github
/
mysql-audit
mirror of https://github.com/mcafee-enterprise/mysql-audit
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Suport 5.6.x 

Offsets upto 5.6.11, 5.5.31, 5.1.69
Use -Wall for compilation and fix warnings.
fix for issue #40
fix for issue #33
pull/53/head
Guy Lichtman 2013-06-06 21:26:39 +03:00
parent cf395c3f66
commit a7d789d371
11 changed files with 726 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
compiling.txt Normal file → Executable file
View File

@ -45,6 +45,10 @@ cd mysql-5.5.8
cmake .
make
Note: to speed things up it is possible to build just the following directories:
libservices
extra
back to working dir and run:
CXX='gcc -static-libgcc' CC='gcc -static-libgcc' ./configure --with-mysql=mysql-5.5.8 --with-mysql-libservices=mysql-5.5.8/libservices/libmysqlservices.a

4
configure.ac
View File

@ -88,10 +88,10 @@ AC_PATH_PROG(DIFF, diff, diff)
#CPPFLAGS="$CPPFLAGS -DMYSQL_DYNAMIC_PLUGIN -DMYSQL_SERVER"
#we can add the following flags for better error catching: -Werror -Wimplicit
CPPFLAGS="$CPPFLAGS -Werror"
CPPFLAGS="$CPPFLAGS -Werror -Wall"
CFLAGS="$CFLAGS -Wimplicit"
# From MySQL: Disable exceptions as they seams to create problems with gcc and threads.
CXXFLAGS="-fno-implicit-templates -fno-exceptions -fno-rtti "
CXXFLAGS="-fno-implicit-templates -fno-exceptions -fno-rtti -Wno-reorder -Wno-strict-aliasing"
#add pthread libs
LIBS="$LIBS -lpthread"

23
include/audit_handler.h
View File

@ -208,8 +208,8 @@ public:
protected:
Audit_json_formatter& operator =(const Audit_json_formatter& b) {};
Audit_json_formatter(const Audit_json_formatter& ) {};
Audit_json_formatter& operator =(const Audit_json_formatter& b);
Audit_json_formatter(const Audit_json_formatter& );
};
@ -319,8 +319,9 @@ protected:
{
rw_unlock(&LOCK_audit);
}
Audit_handler & operator=(const Audit_handler&) {};
Audit_handler(const Audit_handler&) {};
//override default assignment and copy to protect against creating additional instances
Audit_handler & operator=(const Audit_handler&);
Audit_handler(const Audit_handler&);
private:
//bool indicating if to print offset errors to log or not
bool m_print_offset_err;
@ -354,7 +355,7 @@ class Audit_file_handler: public Audit_io_handler
public:
Audit_file_handler() :
m_log_file(NULL), m_sync_period(0), m_sync_counter(0), m_filename(NULL)
m_sync_period(0), m_filename(NULL), m_log_file(NULL), m_sync_counter(0)
{
}
@ -380,8 +381,9 @@ public:
ssize_t write(const char * data, size_t size);
//static void print_sleep (THD *thd, int delay_ms);
protected:
Audit_file_handler & operator=(const Audit_file_handler&) {};
Audit_file_handler(const Audit_file_handler&) {};
//override default assignment and copy to protect against creating additional instances
Audit_file_handler & operator=(const Audit_file_handler&);
Audit_file_handler(const Audit_file_handler&);
virtual void handler_start();
virtual void handler_stop();
@ -432,8 +434,9 @@ public:
ssize_t write(const char * data, size_t size);
protected:
Audit_socket_handler & operator=(const Audit_socket_handler&) {};
Audit_socket_handler(const Audit_socket_handler&) {};
//override default assignment and copy to protect against creating additional instances
Audit_socket_handler & operator=(const Audit_socket_handler&);
Audit_socket_handler(const Audit_socket_handler&);
virtual void handler_start();
virtual void handler_stop();
@ -448,7 +451,7 @@ protected:
{
if (m_vio)
{
vio_close((Vio*)m_vio);
//no need for vio_close as is called by delete (additionally close changed its name to vio_shutdown in 5.6.11)
vio_delete((Vio*)m_vio);
}
m_vio = NULL;

55
include/md5.h Executable file
View File

@ -0,0 +1,55 @@
/*
* This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
* MD5 Message-Digest Algorithm (RFC 1321).
*
* Homepage:
* http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
*
* Author:
* Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
*
* This software was written by Alexander Peslyak in 2001. No copyright is
* claimed, and the software is hereby placed in the public domain.
* In case this attempt to disclaim copyright and place the software in the
* public domain is deemed null and void, then the software is
* Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
* general public under the following terms:
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted.
*
* There's ABSOLUTELY NO WARRANTY, express or implied.
*
* See md5.c for more information.
*/
#if !defined(_MD5_H)
#define _MD5_H
#include "mysql_inc.h"
#if MYSQL_VERSION_ID >= 50600
/* Any 32-bit or wider unsigned integer data type will do */
typedef unsigned int MD5_u32plus;
typedef struct {
MD5_u32plus lo, hi;
MD5_u32plus a, b, c, d;
unsigned char buffer[64];
MD5_u32plus block[16];
} MD5_CTX;
extern void MD5_Init(MD5_CTX *ctx);
extern void MD5_Update(MD5_CTX *ctx, void *data, unsigned long size);
extern void MD5_Final(unsigned char *result, MD5_CTX *ctx);
//define the my_MD5* functions
#define my_MD5Context MD5_CTX
#define my_MD5Init MD5_Init
#define my_MD5Update MD5_Update
#define my_MD5Final MD5_Final
#endif //#if MYSQL_VERSION_ID >= 50600
#endif

4
include/mysql_inc.h
View File

@ -21,6 +21,10 @@
#include <my_pthread.h>
#include <sql_priv.h>
#include <mysql/plugin.h>
#if MYSQL_VERSION_ID >= 50600
//in 5.6 we use the audit plugin interface
#include <mysql/plugin_audit.h>
#endif
#include <sql_parse.h>
#include <sql_class.h>
#include <my_global.h>

10
offset-extract/offset-extract.sh Normal file → Executable file
View File

@ -22,8 +22,16 @@ if [ $? = 0 ]; then
MYVER=`echo "$MYVER" | grep -P -o '.+(?=-log)'`
fi
COMMAND_MEMBER=command
#in 5.6 command member is named m_command
echo $MYVER | grep -P '^5.6' > /dev/null
if [ $? = 0 ]; then
COMMAND_MEMBER=m_command
fi
echo "set logging on" > offsets.gdb
echo 'printf "{\"'$MYVER'\",\"'$MYMD5'\", %d, %d, %d, %d, %d, %d}", ((size_t)&((THD *)log_slow_statement)->query_id) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->thread_id) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->main_security_ctx) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->command) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->lex) - (size_t)log_slow_statement, (size_t)&((LEX*)log_slow_statement)->comment - (size_t) log_slow_statement' >> offsets.gdb
echo 'printf "{\"'$MYVER'\",\"'$MYMD5'\", %d, %d, %d, %d, %d, %d}", ((size_t)&((THD *)log_slow_statement)->query_id) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->thread_id) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->main_security_ctx) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->'$COMMAND_MEMBER') - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->lex) - (size_t)log_slow_statement, (size_t)&((LEX*)log_slow_statement)->comment - (size_t) log_slow_statement' >> offsets.gdb
SYMPARAM=""
if [ -n "$2" ]; then

2
src/Makefile.am Normal file → Executable file
View File

@ -20,7 +20,7 @@ pkgplugindir = $(MYSQL_PLUGIN_DIR)
pkgplugin_LTLIBRARIES = libaudit_plugin.la
libaudit_plugin_la_LDFLAGS = -module -Wl,--version-script=MySQLPlugin.map
libaudit_plugin_la_SOURCES = hot_patch.cc audit_plugin.cc audit_handler.cc
libaudit_plugin_la_SOURCES = hot_patch.cc audit_plugin.cc audit_handler.cc md5.cc
libaudit_plugin_la_LIBADD = $(top_srcdir)/yajl/src/libyajl.la $(top_srcdir)/udis86/libudis86/libudis86.la $(MYSQL_LIBSERVICES)

