diff --git a/compiling.txt b/compiling.txt index bb10abf..62db17b 100644 --- a/compiling.txt +++ b/compiling.txt @@ -81,3 +81,20 @@ Some documentation about configure command for mysql: http://dev.mysql.com/doc/refman/5.1/en/source-configuration-options.html + +==== MariaDB 10.2.10 ====== +1. Firstly checkout the source code:- + - svn co https://beasource3.corp.nai.org/svn/projects/DBSec-MySQL audit_plugin_mysql +2. cd audit_plugin_mysql +3. unzip zip-sources/mariadb-10.2.10.zip +4. cd mariadb-10.2.10 +5. CC=gcc CXX=g++ cmake . -DBUILD_CONFIG=mysql_release -DGNUTLS_INCLUDE_DIR=./zip-sources/mariadb-10.2.10/gnutls-3.3.24/64b/include -DGNUTLS_LIBRARY=./zip-sources/mariadb-10.2.10/gnutls-3.3.24/64b/lib +6. cd mariadb-10.2.10/libservices +7. make +8. cd ../extra +9. make +10. cd ../.. +11. chmod +x bootstrap.sh +12. ./bootstrap.sh +13. CXX='gcc -static-libgcc' CC='gcc -static-libgcc' MYSQL_AUDIT_PLUGIN_VERSION=1.1.7 MYSQL_AUDIT_PLUGIN_REVISION=`svn info|grep ^Revision|awk -F ": " '{print $2}'` ./configure --enable-debug=no --with-mysql=mariadb-10.2.10 --with-mysql-libservices=mariadb-10.2.10/libservices/libmysqlservices.a +14. gmake <======== This will create the plugin "libaudit_plugin.so" diff --git a/config/ac_mysql.m4 b/config/ac_mysql.m4 index 8e548ad..6852378 100644 --- a/config/ac_mysql.m4 +++ b/config/ac_mysql.m4 @@ -33,7 +33,7 @@ dnl dnl table_id.h included from table.h included by mysql_inc.h is dnl in libbinlogevents/include. AC_DEFINE([MYSQL_SRC], [1], [Source directory for MySQL]) - MYSQL_INC="-I$withval/sql -I$withval/libbinlogevents/export -I$withval/libbinlogevents/include -I$withval/include -I$withval/regex -I$withval" + MYSQL_INC="-I$withval/sql -I$withval/libbinlogevents/export -I$withval/libbinlogevents/include -I$withval/include -I$withval/regex -I$withval -I$withval/extra/rapidjson/include" AC_MSG_RESULT(["$withval"]) ], [ diff --git a/configure.ac b/configure.ac index b6498ae..2a98855 100644 --- a/configure.ac +++ b/configure.ac @@ -96,8 +96,7 @@ AC_PATH_PROG(DIFF, diff, diff) #we can add the following flags for better error catching: -Werror -Wimplicit CPPFLAGS="$CPPFLAGS -Werror -Wall" CFLAGS="$CFLAGS -Wimplicit" -# From MySQL: Disable exceptions as they seams to create problems with gcc and threads. -CXXFLAGS="-fno-implicit-templates -fno-exceptions -fno-rtti -Wno-reorder -Wno-strict-aliasing" +CXXFLAGS="-fno-implicit-templates -fno-strict-aliasing" #add pthread libs LIBS="$LIBS -lpthread" diff --git a/include/audit_handler.h b/include/audit_handler.h index 47701ff..4e8c910 100644 --- a/include/audit_handler.h +++ b/include/audit_handler.h @@ -104,6 +104,7 @@ typedef struct ThdOffsets { OFFSET stmt_da; OFFSET da_status; OFFSET da_sql_errno; + OFFSET view_tables; } ThdOffsets; /* @@ -224,7 +225,9 @@ public: virtual ssize_t stop_msg_format(IWriter *writer) { return 0; } static const char *retrieve_object_type(TABLE_LIST *pObj); +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 static QueryTableInf *getQueryCacheTableList1(THD *thd); +#endif // utility functions for fetching thd stuff static int thd_client_port(THD *thd); @@ -579,7 +582,10 @@ static inline const CHARSET_INFO * pfs_connect_attrs_cs(void * pfs) static inline bool table_is_view(TABLE_LIST *table) { - return table->view_tables != 0; + if (!Audit_formatter::thd_offsets.view_tables) + return table->view_tables != 0; + List **view_tables = (List **)((char*)table + Audit_formatter::thd_offsets.view_tables); + return *view_tables; } }; @@ -592,14 +598,14 @@ public: static const char *DEF_MSG_DELIMITER; Audit_json_formatter() - : m_msg_delimiter(NULL), - m_write_start_msg(true), + : m_write_start_msg(true), m_write_sess_connect_attrs(true), m_write_client_capabilities(false), m_write_socket_creds(true), - m_password_mask_regex_preg(NULL), + m_perform_password_masking(NULL), + m_msg_delimiter(NULL), m_password_mask_regex_compiled(false), - m_perform_password_masking(NULL) + m_password_mask_regex_preg(NULL) { } @@ -706,8 +712,12 @@ public: static void stop_all(); Audit_handler() : - m_initialized(false), m_enabled(false), m_print_offset_err(true), - m_formatter(NULL), m_failed(false), m_log_io_errors(true) + m_formatter() + ,m_initialized() + ,m_enabled() + ,m_failed() + ,m_log_io_errors(true) + ,m_print_offset_err(true) { } @@ -873,7 +883,10 @@ class Audit_file_handler: public Audit_io_handler { public: Audit_file_handler() : - m_sync_period(0), m_log_file(NULL), m_sync_counter(0), m_bufsize(0) + m_sync_period(0) + , m_bufsize(0) + , m_log_file(NULL) + , m_sync_counter(0) { m_io_type = "file"; } @@ -920,8 +933,10 @@ class Audit_socket_handler: public Audit_io_handler { public: Audit_socket_handler() : - m_vio(NULL), m_connect_timeout(1), m_write_timeout(0), - m_log_with_error_severity(false) + m_connect_timeout(1) + , m_write_timeout() + , m_vio() + , m_log_with_error_severity() { m_io_type = "socket"; } diff --git a/include/hot_patch.h b/include/hot_patch.h index e3c1252..74179ee 100644 --- a/include/hot_patch.h +++ b/include/hot_patch.h @@ -4,7 +4,6 @@ * Created on: Jan 10, 2011 * Author: Guyl */ - #ifndef HOT_PATCH_H_ #define HOT_PATCH_H_ @@ -14,9 +13,14 @@ #define GETPAGESIZE() sysconf (_SC_PAGE_SIZE) -int hot_patch_function(void* targetFunction, void* newFunction, void* trampolineFunction, unsigned int *trampolinesize, unsigned int *usedsize, bool log_info); +struct SavedCode { + char code [1024]; + size_t size; +}; -void remove_hot_patch_function(void* targetFunction, void* trampolineFunction, unsigned int trampolinesize, bool log_info); +int hot_patch_function(void* targetFunction, void* newFunction, void* trampolineFunction, unsigned int *trampolinesize, unsigned int *usedsize, bool log_info, SavedCode* saved_code); + +void remove_hot_patch_function(void* targetFunction, void* trampolineFunction, unsigned int trampolinesize, bool log_info, SavedCode* saved_code); //8KB NOP + 16 //can be used to define a block of memory to use for trampolines diff --git a/include/mysql_inc.h b/include/mysql_inc.h index f15eecd..febbab8 100644 --- a/include/mysql_inc.h +++ b/include/mysql_inc.h @@ -33,7 +33,26 @@ #include #include +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 80019 +#include +#include +#include +#endif +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 80000 +using my_bool = bool; +#if MYSQL_VERSION_ID < 80012 +#define PLUGIN_VAR_NOSYSVAR 0x0400 +#endif +#include +#include +#include +#include +#include +#include +#else #include +typedef struct st_mysql_sys_var SYS_VAR; +#endif #include #include #include @@ -73,10 +92,7 @@ # endif #endif -// MariaDB doesn't have my_getsystime (returns 100 nano seconds) function. They replaced with my_hrtime_t my_hrtime() which returns microseconds -#if defined(MARIADB_BASE_VERSION) - -#define my_getsystime() ((my_hrtime()).val * 10) +#if defined(MARIADB_BASE_VERSION) // MariaDB has a kill service that overrides thd_killed as a macro. It also has thd_killed function defined for backwards compatibility, so we redefine it. #undef thd_killed extern "C" int thd_killed(const MYSQL_THD thd); @@ -85,7 +101,6 @@ extern "C" int thd_killed(const MYSQL_THD thd); #if MYSQL_VERSION_ID >= 100010 extern "C" char *thd_security_context(MYSQL_THD thd, char *buffer, unsigned int length, unsigned int max_query_len); #endif - #endif //Define HAVE_SESS_CONNECT_ATTRS. We define it for mysql 5.6 and above @@ -93,4 +108,80 @@ extern "C" char *thd_security_context(MYSQL_THD thd, char *buffer, unsigned int #define HAVE_SESS_CONNECT_ATTRS 1 #endif + +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 +#include +#endif + +namespace compat { +/*************************/ +/* my_getsystime */ +/*************************/ +#if defined(MARIADB_BASE_VERSION) +// MariaDB doesn't have my_getsystime (returns 100 nano seconds) function. They replaced with my_hrtime_t my_hrtime() which returns microseconds +static inline unsigned long long int my_getsystime() { return (my_hrtime()).val * 10; } +#elif MYSQL_VERSION_ID < 80000 +static inline unsigned long long int my_getsystime() { return ::my_getsystime(); } +#else +static inline unsigned long long int my_getsystime() { +#ifdef HAVE_CLOCK_GETTIME + // Performance regression testing showed this to be preferable + struct timespec tp; + clock_gettime(CLOCK_REALTIME, &tp); + return (static_cast(tp.tv_sec) * 10000000 + + static_cast(tp.tv_nsec) / 100); +#else + return std::chrono::duration_cast< + std::chrono::duration>>( + UTC_clock::now().time_since_epoch()) + .count(); +#endif /* HAVE_CLOCK_GETTIME */ +} +#endif + +/*********************************************/ +/* vio_socket_connect */ +/*********************************************/ +#if MYSQL_VERSION_ID >= 50600 +#ifndef MYSQL_VIO +#define MYSQL_VIO Vio* +#endif +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 +static inline bool vio_socket_connect(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, int timeout) +{ + return ::vio_socket_connect(vio, addr, len, timeout); +} +#else +/*********************************************/ +/* */ +/* resolve the symbols manualy to permit */ +/* loading of the plugin in their absence */ +/* */ +/*********************************************/ +extern bool (*_vio_socket_connect)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, int timeout); +extern bool (*_vio_socket_connect_80016)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, bool nonblocking, int timeout); +extern bool (*_vio_socket_connect_80020)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, bool nonblocking, int timeout, bool *connect_done); + +static inline bool vio_socket_connect(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, int timeout) +{ + if (_vio_socket_connect) return _vio_socket_connect(vio, addr, len, timeout); + if (_vio_socket_connect_80016) return _vio_socket_connect_80016(vio, addr, len, false, timeout); + if (_vio_socket_connect_80020) return _vio_socket_connect_80020(vio, addr, len, false, timeout, nullptr); + return true; +} +static inline bool init() +{ + void* handle = dlopen(NULL, RTLD_LAZY); + if (!handle) + return false; + _vio_socket_connect = (decltype(_vio_socket_connect))dlsym(handle, "_Z18vio_socket_connectP3VioP8sockaddrji"); + _vio_socket_connect_80016 = (decltype(_vio_socket_connect_80016))dlsym(handle, "_Z18vio_socket_connectP3VioP8sockaddrjbi"); + _vio_socket_connect_80020 = (decltype(_vio_socket_connect_80020))dlsym(handle, "_Z18vio_socket_connectP3VioP8sockaddrjbiPb"); + dlclose(handle); + return _vio_socket_connect || _vio_socket_connect_80016 || _vio_socket_connect_80020; +} +#endif +#endif +} + #endif // MYSQL_INCL_H diff --git a/offset-extract/offset-extract.sh b/offset-extract/offset-extract.sh index 400e82b..f9fc945 100644 --- a/offset-extract/offset-extract.sh +++ b/offset-extract/offset-extract.sh @@ -32,7 +32,7 @@ DB=db CLIENT_CAPS="print_offset THD client_capabilities" # In 5.6 command member is named m_command -if echo $MYVER | grep -P '^(5\.6|5\.7|10\.)' > /dev/null +if echo $MYVER | grep -P '^(5\.6|5\.7|8\.|10\.)' > /dev/null then COMMAND_MEMBER=m_command HAS_CONNECT_ATTRS=yes @@ -40,7 +40,7 @@ fi CONNECT_ATTRS_CS=m_session_connect_attrs_cs # In 5.7 thread_id changed to m_thread_id. main_security_ctx changed to m_main_security_ctx -if echo $MYVER | grep -P '^(5\.7)' > /dev/null +if echo $MYVER | grep -P '^(5\.7|8\.)' > /dev/null then THREAD_ID=m_thread_id SEC_CONTEXT=m_main_security_ctx @@ -59,7 +59,7 @@ fi # In 5.6.15 and up, 5.7 and mariabdb 10.0.11 and up, mariadb 10.1 # m_session_connect_attrs_cs changed to m_session_connect_attrs_cs_number -if echo $MYVER | grep -P '^(5\.7|10\.[1-2]|5\.6\.(1[5-9]|[2-9][0-9])|10.0.(1[1-9]|[2-9][0-9]))' > /dev/null +if echo $MYVER | grep -P '^(5\.7|8\.|10\.[1-2]|5\.6\.(1[5-9]|[2-9][0-9])|10.0.(1[1-9]|[2-9][0-9]))' > /dev/null then CONNECT_ATTRS_CS=m_session_connect_attrs_cs_number fi @@ -75,7 +75,7 @@ else CONNECT_ATTRS='printf ", 0, 0, 0"' fi -if echo $MYVER | grep -P '^5\.7' > /dev/null +if echo $MYVER | grep -P '^(5\.7|8\.0)' > /dev/null then if echo $MYVER | grep -P '^5\.7\.8' > /dev/null then @@ -115,7 +115,7 @@ DA_STATUS="print_offset Diagnostics_area m_status" # 5.5, 5.6, 5.7, mariadb 10. DA_SQL_ERRNO="print_offset Diagnostics_area m_sql_errno" # 5.5, 5.6, mariadb 10.0, 10.1, 10.2 STMT_DA="print_offset THD m_stmt_da" # 5.6, 5.7, mariadb 10.0, 10.1, 10.2 -if echo $MYVER | grep -P '^(5\.7)' > /dev/null +if echo $MYVER | grep -P '^(5\.7|8\.0)' > /dev/null then DA_SQL_ERRNO="print_offset Diagnostics_area m_mysql_errno" elif echo $MYVER | grep -P '^(5\.6|10\.)' > /dev/null @@ -130,6 +130,17 @@ else DA_SQL_ERRNO='printf ", 0"' fi +LEX_COMMENT="" +VIEW_TABLES="" +if echo $MYVER | grep -P '^(8\.0)' > /dev/null +then + LEX_COMMENT='printf ", 0"' + VIEW_TABLES="print_offset TABLE_LIST view_tables" +else + LEX_COMMENT="print_offset LEX comment" + VIEW_TABLES='printf ", 0"' +fi + cat < offsets.gdb set logging on set width 0 @@ -142,7 +153,7 @@ print_offset THD $THREAD_ID print_offset THD $SEC_CONTEXT print_offset THD $COMMAND_MEMBER print_offset THD lex -print_offset LEX comment +$LEX_COMMENT print_offset Security_context $USER print_offset Security_context $HOST print_offset Security_context $IP @@ -159,6 +170,7 @@ $ROW_COUNT_FUNC $STMT_DA $DA_STATUS $DA_SQL_ERRNO +$VIEW_TABLES printf "}" EOF diff --git a/src/audit_handler.cc b/src/audit_handler.cc index 2b9a22f..63eda86 100644 --- a/src/audit_handler.cc +++ b/src/audit_handler.cc @@ -508,7 +508,7 @@ int Audit_socket_handler::open(const char *io_dest, bool log_errors) m_connect_timeout)) #else // in 5.6 timeout is in ms - if (vio_socket_connect((Vio*)m_vio,(struct sockaddr *) &UNIXaddr, sizeof(UNIXaddr), + if (compat::vio_socket_connect((Vio*)m_vio,(struct sockaddr *) &UNIXaddr, sizeof(UNIXaddr), m_connect_timeout * 1000)) #endif { @@ -585,7 +585,7 @@ static void yajl_add_uint64(yajl_gen gen, const char *name, uint64 num) { const size_t max_int64_str_len = 21; char buf[max_int64_str_len]; - snprintf(buf, max_int64_str_len, "%llu", num); + snprintf(buf, max_int64_str_len, "%llu", (unsigned long long)num); yajl_add_string_val(gen, name, buf); } @@ -622,8 +622,11 @@ static const char *retrieve_user(THD *thd) // starting with MySQL version 5.1.41 thd_query_string is added // And at 5.7 it changed #if ! defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 50709 - +#if MYSQL_VERSION_ID >= 80000 +extern LEX_CSTRING thd_query_unsafe(MYSQL_THD thd); +#else extern "C" LEX_CSTRING thd_query_unsafe(MYSQL_THD thd); +#endif static const char *thd_query_str(THD *thd, size_t *len) { @@ -694,7 +697,7 @@ ssize_t Audit_json_formatter::start_msg_format(IWriter *writer) yajl_gen gen = yajl_gen_alloc(NULL); yajl_gen_map_open(gen); yajl_add_string_val(gen, "msg-type", "header"); - uint64 ts = my_getsystime() / (10000); + uint64 ts = compat::my_getsystime() / (10000); yajl_add_uint64(gen, "date", ts); yajl_add_string_val(gen, "audit-version", MYSQL_AUDIT_PLUGIN_VERSION "-" MYSQL_AUDIT_PLUGIN_REVISION); yajl_add_string_val(gen, "audit-protocol-version", AUDIT_PROTOCOL_VERSION); @@ -758,6 +761,7 @@ static const char *replace_in_string(THD *thd, #ifdef HAVE_SESS_CONNECT_ATTRS #include +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 //declare the function: parse_length_encoded_string from: storage/perfschema/table_session_connect.cc bool parse_length_encoded_string(const char **ptr, char *dest, uint dest_size, @@ -767,6 +771,72 @@ bool parse_length_encoded_string(const char **ptr, const CHARSET_INFO *from_cs, uint nchars_max); +#else +// the function is not exported in MySQL 8 +/** + Take a length encoded string + + @arg ptr inout the input string array + @arg dest where to store the result + @arg dest_size max size of @c dest + @arg copied_len the actual length of the data copied + @arg start_ptr pointer to the start of input + @arg input_length the length of the incoming data + @arg from_cs character set in which @c ptr is encoded + @arg nchars_max maximum number of characters to read + @return status + @retval true parsing failed + @retval false parsing succeeded +*/ +static bool parse_length_encoded_string( + const char **ptr + ,char *dest + ,uint dest_size + ,uint *copied_len + ,const char *start_ptr + ,uint input_length + ,bool /* unused */ + ,const CHARSET_INFO *from_cs + ,uint nchars_max +) +{ + ulong copy_length, data_length; + const char *well_formed_error_pos = NULL, *cannot_convert_error_pos = NULL, + *from_end_pos = NULL; + + copy_length = data_length = net_field_length((uchar **)ptr); + + /* we don't tolerate NULL as a length */ + if (data_length == NULL_LENGTH) { + return true; + } + + if (*ptr - start_ptr + data_length > input_length) { + return true; + } + + /* + TODO: Migrate the data itself to UTF8MB4, + this is still UTF8MB3 printed