github
/
mysql-audit
mirror of https://github.com/mcafee-enterprise/mysql-audit
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #23 from akashsinha/userFilter 

Option added to skip queries of whitelisted users. Doing full merge and then will edit some changes.
pull/36/head
Guy Lichtman 2012-12-23 09:02:32 -08:00
parent 7dea2f9ef1 5cdc6dd456
commit 4cfb7a5240
3 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/audit_handler.h
View File

@ -36,6 +36,8 @@ typedef size_t OFFSET;
#define MAX_COM_STATUS_VARS_RECORDS 512 #define MAX_COM_STATUS_VARS_RECORDS 512
#define MAX_OBJECT_CHAR_NUMBERS 130 #define MAX_OBJECT_CHAR_NUMBERS 130
#define MAX_USER_CHAR_NUMBERS 20
const char * retrieve_user (THD * thd);
#define MAX_NUM_OBJECT_ELEM 256 #define MAX_NUM_OBJECT_ELEM 256
/** /**
@ -78,9 +80,11 @@ public:
ThdSesData(THD *pTHD); ThdSesData(THD *pTHD);
THD* getTHD () { return m_pThd;} THD* getTHD () { return m_pThd;}
const char * getCmdName () { return m_CmdName; } const char * getCmdName () { return m_CmdName; }
const char * getUserName () { return m_UserName; }
private: private:
THD *m_pThd; THD *m_pThd;
const char *m_CmdName; const char *m_CmdName;
const char *m_UserName;
protected: protected:
ThdSesData (const ThdSesData& ); ThdSesData (const ThdSesData& );
ThdSesData &operator =(const ThdSesData& ); ThdSesData &operator =(const ThdSesData& );

3
src/audit_handler.cc
View File

@ -528,7 +528,8 @@ ssize_t Audit_json_formatter::event_format(ThdSesData* pThdData, IWriter * write
ThdSesData::ThdSesData (THD *pTHD) : m_pThd (pTHD), m_CmdName(NULL) ThdSesData::ThdSesData (THD *pTHD) : m_pThd (pTHD), m_CmdName(NULL), m_UserName(NULL)
{ {
m_CmdName = retrieve_command (m_pThd); m_CmdName = retrieve_command (m_pThd);
m_UserName = retrieve_user (m_pThd);
} }