42
src/audit_handler.cc
View File

@ -23,28 +23,6 @@
#include <sys/un.h>
#include "static_assert.h"
/**
* Will write into buff the date prefix for txt formatter. Return the number of bytes written
* (not including null terminate).
*/
static int log_date_prefix(char * buff, size_t buff_size)
{
struct tm tm_tmp;
time_t result= time(NULL);
localtime_r(&result, &tm_tmp);
//my_snprintf is limited regarding formatting but sufficient for this
return my_snprintf(buff, buff_size, "%02d%02d%02d %2d:%02d:%02d: ",
tm_tmp.tm_year % 100,
tm_tmp.tm_mon+1,
tm_tmp.tm_mday,
tm_tmp.tm_hour,
tm_tmp.tm_min,
tm_tmp.tm_sec);
}
//utility macro to log also with a date as a prefix
#define log_with_date(f, ...) do{\
struct tm tm_tmp;\
@ -81,7 +59,7 @@ const char * Audit_formatter::retrive_object_type (TABLE_LIST *pObj)
void Audit_handler::stop_all()
{
for (int i = 0; i < MAX_AUDIT_HANDLERS_NUM; ++i)
for (size_t i = 0; i < MAX_AUDIT_HANDLERS_NUM; ++i)
{
if (m_audit_handler_list[i] != NULL)
{
@ -92,7 +70,7 @@ void Audit_handler::stop_all()
void Audit_handler::log_audit_all(ThdSesData *pThdData)
{
for (int i = 0; i < MAX_AUDIT_HANDLERS_NUM; ++i)
for (size_t i = 0; i < MAX_AUDIT_HANDLERS_NUM; ++i)
{
if (m_audit_handler_list[i] != NULL)
{
@ -259,8 +237,14 @@ void Audit_socket_handler::handler_start()
struct sockaddr_un UNIXaddr;
UNIXaddr.sun_family = AF_UNIX;
strmake(UNIXaddr.sun_path, m_sockname, sizeof(UNIXaddr.sun_path)-1);
#if MYSQL_VERSION_ID < 50600
if (my_connect(sock,(struct sockaddr *) &UNIXaddr, sizeof(UNIXaddr),
m_connect_timeout))
#else
//in 5.6 timeout is in ms
if (vio_socket_connect((Vio*)m_vio,(struct sockaddr *) &UNIXaddr, sizeof(UNIXaddr),
m_connect_timeout * 1000))
#endif
{
sql_print_error(
"%s unable to connect to socket: %s. err: %s. audit socket handler disabled!!",
@ -393,9 +377,6 @@ ssize_t Audit_json_formatter::event_format(ThdSesData* pThdData, IWriter * write
{
unsigned long thdid = thd_get_thread_id(pThdData->getTHD());
query_id_t qid = thd_inst_query_id(pThdData->getTHD());
int command = thd_inst_command(pThdData->getTHD());
Security_context * sctx = thd_inst_main_security_ctx(pThdData->getTHD());
//initialize yajl
@ -436,7 +417,12 @@ ssize_t Audit_json_formatter::event_format(ThdSesData* pThdData, IWriter * write
const char * query = thd_query_str(pThdData->getTHD(), &qlen);
if (query && qlen > 0)
{
CHARSET_INFO *col_connection = Item::default_charset();
#if MYSQL_VERSION_ID < 50600
CHARSET_INFO *col_connection;
#else
const CHARSET_INFO *col_connection;
#endif
col_connection = Item::default_charset();
if (strcmp (col_connection->csname,"utf8")!=0) {
String sQuery (query,col_connection) ;
pThdData->getTHD()->convert_string (&sQuery,col_connection,&my_charset_utf8_general_ci);