in a UTF8MB4 column. + */ + copy_length = well_formed_copy_nchars( + &my_charset_utf8_bin + , dest + , dest_size + , from_cs + , *ptr + , data_length + , nchars_max + , &well_formed_error_pos + , &cannot_convert_error_pos + , &from_end_pos + ); + *copied_len = copy_length; + (*ptr) += data_length; + + return false; +} +#endif /** * Code based upon read_nth_attribute of storage/perfschema/table_session_connect.cc * Only difference we do once loop and write out the attributes @@ -776,7 +846,11 @@ static void log_session_connect_attrs(yajl_gen gen, THD *thd) PFS_thread * pfs = PFS_thread::get_current_thread(); const char * connect_attrs = Audit_formatter::pfs_connect_attrs(pfs); const uint connect_attrs_length = Audit_formatter::pfs_connect_attrs_length(pfs); +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 const CHARSET_INFO *connect_attrs_cs = Audit_formatter::pfs_connect_attrs_cs(pfs); +#else + const CHARSET_INFO *connect_attrs_cs = get_charset(pfs->m_session_connect_attrs_cs_number, MYF(0)); +#endif //sanity max attributes const uint max_idx = 32; @@ -861,7 +935,7 @@ ssize_t Audit_json_formatter::event_format(ThdSesData *pThdData, IWriter *writer // TODO: get the start date from THD (but it is not in millis. Need to think about how we handle this) // for now simply use the current time. // my_getsystime() time since epoc in 100 nanosec units. Need to devide by 1000*(1000/100) to reach millis - uint64 ts = my_getsystime() / (10000); + uint64 ts = compat::my_getsystime() / (10000); yajl_add_uint64(gen, "date", ts); yajl_add_uint64(gen, "thread-id", thdid); yajl_add_uint64(gen, "query-id", qid); @@ -1077,10 +1151,19 @@ ssize_t Audit_json_formatter::event_format(ThdSesData *pThdData, IWriter *writer } ThdSesData::ThdSesData(THD *pTHD, StatementSource source) - : m_pThd (pTHD), m_CmdName(NULL), m_UserName(NULL), - m_objIterType(OBJ_NONE), m_tables(NULL), m_firstTable(true), - m_tableInf(NULL), m_index(0), m_isSqlCmd(false), - m_port(-1), m_source(source), m_errorCode(0), m_setErrorCode(false) + : m_pThd (pTHD) + , m_CmdName() + , m_UserName() + , m_isSqlCmd() + , m_objIterType(OBJ_NONE) + , m_tables() + , m_firstTable(true) + , m_tableInf() + , m_index() + , m_source(source) + , m_port(-1) + , m_errorCode() + , m_setErrorCode() { m_CmdName = retrieve_command (m_pThd, m_isSqlCmd); m_UserName = retrieve_user (m_pThd); @@ -1109,15 +1192,17 @@ bool ThdSesData::startGetObjects() m_tables = NULL; m_firstTable = true; m_index = 0; - m_tableInf = Audit_formatter::getQueryCacheTableList1(getTHD()); int command = Audit_formatter::thd_inst_command(getTHD()); LEX *pLex = Audit_formatter::thd_lex(getTHD()); +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 // query cache case + m_tableInf = Audit_formatter::getQueryCacheTableList1(getTHD()); if (pLex && command == COM_QUERY && m_tableInf && m_tableInf->num_of_elem > 0) { m_objIterType = OBJ_QUERY_CACHE; return true; } +#endif const char *cmd = getCmdName(); // commands which have single database object if (strcmp(cmd,"Init DB") == 0 diff --git a/src/audit_offsets.cc b/src/audit_offsets.cc index f5bab82..c82b7ab 100644 --- a/src/audit_offsets.cc +++ b/src/audit_offsets.cc @@ -25,6 +25,16 @@ const ThdOffsets thd_offsets_arr[] = { /* +++ PERCONA 64 OFFSETS GO HERE +++ */ + //offsets for: /perconarpm/usr/sbin/mysqld (5.7.30-33) + {"5.7.30-33","9ca6e80ea4c210aee6bb39116f38c0c2", 8360, 8424, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8556, 4656, 3648, 3656, 3660, 6560, 2088, 8, 7592, 7632, 7616, 14328, 148, 672}, + //offsets for: /perconarpm/usr/sbin/mysqld (5.7.29-32) + {"5.7.29-32","09e9c392e9be8499026f12407358bdab", 8360, 8424, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8556, 4656, 3648, 3656, 3660, 6560, 2088, 8, 7592, 7632, 7616, 14328, 148, 672}, + //offsets for: /perconarpm/usr/sbin/mysqld (5.7.28-31) + {"5.7.28-31","0b464e1bd825128da4d263fc4b531cb1", 8360, 8424, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8556, 4656, 3648, 3656, 3660, 6560, 2088, 8, 7592, 7632, 7616, 14328, 148, 672}, + //offsets for: /perconarpm/usr/sbin/mysqld (5.7.27-30) + {"5.7.27-30","815ef6b339dbd55eb776a811b61b93fb", 8360, 8424, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8556, 