diff --git a/compiling.txt b/compiling.txt old mode 100644 new mode 100755 index 009719a..a5469cc --- a/compiling.txt +++ b/compiling.txt @@ -45,6 +45,10 @@ cd mysql-5.5.8 cmake . make +Note: to speed things up it is possible to build just the following directories: +libservices +extra + back to working dir and run: CXX='gcc -static-libgcc' CC='gcc -static-libgcc' ./configure --with-mysql=mysql-5.5.8 --with-mysql-libservices=mysql-5.5.8/libservices/libmysqlservices.a diff --git a/configure.ac b/configure.ac index 72e03c8..1688468 100755 --- a/configure.ac +++ b/configure.ac @@ -88,10 +88,10 @@ AC_PATH_PROG(DIFF, diff, diff) #CPPFLAGS="$CPPFLAGS -DMYSQL_DYNAMIC_PLUGIN -DMYSQL_SERVER" #we can add the following flags for better error catching: -Werror -Wimplicit -CPPFLAGS="$CPPFLAGS -Werror" +CPPFLAGS="$CPPFLAGS -Werror -Wall" CFLAGS="$CFLAGS -Wimplicit" # From MySQL: Disable exceptions as they seams to create problems with gcc and threads. -CXXFLAGS="-fno-implicit-templates -fno-exceptions -fno-rtti " +CXXFLAGS="-fno-implicit-templates -fno-exceptions -fno-rtti -Wno-reorder -Wno-strict-aliasing" #add pthread libs LIBS="$LIBS -lpthread" diff --git a/include/audit_handler.h b/include/audit_handler.h index 42c8925..cd92784 100755 --- a/include/audit_handler.h +++ b/include/audit_handler.h @@ -208,8 +208,8 @@ public: protected: - Audit_json_formatter& operator =(const Audit_json_formatter& b) {}; - Audit_json_formatter(const Audit_json_formatter& ) {}; + Audit_json_formatter& operator =(const Audit_json_formatter& b); + Audit_json_formatter(const Audit_json_formatter& ); }; @@ -319,8 +319,9 @@ protected: { rw_unlock(&LOCK_audit); } - Audit_handler & operator=(const Audit_handler&) {}; - Audit_handler(const Audit_handler&) {}; + //override default assignment and copy to protect against creating additional instances + Audit_handler & operator=(const Audit_handler&); + Audit_handler(const Audit_handler&); private: //bool indicating if to print offset errors to log or not bool m_print_offset_err; @@ -354,7 +355,7 @@ class Audit_file_handler: public Audit_io_handler public: Audit_file_handler() : - m_log_file(NULL), m_sync_period(0), m_sync_counter(0), m_filename(NULL) + m_sync_period(0), m_filename(NULL), m_log_file(NULL), m_sync_counter(0) { } @@ -380,8 +381,9 @@ public: ssize_t write(const char * data, size_t size); //static void print_sleep (THD *thd, int delay_ms); protected: - Audit_file_handler & operator=(const Audit_file_handler&) {}; - Audit_file_handler(const Audit_file_handler&) {}; + //override default assignment and copy to protect against creating additional instances + Audit_file_handler & operator=(const Audit_file_handler&); + Audit_file_handler(const Audit_file_handler&); virtual void handler_start(); virtual void handler_stop(); @@ -432,8 +434,9 @@ public: ssize_t write(const char * data, size_t size); protected: - Audit_socket_handler & operator=(const Audit_socket_handler&) {}; - Audit_socket_handler(const Audit_socket_handler&) {}; + //override default assignment and copy to protect against creating additional instances + Audit_socket_handler & operator=(const Audit_socket_handler&); + Audit_socket_handler(const Audit_socket_handler&); virtual void handler_start(); virtual void handler_stop(); @@ -448,7 +451,7 @@ protected: { if (m_vio) { - vio_close((Vio*)m_vio); + //no need for vio_close as is called by delete (additionally close changed its name to vio_shutdown in 5.6.11) vio_delete((Vio*)m_vio); } m_vio = NULL; diff --git a/include/md5.h b/include/md5.h new file mode 100755 index 0000000..6cef285 --- /dev/null +++ b/include/md5.h @@ -0,0 +1,55 @@ +/* + * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc. + * MD5 Message-Digest Algorithm (RFC 1321). + * + * Homepage: + * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 + * + * Author: + * Alexander Peslyak, better known as Solar Designer + * + * This software was written by Alexander Peslyak in 2001. No copyright is + * claimed, and the software is hereby placed in the public domain. + * In case this attempt to disclaim copyright and place the software in the + * public domain is deemed null and void, then the software is + * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * See md5.c for more information. + */ + +#if !defined(_MD5_H) +#define _MD5_H +#include "mysql_inc.h" + +#if MYSQL_VERSION_ID >= 50600 + +/* Any 32-bit or wider unsigned integer data type will do */ +typedef unsigned int MD5_u32plus; + +typedef struct { + MD5_u32plus lo, hi; + MD5_u32plus a, b, c, d; + unsigned char buffer[64]; + MD5_u32plus block[16]; +} MD5_CTX; + +extern void MD5_Init(MD5_CTX *ctx); +extern void MD5_Update(MD5_CTX *ctx, void *data, unsigned long size); +extern void MD5_Final(unsigned char *result, MD5_CTX *ctx); + +//define the my_MD5* functions +#define my_MD5Context MD5_CTX +#define my_MD5Init MD5_Init +#define my_MD5Update MD5_Update +#define my_MD5Final MD5_Final + + +#endif //#if MYSQL_VERSION_ID >= 50600 + +#endif diff --git a/include/mysql_inc.h b/include/mysql_inc.h index 4cefb60..1fea13f 100755 --- a/include/mysql_inc.h +++ b/include/mysql_inc.h @@ -21,6 +21,10 @@ #include #include #include +#if MYSQL_VERSION_ID >= 50600 +//in 5.6 we use the audit plugin interface +#include +#endif #include #include #include diff --git a/offset-extract/offset-extract.sh b/offset-extract/offset-extract.sh old mode 100644 new mode 100755 index df9bf1f..5350ecb --- a/offset-extract/offset-extract.sh +++ b/offset-extract/offset-extract.sh @@ -22,8 +22,16 @@ if [ $? = 0 ]; then MYVER=`echo "$MYVER" | grep -P -o '.+(?=-log)'` fi +COMMAND_MEMBER=command + +#in 5.6 command member is named m_command +echo $MYVER | grep -P '^5.6' > /dev/null +if [ $? = 0 ]; then + COMMAND_MEMBER=m_command +fi + echo "set logging on" > offsets.gdb -echo 'printf "{\"'$MYVER'\",\"'$MYMD5'\", %d, %d, %d, %d, %d, %d}", ((size_t)&((THD *)log_slow_statement)->query_id) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->thread_id) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->main_security_ctx) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->command) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->lex) - (size_t)log_slow_statement, (size_t)&((LEX*)log_slow_statement)->comment - (size_t) log_slow_statement' >> offsets.gdb +echo 'printf "{\"'$MYVER'\",\"'$MYMD5'\", %d, %d, %d, %d, %d, %d}", ((size_t)&((THD *)log_slow_statement)->query_id) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->thread_id) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->main_security_ctx) - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->'$COMMAND_MEMBER') - (size_t)log_slow_statement, ((size_t)&((THD *)log_slow_statement)->lex) - (size_t)log_slow_statement, (size_t)&((LEX*)log_slow_statement)->comment - (size_t) log_slow_statement' >> offsets.gdb SYMPARAM="" if [ -n "$2" ]; then