397
src/audit_plugin.cc
View File

@ -19,7 +19,11 @@
#include "audit_handler.h"
#include <string.h>
#include <sys/mman.h>
#include <sys/mman.h>
#if MYSQL_VERSION_ID >= 50600
//in 5.6 md5 implementation changed and we include our own
#include "md5.h"
#endif
/*
Disable __attribute__() on non-gcc compilers.
@ -117,6 +121,8 @@ static const ThdOffsets thd_offsets_arr[] =
{"5.1.67-community","f67df6f2416940dbabff460b83b63677", 6376, 6440, 3736, 4008, 88, 2056},
//offsets for: /mysqlrpm/5.1.68/usr/sbin/mysqld (5.1.68-community)
{"5.1.68-community","4042e9a2778090df6fd8481e03ed6737", 6376, 6440, 3736, 4008, 88, 2056},
//offsets for: /mysqlrpm/5.1.69/usr/sbin/mysqld (5.1.69-community)
{"5.1.69-community","e9cb524b604419964f4dd55a8c87d618", 6376, 6440, 3736, 4008, 88, 2056},
//offsets for: mysqlrpm/5.5.8/usr/sbin/mysqld (5.5.8)
{"5.5.8","70a882693d54df8ab7c7d9f256e317bb", 6032, 6080, 3776, 4200, 88, 2560},
@ -166,10 +172,21 @@ static const ThdOffsets thd_offsets_arr[] =
{"5.5.28","588a710a1aec3043203261af72a13219", 6056, 6104, 3808, 4232, 88, 2568},
//offsets for: /mysqlrpm/5.5.29/usr/sbin/mysqld (5.5.29)
{"5.5.29","c1991059f9db3e4d5f23f34d9ff9c1d5", 6056, 6104, 3808, 4232, 88, 2568},
//offsets for: cluster-7.2.10-linux-rhel5-x86-64bit/cluster/bin/mysqld (5.5.29-ndb-7.2.10-cluster-commercial-advanced-log)
{"5.5.29-ndb-7.2.10-cluster-commercial-advanced","7fae09caa49af8bced6d250587cc2fcb", 6088, 6136, 3808, 4232, 88, 2568},
//offsets for: /mysqlrpm/5.5.30/usr/sbin/mysqld (5.5.30)
{"5.5.30","2c92adf1c8c4cef089bd487a56d72288", 6064, 6112, 3816, 4240, 88, 2568},
//offsets for: mysql-cluster-advanced-7.2.12-linux2.6-x86_64/bin/mysqld (5.5.30-ndb-7.2.12-cluster-commercial-advanced)
{"5.5.30-ndb-7.2.12-cluster-commercial-advanced","9f96bc38bf06a9b18a945227ff9e5c42", 6096, 6144, 3816, 4240, 88, 2568},
//offsets for: /mysqlrpm/5.5.31/usr/sbin/mysqld (5.5.31)
{"5.5.31","f6604e70b9592f484a7a04a0173f0b25", 6064, 6112, 3816, 4240, 88, 2568},
//offsets for: MySQL-server-5.6.10-1.el6.x86_64/usr/sbin/mysqld (5.6.10)
{"5.6.10","7016428728fe057d6825682d30e37b3d", 7808, 7856, 3960, 4400, 72, 2664},
//offsets for: /mysqlrpm/5.6.10/usr/sbin/mysqld (5.6.10)
{"5.6.10","3b34d181e1d9baa4534fe1146ceb0ce9", 7808, 7856, 3960, 4400, 72, 2664},
//offsets for: /mysqlrpm/5.6.11/usr/sbin/mysqld (5.6.11)
{"5.6.11","452f9bb49741bfc97d0266120016d77b", 7808, 7856, 3960, 4400, 72, 2672},
//DISTRIBUTION: tar.gz
//offsets for: /mysql/5.1.30/bin/mysqld (5.1.30)
@ -251,6 +268,8 @@ static const ThdOffsets thd_offsets_arr[] =
{"5.1.67","a33947226f24f59d30e7c40c61d840ca", 6392, 6456, 3752, 4024, 88, 2056},
//offsets for: /mysql/5.1.68/bin/mysqld (5.1.68)
{"5.1.68","673dd031ea4ad3493b47d74662a49079", 6392, 6456, 3752, 4024, 88, 2056},
//offsets for: /mysql/5.1.69/bin/mysqld (5.1.69)
{"5.1.69","af2936f85db019bfd44c7e12a2138707", 6392, 6456, 3752, 4024, 88, 2056},
//offsets for: mysql/5.5.8/bin/mysqld (5.5.8)
{"5.5.8","a32b163f08ca8bfd7486cd77200d9df3", 6032, 6080, 3776, 4200, 88, 2560},
@ -300,7 +319,16 @@ static const ThdOffsets thd_offsets_arr[] =
//offsets for: /mysql/5.5.29/bin/mysqld (5.5.29)
{"5.5.29","495fc2576127ab851baa1ebb39a8f6fe", 6056, 6104, 3808, 4232, 88, 2568},
//offsets for: /mysql/5.5.30/bin/mysqld (5.5.30)
{"5.5.30","a2a8aba9c124315c17634556a303f87a", 6064, 6112, 3816, 4240, 88, 2568}
{"5.5.30","a2a8aba9c124315c17634556a303f87a", 6064, 6112, 3816, 4240, 88, 2568},
//offsets for: MySQL-server-5.5.31-2.rhel5.x86_64/usr/sbin/mysqld (5.5.31)
{"5.5.31","858dc19ffc5d34e669ab85d32a8a0623", 6064, 6112, 3816, 4240, 88, 2568},
//offsets for: /mysql/5.5.31/bin/mysqld (5.5.31)
{"5.5.31","61e65a4cc9360e03f3810ef2928c916d", 6064, 6112, 3816, 4240, 88, 2568},
//offsets for: /mysql/5.6.10/bin/mysqld (5.6.10)
{"5.6.10","37f9c31dd092bb2d0da7eb6e2098732f", 7808, 7856, 3960, 4400, 72, 2664},
//offsets for: /mysql/5.6.11/bin/mysqld (5.6.11)
{"5.6.11","85fd884192cc5cd12fba52b7b140c819", 7808, 7856, 3960, 4400, 72, 2672}
};
#else
@ -387,6 +415,8 @@ static const ThdOffsets thd_offsets_arr[] =
{"5.1.67-community","2ca1d344c7054644a7e98c34b11bee64", 4124, 4164, 2268, 2448, 44, 1180},
//offsets for: /mysqlrpm/5.1.68/usr/sbin/mysqld (5.1.68-community)
{"5.1.68-community","df5dc268b36dbe853ed37d91fd4b6b3f", 4124, 4164, 2268, 2448, 44, 1180},
//offsets for: /mysqlrpm/5.1.69/usr/sbin/mysqld (5.1.69-community)
{"5.1.69-community","4c8acbca31f3f4ba44d35db9f5c65bc0", 4124, 4164, 2268, 2448, 44, 1180},
//offsets for: mysqlrpm/5.5.8/usr/sbin/mysqld (5.5.8)
{"5.5.8","3132e8c883f72caf4c8eddb24fd005b4", 3792, 3820, 2336, 2668, 44, 1640},
@ -432,6 +462,13 @@ static const ThdOffsets thd_offsets_arr[] =
{"5.5.29","89c4df6dcf941ccded0c08c73d976877", 3812, 3840, 2364, 2696, 44, 1644},
//offsets for: /mysqlrpm/5.5.30/usr/sbin/mysqld (5.5.30)
{"5.5.30","0186d1ef4725814924bfe968e3455138", 3816, 3844, 2368, 2700, 44, 1644},
//offsets for: /mysqlrpm/5.5.31/usr/sbin/mysqld (5.5.31)
{"5.5.31","190e7556e226f8690ba8672869178e4c", 3816, 3844, 2368, 2700, 44, 1644},
//offsets for: /mysqlrpm/5.6.10/usr/sbin/mysqld (5.6.10)
{"5.6.10","dd3abddcfd0015de81b6a26b6190cefb", 5572, 5600, 2640, 2980, 36, 1712},
//offsets for: /mysqlrpm/5.6.11/usr/sbin/mysqld (5.6.11)
{"5.6.11","0f716b88d1c11c031dbb206a3e1b31a4", 5572, 5600, 2640, 2980, 36, 1724},
//DISTRIBUTION: tar.gz
//offsets for: mysql/5.1.30/bin/mysqld (5.1.30)
@ -511,6 +548,8 @@ static const ThdOffsets thd_offsets_arr[] =
{"5.1.67","9f2609f5925abe6f3c01a05a53569b35", 4140, 4180, 2284, 2464, 44, 1180},
//offsets for: /mysql/5.1.68/bin/mysqld (5.1.68)
{"5.1.68","d03c42d8a8946f11ace86a5e1189114d", 4140, 4180, 2284, 2464, 44, 1180},
//offsets for: /mysql/5.1.69/bin/mysqld (5.1.69)
{"5.1.69","5abf5a9f9f9c01be997595b066a40986", 4140, 4180, 2284, 2464, 44, 1180},
//offsets for: /mysqlrpm/5.5.8/usr/sbin/mysqld (5.5.8)
{"5.5.8","3132e8c883f72caf4c8eddb24fd005b4", 3792, 3820, 2336, 2668, 44, 1640},
@ -560,7 +599,15 @@ static const ThdOffsets thd_offsets_arr[] =
//offsets for: /mysql/5.5.29/bin/mysqld (5.5.29)
{"5.5.29","e94a673a244449de87e6a489a7a08acb", 3812, 3840, 2364, 2696, 44, 1644},
//offsets for: /mysql/5.5.30/bin/mysqld (5.5.30)
{"5.5.30","c7b98be45d35b77da6679c354c23d1fa", 3816, 3844, 2368, 2700, 44, 1644}
{"5.5.30","c7b98be45d35b77da6679c354c23d1fa", 3816, 3844, 2368, 2700, 44, 1644},
//offsets for: /mysql/5.5.31/bin/mysqld (5.5.31)
{"5.5.31","36631a7c748358598ba21cd4157545d9", 3816, 3844, 2368, 2700, 44, 1644},
//offsets for: /mysql/5.6.10/bin/mysqld (5.6.10)
{"5.6.10","84600f18354f519e38302c04fe55ed9c", 5572, 5600, 2640, 2980, 36, 1712},
//offsets for: /mysql/5.6.11/bin/mysqld (5.6.11)
{"5.6.11","72e67111f3c1d1c1d4e7095e3a004fcf", 5572, 5600, 2640, 2980, 36, 1724}
};
#endif
@ -592,30 +639,34 @@ static char *record_cmds_string = NULL;