4656, 3648, 3656, 3660, 6560, 2088, 8, 7592, 7632, 7616, 14328, 148, 672}, + //offsets for: /perconarpm/usr/sbin/mysqld (5.7.26-29) + {"5.7.26-29","a137d1d93fe1d5553370426412d67249", 8312, 8376, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8508, 4656, 3648, 3656, 3660, 6512, 2088, 8, 7544, 7584, 7568, 14280, 148, 672}, //offsets for: /perconarpm/usr/sbin/mysqld (5.7.25-28) {"5.7.25-28","6a4e7d9fb6c932541d48d0ef3826d96c", 8312, 8376, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8508, 4656, 4032, 4040, 4044, 6512, 2088, 8, 7544, 7584, 7568, 14280, 148, 672}, //offsets for: /perconarpm/usr/sbin/mysqld (5.7.24-27) @@ -53,6 +63,54 @@ const ThdOffsets thd_offsets_arr[] = const ThdOffsets thd_offsets_arr[] = { /* +++ MYSQL 64 OFFSETS GO HERE +++ */ + //offsets for: ./mysqld-8.0.22 (8.0.22) + {"8.0.22","d33b22129504158cacdad5664d21a4a5", 8672, 8720, 4056, 5664, 520, 0, 0, 32, 64, 160, 600, 8836, 5296, 4208, 4216, 4220, 6968, 1600, 32, 7928, 7968, 7952, 11760, 140, 664, 320}, + //offsets for: ./mysqld-8.0.21 (8.0.21) + {"8.0.21","93b401ddbe0484ac527524e8da26d02f", 8656, 8704, 4040, 5648, 520, 0, 0, 32, 64, 160, 600, 8820, 5280, 4200, 4208, 4212, 6952, 1592, 40, 7912, 7952, 7936, 11744, 140, 664, 328}, + //offsets for: ./mysqld-8.0.20 (8.0.20) + {"8.0.20","d0cb4bd30cd1a325c24313d8edd4530b", 8656, 8704, 4040, 5648, 520, 0, 0, 32, 64, 160, 600, 8820, 5280, 4200, 4208, 4212, 6952, 1544, 40, 7912, 7952, 7936, 11744, 140, 664, 328}, + //offsets for: ./mysqld-8.0.19 (8.0.19) + {"8.0.19","3e06dfd8490afdcd0075ef1395891ae8", 8632, 8680, 4016, 5624, 520, 0, 0, 32, 64, 160, 600, 8796, 5256, 4200, 4208, 4212, 6928, 1544, 40, 7888, 7928, 7912, 11696, 140, 664, 328}, + //offsets for: ./mysqld-8.0.18 (8.0.18) + {"8.0.18","172a119d1acf6a743d155de9d9433124", 8608, 8656, 3992, 5600, 520, 0, 0, 32, 64, 160, 600, 8772, 5232, 4200, 4208, 4212, 6904, 1504, 40, 7864, 7904, 7888, 11672, 140, 664, 328}, + //offsets for: ./mysqld-8.0.17 (8.0.17) + {"8.0.17","0feb95f129f62fa3350c6895d556e7d9", 8744, 8792, 3912, 5736, 520, 0, 0, 32, 64, 160, 600, 8908, 5368, 4200, 4208, 4212, 7040, 1456, 40, 8000, 8040, 8024, 11808, 140, 664, 328}, + //offsets for: ./mysqld-8.0.16 (8.0.16) + {"8.0.16","ab69e3d19774ad65491dea8a722e6af1", 8360, 8408, 3912, 5352, 520, 0, 0, 32, 64, 160, 600, 8524, 4984, 4000, 4008, 4012, 6656, 1456, 40, 7616, 7656, 7640, 11416, 140, 664, 328}, + //offsets for: ./mysqld-8.0.15 (8.0.15) + {"8.0.15","aa0a7deef2aaba81b081e4e498859af1", 8136, 8184, 3936, 5120, 520, 0, 0, 32, 64, 160, 600, 8300, 4752, 4000, 4008, 4012, 6424, 1424, 24, 7392, 7432, 7416, 11192, 140, 664, 328}, + //offsets for: ./mysqld-8.0.14 (8.0.14) + {"8.0.14","649589cdd3e5b56f72790793a039e924", 8136, 8184, 3936, 5120, 520, 0, 0, 32, 64, 160, 600, 8300, 4752, 4000, 4008, 4012, 6424, 1424, 24, 7392, 7432, 7416, 11192, 140, 664, 328}, + //offsets for: ./mysqld-8.0.13 (8.0.13) + {"8.0.13","665c9cb36af00034f1d3e8823e50f028", 8112, 8160, 3912, 5096, 520, 0, 0, 32, 64, 160, 600, 8276, 4728, 4000, 4008, 4012, 6400, 1424, 24, 7360, 7408, 7392, 11144, 140, 664, 328}, + //offsets for: ./mysqld-8.0.12 (8.0.12) + {"8.0.12","261db244348c9750a6a08a12c36ecbbe", 8112, 8160, 3888, 5096, 520, 0, 0, 32, 64, 160, 600, 8276, 4728, 3992, 4000, 4004, 6400, 1416, 24, 7360, 7408, 7392, 11144, 140, 664, 328}, + //offsets for: ./mysqld-8.0.11 (8.0.11) + {"8.0.11","1e42c35650057a8c339ddf498808ca89", 8080, 8128, 3888, 5064, 520, 0, 0, 32, 64, 160, 600, 8244, 4696, 3992, 4000, 4004, 6368, 1416, 24, 7328, 7376, 7360, 11112, 140, 664, 328}, + //offsets for: /mysqlrpm/5.6.49/usr/sbin/mysqld (5.6.49) + {"5.6.49","bd064dfd82d5e05499f6a77a87673919", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.7.31/usr/sbin/mysqld (5.7.31) + {"5.7.31","a61aff0065ab76c5d8c98547a1d263ca", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, + //offsets for: /mysqlrpm/5.6.46/usr/sbin/mysqld (5.6.46) + {"5.6.46","f61171f2e38d9d4d2aae64757070d978", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.6.47/usr/sbin/mysqld (5.6.47) + {"5.6.47","549f0e278d3556bfe58633ce225b189d", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.6.48/usr/sbin/mysqld (5.6.48) + {"5.6.48","d1617f9dc54fcc2d72b0adec6aef3c77", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.7.30/usr/sbin/mysqld (5.7.30) + {"5.7.30","eac501d6343901af6618e560acfaf2ed", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, + //offsets for: /mysqlrpm/5.7.29/usr/sbin/mysqld (5.7.29) + {"5.7.29","46aa02a6fd09fdcf6d3fecf46b5702e1", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, + //offsets for: /mysqlrpm/5.7.28/usr/sbin/mysqld (5.7.28) + {"5.7.28","90ee3ca7ce1ebd2568d36b736f29953b", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, + //offsets for: /mysqlrpm/5.6.45/usr/sbin/mysqld (5.6.45) + {"5.6.45","e3809543079babc8d7d466577f282a6e", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.7.27/usr/sbin/mysqld (5.7.27) + {"5.7.27","a9e8881fb2fb5dd6a9ee98281fac2071", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, + //offsets for: /mysqlrpm/5.6.44/usr/sbin/mysqld (5.6.44) + {"5.6.44","c3f51e2426f75dd07551d23d5f631cc6", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.7.26/usr/sbin/mysqld (5.7.26) + {"5.7.26","6810d7713e6bced7524fa54ca621a9ec", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, //offsets for: /mysqlrpm/5.6.43/usr/sbin/mysqld (5.6.43) {"5.6.43","9475a14433d66a8cedaaa76c6bb3d78e", 6992, 7040, 4000, 4520, 72, 2704, 96, 0, 32, 104, 136, 7128, 4392, 2800, 2808, 2812, 536, 0, 0, 6360, 6384, 6368, 13048, 548, 516}, //offsets for: /mysqlrpm/5.7.25/usr/sbin/mysqld (5.7.25) @@ -346,6 +404,54 @@ const ThdOffsets thd_offsets_arr[] = const ThdOffsets thd_offsets_arr[] = { /* +++ MARIADB 64 OFFSETS GO HERE +++ */ + //offsets for: /mariadb/10.1.43/bin/mysqld (10.1.43-MariaDB) + {"10.1.43-MariaDB","4de77f18da6c8086f743eac1f5db94b1", 13712, 13776, 6488, 8096, 88, 3040, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20680, 548, 516}, + //offsets for: /mariadb/10.2.27/bin/mysqld (10.2.27-MariaDB) + {"10.2.27-MariaDB","a216829766a945325eece35408d911bb", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/10.2.29/bin/mysqld (10.2.29-MariaDB) + {"10.2.29-MariaDB","cb647967ccf176601e55c1fa7df4fd6f", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/5.5.66/bin/mysqld (5.5.66-MariaDB) + {"5.5.66-MariaDB","dd0aa7ad33051460119df0241eb61a32", 12032, 12096, 5800, 6904, 88, 2976, 8, 0, 16, 24, 152, 12168, 6784, 0, 0, 0, 536, 0, 0, 11888, 11912, 11896, 11960, 548, 516}, + //offsets for: /mariadb/10.1.47/bin/mysqld (10.1.47-MariaDB) + {"10.1.47-MariaDB","0d5e0df36a5d55a5ff48a1a418c73aac", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20672, 548, 516}, + //offsets for: /mariadb/10.2.34/bin/mysqld (10.2.34-MariaDB) + {"10.2.34-MariaDB","9aad93c7cb827d2cb905a39733626293", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/10.2.30/bin/mysqld (10.2.30-MariaDB) + {"10.2.30-MariaDB","ba2ecaad20de3a74498721dbf19dde45", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/10.2.33/bin/mysqld (10.2.33-MariaDB) + {"10.2.33-MariaDB","508b3b5be1083bc2ab14a0cd99854f8b", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/10.1.46/bin/mysqld (10.1.46-MariaDB) + {"10.1.46-MariaDB","cacf06452e59833499660b0fdd9adad1", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20672, 548, 516}, + //offsets for: /mariadb/10.2.31/bin/mysqld (10.2.31-MariaDB) + {"10.2.31-MariaDB","391128431e16ac5b98831b4375ae013a", 13880, 13944, 6672, 8288, 88, 3200, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21208, 548, 516}, + //offsets for: /mariadb/10.1.44/bin/mysqld (10.1.44-MariaDB) + {"10.1.44-MariaDB","60a119ad7a72b056f8a5ea8c57e9fef1", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20672, 548, 516}, + //offsets for: /mariadb/10.1.45/bin/mysqld (10.1.45-MariaDB) + {"10.1.45-MariaDB","45154ae9fd381e6ad2a7275cc7a96e80", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20672, 548, 516}, + //offsets for: /mariadb/10.2.32/bin/mysqld (10.2.32-MariaDB) + {"10.2.32-MariaDB","c01338f35c5564e0219c5e68ecaef0c7", 13880, 13944, 6672, 8288, 88, 3200, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21208, 548, 516}, + //offsets for: /mariadb/5.5.67/bin/mysqld (5.5.67-MariaDB) + {"5.5.67-MariaDB","84b34923e859f70644e4cad942446990", 12032, 12096, 5800, 6904, 88, 2976, 8, 0, 16, 24, 152, 12168, 6784, 0, 0, 0, 536, 