diff --git a/src/Makefile.am b/src/Makefile.am old mode 100644 new mode 100755 index b084ea2..0b711d1 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -20,7 +20,7 @@ pkgplugindir = $(MYSQL_PLUGIN_DIR) pkgplugin_LTLIBRARIES = libaudit_plugin.la libaudit_plugin_la_LDFLAGS = -module -Wl,--version-script=MySQLPlugin.map -libaudit_plugin_la_SOURCES = hot_patch.cc audit_plugin.cc audit_handler.cc +libaudit_plugin_la_SOURCES = hot_patch.cc audit_plugin.cc audit_handler.cc md5.cc libaudit_plugin_la_LIBADD = $(top_srcdir)/yajl/src/libyajl.la $(top_srcdir)/udis86/libudis86/libudis86.la $(MYSQL_LIBSERVICES) diff --git a/src/audit_handler.cc b/src/audit_handler.cc index 7859a7e..61f4977 100755 --- a/src/audit_handler.cc +++ b/src/audit_handler.cc @@ -23,28 +23,6 @@ #include #include "static_assert.h" - - -/** - * Will write into buff the date prefix for txt formatter. Return the number of bytes written - * (not including null terminate). - */ -static int log_date_prefix(char * buff, size_t buff_size) -{ - struct tm tm_tmp; - time_t result= time(NULL); - localtime_r(&result, &tm_tmp); - //my_snprintf is limited regarding formatting but sufficient for this - return my_snprintf(buff, buff_size, "%02d%02d%02d %2d:%02d:%02d: ", - tm_tmp.tm_year % 100, - tm_tmp.tm_mon+1, - tm_tmp.tm_mday, - tm_tmp.tm_hour, - tm_tmp.tm_min, - tm_tmp.tm_sec); -} - - //utility macro to log also with a date as a prefix #define log_with_date(f, ...) do{\ struct tm tm_tmp;\ @@ -81,7 +59,7 @@ const char * Audit_formatter::retrive_object_type (TABLE_LIST *pObj) void Audit_handler::stop_all() { - for (int i = 0; i < MAX_AUDIT_HANDLERS_NUM; ++i) + for (size_t i = 0; i < MAX_AUDIT_HANDLERS_NUM; ++i) { if (m_audit_handler_list[i] != NULL) { @@ -92,7 +70,7 @@ void Audit_handler::stop_all() void Audit_handler::log_audit_all(ThdSesData *pThdData) { - for (int i = 0; i < MAX_AUDIT_HANDLERS_NUM; ++i) + for (size_t i = 0; i < MAX_AUDIT_HANDLERS_NUM; ++i) { if (m_audit_handler_list[i] != NULL) { @@ -259,8 +237,14 @@ void Audit_socket_handler::handler_start() struct sockaddr_un UNIXaddr; UNIXaddr.sun_family = AF_UNIX; strmake(UNIXaddr.sun_path, m_sockname, sizeof(UNIXaddr.sun_path)-1); +#if MYSQL_VERSION_ID < 50600 if (my_connect(sock,(struct sockaddr *) &UNIXaddr, sizeof(UNIXaddr), m_connect_timeout)) +#else + //in 5.6 timeout is in ms + if (vio_socket_connect((Vio*)m_vio,(struct sockaddr *) &UNIXaddr, sizeof(UNIXaddr), + m_connect_timeout * 1000)) +#endif { sql_print_error( "%s unable to connect to socket: %s. err: %s. audit socket handler disabled!!", @@ -393,9 +377,6 @@ ssize_t Audit_json_formatter::event_format(ThdSesData* pThdData, IWriter * write { unsigned long thdid = thd_get_thread_id(pThdData->getTHD()); query_id_t qid = thd_inst_query_id(pThdData->getTHD()); - int command = thd_inst_command(pThdData->getTHD()); - - Security_context * sctx = thd_inst_main_security_ctx(pThdData->getTHD()); //initialize yajl @@ -436,7 +417,12 @@ ssize_t Audit_json_formatter::event_format(ThdSesData* pThdData, IWriter * write const char * query = thd_query_str(pThdData->getTHD(), &qlen); if (query && qlen > 0) { - CHARSET_INFO *col_connection = Item::default_charset(); +#if MYSQL_VERSION_ID < 50600 + CHARSET_INFO *col_connection; +#else + const CHARSET_INFO *col_connection; +#endif + col_connection = Item::default_charset(); if (strcmp (col_connection->csname,"utf8")!=0) { String sQuery (query,col_connection) ; pThdData->getTHD()->convert_string (&sQuery,col_connection,&my_charset_utf8_general_ci); diff --git a/src/audit_plugin.cc b/src/audit_plugin.cc index 829a485..959d33b 100755 --- a/src/audit_plugin.cc +++ b/src/audit_plugin.cc @@ -19,7 +19,11 @@ #include "audit_handler.h" #include - #include +#include +#if MYSQL_VERSION_ID >= 50600 +//in 5.6 md5 implementation changed and we include our own +#include "md5.h" +#endif /* Disable __attribute__() on non-gcc compilers. @@ -117,6 +121,8 @@ static const ThdOffsets thd_offsets_arr[] = {"5.1.67-community","f67df6f2416940dbabff460b83b63677", 6376, 6440, 3736, 4008, 88, 2056}, //offsets for: /mysqlrpm/5.1.68/usr/sbin/mysqld (5.1.68-community) {"5.1.68-community","4042e9a2778090df6fd8481e03ed6737", 6376, 6440, 3736, 4008, 88, 2056}, + //offsets for: /mysqlrpm/5.1.69/usr/sbin/mysqld (5.1.69-community) + {"5.1.69-community","e9cb524b604419964f4dd55a8c87d618", 6376, 6440, 3736, 4008, 88, 2056}, //offsets for: mysqlrpm/5.5.8/usr/sbin/mysqld (5.5.8) {"5.5.8","70a882693d54df8ab7c7d9f256e317bb", 6032, 6080, 3776, 4200, 88, 2560}, @@ -166,10 +172,21 @@ static const ThdOffsets thd_offsets_arr[] = {"5.5.28","588a710a1aec3043203261af72a13219", 6056, 6104, 3808, 4232, 88, 2568}, //offsets for: /mysqlrpm/5.5.29/usr/sbin/mysqld (5.5.29) {"5.5.29","c1991059f9db3e4d5f23f34d9ff9c1d5", 6056, 6104, 3808, 4232, 88, 2568}, + //offsets for: cluster-7.2.10-linux-rhel5-x86-64bit/cluster/bin/mysqld (5.5.29-ndb-7.2.10-cluster-commercial-advanced-log) + {"5.5.29-ndb-7.2.10-cluster-commercial-advanced","7fae09caa49af8bced6d250587cc2fcb", 6088, 6136, 3808, 4232, 88, 2568}, //offsets for: /mysqlrpm/5.5.30/usr/sbin/mysqld (5.5.30) {"5.5.30","2c92adf1c8c4cef089bd487a56d72288", 6064, 6112, 3816, 4240, 88, 2568}, + //offsets for: mysql-cluster-advanced-7.2.12-linux2.6-x86_64/bin/mysqld (5.5.30-ndb-7.2.12-cluster-commercial-advanced) + {"5.5.30-ndb-7.2.12-cluster-commercial-advanced","9f96bc38bf06a9b18a945227ff9e5c42", 6096, 6144, 3816, 4240, 88, 2568}, + //offsets for: /mysqlrpm/5.5.31/usr/sbin/mysqld (5.5.31) + {"5.5.31","f6604e70b9592f484a7a04a0173f0b25", 6064, 6112, 3816, 4240, 88, 2568}, - + //offsets for: MySQL-server-5.6.10-1.el6.x86_64/usr/sbin/mysqld (5.6.10) + {"5.6.10","7016428728fe057d6825682d30e37b3d", 7808, 7856, 3960, 4400, 72, 2664}, + //offsets for: /mysqlrpm/5.6.10/usr/sbin/mysqld (5.6.10) + {"5.6.10","3b34d181e1d9baa4534fe1146ceb0ce9", 7808, 7856, 3960, 4400, 72, 2664}, + //offsets for: /mysqlrpm/5.6.11/usr/sbin/mysqld (5.6.11) + {"5.6.11","452f9bb49741bfc97d0266120016d77b", 7808, 7856, 3960, 4400, 72, 2672}, //DISTRIBUTION: tar.gz //offsets for: /mysql/5.1.30/bin/mysqld (5.1.30) @@ -251,6 +268,8 @@ static const ThdOffsets thd_offsets_arr[] = {"5.1.67","a33947226f24f59d30e7c40c61d840ca", 6392, 6456, 3752, 4024, 88, 2056}, //offsets for: /mysql/5.1.68/bin/mysqld (5.1.68) {"5.1.68","673dd031ea4ad3493b47d74662a49079", 6392, 6456, 3752, 4024, 88, 2056}, + //offsets for: /mysql/5.1.69/bin/mysqld (5.1.69) + {"5.1.69","af2936f85db019bfd44c7e12a2138707", 6392, 6456, 3752, 4024, 88, 2056}, //offsets for: mysql/5.5.8/bin/mysqld (5.5.8) {"5.5.8","a32b163f08ca8bfd7486cd77200d9df3", 6032, 6080, 3776, 4200, 88, 2560}, @@ -300,7 +319,16 @@ static const ThdOffsets thd_offsets_arr[] = //offsets for: /mysql/5.5.29/bin/mysqld (5.5.29) {"5.5.29","495fc2576127ab851baa1ebb39a8f6fe", 6056, 6104, 3808, 4232, 88, 2568}, //offsets for: /mysql/5.5.30/bin/mysqld (5.5.30) - {"5.5.30","a2a8aba9c124315c17634556a303f87a", 6064, 6112, 3816, 4240, 88, 2568} + {"5.5.30","a2a8aba9c124315c17634556a303f87a", 6064, 6112, 3816, 4240, 88, 2568}, + //offsets for: MySQL-server-5.5.31-2.rhel5.x86_64/usr/sbin/mysqld (5.5.31) + {"5.5.31","858dc19ffc5d34e669ab85d32a8a0623", 6064, 6112, 3816, 4240, 88, 2568}, + //offsets for: /mysql/5.5.31/bin/mysqld (5.5.31) + {"5.5.31","61e65a4cc9360e03f3810ef2928c916d", 6064, 6112, 3816, 4240, 88, 2568}, + + //offsets for: /mysql/5.6.10/bin/mysqld (5.6.10) + {"5.6.10","37f9c31dd092bb2d0da7eb6e2098732f", 7808, 7856, 3960, 4400, 72, 2664}, + //offsets for: /mysql/5.6.11/bin/mysqld (5.6.11) + {"5.6.11","85fd884192cc5cd12fba52b7b140c819", 7808, 7856, 3960, 4400, 72, 2672} }; #else @@ -387,6 +415,8 @@ static const ThdOffsets thd_offsets_arr[] = {"5.1.67-community","2ca1d344c7054644a7e98c34b11bee64", 4124, 4164, 2268, 2448, 44, 1180}, //offsets for: /mysqlrpm/5.1.68/usr/sbin/mysqld (5.1.68-community) {"5.1.68-community","df5dc268b36dbe853ed37d91fd4b6b3f", 4124, 4164, 2268, 2448, 44, 1180}, + //offsets for: /mysqlrpm/5.1.69/usr/sbin/mysqld (5.1.69-community) + {"5.1.69-community","4c8acbca31f3f4ba44d35db9f5c65bc0", 4124, 4164, 2268, 2448, 44, 1180}, //offsets for: mysqlrpm/5.5.8/usr/sbin/mysqld (5.5.8) {"5.5.8","3132e8c883f72caf4c8eddb24fd005b4", 3792, 3820, 2336, 2668, 44, 1640}, @@ -432,6 +462,13 @@ static const ThdOffsets thd_offsets_arr[] = {"5.5.29","89c4df6dcf941ccded0c08c73d976877", 3812, 3840, 2364, 2696, 44, 1644}, //offsets for: /mysqlrpm/5.5.30/usr/sbin/mysqld (5.5.30) {"5.5.30","0186d1ef4725814924bfe968e3455138", 3816, 3844, 2368, 2700, 44, 1644}, + //offsets for: /mysqlrpm/5.5.31/usr/sbin/mysqld (5.5.31) + {"5.5.31","190e7556e226f8690ba8672869178e4c", 3816, 3844, 2368, 2700, 44, 1644}, + + //offsets for: /mysqlrpm/5.6.10/usr/sbin/mysqld (5.6.10) + {"5.6.10","dd3abddcfd0015de81b6a26b6190cefb", 5572, 5600, 2640, 2980, 36, 1712}, + //offsets for: /mysqlrpm/5.6.11/usr/sbin/mysqld (5.6.11) + {"5.6.11","0f716b88d1c11c031dbb206a3e1b31a4", 5572, 5600, 2640, 2980, 36, 1724}, //DISTRIBUTION: tar.gz //offsets for: mysql/5.1.30/bin/mysqld (5.1.30) @@ -511,6 +548,8 @@ static const ThdOffsets thd_offsets_arr[] = {"5.1.67","9f2609f5925abe6f3c01a05a53569b35", 4140, 4180, 2284, 2464, 44, 1180}, //offsets for: /mysql/5.1.68/bin/mysqld (5.1.68) {"5.1.68","d03c42d8a8946f11ace86a5e1189114d", 4140, 4180, 2284, 2464, 44, 1180}, + //offsets for: /mysql/5.1.69/bin/mysqld (5.1.69) + {"5.1.69","5abf5a9f9f9c01be997595b066a40986", 4140, 4180, 2284, 2464, 44, 1180}, //offsets for: /mysqlrpm/5.5.8/usr/sbin/mysqld (5.5.8) {"5.5.8","3132e8c883f72caf4c8eddb24fd005b4", 3792, 3820, 2336, 2668, 44, 1640}, @@ -560,7 +599,15 @@ static const ThdOffsets thd_offsets_arr[] = //offsets for: /mysql/5.5.29/bin/mysqld (5.5.29) {"5.5.29","e94a673a244449de87e6a489a7a08acb", 3812, 3840, 2364, 2696, 44, 1644}, //offsets for: /mysql/5.5.30/bin/mysqld (5.5.30) - {"5.5.30","c7b98be45d35b77da6679c354c23d1fa", 3816, 3844, 2368, 2700, 44, 1644} + {"5.5.30","c7b98be45d35b77da6679c354c23d1fa", 3816, 3844, 2368, 2700, 44, 1644}, + //offsets for: /mysql/5.5.31/bin/mysqld (5.5.31) + {"5.5.31","36631a7c748358598ba21cd4157545d9", 3816, 3844, 2368, 2700, 44, 1644}, + + //offsets for: /mysql/5.6.10/bin/mysqld (5.6.10) + {"5.6.10","84600f18354f519e38302c04fe55ed9c", 5572, 5600, 2640, 2980, 36, 1712}, + //offsets for: /mysql/5.6.11/bin/mysqld (5.6.11) + {"5.6.11","72e67111f3c1d1c1d4e7095e3a004fcf", 5572, 5600, 2640, 2980, 36, 1724} + }; #endif @@ -592,30 +639,34 @@ static char *record_cmds_string = NULL; static char *record_objs_string = NULL; static char *whitelist_users_string = NULL; -static char delay_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {0}; -static char record_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {0}; -static char record_objs_array [MAX_NUM_OBJECT_ELEM + 2][MAX_OBJECT_CHAR_NUMBERS] = {0}; -static char whitelist_users_array [MAX_NUM_USER_ELEM + 2][MAX_USER_CHAR_NUMBERS] = {0}; +static char delay_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {{0}}; +static char record_cmds_array [SQLCOM_END + 2][MAX_COMMAND_CHAR_NUMBERS] = {{0}}; +static char record_objs_array [MAX_NUM_OBJECT_ELEM + 2][MAX_OBJECT_CHAR_NUMBERS] = {{0}}; +static char whitelist_users_array [MAX_NUM_USER_ELEM + 2][MAX_USER_CHAR_NUMBERS] = {{0}}; static bool record_empty_objs_set = true; static int num_delay_cmds = 0; static int num_record_cmds = 0; static int num_record_objs = 0; static int num_whitelist_users = 0; -static SHOW_VAR com_status_vars_array [MAX_COM_STATUS_VARS_RECORDS] = {0}; +static SHOW_VAR com_status_vars_array [MAX_COM_STATUS_VARS_RECORDS] = {{0}}; /** * The trampoline functions we use. Will be set to point to allocated mem. */ static int (*trampoline_mysql_execute_command)(THD *thd) = NULL; static unsigned int trampoline_mysql_execute_size =0; +#if MYSQL_VERSION_ID < 50600 static void (*trampoline_log_slow_statement)(THD *thd) = NULL; static unsigned int trampoline_log_slow_statement_size =0; +#endif +#if MYSQL_VERSION_ID < 50505 static int (*trampoline_check_user)(THD *thd, enum enum_server_command command, const char *passwd, uint passwd_len, const char *db, bool check_count) = NULL; static unsigned int trampoline_check_user_size =0; - +#elif MYSQL_VERSION_ID < 50600 static bool (*trampoline_acl_authenticate)(THD *thd, uint connect_errors, uint com_change_user_pkt_len) = NULL; static unsigned int trampoline_acl_authenticate_size =0; +#endif static MYSQL_THDVAR_ULONG(is_thd_printed_list, PLUGIN_VAR_READONLY | PLUGIN_VAR_NOSYSVAR | PLUGIN_VAR_NOCMDOPT, "avoid duplicate printing", @@ -861,25 +912,73 @@ static int audit_open_tables(THD *thd, TABLE_LIST **start, uint *counter, uint f static unsigned int trampoline_open_tables_size =0; #endif -static void audit_notify(THD *thd , const struct mysql_event * event) + +//called by log_slow_statement and general audit event caught by audit interface +static void audit_post_execute(THD * thd) { - sql_print_information( - "%s audit_notify called", - log_prefix, MYSQL_AUDIT_PLUGIN_VERSION); + //only audit non query events + //query events are audited by mysql execute command + if (Audit_formatter::thd_inst_command(thd) != COM_QUERY) + { + ThdSesData ThdData (thd); + if (strcasestr (ThdData.getCmdName(), "show_fields")==NULL) + { + audit(&ThdData); + } + } } + + /* Plugin descriptor */ -//in 5.5 we use the AUDIT plugin interface. In 5.1 we just use the general DAEMON plugin - +//in 5.6 we use the AUDIT plugin interface. In 5.1/5.5 we just use the general DAEMON plugin +#if MYSQL_VERSION_ID < 50600 static int plugin_type = MYSQL_DAEMON_PLUGIN; static struct st_mysql_daemon audit_plugin = { MYSQL_DAEMON_INTERFACE_VERSION }; +#else +static void audit_notify(THD *thd, unsigned int event_class, + const void * event) +{ + if (MYSQL_AUDIT_GENERAL_CLASS == event_class) + { + const