static char *record_objs_string = NULL;
static char *whitelist_users_string = NULL;
static char delay_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {0};
static char record_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {0};
static char record_objs_array [MAX_NUM_OBJECT_ELEM + 2][MAX_OBJECT_CHAR_NUMBERS] = {0};
static char whitelist_users_array [MAX_NUM_USER_ELEM + 2][MAX_USER_CHAR_NUMBERS] = {0};
static char delay_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {{0}};
static char record_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {{0}};
static char record_objs_array [MAX_NUM_OBJECT_ELEM + 2][MAX_OBJECT_CHAR_NUMBERS] = {{0}};
static char whitelist_users_array [MAX_NUM_USER_ELEM + 2][MAX_USER_CHAR_NUMBERS] = {{0}};
static bool record_empty_objs_set = true;
static int num_delay_cmds = 0;
static int num_record_cmds = 0;
static int num_record_objs = 0;
static int num_whitelist_users = 0;
static SHOW_VAR com_status_vars_array [MAX_COM_STATUS_VARS_RECORDS] = {0};
static SHOW_VAR com_status_vars_array [MAX_COM_STATUS_VARS_RECORDS] = {{0}};
/**
* The trampoline functions we use. Will be set to point to allocated mem.
*/
static int (*trampoline_mysql_execute_command)(THD *thd) = NULL;
static unsigned int trampoline_mysql_execute_size =0;
#if MYSQL_VERSION_ID < 50600
static void (*trampoline_log_slow_statement)(THD *thd) = NULL;
static unsigned int trampoline_log_slow_statement_size =0;
#endif
#if MYSQL_VERSION_ID < 50505
static int (*trampoline_check_user)(THD *thd, enum enum_server_command command, const char *passwd, uint passwd_len, const char *db, bool check_count) = NULL;
static unsigned int trampoline_check_user_size =0;
#elif MYSQL_VERSION_ID < 50600
static bool (*trampoline_acl_authenticate)(THD *thd, uint connect_errors, uint com_change_user_pkt_len) = NULL;
static unsigned int trampoline_acl_authenticate_size =0;
#endif
static MYSQL_THDVAR_ULONG(is_thd_printed_list,
PLUGIN_VAR_READONLY | PLUGIN_VAR_NOSYSVAR | PLUGIN_VAR_NOCMDOPT, "avoid duplicate printing",
@ -861,25 +912,73 @@ static int audit_open_tables(THD *thd, TABLE_LIST **start, uint *counter, uint f
static unsigned int trampoline_open_tables_size =0;
#endif
static void audit_notify(THD *thd , const struct mysql_event * event)
//called by log_slow_statement and general audit event caught by audit interface
static void audit_post_execute(THD * thd)
{
sql_print_information(
"%s audit_notify called",
log_prefix, MYSQL_AUDIT_PLUGIN_VERSION);
//only audit non query events
//query events are audited by mysql execute command
if (Audit_formatter::thd_inst_command(thd) != COM_QUERY)
{
ThdSesData ThdData (thd);
if (strcasestr (ThdData.getCmdName(), "show_fields")==NULL)
{
audit(&ThdData);
}
}
}
/*
Plugin descriptor
*/
//in 5.5 we use the AUDIT plugin interface. In 5.1 we just use the general DAEMON plugin
//in 5.6 we use the AUDIT plugin interface. In 5.1/5.5 we just use the general DAEMON plugin
#if MYSQL_VERSION_ID < 50600
static int plugin_type = MYSQL_DAEMON_PLUGIN;
static struct st_mysql_daemon audit_plugin =
{ MYSQL_DAEMON_INTERFACE_VERSION };
#else
static void audit_notify(THD *thd, unsigned int event_class,
const void * event)
{
if (MYSQL_AUDIT_GENERAL_CLASS == event_class)
{
const struct mysql_event_general *event_general =
(const struct mysql_event_general *) event;
if(MYSQL_AUDIT_GENERAL_STATUS == event_general->event_subclass)
{
audit_post_execute(thd);
}
}
else if (MYSQL_AUDIT_CONNECTION_CLASS == event_class)
{
const struct mysql_event_connection *event_connection =
(const struct mysql_event_connection *) event;
//only audit for connect and change_user. disconnect is caught by general event
if(event_connection->event_subclass != MYSQL_AUDIT_CONNECTION_DISCONNECT)
{
ThdSesData ThdData (thd);
audit (&ThdData);
}
}
}
static int plugin_type = MYSQL_AUDIT_PLUGIN;
static struct st_mysql_audit audit_plugin=
{
MYSQL_AUDIT_INTERFACE_VERSION, /* interface version */
NULL, /* release_thd function */
audit_notify, /* notify function */
{ (unsigned long) MYSQL_AUDIT_GENERAL_CLASSMASK |
MYSQL_AUDIT_CONNECTION_CLASSMASK } /* class mask */
};
#endif
//some extern definitions which are not in include files
@ -894,16 +993,19 @@ extern struct st_mysql_plugin *mysqld_builtins[];
void remove_hot_functions ()
{
void * target_function = (void *) log_slow_statement;
void * target_function = NULL;
#if MYSQL_VERSION_ID < 50600
target_function = (void *) log_slow_statement;
remove_hot_patch_function(target_function,
(void*) trampoline_log_slow_statement, trampoline_log_slow_statement_size, true);
trampoline_log_slow_statement_size=0;
#endif
#if MYSQL_VERSION_ID < 50505
target_function = (void *) check_user;
remove_hot_patch_function(target_function,
(void*) trampoline_check_user, trampoline_check_user_size, true);
trampoline_check_user_size=0;
#else
#elif MYSQL_VERSION_ID < 50600
target_function = (void *) acl_authenticate;
remove_hot_patch_function(target_function,
(void*) trampoline_acl_authenticate, trampoline_acl_authenticate_size, true);
@ -923,7 +1025,7 @@ void remove_hot_functions ()
trampoline_open_tables_size=0;
#endif
int (Query_cache::*pf_send_result_to_client)(THD *,char *, uint) = &Query_cache::send_result_to_client;
int (Query_cache::*pf_send_result_to_client)(THD *,char *, uint) = &Query_cache::send_result_to_client;
target_function = *(void **) &pf_send_result_to_client;
remove_hot_patch_function(target_function,
(void*) trampoline_send_result_to_client, trampoline_send_result_to_client_size, true);
@ -1040,22 +1142,15 @@ static int audit_mysql_execute_command(THD *thd)
}
#if MYSQL_VERSION_ID < 50600
static void audit_log_slow_statement(THD * thd)
{
trampoline_log_slow_statement(thd);
//only audit non query events
//query events are audited by mysql execute command
if (Audit_formatter::thd_inst_command(thd) != COM_QUERY)
{
ThdSesData ThdData (thd);
if (strcasestr (ThdData.getCmdName(), "show_fields")==NULL)
{
audit(&ThdData);
}
}
audit_post_execute(thd);
}
#endif
#if MYSQL_VERSION_ID < 50505
static int audit_check_user(THD *thd, enum enum_server_command command,
const char *passwd, uint passwd_len, const char *db,
bool check_count)
@ -1066,7 +1161,9 @@ static int audit_check_user(THD *thd, enum enum_server_command command,
return (res);
}
#elif MYSQL_VERSION_ID < 50600
//only for 5.5
//in 5.6: we use audit plugin event to get the login event
static bool audit_acl_authenticate(THD *thd, uint connect_errors, uint com_change_user_pkt_len)
{
bool res = trampoline_acl_authenticate (thd, connect_errors, com_change_user_pkt_len);
@ -1074,7 +1171,7 @@ static bool audit_acl_authenticate(THD *thd, uint connect_errors, uint com_chang
audit (&ThdData);
return (res);
}
#endif
static bool parse_thd_offsets_string (char *poffsets_string)
