From d9786405af9b58a8f15f1288ab04db3c86802e27 Mon Sep 17 00:00:00 2001
From: Tomer Hadri <Tomer_Hadri@mcafee.com>
Date: Sun, 22 Oct 2017 11:48:27 +0300
Subject: [PATCH] Add support for 5.5.58, 5.6.38, 5.7.20. Include code from
 https://github.com/mcafee/mysql-audit/pull/179.

---
 src/audit_handler.cc |  2 +-
 src/audit_offsets.cc | 12 ++++++++++++
 src/audit_plugin.cc  | 10 +++++-----
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/src/audit_handler.cc b/src/audit_handler.cc
index 2ceee3d..2b9a22f 100644
--- a/src/audit_handler.cc
+++ b/src/audit_handler.cc
@@ -696,7 +696,7 @@ ssize_t Audit_json_formatter::start_msg_format(IWriter *writer)
 	yajl_add_string_val(gen, "msg-type", "header");
 	uint64 ts = my_getsystime() / (10000);
 	yajl_add_uint64(gen, "date", ts);
-	yajl_add_string_val(gen, "audit-version", MYSQL_AUDIT_PLUGIN_VERSION"-"MYSQL_AUDIT_PLUGIN_REVISION);
+	yajl_add_string_val(gen, "audit-version", MYSQL_AUDIT_PLUGIN_VERSION "-" MYSQL_AUDIT_PLUGIN_REVISION);
 	yajl_add_string_val(gen, "audit-protocol-version", AUDIT_PROTOCOL_VERSION);
 	yajl_add_string_val(gen, "hostname", glob_hostname);
 	yajl_add_string_val(gen, "mysql-version", server_version);
diff --git a/src/audit_offsets.cc b/src/audit_offsets.cc
index dad8c5e..a273964 100644
--- a/src/audit_offsets.cc
+++ b/src/audit_offsets.cc
@@ -22,6 +22,12 @@
 const ThdOffsets thd_offsets_arr[] =
 {
 	/* +++ MYSQL 64 OFFSETS GO HERE +++ */
+	//offsets for: /mysqlrpm/5.5.58/usr/sbin/mysqld (5.5.58)
+	{"5.5.58","2f140dea116bd11757e0a33240c5ed1c", 6144, 6192, 3816, 4312, 88, 2592, 96, 0, 32, 104, 120, 6264, 4192, 0, 0, 0, 512, 0, 0, 6008, 6032, 6016, 6072, 548, 516},
+	//offsets for: /mysqlrpm/5.6.38/usr/sbin/mysqld (5.6.38)
+	{"5.6.38","276cb0ab3e7c5b2ff265c97f1c9ccf10", 6992, 7040, 4000, 4520, 72, 2704, 96, 0, 32, 104, 136, 7128, 4392, 2800, 2808, 2812, 536, 0, 0, 6360, 6384, 6368, 13048, 548, 516},
+	//offsets for: /mysqlrpm/5.7.20/usr/sbin/mysqld (5.7.20)
+	{"5.7.20","1e793b9a2c327a27309b3ff8a6b5d731", 7816, 7864, 3632, 4784, 456, 360, 0, 32, 64, 160, 536, 7980, 4360, 3648, 3656, 3660, 6064, 2072, 8, 7048, 7088, 7072, 13448, 148, 672},
 	//offsets for: /mysqlrpm/5.7.18/usr/sbin/mysqld (5.7.18)
 	{"5.7.18","6de3482825fa59ebb792f158aa4056d1", 7800, 7848, 3624, 4776, 456, 360, 0, 32, 64, 160, 536, 7964, 4352, 3648, 3656, 3660, 6048, 2072, 8, 7032, 7072, 7056, 13432, 148, 672},
 	//offsets for: /mysqlrpm/5.7.19/usr/sbin/mysqld (5.7.19)
@@ -455,6 +461,12 @@ const ThdOffsets thd_offsets_arr[] =
 const ThdOffsets thd_offsets_arr[] =
 {
 	/* +++ MYSQL 32 OFFSETS GO HERE +++ */
+	//offsets for: /mysqlrpm/5.5.58/usr/sbin/mysqld (5.5.58)
+	{"5.5.58","838deaf65cca179c35bc97340032fdf6", 3872, 3900, 2368, 2748, 44, 1656, 60, 0, 20, 64, 60, 3956, 2680, 0, 0, 0, 328, 0, 0, 3780, 3804, 3788, 3832, 548, 516},
+	//offsets for: /mysqlrpm/5.6.38/usr/sbin/mysqld (5.6.38)
+	{"5.6.38","574d6929a5e6785b9c87486134436d51", 4676, 4704, 2660, 3052, 36, 1748, 60, 0, 20, 64, 72, 4776, 2980, 2268, 2272, 2276, 348, 0, 0, 4204, 4228, 4212, 8660, 548, 516},
+	//offsets for: /mysqlrpm/5.7.20/usr/sbin/mysqld (5.7.20)
+	{"5.7.20","f0023b1a30efeeabc50eebeb4824831a", 5080, 5108, 2212, 3032, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3716, 1152, 4, 4532, 4568, 4552, 9036, 80, 604},
 	//offsets for: /mysqlrpm/5.6.36/usr/sbin/mysqld (5.6.36)
 	{"5.6.36","1bfad8eeba37c4c815c694b3aac3b64f", 4676, 4704, 2660, 3052, 36, 1748, 60, 0, 20, 64, 72, 4776, 2980, 2268, 2272, 2276, 348, 0, 0, 4204, 4228, 4212, 8660, 548, 516},
 	//offsets for: /mysqlrpm/5.6.37/usr/sbin/mysqld (5.6.37)
diff --git a/src/audit_plugin.cc b/src/audit_plugin.cc
index 60487a1..881064b 100644
--- a/src/audit_plugin.cc
+++ b/src/audit_plugin.cc
@@ -104,12 +104,12 @@ static char password_masking_regex_buff[4096] = {0};
 