struct mysql_event_general *event_general = + (const struct mysql_event_general *) event; + if(MYSQL_AUDIT_GENERAL_STATUS == event_general->event_subclass) + { + audit_post_execute(thd); + } + } + else if (MYSQL_AUDIT_CONNECTION_CLASS == event_class) + { + const struct mysql_event_connection *event_connection = + (const struct mysql_event_connection *) event; + //only audit for connect and change_user. disconnect is caught by general event + if(event_connection->event_subclass != MYSQL_AUDIT_CONNECTION_DISCONNECT) + { + ThdSesData ThdData (thd); + audit (&ThdData); + } + } +} + +static int plugin_type = MYSQL_AUDIT_PLUGIN; +static struct st_mysql_audit audit_plugin= +{ + MYSQL_AUDIT_INTERFACE_VERSION, /* interface version */ + NULL, /* release_thd function */ + audit_notify, /* notify function */ + { (unsigned long) MYSQL_AUDIT_GENERAL_CLASSMASK | + MYSQL_AUDIT_CONNECTION_CLASSMASK } /* class mask */ +}; + +#endif //some extern definitions which are not in include files @@ -894,16 +993,19 @@ extern struct st_mysql_plugin *mysqld_builtins[]; void remove_hot_functions () { - void * target_function = (void *) log_slow_statement; + void * target_function = NULL; +#if MYSQL_VERSION_ID < 50600 + target_function = (void *) log_slow_statement; remove_hot_patch_function(target_function, (void*) trampoline_log_slow_statement, trampoline_log_slow_statement_size, true); trampoline_log_slow_statement_size=0; +#endif #if MYSQL_VERSION_ID < 50505 target_function = (void *) check_user; remove_hot_patch_function(target_function, (void*) trampoline_check_user, trampoline_check_user_size, true); trampoline_check_user_size=0; -#else +#elif MYSQL_VERSION_ID < 50600 target_function = (void *) acl_authenticate; remove_hot_patch_function(target_function, (void*) trampoline_acl_authenticate, trampoline_acl_authenticate_size, true); @@ -923,7 +1025,7 @@ void remove_hot_functions () trampoline_open_tables_size=0; #endif - int (Query_cache::*pf_send_result_to_client)(THD *,char *, uint) = &Query_cache::send_result_to_client; + int (Query_cache::*pf_send_result_to_client)(THD *,char *, uint) = &Query_cache::send_result_to_client; target_function = *(void **) &pf_send_result_to_client; remove_hot_patch_function(target_function, (void*) trampoline_send_result_to_client, trampoline_send_result_to_client_size, true); @@ -1040,22 +1142,15 @@ static int audit_mysql_execute_command(THD *thd) } - +#if MYSQL_VERSION_ID < 50600 static void audit_log_slow_statement(THD * thd) { trampoline_log_slow_statement(thd); - //only audit non query events - //query events are audited by mysql execute command - if (Audit_formatter::thd_inst_command(thd) != COM_QUERY) - { - ThdSesData ThdData (thd); - if (strcasestr (ThdData.getCmdName(), "show_fields")==NULL) - { - audit(&ThdData); - } - } + audit_post_execute(thd); } +#endif +#if MYSQL_VERSION_ID < 50505 static int audit_check_user(THD *thd, enum enum_server_command command, const char *passwd, uint passwd_len, const char *db, bool check_count) @@ -1066,7 +1161,9 @@ static int audit_check_user(THD *thd, enum enum_server_command command, return (res); } - +#elif MYSQL_VERSION_ID < 50600 +//only for 5.5 +//in 5.6: we use audit plugin event to get the login event static bool audit_acl_authenticate(THD *thd, uint connect_errors, uint com_change_user_pkt_len) { bool res = trampoline_acl_authenticate (thd, connect_errors, com_change_user_pkt_len); @@ -1074,7 +1171,7 @@ static bool audit_acl_authenticate(THD *thd, uint connect_errors, uint com_chang audit (&ThdData); return (res); } - +#endif static bool parse_thd_offsets_string (char *poffsets_string) { @@ -1083,11 +1180,11 @@ static bool parse_thd_offsets_string (char *poffsets_string) char *poffset_str = offset_str; strncpy (poffset_str,poffsets_string,2048); char * comma_delimiter = strchr (poffset_str,','); - int i =0; + size_t i =0; OFFSET *pOffset; size_t len = strlen (poffset_str); - for (int j=0;j= '0' && poffset_str[j] <='9') || poffset_str[j] == ' ' || poffset_str[j] == ',')) return false; @@ -1098,7 +1195,7 @@ static bool parse_thd_offsets_string (char *poffsets_string) pOffset = (OFFSET*)&Audit_formatter::thd_offsets.query_id + i; if ((size_t)pOffset- (size_t)&Audit_formatter::thd_offsets < sizeof (Audit_formatter::thd_offsets)) { - sscanf (poffset_str, "%d", pOffset); + sscanf (poffset_str, "%zu", pOffset); } else { @@ -1113,7 +1210,7 @@ static bool parse_thd_offsets_string (char *poffsets_string) pOffset = &Audit_formatter::thd_offsets.query_id + i; if ((size_t)pOffset- (size_t)&Audit_formatter::thd_offsets < sizeof (Audit_formatter::thd_offsets)) { - sscanf (poffset_str, "%d", pOffset); + sscanf (poffset_str, "%zu", pOffset); } else { @@ -1166,6 +1263,62 @@ static bool validate_offsets(const ThdOffsets * offset) return true; } +/** + * Calculate md5 sum of a file. + * + * @file_name: file to calc md5 for + * @digest_str: string to fill with digest result should be big enought to hold 32 chars + * + * @return true on success. + */ +static bool calc_file_md5(const char * file_name, char * digest_str) +{ + File fd; + unsigned char digest[16] = {0}; + bool ret = false; + if ((fd = my_open(file_name, O_RDONLY, MYF(MY_WME))) < 0) + { + sql_print_error("%s Failed file open: [%s], errno: %d.", + log_prefix, file_name, errno); + return false; + } + + my_MD5Context context; + my_MD5Init(&context); + const size_t buff_size = 16384; + unsigned char file_buff[buff_size] = {0}; + + ssize_t res; + do + { + res = read(fd, file_buff, buff_size); + if(res > 0) + { + my_MD5Update(&context, file_buff, res); + } + } + while(res > 0); + if(res == 0) //reached end of file + { + my_MD5Final(digest, &context); + ret = true; + } + else + { + sql_print_error("%s Failed program read. res: %zd, errno: %d.", + log_prefix, res, errno); + } + (void) my_close(fd, MYF(0)); + if(ret) //we got the digest + { + for (int j = 0; j < 16; j++) + { + sprintf(&(digest_str[j * 2]), "%02x", digest[j]); + } + } + return ret; +} + /** * Setup the offsets needs to extract data from THD. * @@ -1176,46 +1329,12 @@ static int setup_offsets() DBUG_ENTER("setup_offsets"); sql_print_information ("%s setup_offsets audit_offsets: %s validate_checksum: %d offsets_by_version: %d", log_prefix, offsets_string, validate_checksum_enable, offsets_by_version_enable); - - unsigned char digest[16] = {0}; + char digest_str [128] = {0}; const ThdOffsets * offset; //setup digest_str to contain the md5sum in hex - - my_MD5Context context; - my_MD5Init(&context); - const size_t buff_size = 16384; - unsigned char file_buff[buff_size] = {0}; - MY_STAT stat_arg; - File fd; - if ((fd = my_open(my_progname, O_RDONLY, MYF(MY_WME))) > 0) - { - ssize_t res; - do - { - res = read(fd, file_buff, buff_size); - if(res > 0) - { - my_MD5Update(&context, file_buff, res); - } - } - while(res > 0); - if(res == 0) //reached end of file - { - my_MD5Final(digest, &context); - for (int j = 0; j < 16; j++) - { - sprintf(&(digest_str[j * 2]), "%02x", digest[j]); - } - } - else - { - sql_print_error("%s Failed program read. res: %d, errno: %d.", - log_prefix, res, errno); - } - (void) my_close(fd, MYF(0)); - } + calc_file_md5(my_progname, digest_str); sql_print_information( "%s mysqld: %s (%s) ", log_prefix, my_progname, digest_str); @@ -1246,7 +1365,7 @@ static int setup_offsets() } if (parse_thd_offsets_string (offsets_string)) { - sql_print_information ("%s setup_offsets Audit_formatter::thd_offsets values: %d %d %d %d %d %d ", log_prefix, + sql_print_information ("%s setup_offsets Audit_formatter::thd_offsets values: %zu %zu %zu %zu %zu %zu ", log_prefix, Audit_formatter::thd_offsets.query_id, Audit_formatter::thd_offsets.thread_id, Audit_formatter::thd_offsets.main_security_ctx, @@ -1274,7 +1393,7 @@ static int setup_offsets() //iterate and search for the first offset which matches our checksum if(validate_checksum_enable && strlen(digest_str) > 0) { - for(int i=0; i < arr_size; i++) + for(size_t i=0; i < arr_size; i++) { offset = thd_offsets_arr + i; if (strlen(offset->md5digest) >0) @@ -1291,10 +1410,12 @@ static int setup_offsets() } if(offsets_by_version_enable) { - for(int i=0; i < arr_size; i++) + bool server_is_ndb = strstr(server_version, "ndb") != NULL; + for(size_t i=0; i < arr_size; i++) { offset = thd_offsets_arr + i; const char * version = offset->version; + bool version_is_ndb = strstr(offset->version, "ndb") != NULL; const char * dash = strchr(version, '-'); char version_stripped[16] = {0}; if(dash) //we use the version string up to the '-' @@ -1306,35 +1427,62 @@ static int setup_offsets() } if(strstr(server_version, version)) { - if (validate_offsets(offset)) + if(server_is_ndb == version_is_ndb) { - sql_print_information("%s Using offsets from offset version: %s (%s)", log_prefix, offset->version, offset->md5digest); - Audit_formatter::thd_offsets = *offset; - DBUG_RETURN(0); - } - else - { - //try doing 24 byte decrement on THD offsets. Seen that on Ubuntu/Debian this is valid. - OFFSET dec = 24; - ThdOffsets decoffsets = *offset; - decoffsets.query_id -= dec; - decoffsets.thread_id -= dec; - decoffsets.main_security_ctx -= dec; - decoffsets.command -= dec; - if (validate_offsets(&decoffsets)) + if (validate_offsets(offset)) { - Audit_formatter::thd_offsets = decoffsets; - sql_print_information("%s Using decrement (%d) offsets from offset version: %s (%s) values: %d %d %d %d %d %d", log_prefix, dec, offset->version, offset->md5digest, + sql_print_information("%s Using offsets from offset version: %s (%s)", log_prefix, offset->version, offset->md5digest); + Audit_formatter::thd_offsets = *offset; + DBUG_RETURN(0); + } + else + { + //try doing 24 byte decrement on THD offsets. Seen that on Ubuntu/Debian this is valid. + OFFSET dec = 24; + ThdOffsets decoffsets = *offset; + decoffsets.query_id -= dec; + decoffsets.thread_id -= dec; + decoffsets.main_security_ctx -= dec; + decoffsets.command -= dec; + if (validate_offsets(&decoffsets)) + { + Audit_formatter::thd_offsets = decoffsets; + sql_print_information("%s Using decrement (%zu) offsets from offset version: %s (%s) values: %zu %zu %zu %zu %zu %zu", + log_prefix, dec, offset->version, offset->md5digest, + Audit_formatter::thd_offsets.query_id, + Audit_formatter::thd_offsets.thread_id, + Audit_formatter::thd_offsets.main_security_ctx, + Audit_formatter::thd_offsets.command, + Audit_formatter::thd_offsets.lex, + Audit_formatter::thd_offsets.lex_comment); + + DBUG_RETURN(0); + } + } + }//ndb check +#if defined(__x86_64__) && MYSQL_VERSION_ID > 50505 + else if(server_is_ndb) + { + //in 64bit 5.5 we've seen ndb has an offset of 32 on first 2 values + OFFSET inc = 32; + ThdOffsets incoffsets = *offset; + incoffsets.query_id += inc; + incoffsets.thread_id += inc; + if (validate_offsets(&incoffsets)) + { + Audit_formatter::thd_offsets = incoffsets; + sql_print_information("%s Using increment (%zu) offsets from offset version: %s (%s) values: %zu %zu %zu %zu %zu %zu", + log_prefix, inc, offset->version, offset->md5digest, Audit_formatter::thd_offsets.query_id, Audit_formatter::thd_offsets.thread_id, Audit_formatter::thd_offsets.main_security_ctx, Audit_formatter::thd_offsets.command, Audit_formatter::thd_offsets.lex, Audit_formatter::thd_offsets.lex_comment); - DBUG_RETURN(0); } } +#endif } } } @@ -1359,10 +1507,10 @@ const char * retrieve_command (THD * thd, bool & is_sql_cmd) return "select"; } const int sql_command = thd_sql_command(thd); - if (sql_command >=0 && sql_command <= (MAX_COM_STATUS_VARS_RECORDS -1) ) + if (sql_command >=0 && sql_command < MAX_COM_STATUS_VARS_RECORDS ) { is_sql_cmd = true; - cmd = com_status_vars_array[sql_command + 1].name; + cmd = com_status_vars_array[sql_command].name; } if(!cmd) { @@ -1401,9 +1549,22 @@ static int set_com_status_vars_array () } if (strcmp (status_vars[sv_idx].name,"Com")==0) { - int status_vars_index =0; com_status_vars = (SHOW_VAR*)status_vars[sv_idx].value; - size_t initial_offset = (size_t) com_status_vars[0].value; + int status_vars_index =0; + //we use "select" as 0 offset (SQLCOM_SELECT=0) + + while(strcmp(com_status_vars[status_vars_index].name,"select") !=0 && com_status_vars[status_vars_index].name != NullS) + { + status_vars_index ++; + } + if(strcmp(com_status_vars[status_vars_index].name,"select") !=0) + { + sql_print_error("%s Failed finding 'select' index in com_status_vars: [%p]. Plugin Init failed.", + log_prefix, com_status_vars); + DBUG_RETURN (1); + } + size_t initial_offset = (size_t) com_status_vars[status_vars_index].value; + status_vars_index =0; while (com_status_vars[status_vars_index].name != NullS) { int sql_command_idx = (com_status_vars[status_vars_index].value - (char*) (initial_offset)) / sizeof (ulong); @@ -1413,15 +1574,10 @@ static int set_com_status_vars_array () com_status_vars_array [sql_command_idx].type = com_status_vars[status_vars_index].type; com_status_vars_array [sql_command_idx].value = com_status_vars[status_vars_index].value; } - else - { - sql_print_error("%s Failed sql_command_idx [%d] is out of bounds. Plugin Init failed.", - log_prefix, sql_command_idx); - DBUG_RETURN (1); - } status_vars_index ++; } - + sql_print_information("%s Done initializing sql command names. status_vars_index: [%d], com_status_vars: [%p].", + log_prefix, status_vars_index, com_status_vars); } else { @@ -1518,13 +1674,13 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si if (res != 0) { //hot patch failed. - sql_print_error("%s unable to hot patch %s (0x%lx). res: %d. Aborting.", - log_prefix, func_name, (unsigned long)target_function, res); + sql_print_error("%s unable to hot patch %s (%p). res: %d. Aborting.", + log_prefix, func_name, target_function, res); return 1; } sql_print_information( - "%s hot patch for: %s (0x%lx) complete. Audit func: 0x%lx, Trampoline address: 0x%lx size: %u.", - log_prefix, func_name, (unsigned long)target_function, (unsigned long)audit_function, (unsigned long)*trampoline_func_pp, *trampoline_size); + "%s hot patch for: %s (%p) complete. Audit func: %p, Trampoline address: %p size: %u.", + log_prefix, func_name, target_function, audit_function, *trampoline_func_pp, *trampoline_size); trampoline_mem_free = (void *)(((DATATYPE_ADDRESS)*trampoline_func_pp) + *trampoline_size + jump_size()); return 0; } @@ -1551,13 +1707,15 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si #endif //See here: http://bugs.mysql.com/bug.php?id=56652 - int ver = audit_plugin.interface_version >> 8; - need_free_memalloc_plugin_var = ((ver < 50519) || (50600 <= ver && ver < 50604)); - + int interface_ver = audit_plugin.interface_version >> 8; +#if MYSQL_VERSION_ID < 50600 + //we ignore || (50600 <= interface_ver && interface_ver < 50604)) as GA was with 5.6.10 + need_free_memalloc_plugin_var = (interface_ver < 50519); +#endif sql_print_information( "%s starting up. Version: %s , Revision: %s (%s). AUDIT plugin interface version: %d. MySQL Server version: %s.", log_prefix, MYSQL_AUDIT_PLUGIN_VERSION, - MYSQL_AUDIT_PLUGIN_REVISION, arch, ver, + MYSQL_AUDIT_PLUGIN_REVISION, arch, interface_ver, server_version); //setup our offsets. @@ -1617,8 +1775,8 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si DATATYPE_ADDRESS addrs = (DATATYPE_ADDRESS)trampoline_dummy_func_for_mem + (page_size - 1); trampoline_mem = (void*)(addrs & ~(page_size - 1)); sql_print_information( - "%s mem func addr: 0x%lx mem start addr: 0x%lx page size: %ld", - log_prefix, (unsigned long)trampoline_dummy_func_for_mem, (unsigned long)trampoline_mem, page_size); + "%s mem func addr: %p mem start addr: %p page size: %ld", + log_prefix, trampoline_dummy_func_for_mem, trampoline_mem, page_size); } else //big pages for some reason. allocate mem using mmap { @@ -1632,17 +1790,19 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si else { sql_print_information( - "%s mem via mmap: 0x%lx page size: %ld", log_prefix, (unsigned long)trampoline_mem, page_size); + "%s mem via mmap: %p page size: %ld", log_prefix, trampoline_mem, page_size); } } trampoline_mem_free = trampoline_mem; //hot patch stuff void * target_function = NULL; +#if MYSQL_VERSION_ID < 50600 if(do_hot_patch((void **)&trampoline_log_slow_statement, &trampoline_log_slow_statement_size, (void *)log_slow_statement, (void *)audit_log_slow_statement, "log_slow_statement")) { DBUG_RETURN(1); } +#endif if(do_hot_patch((void **)&trampoline_mysql_execute_command, &trampoline_mysql_execute_size, (void *)mysql_execute_command, (void *)audit_mysql_execute_command, "mysql_execute_command")) @@ -1657,13 +1817,13 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si { DBUG_RETURN(1); } -#else +#elif MYSQL_VERSION_ID < 50600 if(do_hot_patch((void **)&trampoline_acl_authenticate, &trampoline_acl_authenticate_size, (void *)acl_authenticate, (void *)audit_acl_authenticate, "acl_authenticate")) { DBUG_RETURN(1); } -#endif +#endif int (Query_cache::*pf_send_result_to_client)(THD *,char *, uint) = &Query_cache::send_result_to_client; target_function = *(void **) &pf_send_result_to_client; if(do_hot_patch((void **)&trampoline_send_result_to_client, &trampoline_send_result_to_client_size, @@ -1995,7 +2155,8 @@ extern "C" void __attribute__ ((constructor)) audit_plugin_so_init(void) log_prefix, audit_plugin.interface_version >> 8); } } -#else +#elif MYSQL_VERSION_ID < 50600 +//no need to set interface version for 5.6 as we use audit plugin extern struct st_mysql_plugin *mysql_mandatory_plugins[]; extern "C" void __attribute__ ((constructor)) audit_plugin_so_init(void) { diff --git a/src/hot_patch.cc b/src/hot_patch.cc index 38f46b3..d3fae61 100755 --- a/src/hot_patch.cc +++ b/src/hot_patch.cc @@ -41,16 +41,16 @@ static int unprotect(void *addr, size_t len) if(0 != res) { sql_print_information( - "%s unable to unprotect. Page: 0x%lx, Size: %d, errno: %d. Using NO EXEC mode.", - log_prefix, (unsigned long)addr, len, errno); + "%s unable to unprotect. Page: %p, Size: %zu, errno: %d. Using NO EXEC mode.", + log_prefix, (void *)addr, len, errno); use_exec_prot = false; //do a sanity test that we can actually unprotect/protect and that nx bit is off res = unprotect(addr, len); if(0 != res) { sql_print_error( - "%s unable to unprotect page. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: 0x%lx, Size: %d, errno: %d.", - log_prefix, (unsigned long)addr, len, errno); + "%s unable to unprotect page. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: %p, Size: %zu, errno: %d.", + log_prefix, (void *)addr, len, errno); return res; } res = protect(addr, len); @@ -61,8 +61,8 @@ static int unprotect(void *addr, size_t len) if(NULL == fp) { sql_print_error( - "%s unable to verify nx bit. Failed checking /proc/cpuinfo. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: 0x%lx, Size: %d, errno: %d.", - log_prefix, (unsigned long)addr, len, errno); + "%s unable to verify nx bit. Failed checking /proc/cpuinfo. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: %p, Size: %zu, errno: %d.", + log_prefix, (void *)addr, len, errno); return res; } char line[1024] = {0}; @@ -77,8 +77,8 @@ static int unprotect(void *addr, size_t len) if(strstr(line, " nx")) //nx enabled so fail { sql_print_error( - "%s unable to protect page and nx bit enabled. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: 0x%lx, Size: %d.", - log_prefix, (unsigned long)addr, len); + "%s unable to protect page and nx bit enabled. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: %p, Size: %zu.", + log_prefix, (void *)addr, len); fclose(fp); return res; } @@ -89,8 +89,8 @@ static int unprotect(void *addr, size_t len) if(!nxchecked) //we didn't find flags string for some reason { sql_print_error( - "%s unable to verify nx bit. Failed finding: %s in /proc/cpuinfo. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: 0x%lx, Size: %d.", - log_prefix, flags, (unsigned long)addr, len); + "%s unable to verify nx bit. Failed finding: %s in /proc/cpuinfo. This may happen if you have SELinux enabled. Disable SELinux execmod protection for mysqld. Aborting. Page: %p, Size: %zu.", + log_prefix, flags, (void *)addr, len); return res; } } @@ -104,8 +104,8 @@ static int unprotect(void *addr, size_t len) if(0 != res) //log the failure { sql_print_error( - "%s unable to unprotect. Page: 0x%lx, Size: %d, errno: %d. Error.", - log_prefix, (unsigned long)addr, len, errno); + "%s unable to unprotect. Page: %p, Size: %zu, errno: %d. Error.", + log_prefix, (void *)addr, len, errno); } return res; } @@ -144,7 +144,6 @@ unsigned int jump_size() static void WriteJump(void *pAddress, ULONG_PTR JumpTo) { - DWORD dwOldProtect = 0; DATATYPE_ADDRESS AddressPage = get_page_address(pAddress); unprotect((void*)AddressPage, PAGE_SIZE); @@ -166,7 +165,7 @@ static void WriteJump(void *pAddress, ULONG_PTR JumpTo) #endif //} - DWORD dwBuf = 0; // nessary othewrise the function fails + //DWORD dwBuf = 0; // nessary othewrise the function fails protect((void*)AddressPage, PAGE_SIZE); } @@ -192,32 +191,55 @@ static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG ud_set_input_buffer(&ud_obj, raw, MAX_INSTRUCTIONS); ud_set_mode(&ud_obj, ASM_MODE); ud_set_syntax(&ud_obj, UD_SYN_INTEL); - + ud_set_pc(&ud_obj, targetFunction); DWORD InstrSize = 0; DATATYPE_ADDRESS trampolineFunctionPage = get_page_address((void*)trampolineFunction); if(unprotect((void*)trampolineFunctionPage, PAGE_SIZE) != 0) { sql_print_error( - "%s unable to unprotect trampoline function page: 0x%lx. Aborting.", - log_prefix, trampolineFunctionPage); + "%s unable to unprotect trampoline function page: %p. Aborting.", + log_prefix, (void *)trampolineFunctionPage); return false; } - while (ud_disassemble(&ud_obj) && (strncmp (ud_insn_asm(&ud_obj),"invalid",7)!=0)) + bool disassemble_valid = false; + while (ud_disassemble(&ud_obj)) { - if (InstrSize >= jump_size()) + if(ud_obj.mnemonic == UD_Iinvalid) + { + sql_print_error( + "%s unable to disassemble at address: %p. Aborting.", + log_prefix, (void *)(InstrSize + targetFunction)); break; + } + //make sure there isn't a jmp/call (or similar operand) as these use + //relative addressing and if we copy as is we will mess up the jmp/call target + if(ud_obj.mnemonic == UD_Ijmp || ud_obj.mnemonic == UD_Icall || + ud_obj.operand[0].type == UD_OP_JIMM) + { + sql_print_error( + "%s unable to disassemble at address: 0x%p. Found relative addressing for instruction: [%s]. Aborting.", + log_prefix, (void *)(InstrSize + targetFunction), ud_insn_asm(&ud_obj)); + break; + } BYTE *pCurInstr = (BYTE *) (InstrSize + (ULONG_PTR) targetFunction); memcpy((BYTE*)trampolineFunction + uCurrentSize, (void *) pCurInstr, ud_insn_len (&ud_obj)); - uCurrentSize += ud_insn_len (&ud_obj); - - + uCurrentSize += ud_insn_len (&ud_obj); InstrSize += ud_insn_len (&ud_obj); + if (InstrSize >= jump_size()) //we have enough space so break + { + disassemble_valid = true; + break; + } } protect((void*)trampolineFunctionPage, PAGE_SIZE); + if(!disassemble_valid) //something went wrong. log was written before so return false + { + return false; + } WriteJump( (BYTE*)trampolineFunction + uCurrentSize, targetFunction + InstrSize); WriteJump((void *) targetFunction, newFunction); *trampolinesize = uCurrentSize; @@ -235,8 +257,8 @@ static void UnhookFunction(ULONG_PTR Function,ULONG_PTR trampolineFunction , uns if(unprotect((void*)FunctionPage, PAGE_SIZE) != 0) { sql_print_error( - "%s Unhook not able to unprotect function page: 0x%lx. Aborting.", - log_prefix, FunctionPage); + "%s Unhook not able to unprotect function page: %p. Aborting.", + log_prefix, (void * )FunctionPage); return; } memcpy((void *) Function, (void*)trampolineFunction,trampolinesize); @@ -263,7 +285,7 @@ static void UnhookFunction(ULONG_PTR Function,ULONG_PTR trampolineFunction , uns int hot_patch_function (void* targetFunction, void* newFunction, void * trampolineFunction, unsigned int *trampolinesize, bool info_print) { DATATYPE_ADDRESS trampolinePage = get_page_address(trampolineFunction); - cond_info_print(info_print, "%s hot patching function: 0x%lx, trampolineFunction: 0x%lx trampolinePage: 0x%lx",log_prefix, (unsigned long)targetFunction, (unsigned long)trampolineFunction, (unsigned long)trampolinePage); + cond_info_print(info_print, "%s hot patching function: %p, trampolineFunction: %p trampolinePage: %p",log_prefix, (void *)targetFunction, (void *)trampolineFunction, (void *)trampolinePage); if (HookFunction((ULONG_PTR) targetFunction, (ULONG_PTR) newFunction, (ULONG_PTR) trampolineFunction, trampolinesize)) { @@ -292,7 +314,7 @@ void remove_hot_patch_function (void* targetFunction, void * trampolineFunction, return; } DATATYPE_ADDRESS targetPage = get_page_address(targetFunction); - cond_info_print(info_print, "%s removing hot patching function: 0x%lx targetPage: 0x%lx trampolineFunction: 0x%lx",log_prefix, (unsigned long)targetFunction, (unsigned long)targetPage, (unsigned long)trampolineFunction); + cond_info_print(info_print, "%s removing hot patching function: %p targetPage: %p trampolineFunction: %p",log_prefix, (void *)targetFunction, (void *)targetPage, (void *)trampolineFunction); UnhookFunction ((ULONG_PTR) targetFunction, (ULONG_PTR)trampolineFunction,trampolinesize); return; } diff --git a/src/md5.cc b/src/md5.cc new file mode 100755 index 0000000..57ec146 --- /dev/null +++ b/src/md5.cc @@ -0,0 +1,297 @@ +/* + * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc. + * MD5 Message-Digest Algorithm (RFC 1321). + * + * Homepage: + * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 + * + * Author: + * Alexander Peslyak, better known as Solar Designer + * + * This software was written by Alexander Peslyak in 2001. No copyright is + * claimed, and the software is hereby placed in the public domain. + * In case this attempt to disclaim copyright and place the software in the + * public domain is deemed null and void, then the software is + * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * (This is a heavily cut-down "BSD license".) + * + * This differs from Colin Plumb's older public domain implementation in that + * no exactly 32-bit integer data type is required (any 32-bit or wider + * unsigned integer data type will do), there's no compile-time endianness + * configuration, and the function prototypes match OpenSSL's. No code from + * Colin Plumb's implementation has been reused; this comment merely compares + * the properties of the two independent implementations. + * + * The primary goals of this implementation are portability and ease of use. + * It is meant to be fast, but not as fast as possible. Some known + * optimizations are not included to reduce source code size and avoid + * compile-time configuration. + * + * Modified: to have naming convention as used in MySQL 5.1 and 5.5 + */ + +#include + +#include "md5.h" + +#if MYSQL_VERSION_ID >= 50600 + +/* + * The basic MD5 functions. + * + * F and G are optimized compared to their RFC 1321 definitions for + * architectures that lack an AND-NOT instruction, just like in Colin Plumb's + * implementation. + */ +#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) +#define G(x, y, z) ((y) ^ ((z) & ((x) ^ (y)))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define I(x, y, z) ((y) ^ ((x) | ~(z))) + +/* + * The MD5 transformation for all four rounds. + */ +#define STEP(f, a, b, c, d, x, t, s) \ + (a) += f((b), (c), (d)) + (x) + (t); \ + (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \ + (a) += (b); + +/* + * SET reads 4 input bytes in little-endian byte order and stores them + * in a properly aligned word in host byte order. + * + * The check for little-endian architectures that tolerate unaligned + * memory accesses is just an optimization. Nothing will break if it + * doesn't work. + */ +#if defined(__i386__) || defined(__x86_64__) || defined(__vax__) +#define SET(n) \ + (*(MD5_u32plus *)&ptr[(n) * 4]) +#define GET(n) \ + SET(n) +#else +#define SET(n) \ + (ctx->block[(n)] = \ + (MD5_u32plus)ptr[(n) * 4] | \ + ((MD5_u32plus)ptr[(n) * 4 + 1] << 8) | \ + ((MD5_u32plus)ptr[(n) * 4 + 2] << 16) | \ + ((MD5_u32plus)ptr[(n) * 4 + 3] << 24)) +#define GET(n) \ + (ctx->block[(n)]) +#endif + +/* + * This processes one or more 64-byte data blocks, but does NOT update + * the bit counters. There are no alignment requirements. + */ +static void *body(MD5_CTX *ctx, void *data, unsigned long size) +{ + unsigned char *ptr; + MD5_u32plus a, b, c, d; + MD5_u32plus saved_a, saved_b, saved_c, saved_d; + + ptr = (unsigned char *)data; + + a = ctx->a; + b = ctx->b; + c = ctx->c; + d = ctx->d; + + do { + saved_a = a; + saved_b = b; + saved_c = c; + saved_d = d; + +/* Round 1 */ + STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7) + STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12) + STEP(F, c, d, a, b, SET(2), 0x242070db, 17) + STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22) + STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7) + STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12) + STEP(F, c, d, a, b, SET(6), 0xa8304613, 17) + STEP(F, b, c, d, a, SET(7), 0xfd469501, 22) + STEP(F, a, b, c, d, SET(8), 0x698098d8, 7) + STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12) + STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17) + STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22) + STEP(F, a, b, c, d, SET(12), 0x6b901122, 7) + STEP(F, d, a, b, c, SET(13), 0xfd987193, 12) + STEP(F, c, d, a, b, SET(14), 0xa679438e, 17) + STEP(F, b, c, d, a, SET(15), 0x49b40821, 22) + +/* Round 2 */ + STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5) + STEP(G, d, a, b, c, GET(6), 0xc040b340, 9) + STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14) + STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20) + STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5) + STEP(G, d, a, b, c, GET(10), 0x02441453, 9) + STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14) + STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20) + STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5) + STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9) + STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14) + STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20) + STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5) + STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9) + STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14) + STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20) + +/* Round 3 */ + STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4) + STEP(H, d, a, b, c, GET(8), 0x8771f681, 11) + STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16) + STEP(H, b, c, d, a, GET(14), 0xfde5380c, 23) + STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4) + STEP(H, d, a, b, c, GET(4), 0x4bdecfa9, 11) + STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16) + STEP(H, b, c, d, a, GET(10), 0xbebfbc70, 23) + STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4) + STEP(H, d, a, b, c, GET(0), 0xeaa127fa, 11) + STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16) + STEP(H, b, c, d, a, GET(6), 0x04881d05, 23) + STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4) + STEP(H, d, a, b, c, GET(12), 0xe6db99e5, 11) + STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16) + STEP(H, b, c, d, a, GET(2), 0xc4ac5665, 23) + +/* Round 4 */ + STEP(I, a, b, c, d, GET(0), 0xf4292244, 6) + STEP(I, d, a, b, c, GET(7), 0x432aff97, 10) + STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15) + STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21) + STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6) + STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10) + STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15) + STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21) + STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6) + STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10) + STEP(I, c, d, a, b, GET(6), 0xa3014314, 15) + STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21) + STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6) + STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10) + STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15) + STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21) + + a += saved_a; + b += saved_b; + c += saved_c; + d += saved_d; + + ptr += 64; + } while (size -= 64); + + ctx->a = a; + ctx->b = b; + ctx->c = c; + ctx->d = d; + + return ptr; +} + +void MD5_Init(MD5_CTX *ctx) +{ + ctx->a = 0x67452301; + ctx->b = 0xefcdab89; + ctx->c = 0x98badcfe; + ctx->d = 0x10325476; + + ctx->lo = 0; + ctx->hi = 0; +} + +void MD5_Update(MD5_CTX *ctx, void *data, unsigned long size) +{ + MD5_u32plus saved_lo; + unsigned long used, free; + + saved_lo = ctx->lo; + if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo) + ctx->hi++; + ctx->hi += size >> 29; + + used = saved_lo & 0x3f; + + if (used) { + free = 64 - used; + + if (size < free) { + memcpy(&ctx->buffer[used], data, size); + return; + } + + memcpy(&ctx->buffer[used], data, free); + data = (unsigned char *)data + free; + size -= free; + body(ctx, ctx->buffer, 64); + } + + if (size >= 64) { + data = body(ctx, data, size & ~(unsigned long)0x3f); + size &= 0x3f; + } + + memcpy(ctx->buffer, data, size); +} + +void MD5_Final(unsigned char *result, MD5_CTX *ctx) +{ + unsigned long used, free; + + used = ctx->lo & 0x3f; + + ctx->buffer[used++] = 0x80; + + free = 64 - used; + + if (free < 8) { + memset(&ctx->buffer[used], 0, free); + body(ctx, ctx->buffer, 64); + used = 0; + free = 64; + } + + memset(&ctx->buffer[used], 0, free - 8); + + ctx->lo <<= 3; + ctx->buffer[56] = ctx->lo; + ctx->buffer[57] = ctx->lo >> 8; + ctx->buffer[58] = ctx->lo >> 16; + ctx->buffer[59] = ctx->lo >> 24; + ctx->buffer[60] = ctx->hi; + ctx->buffer[61] = ctx->hi >> 8; + ctx->buffer[62] = ctx->hi >> 16; + ctx->buffer[63] = ctx->hi >> 24; + + body(ctx, ctx->buffer, 64); + + result[0] = ctx->a; + result[1] = ctx->a >> 8; + result[2] = ctx->a >> 16; + result[3] = ctx->a >> 24; + result[4] = ctx->b; + result[5] = ctx->b >> 8; + result[6] = ctx->b >> 16; + result[7] = ctx->b >> 24; + result[8] = ctx->c; + result[9] = ctx->c >> 8; + result[10] = ctx->c >> 16; + result[11] = ctx->c >> 24; + result[12] = ctx->d; + result[13] = ctx->d >> 8; + result[14] = ctx->d >> 16; + result[15] = ctx->d >> 24; + + memset(ctx, 0, sizeof(*ctx)); +} + +#endif