{
@ -1083,11 +1180,11 @@ static bool parse_thd_offsets_string (char *poffsets_string)
char *poffset_str = offset_str;
strncpy (poffset_str,poffsets_string,2048);
char * comma_delimiter = strchr (poffset_str,',');
int i =0;
size_t i =0;
OFFSET *pOffset;
size_t len = strlen (poffset_str);
for (int j=0;j<len;j++)
for (size_t j=0;j<len;j++)
{
if (!((poffset_str[j] >= '0' && poffset_str[j] <='9') || poffset_str[j] == ' ' || poffset_str[j] == ','))
return false;
@ -1098,7 +1195,7 @@ static bool parse_thd_offsets_string (char *poffsets_string)
pOffset = (OFFSET*)&Audit_formatter::thd_offsets.query_id + i;
if ((size_t)pOffset- (size_t)&Audit_formatter::thd_offsets < sizeof (Audit_formatter::thd_offsets))
{
sscanf (poffset_str, "%d", pOffset);
sscanf (poffset_str, "%zu", pOffset);
}
else
{
@ -1113,7 +1210,7 @@ static bool parse_thd_offsets_string (char *poffsets_string)
pOffset = &Audit_formatter::thd_offsets.query_id + i;
if ((size_t)pOffset- (size_t)&Audit_formatter::thd_offsets < sizeof (Audit_formatter::thd_offsets))
{
sscanf (poffset_str, "%d", pOffset);
sscanf (poffset_str, "%zu", pOffset);
}
else
{
@ -1166,6 +1263,62 @@ static bool validate_offsets(const ThdOffsets * offset)
return true;
}
/**
* Calculate md5 sum of a file.
*
* @file_name: file to calc md5 for
* @digest_str: string to fill with digest result should be big enought to hold 32 chars
*
* @return true on success.
*/
static bool calc_file_md5(const char * file_name, char * digest_str)
{
File fd;
unsigned char digest[16] = {0};
bool ret = false;
if ((fd = my_open(file_name, O_RDONLY, MYF(MY_WME))) < 0)
{
sql_print_error("%s Failed file open: [%s], errno: %d.",
log_prefix, file_name, errno);
return false;
}
my_MD5Context context;
my_MD5Init(&context);
const size_t buff_size = 16384;
unsigned char file_buff[buff_size] = {0};
ssize_t res;
do
{
res = read(fd, file_buff, buff_size);
if(res > 0)
{
my_MD5Update(&context, file_buff, res);
}
}
while(res > 0);
if(res == 0) //reached end of file
{
my_MD5Final(digest, &context);
ret = true;
}
else
{
sql_print_error("%s Failed program read. res: %zd, errno: %d.",
log_prefix, res, errno);
}
(void) my_close(fd, MYF(0));
if(ret) //we got the digest
{
for (int j = 0; j < 16; j++)
{
sprintf(&(digest_str[j * 2]), "%02x", digest[j]);
}
}
return ret;
}
/**
* Setup the offsets needs to extract data from THD.
*
@ -1176,46 +1329,12 @@ static int setup_offsets()
DBUG_ENTER("setup_offsets");
sql_print_information ("%s setup_offsets audit_offsets: %s validate_checksum: %d offsets_by_version: %d",
log_prefix, offsets_string, validate_checksum_enable, offsets_by_version_enable);
unsigned char digest[16] = {0};
char digest_str [128] = {0};
const ThdOffsets * offset;
//setup digest_str to contain the md5sum in hex
my_MD5Context context;
my_MD5Init(&context);
const size_t buff_size = 16384;
unsigned char file_buff[buff_size] = {0};
MY_STAT stat_arg;
File fd;
if ((fd = my_open(my_progname, O_RDONLY, MYF(MY_WME))) > 0)
{
ssize_t res;
do
{
res = read(fd, file_buff, buff_size);
if(res > 0)
{
my_MD5Update(&context, file_buff, res);
}
}
while(res > 0);
if(res == 0) //reached end of file
{
my_MD5Final(digest, &context);
for (int j = 0; j < 16; j++)
{
sprintf(&(digest_str[j * 2]), "%02x", digest[j]);
}
}
else
{
sql_print_error("%s Failed program read. res: %d, errno: %d.",
log_prefix, res, errno);
}
(void) my_close(fd, MYF(0));
}
calc_file_md5(my_progname, digest_str);
sql_print_information(
"%s mysqld: %s (%s) ", log_prefix, my_progname, digest_str);
@ -1246,7 +1365,7 @@ static int setup_offsets()
}
if (parse_thd_offsets_string (offsets_string))
{
sql_print_information ("%s setup_offsets Audit_formatter::thd_offsets values: %d %d %d %d %d %d ", log_prefix,
sql_print_information ("%s setup_offsets Audit_formatter::thd_offsets values: %zu %zu %zu %zu %zu %zu ", log_prefix,
Audit_formatter::thd_offsets.query_id,
Audit_formatter::thd_offsets.thread_id,
Audit_formatter::thd_offsets.main_security_ctx,
@ -1274,7 +1393,7 @@ static int setup_offsets()
//iterate and search for the first offset which matches our checksum
if(validate_checksum_enable && strlen(digest_str) > 0)
{
for(int i=0; i < arr_size; i++)
for(size_t i=0; i < arr_size; i++)
{
offset = thd_offsets_arr + i;
if (strlen(offset->md5digest) >0)
@ -1291,10 +1410,12 @@ static int setup_offsets()
}
if(offsets_by_version_enable)
{
for(int i=0; i < arr_size; i++)
bool server_is_ndb = strstr(server_version, "ndb") != NULL;
for(size_t i=0; i < arr_size; i++)
{
offset = thd_offsets_arr + i;
const char * version = offset->version;
bool version_is_ndb = strstr(offset->version, "ndb") != NULL;
const char * dash = strchr(version, '-');
char version_stripped[16] = {0};
if(dash) //we use the version string up to the '-'
@ -1306,35 +1427,62 @@ static int setup_offsets()
}
if(strstr(server_version, version))
{
if (validate_offsets(offset))
if(server_is_ndb == version_is_ndb)
{
sql_print_information("%s Using offsets from offset version: %s (%s)", log_prefix, offset->version, offset->md5digest);
Audit_formatter::thd_offsets = *offset;
DBUG_RETURN(0);
}
else
{
//try doing 24 byte decrement on THD offsets. Seen that on Ubuntu/Debian this is valid.
OFFSET dec = 24;
ThdOffsets decoffsets = *offset;
decoffsets.query_id -= dec;
decoffsets.thread_id -= dec;
decoffsets.main_security_ctx -= dec;
decoffsets.command -= dec;
if (validate_offsets(&decoffsets))
if (validate_offsets(offset))
{
Audit_formatter::thd_offsets = decoffsets;
sql_print_information("%s Using decrement (%d) offsets from offset version: %s (%s) values: %d %d %d %d %d %d", log_prefix, dec, offset->version, offset->md5digest,
sql_print_information("%s Using offsets from offset version: %s (%s)", log_prefix, offset->version, offset->md5digest);
Audit_formatter::thd_offsets = *offset;
DBUG_RETURN(0);
}
else
{
//try doing 24 byte decrement on THD offsets. Seen that on Ubuntu/Debian this is valid.
OFFSET dec = 24;
ThdOffsets decoffsets = *offset;
decoffsets.query_id -= dec;
decoffsets.thread_id -= dec;
decoffsets.main_security_ctx -= dec;
decoffsets.command -= dec;
if (validate_offsets(&decoffsets))
{
Audit_formatter::thd_offsets = decoffsets;
sql_print_information("%s Using decrement (%zu) offsets from offset version: %s (%s) values: %zu %zu %zu %zu %zu %zu",
log_prefix, dec, offset->version, offset->md5digest,
Audit_formatter::thd_offsets.query_id,
Audit_formatter::thd_offsets.thread_id,
Audit_formatter::thd_offsets.main_security_ctx,
Audit_formatter::thd_offsets.command,
Audit_formatter::thd_offsets.lex,
Audit_formatter::thd_offsets.lex_comment);
DBUG_RETURN(0);
}
}
}//ndb check
#if defined(__x86_64__) && MYSQL_VERSION_ID > 50505
else if(server_is_ndb)
{
//in 64bit 5.5 we've seen ndb has an offset of 32 on first 2 values