 static const char default_pw_masking_regex[] =
 	// identified by [password] '***'
-	"identified"_COMMENT_SPACE_"by"_COMMENT_SPACE_"(?:password)?"_COMMENT_SPACE_ _QUOTED_PSW_
+	"identified" _COMMENT_SPACE_ "by" _COMMENT_SPACE_ "(?:password)?" _COMMENT_SPACE_ _QUOTED_PSW_ 
 	// password function
-	"|password"_COMMENT_SPACE_"\\("_COMMENT_SPACE_ _QUOTED_PSW_ _COMMENT_SPACE_"\\)"
+	"|password" _COMMENT_SPACE_ "\\(" _COMMENT_SPACE_ _QUOTED_PSW_ _COMMENT_SPACE_ "\\)" 
 	// Used at: CHANGE MASTER TO MASTER_PASSWORD='new3cret', SET PASSWORD [FOR user] = 'hash', password 'user_pass';
-	"|password"_COMMENT_SPACE_"(?:for"_COMMENT_SPACE_"\\S+?)?"_COMMENT_SPACE_"="_COMMENT_SPACE_ _QUOTED_PSW_
-	"|password"_COMMENT_SPACE_ _QUOTED_PSW_
+	"|password" _COMMENT_SPACE_ "(?:for" _COMMENT_SPACE_ "\\S+?)?" _COMMENT_SPACE_ "=" _COMMENT_SPACE_ _QUOTED_PSW_ 
+	"|password" _COMMENT_SPACE_ _QUOTED_PSW_
 	// federated engine create table with connection. See: http://dev.mysql.com/doc/refman/5.5/en/federated-create-connection.html
 	// commented out as federated engine is disabled by default
 	// "|ENGINE"_COMMENT_SPACE_"="_COMMENT_SPACE_"FEDERATED"_COMMENT_SPACE_".*CONNECTION"_COMMENT_SPACE_"="_COMMENT_SPACE_"[\'|\"]\\S+?://\\S+?:(?<psw>.*)@\\S+[\'|\"]"
@@ -388,7 +388,7 @@ PeerInfo *retrieve_peerinfo(THD *thd)
 	{
 		PeerInfo *peer = (PeerInfo *) THDVAR(thd, peer_info);
 
-		if (THDVAR(thd, peer_is_uds) && peer != NULL);
+		if (THDVAR(thd, peer_is_uds) && peer != NULL)
 		{
 			return peer;
 		}