = 1 << 0
} mysql_event_server_shutdown_subclass_t;

#define MYSQL_AUDIT_SERVER_SHUTDOWN_ALL (MYSQL_AUDIT_SERVER_SHUTDOWN_SHUTDOWN)

/**
  @enum mysql_server_shutdown_reason_t

  Server shutdown reason.
*/
typedef enum
{
  /** User requested shut down. */
  MYSQL_AUDIT_SERVER_SHUTDOWN_REASON_SHUTDOWN,
  /** The server aborts. */
  MYSQL_AUDIT_SERVER_SHUTDOWN_REASON_ABORT
} mysql_server_shutdown_reason_t;

/**
  @struct mysql_event_server_shutdown

  Structure for MYSQL_AUDIT_SERVER_SHUTDOWN_CLASS event class.
*/
struct mysql_event_server_shutdown
{
  /** Shutdown event. */
  mysql_event_server_shutdown_subclass_t event_subclass;
  /** Exit code associated with the shutdown event. */
  int                                    exit_code;
  /** Shutdown reason. */
  mysql_server_shutdown_reason_t         reason;
};

/**
  @enum mysql_event_command_subclass_t

  Events for MYSQL_AUDIT_COMMAND_CLASS event class.
*/
typedef enum
{
  /** Command start event. */
  MYSQL_AUDIT_COMMAND_START = 1 << 0,
  /** Command end event. */
  MYSQL_AUDIT_COMMAND_END   = 1 << 1
} mysql_event_command_subclass_t;

#define MYSQL_AUDIT_COMMAND_ALL (MYSQL_AUDIT_COMMAND_START | \
                                 MYSQL_AUDIT_COMMAND_END)
/**
  @typedef enum_server_command_t

  Server command type definition.
*/
typedef enum enum_server_command enum_server_command_t;

/**
  @struct mysql_event_command

  Event for MYSQL_AUDIT_COMMAND_CLASS event class.
  Events generated as a result of RPC command requests.
*/
struct mysql_event_command
{
  /** Command event subclass. */
  mysql_event_command_subclass_t event_subclass;
  /** Command event status. */
  int                            status;
  /** Connection id. */
  unsigned long                  connection_id;
  /** Command id. */
  enum_server_command_t          command_id;
};

/**
  @enum mysql_event_query_subclass_t

  Events for MYSQL_AUDIT_QUERY_CLASS event class.
*/
typedef enum
{
  /** Query start event. */
  MYSQL_AUDIT_QUERY_START             = 1 << 0,
  /** Nested query start event. */
  MYSQL_AUDIT_QUERY_NESTED_START      = 1 << 1,
  /** Query post parse event. */
  MYSQL_AUDIT_QUERY_STATUS_END        = 1 << 2,
  /** Nested query status end event. */
  MYSQL_AUDIT_QUERY_NESTED_STATUS_END = 1 << 3
} mysql_event_query_subclass_t;

#define MYSQL_AUDIT_QUERY_ALL (MYSQL_AUDIT_QUERY_START | \
                               MYSQL_AUDIT_QUERY_NESTED_START | \
                               MYSQL_AUDIT_QUERY_STATUS_END | \
                               MYSQL_AUDIT_QUERY_NESTED_STATUS_END)
/**
  @struct mysql_event_command

  Event for MYSQL_AUDIT_COMMAND_CLASS event class.
*/
struct mysql_event_query
{
  /** Event subclass. */
  mysql_event_query_subclass_t event_subclass;
  /** Event status. */
  int                          status;
  /** Connection id. */
  unsigned long                connection_id;
  /** SQL command id. */
  enum_sql_command_t           sql_command_id;
  /** SQL query. */
  MYSQL_LEX_CSTRING            query;
  /** SQL query charset. */
  const struct charset_info_st *query_charset;
};

/**
  @enum mysql_event_stored_program_subclass_t

  Events for MYSQL_AUDIT_STORED_PROGRAM_CLASS event class.
*/
typedef enum
{
  /** Stored program execution event. */
  MYSQL_AUDIT_STORED_PROGRAM_EXECUTE = 1 << 0
} mysql_event_stored_program_subclass_t;

#define MYSQL_AUDIT_STORED_PROGRAM_ALL (MYSQL_AUDIT_STORED_PROGRAM_EXECUTE)

/**
  @struct mysql_event_command

Event for MYSQL_AUDIT_COMMAND_CLASS event class.
*/
struct mysql_event_stored_program
{
  /** Event subclass. */
  mysql_event_stored_program_subclass_t event_subclass;
  /** Connection id. */
  unsigned long                         connection_id;
  /** SQL command id. */
  enum_sql_command_t                    sql_command_id;
  /** SQL query text. */
  MYSQL_LEX_CSTRING                     query;
  /** SQL query charset. */
  const struct charset_info_st          *query_charset;
  /** The Database the procedure is defined in. */
  MYSQL_LEX_CSTRING                     database;
  /** Name of the stored program. */
  MYSQL_LEX_CSTRING                     name;
  /** Stored program parameters. */
  void                                  *parameters;
};

#endif