OFFSET inc = 32;
ThdOffsets incoffsets = *offset;
incoffsets.query_id += inc;
incoffsets.thread_id += inc;
if (validate_offsets(&incoffsets))
{
Audit_formatter::thd_offsets = incoffsets;
sql_print_information("%s Using increment (%zu) offsets from offset version: %s (%s) values: %zu %zu %zu %zu %zu %zu",
log_prefix, inc, offset->version, offset->md5digest,
Audit_formatter::thd_offsets.query_id,
Audit_formatter::thd_offsets.thread_id,
Audit_formatter::thd_offsets.main_security_ctx,
Audit_formatter::thd_offsets.command,
Audit_formatter::thd_offsets.lex,
Audit_formatter::thd_offsets.lex_comment);
DBUG_RETURN(0);
}
}
#endif
}
}
}
@ -1359,10 +1507,10 @@ const char * retrieve_command (THD * thd, bool & is_sql_cmd)
return "select";
}
const int sql_command = thd_sql_command(thd);
if (sql_command >=0 && sql_command <= (MAX_COM_STATUS_VARS_RECORDS -1) )
if (sql_command >=0 && sql_command < MAX_COM_STATUS_VARS_RECORDS )
{
is_sql_cmd = true;
cmd = com_status_vars_array[sql_command + 1].name;
cmd = com_status_vars_array[sql_command].name;
}
if(!cmd)
{
@ -1401,9 +1549,22 @@ static int set_com_status_vars_array ()
}
if (strcmp (status_vars[sv_idx].name,"Com")==0)
{
int status_vars_index =0;
com_status_vars = (SHOW_VAR*)status_vars[sv_idx].value;
size_t initial_offset = (size_t) com_status_vars[0].value;
int status_vars_index =0;
//we use "select" as 0 offset (SQLCOM_SELECT=0)
while(strcmp(com_status_vars[status_vars_index].name,"select") !=0 && com_status_vars[status_vars_index].name != NullS)
{
status_vars_index ++;
}
if(strcmp(com_status_vars[status_vars_index].name,"select") !=0)
{
sql_print_error("%s Failed finding 'select' index in com_status_vars: [%p]. Plugin Init failed.",
log_prefix, com_status_vars);
DBUG_RETURN (1);
}
size_t initial_offset = (size_t) com_status_vars[status_vars_index].value;
status_vars_index =0;
while (com_status_vars[status_vars_index].name != NullS)
{
int sql_command_idx = (com_status_vars[status_vars_index].value - (char*) (initial_offset)) / sizeof (ulong);
@ -1413,15 +1574,10 @@ static int set_com_status_vars_array ()
com_status_vars_array [sql_command_idx].type = com_status_vars[status_vars_index].type;
com_status_vars_array [sql_command_idx].value = com_status_vars[status_vars_index].value;
}
else
{
sql_print_error("%s Failed sql_command_idx [%d] is out of bounds. Plugin Init failed.",
log_prefix, sql_command_idx);
DBUG_RETURN (1);
}
status_vars_index ++;
}
sql_print_information("%s Done initializing sql command names. status_vars_index: [%d], com_status_vars: [%p].",
log_prefix, status_vars_index, com_status_vars);
}
else
{
@ -1518,13 +1674,13 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si
if (res != 0)
{
//hot patch failed.
sql_print_error("%s unable to hot patch %s (0x%lx). res: %d. Aborting.",
log_prefix, func_name, (unsigned long)target_function, res);
sql_print_error("%s unable to hot patch %s (%p). res: %d. Aborting.",
log_prefix, func_name, target_function, res);
return 1;
}
sql_print_information(
"%s hot patch for: %s (0x%lx) complete. Audit func: 0x%lx, Trampoline address: 0x%lx size: %u.",
log_prefix, func_name, (unsigned long)target_function, (unsigned long)audit_function, (unsigned long)*trampoline_func_pp, *trampoline_size);
"%s hot patch for: %s (%p) complete. Audit func: %p, Trampoline address: %p size: %u.",
log_prefix, func_name, target_function, audit_function, *trampoline_func_pp, *trampoline_size);
trampoline_mem_free = (void *)(((DATATYPE_ADDRESS)*trampoline_func_pp) + *trampoline_size + jump_size());
return 0;
}
@ -1551,13 +1707,15 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si
#endif
//See here: http://bugs.mysql.com/bug.php?id=56652
int ver = audit_plugin.interface_version >> 8;
need_free_memalloc_plugin_var = ((ver < 50519) || (50600 <= ver && ver < 50604));
int interface_ver = audit_plugin.interface_version >> 8;
#if MYSQL_VERSION_ID < 50600
//we ignore || (50600 <= interface_ver && interface_ver < 50604)) as GA was with 5.6.10
need_free_memalloc_plugin_var = (interface_ver < 50519);
#endif
sql_print_information(
"%s starting up. Version: %s , Revision: %s (%s). AUDIT plugin interface version: %d. MySQL Server version: %s.",
log_prefix, MYSQL_AUDIT_PLUGIN_VERSION,
MYSQL_AUDIT_PLUGIN_REVISION, arch, ver,
MYSQL_AUDIT_PLUGIN_REVISION, arch, interface_ver,
server_version);
//setup our offsets.
@ -1617,8 +1775,8 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si
DATATYPE_ADDRESS addrs = (DATATYPE_ADDRESS)trampoline_dummy_func_for_mem + (page_size - 1);
trampoline_mem = (void*)(addrs & ~(page_size - 1));
sql_print_information(
"%s mem func addr: 0x%lx mem start addr: 0x%lx page size: %ld",
log_prefix, (unsigned long)trampoline_dummy_func_for_mem, (unsigned long)trampoline_mem, page_size);
"%s mem func addr: %p mem start addr: %p page size: %ld",
log_prefix, trampoline_dummy_func_for_mem, trampoline_mem, page_size);
}
else //big pages for some reason. allocate mem using mmap
{
@ -1632,17 +1790,19 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si
else
{
sql_print_information(
"%s mem via mmap: 0x%lx page size: %ld", log_prefix, (unsigned long)trampoline_mem, page_size);
"%s mem via mmap: %p page size: %ld", log_prefix, trampoline_mem, page_size);
}
}
trampoline_mem_free = trampoline_mem;
//hot patch stuff
void * target_function = NULL;
#if MYSQL_VERSION_ID < 50600
if(do_hot_patch((void **)&trampoline_log_slow_statement, &trampoline_log_slow_statement_size,
(void *)log_slow_statement, (void *)audit_log_slow_statement, "log_slow_statement"))
{
DBUG_RETURN(1);
}
#endif
if(do_hot_patch((void **)&trampoline_mysql_execute_command, &trampoline_mysql_execute_size,
(void *)mysql_execute_command, (void *)audit_mysql_execute_command, "mysql_execute_command"))
@ -1657,13 +1817,13 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si
{
DBUG_RETURN(1);
}
#else
#elif MYSQL_VERSION_ID < 50600
if(do_hot_patch((void **)&trampoline_acl_authenticate, &trampoline_acl_authenticate_size,
(void *)acl_authenticate, (void *)audit_acl_authenticate, "acl_authenticate"))
{
DBUG_RETURN(1);
}
#endif
#endif
int (Query_cache::*pf_send_result_to_client)(THD *,char *, uint) = &Query_cache::send_result_to_client;
target_function = *(void **) &pf_send_result_to_client;
if(do_hot_patch((void **)&trampoline_send_result_to_client, &trampoline_send_result_to_client_size,
@ -1995,7 +2155,8 @@ extern "C" void __attribute__ ((constructor)) audit_plugin_so_init(void)
log_prefix, audit_plugin.interface_version >> 8);
}
}
#else
#elif MYSQL_VERSION_ID < 50600
//no need to set interface version for 5.6 as we use audit plugin
extern struct st_mysql_plugin *mysql_mandatory_plugins[];
extern "C" void __attribute__ ((constructor)) audit_plugin_so_init(void)
{