48
src/audit_plugin.cc
View File

@ -557,14 +557,17 @@ static int delay_ms_val =0;
static char *delay_cmds_string = NULL; static char *delay_cmds_string = NULL;
static char *record_cmds_string = NULL; static char *record_cmds_string = NULL;
static char *record_objs_string = NULL; static char *record_objs_string = NULL;
static char *whitelist_users_string = NULL;
static char delay_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {0}; static char delay_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {0};
static char record_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {0}; static char record_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {0};
static char record_objs_array [MAX_NUM_OBJECT_ELEM + 2][MAX_OBJECT_CHAR_NUMBERS] = {0}; static char record_objs_array [MAX_NUM_OBJECT_ELEM + 2][MAX_OBJECT_CHAR_NUMBERS] = {0};
static char whitelist_users_array [SQLCOM_END + 2][MAX_USER_CHAR_NUMBERS] = {0};
static bool record_empty_objs_set = true; static bool record_empty_objs_set = true;
static int num_delay_cmds = 0; static int num_delay_cmds = 0;
static int num_record_cmds = 0; static int num_record_cmds = 0;
static int num_record_objs = 0; static int num_record_objs = 0;
static int num_whitelist_users = 0;
static SHOW_VAR com_status_vars_array [MAX_COM_STATUS_VARS_RECORDS] = {0}; static SHOW_VAR com_status_vars_array [MAX_COM_STATUS_VARS_RECORDS] = {0};
/** /**
* The trampoline functions we use. Will be set to point to allocated mem. * The trampoline functions we use. Will be set to point to allocated mem.
@ -629,6 +632,15 @@ static void audit(ThdSesData *pThdData)
return; return;
} }
} }
if (num_whitelist_users > 0) {
const char * user = pThdData->getUserName(); //If name is present, then no need to log the query
const char *users[2];
users[0] = user;
users[1] = NULL;
if (check_array(users, (char *) whitelist_users_array, MAX_USER_CHAR_NUMBERS)) {
return;
}
}
if (num_record_objs > 0) { if (num_record_objs > 0) {
LEX *pLex = Audit_formatter::thd_lex(pThdData->getTHD()); LEX *pLex = Audit_formatter::thd_lex(pThdData->getTHD());
TABLE_LIST * table = pLex->query_tables; TABLE_LIST * table = pLex->query_tables;
@ -1309,6 +1321,20 @@ const char * retrieve_command (THD * thd)
return cmd; return cmd;
} }
const char * retrieve_user (THD * thd)
{
const char *user = NULL;
Security_context * sctx = Audit_formatter::thd_inst_main_security_ctx(thd);
if (sctx->priv_user != NULL || *sctx->priv_user != 0x0)
{
user = sctx->priv_user;
}
return user;
}
static int set_com_status_vars_array () static int set_com_status_vars_array ()
{ {
DBUG_ENTER("set_com_status_vars_array"); DBUG_ENTER("set_com_status_vars_array");
@ -1492,6 +1518,12 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si
num_record_cmds = string_to_array(&record_cmds_string, record_cmds_array, SQLCOM_END + 2, MAX_COMMAND_CHAR_NUMBERS); num_record_cmds = string_to_array(&record_cmds_string, record_cmds_array, SQLCOM_END + 2, MAX_COMMAND_CHAR_NUMBERS);
sql_print_information("%s Set num_record_cmds: %d", log_prefix, num_record_cmds); sql_print_information("%s Set num_record_cmds: %d", log_prefix, num_record_cmds);
} }
if (whitelist_users_string != NULL) {
num_whitelist_users = string_to_array(&whitelist_users_string, whitelist_users_array, SQLCOM_END + 2, MAX_USER_CHAR_NUMBERS);
sql_print_information("%s Set num_whitelist_users: %d", log_prefix, num_whitelist_users);
}
if (record_objs_string != NULL) { if (record_objs_string != NULL) {
setup_record_objs_array(); setup_record_objs_array();
} }
@ -1726,6 +1758,16 @@ static void record_cmds_string_update(THD *thd,
sql_print_information("%s Set num_record_cmds: %d record cmds: %s", log_prefix, num_record_cmds, record_cmds_string); sql_print_information("%s Set num_record_cmds: %d record cmds: %s", log_prefix, num_record_cmds, record_cmds_string);
} }
static void whitelist_users_string_update(THD *thd,
struct st_mysql_sys_var *var, void *tgt,
const void *save)
{
num_whitelist_users = string_to_array(save, whitelist_users_array, SQLCOM_END + 2, MAX_USER_CHAR_NUMBERS);
whitelist_users_string = *static_cast<char* const *> (save);
sql_print_information("%s Set num_whitelist_users: %d whitelist users: %s", log_prefix, num_whitelist_users, whitelist_users_string);
}
static void record_objs_string_update(THD *thd, static void record_objs_string_update(THD *thd,
struct st_mysql_sys_var *var, void *tgt, struct st_mysql_sys_var *var, void *tgt,
@ -1815,6 +1857,11 @@ static MYSQL_SYSVAR_STR(record_cmds, record_cmds_string,
PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_MEMALLOC, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_MEMALLOC,
"AUDIT plugin commands to record, comma separated", "AUDIT plugin commands to record, comma separated",
NULL, record_cmds_string_update, NULL); NULL, record_cmds_string_update, NULL);
static MYSQL_SYSVAR_STR(whitelist_users, whitelist_users_string,
PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_MEMALLOC,
"AUDIT plugin whitelisted users whose queries not to be recorded, comma separated",
NULL, whitelist_users_string_update, NULL);
static MYSQL_SYSVAR_STR(record_objs, record_objs_string, static MYSQL_SYSVAR_STR(record_objs, record_objs_string,
PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_MEMALLOC, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_MEMALLOC,
"AUDIT plugin objects to record, comma separated", "AUDIT plugin objects to record, comma separated",
@ -1841,6 +1888,7 @@ static struct st_mysql_sys_var* audit_system_variables[] =
MYSQL_SYSVAR(delay_ms), MYSQL_SYSVAR(delay_ms),
MYSQL_SYSVAR(delay_cmds), MYSQL_SYSVAR(delay_cmds),
MYSQL_SYSVAR(record_cmds), MYSQL_SYSVAR(record_cmds),
MYSQL_SYSVAR(whitelist_users),
MYSQL_SYSVAR(record_objs), MYSQL_SYSVAR(record_objs),
MYSQL_SYSVAR(checksum), MYSQL_SYSVAR(checksum),
NULL }; NULL };