74
src/hot_patch.cc
View File

@ -41,16 +41,16 @@ static int unprotect(void *addr, size_t len)
if(0 != res)
{
sql_print_information(
"%s unable to unprotect. Page: 0x%lx, Size: %d, errno: %d. Using NO EXEC mode.",
log_prefix, (unsigned long)addr, len, errno);
"%s unable to unprotect. Page: %p, Size: %zu, errno: %d. Using NO EXEC mode.",
log_prefix, (void *)addr, len, errno);
use_exec_prot = false;
//do a sanity test that we can actually unprotect/protect and that nx bit is off
res = unprotect(addr, len);
if(0 != res)
{
sql_print_error(
"%s unable to unprotect page. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: 0x%lx, Size: %d, errno: %d.",
log_prefix, (unsigned long)addr, len, errno);
"%s unable to unprotect page. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: %p, Size: %zu, errno: %d.",
log_prefix, (void *)addr, len, errno);
return res;
}
res = protect(addr, len);
@ -61,8 +61,8 @@ static int unprotect(void *addr, size_t len)
if(NULL == fp)
{
sql_print_error(
"%s unable to verify nx bit. Failed checking /proc/cpuinfo. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: 0x%lx, Size: %d, errno: %d.",
log_prefix, (unsigned long)addr, len, errno);
"%s unable to verify nx bit. Failed checking /proc/cpuinfo. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: %p, Size: %zu, errno: %d.",
log_prefix, (void *)addr, len, errno);
return res;
}
char line[1024] = {0};
@ -77,8 +77,8 @@ static int unprotect(void *addr, size_t len)
if(strstr(line, " nx")) //nx enabled so fail
{
sql_print_error(
"%s unable to protect page and nx bit enabled. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: 0x%lx, Size: %d.",
log_prefix, (unsigned long)addr, len);
"%s unable to protect page and nx bit enabled. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: %p, Size: %zu.",
log_prefix, (void *)addr, len);
fclose(fp);
return res;
}
@ -89,8 +89,8 @@ static int unprotect(void *addr, size_t len)
if(!nxchecked) //we didn't find flags string for some reason
{
sql_print_error(
"%s unable to verify nx bit. Failed finding: %s in /proc/cpuinfo. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: 0x%lx, Size: %d.",
log_prefix, flags, (unsigned long)addr, len);
"%s unable to verify nx bit. Failed finding: %s in /proc/cpuinfo. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: %p, Size: %zu.",
log_prefix, flags, (void *)addr, len);
return res;
}
}
@ -104,8 +104,8 @@ static int unprotect(void *addr, size_t len)
if(0 != res) //log the failure
{
sql_print_error(
"%s unable to unprotect. Page: 0x%lx, Size: %d, errno: %d. Error.",
log_prefix, (unsigned long)addr, len, errno);
"%s unable to unprotect. Page: %p, Size: %zu, errno: %d. Error.",
log_prefix, (void *)addr, len, errno);
}
return res;
}
@ -144,7 +144,6 @@ unsigned int jump_size()
static void WriteJump(void *pAddress, ULONG_PTR JumpTo)
{
DWORD dwOldProtect = 0;
DATATYPE_ADDRESS AddressPage = get_page_address(pAddress);
unprotect((void*)AddressPage, PAGE_SIZE);
@ -166,7 +165,7 @@ static void WriteJump(void *pAddress, ULONG_PTR JumpTo)
#endif
//}
DWORD dwBuf = 0; // nessary othewrise the function fails
//DWORD dwBuf = 0; // nessary othewrise the function fails
protect((void*)AddressPage, PAGE_SIZE);
}
@ -192,32 +191,55 @@ static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG
ud_set_input_buffer(&ud_obj, raw, MAX_INSTRUCTIONS);
ud_set_mode(&ud_obj, ASM_MODE);
ud_set_syntax(&ud_obj, UD_SYN_INTEL);
ud_set_pc(&ud_obj, targetFunction);
DWORD InstrSize = 0;
DATATYPE_ADDRESS trampolineFunctionPage = get_page_address((void*)trampolineFunction);
if(unprotect((void*)trampolineFunctionPage, PAGE_SIZE) != 0)
{
sql_print_error(
"%s unable to unprotect trampoline function page: 0x%lx. Aborting.",
log_prefix, trampolineFunctionPage);
"%s unable to unprotect trampoline function page: %p. Aborting.",
log_prefix, (void *)trampolineFunctionPage);
return false;
}
while (ud_disassemble(&ud_obj) && (strncmp (ud_insn_asm(&ud_obj),"invalid",7)!=0))
bool disassemble_valid = false;
while (ud_disassemble(&ud_obj))
{
if (InstrSize >= jump_size())
if(ud_obj.mnemonic == UD_Iinvalid)
{
sql_print_error(
"%s unable to disassemble at address: %p. Aborting.",
log_prefix, (void *)(InstrSize + targetFunction));
break;
}
//make sure there isn't a jmp/call (or similar operand) as these use
//relative addressing and if we copy as is we will mess up the jmp/call target
if(ud_obj.mnemonic == UD_Ijmp || ud_obj.mnemonic == UD_Icall ||
ud_obj.operand[0].type == UD_OP_JIMM)
{
sql_print_error(
"%s unable to disassemble at address: 0x%p. Found relative addressing for instruction: [%s]. Aborting.",
log_prefix, (void *)(InstrSize + targetFunction), ud_insn_asm(&ud_obj));
break;
}
BYTE *pCurInstr = (BYTE *) (InstrSize + (ULONG_PTR) targetFunction);
memcpy((BYTE*)trampolineFunction + uCurrentSize,
(void *) pCurInstr, ud_insn_len (&ud_obj));
uCurrentSize += ud_insn_len (&ud_obj);
uCurrentSize += ud_insn_len (&ud_obj);
InstrSize += ud_insn_len (&ud_obj);
if (InstrSize >= jump_size()) //we have enough space so break
{
disassemble_valid = true;
break;
}
}
protect((void*)trampolineFunctionPage, PAGE_SIZE);
if(!disassemble_valid) //something went wrong. log was written before so return false
{
return false;
}
WriteJump( (BYTE*)trampolineFunction + uCurrentSize, targetFunction + InstrSize);
WriteJump((void *) targetFunction, newFunction);
*trampolinesize = uCurrentSize;
@ -235,8 +257,8 @@ static void UnhookFunction(ULONG_PTR Function,ULONG_PTR trampolineFunction , uns
if(unprotect((void*)FunctionPage, PAGE_SIZE) != 0)
{
sql_print_error(
"%s Unhook not able to unprotect function page: 0x%lx. Aborting.",
log_prefix, FunctionPage);
"%s Unhook not able to unprotect function page: %p. Aborting.",
log_prefix, (void * )FunctionPage);
return;
}
memcpy((void *) Function, (void*)trampolineFunction,trampolinesize);
@ -263,7 +285,7 @@ static void UnhookFunction(ULONG_PTR Function,ULONG_PTR trampolineFunction , uns
int hot_patch_function (void* targetFunction, void* newFunction, void * trampolineFunction, unsigned int *trampolinesize, bool info_print)
{
DATATYPE_ADDRESS trampolinePage = get_page_address(trampolineFunction);
cond_info_print(info_print, "%s hot patching function: 0x%lx, trampolineFunction: 0x%lx trampolinePage: 0x%lx",log_prefix, (unsigned long)targetFunction, (unsigned long)trampolineFunction, (unsigned long)trampolinePage);
cond_info_print(info_print, "%s hot patching function: %p, trampolineFunction: %p trampolinePage: %p",log_prefix, (void *)targetFunction, (void *)trampolineFunction, (void *)trampolinePage);
if (HookFunction((ULONG_PTR) targetFunction, (ULONG_PTR) newFunction,
(ULONG_PTR) trampolineFunction, trampolinesize))
{
@ -292,7 +314,7 @@ void remove_hot_patch_function (void* targetFunction, void * trampolineFunction,
return;
}
DATATYPE_ADDRESS targetPage = get_page_address(targetFunction);
cond_info_print(info_print, "%s removing hot patching function: 0x%lx targetPage: 0x%lx trampolineFunction: 0x%lx",log_prefix, (unsigned long)targetFunction, (unsigned long)targetPage, (unsigned long)trampolineFunction);
cond_info_print(info_print, "%s removing hot patching function: %p targetPage: %p trampolineFunction: %p",log_prefix, (void *)targetFunction, (void *)targetPage, (void *)trampolineFunction);
UnhookFunction ((ULONG_PTR) targetFunction, (ULONG_PTR)trampolineFunction,trampolinesize);
return;
}

297
src/md5.cc Executable file
View File

@ -0,0 +1,297 @@
/*
* This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
* MD5 Message-Digest Algorithm (RFC 1321).
*
* Homepage:
* http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
*
* Author:
* Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
*
* This software was written by Alexander Peslyak in 2001. No copyright is
* claimed, and the software is hereby placed in the public domain.
* In case this attempt to disclaim copyright and place the software in the
* public domain is deemed null and void, then the software is
* Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
* general public under the following terms:
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted.
*
* There's ABSOLUTELY NO WARRANTY, express or implied.
*
* (This is a heavily cut-down "BSD license".)
*
* This differs from Colin Plumb's older public domain implementation in that
* no exactly 32-bit integer data type is required (any 32-bit or wider
* unsigned integer data type will do), there's no compile-time endianness
* configuration, and the function prototypes match OpenSSL's. No code from
* Colin Plumb's implementation has been reused; this comment merely compares
* the properties of the two independent implementations.
*
* The primary goals of this implementation are portability and ease of use.
* It is meant to be fast, but not as fast as possible. Some known
* optimizations are not included to reduce source code size and avoid
* compile-time configuration.
*
* Modified: to have naming convention as used in MySQL 5.1 and 5.5
*/
#include <string.h>
#include "md5.h"
#if MYSQL_VERSION_ID >= 50600
/*
* The basic MD5 functions.
*
* F and G are optimized compared to their RFC 1321 definitions for
* architectures that lack an AND-NOT instruction, just like in Colin Plumb's
* implementation.
*/
#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
#define G(x, y, z) ((y) ^ ((z) & ((x) ^ (y))))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | ~(z)))
/*
* The MD5 transformation for all four rounds.
*/
#define STEP(f, a, b, c, d, x, t, s) \
(a) += f((b), (c), (d)) + (x) + (t); \
(a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \
(a) += (b);
/*
* SET reads 4 input bytes in little-endian byte order and stores them
* in a properly aligned word in host byte order.
*
* The check for little-endian architectures that tolerate unaligned
* memory accesses is just an optimization. Nothing will break if it
* doesn't work.
*/
#if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
#define SET(n) \
(*(MD5_u32plus *)&ptr[(n) * 4])
#define GET(n) \
SET(n)
#else
#define SET(n) \
(ctx->block[(n)] = \
(MD5_u32plus)ptr[(n) * 4] | \
((MD5_u32plus)ptr[(n) * 4 + 1] << 8) | \
((MD5_u32plus)ptr[(n) * 4 + 2] << 16) | \
((MD5_u32plus)ptr[(n) * 4 + 3] << 24))
#define GET(n) \
(ctx->block[(n)])
#endif
/*
* This processes one or more 64-byte data blocks, but does NOT update
* the bit counters. There are no alignment requirements.
*/
static void *body(MD5_CTX *ctx, void *data, unsigned long size)
{
unsigned char *ptr;
MD5_u32plus a, b, c, d;
MD5_u32plus saved_a, saved_b, saved_c, saved_d;
ptr = (unsigned char *)data;
a = ctx->a;
b = ctx->b;
c = ctx->c;
d = ctx->d;
do {
saved_a = a;
saved_b = b;
saved_c = c;
saved_d = d;
/* Round 1 */
STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7)
STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12)
STEP(F, c, d, a, b, SET(2), 0x242070db, 17)
STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22)
STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7)
STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12)
STEP(F, c, d, a, b, SET(6), 0xa8304613, 17)
STEP(F, b, c, d, a, SET(7), 0xfd469501, 22)
STEP(F, a, b, c, d, SET(8), 0x698098d8, 7)
STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12)
STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17)
STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22)
STEP(F, a, b, c, d, SET(12), 0x6b901122, 7)
STEP(F, d, a, b, c, SET(13), 0xfd987193, 12)
STEP(F, c, d, a, b, SET(14), 0xa679438e, 17)
STEP(F, b, c, d, a, SET(15), 0x49b40821, 22)
/* Round 2 */
STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5)
STEP(G, d, a, b, c, GET(6), 0xc040b340, 9)
STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14)
STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20)
STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5)
STEP(G, d, a, b, c, GET(10), 0x02441453, 9)
STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14)
STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20)
STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5)
STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9)
STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14)
STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20)
STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5)
STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9)
STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14)
STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20)
/* Round 3 */
STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4)
STEP(H, d, a, b, c, GET(8), 0x8771f681, 11)
STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16)
STEP(H, b, c, d, a, GET(14), 0xfde5380c, 23)
STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4)
STEP(H, d, a, b, c, GET(4), 0x4bdecfa9, 11)
STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16)
STEP(H, b, c, d, a, GET(10), 0xbebfbc70, 23)
STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4)
STEP(H, d, a, b, c, GET(0), 0xeaa127fa, 11)
STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16)
STEP(H, b, c, d, a, GET(6), 0x04881d05, 23)
STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4)
STEP(H, d, a, b, c, GET(12), 0xe6db99e5, 11)
STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16)
STEP(H, b, c, d, a, GET(2), 0xc4ac5665, 23)
/* Round 4 */
STEP(I, a, b, c, d, GET(0), 0xf4292244, 6)
STEP(I, d, a, b, c, GET(7), 0x432aff97, 10)
STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15)
STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21)
STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6)
STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10)
STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15)
STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21)
STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6)
STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10)
STEP(I, c, d, a, b, GET(6), 0xa3014314, 15)
STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21)
STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6)
STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10)
STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15)
STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21)
a += saved_a;
b += saved_b;
c += saved_c;
d += saved_d;
ptr += 64;
} while (size -= 64);
ctx->a = a;
ctx->b = b;
ctx->c = c;
ctx->d = d;
return ptr;
}
void MD5_Init(MD5_CTX *ctx)
{
ctx->a = 0x67452301;
ctx->b = 0xefcdab89;
ctx->c = 0x98badcfe;
ctx->d = 0x10325476;
ctx->lo = 0;
ctx->hi = 0;
}
void MD5_Update(MD5_CTX *ctx, void *data, unsigned long size)
{
MD5_u32plus saved_lo;
unsigned long used, free;
saved_lo = ctx->lo;
if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
ctx->hi++;
ctx->hi += size >> 29;
used = saved_lo & 0x3f;
if (used) {
free = 64 - used;
if (size < free) {
memcpy(&ctx->buffer[used], data, size);
return;
}
memcpy(&ctx->buffer[used], data, free);
data = (unsigned char *)data + free;
size -= free;
body(ctx, ctx->buffer, 64);
}
if (size >= 64) {
data = body(ctx, data, size & ~(unsigned long)0x3f);
size &= 0x3f;
}
memcpy(ctx->buffer, data, size);
}
void MD5_Final(unsigned char *result, MD5_CTX *ctx)
{
unsigned long used, free;
used = ctx->lo & 0x3f;
ctx->buffer[used++] = 0x80;
free = 64 - used;
if (free < 8) {
memset(&ctx->buffer[used], 0, free);
body(ctx, ctx->buffer, 64);
used = 0;
free = 64;
}
memset(&ctx->buffer[used], 0, free - 8);
ctx->lo <<= 3;
ctx->buffer[56] = ctx->lo;
ctx->buffer[57] = ctx->lo >> 8;
ctx->buffer[58] = ctx->lo >> 16;
ctx->buffer[59] = ctx->lo >> 24;
ctx->buffer[60] = ctx->hi;
ctx->buffer[61] = ctx->hi >> 8;
ctx->buffer[62] = ctx->hi >> 16;
ctx->buffer[63] = ctx->hi >> 24;
body(ctx, ctx->buffer, 64);
result[0] = ctx->a;
result[1] = ctx->a >> 8;
result[2] = ctx->a >> 16;
result[3] = ctx->a >> 24;
result[4] = ctx->b;
result[5] = ctx->b >> 8;
result[6] = ctx->b >> 16;
result[7] = ctx->b >> 24;
result[8] = ctx->c;
result[9] = ctx->c >> 8;
result[10] = ctx->c >> 16;
result[11] = ctx->c >> 24;
result[12] = ctx->d;
result[13] = ctx->d >> 8;
result[14] = ctx->d >> 16;
result[15] = ctx->d >> 24;
memset(ctx, 0, sizeof(*ctx));
}
#endif