0, 0, 11888, 11912, 11896, 11960, 548, 516}, + //offsets for: /mariadb/5.5.68/bin/mysqld (5.5.68-MariaDB) + {"5.5.68-MariaDB","85d03b4ef67225579235c6312fa4ed2b", 12032, 12096, 5800, 6904, 88, 2976, 8, 0, 16, 24, 152, 12168, 6784, 0, 0, 0, 536, 0, 0, 11888, 11912, 11896, 11960, 548, 516}, + //offsets for: /mariadb/10.1.41/bin/mysqld (10.1.41-MariaDB) + {"10.1.41-MariaDB","3c8a4882971a3ee4671f093a0215b955", 13712, 13776, 6488, 8096, 88, 3040, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20680, 548, 516}, + //offsets for: /mariadb/10.2.26/bin/mysqld (10.2.26-MariaDB) + {"10.2.26-MariaDB","523e563f20512468cb555ad01398872b", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/5.5.65/bin/mysqld (5.5.65-MariaDB) + {"5.5.65-MariaDB","f7187d236feaf618ef4522abaee22fa1", 12032, 12096, 5800, 6904, 88, 2976, 8, 0, 16, 24, 152, 12168, 6784, 0, 0, 0, 536, 0, 0, 11888, 11912, 11896, 11960, 548, 516}, + //offsets for: /mariadb/10.2.25/bin/mysqld (10.2.25-MariaDB) + {"10.2.25-MariaDB","cb52b4ff1b8ad4ec889f820cb261af89", 13880, 13944, 6672, 8288, 88, 3200, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21200, 548, 516}, + //offsets for: /mariadb/10.1.40/bin/mysqld (10.1.40-MariaDB) + {"10.1.40-MariaDB","f90a471397d82b15a6756788fad1eb16", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20664, 548, 516}, + //offsets for: /mariadb/10.1.39/bin/mysqld (10.1.39-MariaDB) + {"10.1.39-MariaDB","40ac6dfbdf7af2848e80e34b98671092", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20664, 548, 516}, + //offsets for: /mariadb/10.2.24/bin/mysqld (10.2.24-MariaDB) + {"10.2.24-MariaDB","55ba5d0b3c80cb6acabb286920622694", 13880, 13944, 6672, 8288, 88, 3200, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21200, 548, 516}, + //offsets for: /mariadb/10.2.23/bin/mysqld (10.2.23-MariaDB) + {"10.2.23-MariaDB","b955b4775d8bf1ea320b1db6b30beec0", 13880, 13944, 6672, 8288, 88, 3200, 8, 0, 16, 24, 152, 14044, 8048, 3136, 3144, 3148, 608, 0, 0, 13256, 13280, 13264, 21200, 548, 516}, + //offsets for: /mariadb/5.5.64/bin/mysqld (5.5.64-MariaDB) + {"5.5.64-MariaDB","aefa82168c5251432d5fcdce396e8694", 12032, 12096, 5800, 6904, 88, 2968, 8, 0, 16, 24, 152, 12168, 6784, 0, 0, 0, 536, 0, 0, 11888, 11912, 11896, 11960, 548, 516}, //offsets for: /mariadb/10.2.22/bin/mysqld (10.2.22-MariaDB) {"10.2.22-MariaDB","ba086874b7acabc1de00ec7e8ac54079", 13864, 13928, 6656, 8272, 88, 3200, 8, 0, 16, 24, 152, 14028, 8032, 3136, 3144, 3148, 608, 0, 0, 13240, 13264, 13248, 21200, 548, 516}, //offsets for: /mariadb/10.1.38/bin/mysqld (10.1.38-MariaDB) @@ -629,6 +735,30 @@ const ThdOffsets thd_offsets_arr[] = const ThdOffsets thd_offsets_arr[] = { /* +++ MYSQL 32 OFFSETS GO HERE +++ */ + //offsets for: /mysqlrpm/5.6.49/usr/sbin/mysqld (5.6.49) + {"5.6.49","2d3f8c93e042cf09b247b55016b3c0b3", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.7.31/usr/sbin/mysqld (5.7.31) + {"5.7.31","597a23bebe174f3d86d69e9616f5b668", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, + //offsets for: /mysqlrpm/5.6.46/usr/sbin/mysqld (5.6.46) + {"5.6.46","908df568e2a9b70d4f952500a42b4869", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.6.47/usr/sbin/mysqld (5.6.47) + {"5.6.47","2e4b0d22423ed1628b1b3036e0265836", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.6.48/usr/sbin/mysqld (5.6.48) + {"5.6.48","b4df1419dd500b5c46d89a69fbef1ec4", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.7.28/usr/sbin/mysqld (5.7.28) + {"5.7.28","e0eac037982665321a51456270b73b62", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, + //offsets for: /mysqlrpm/5.7.29/usr/sbin/mysqld (5.7.29) + {"5.7.29","6502a2f344054a85249b507dff890c17", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, + //offsets for: /mysqlrpm/5.7.30/usr/sbin/mysqld (5.7.30) + {"5.7.30","3e1f557e58b63dba8ea5c875ecb92a47", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, + //offsets for: /mysqlrpm/5.6.45/usr/sbin/mysqld (5.6.45) + {"5.6.45","a429e9854cffc5a66f8c03b98794b24d", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.7.27/usr/sbin/mysqld (5.7.27) + {"5.7.27","49410d4e2d72fa949669488e2e918a6a", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, + //offsets for: /mysqlrpm/5.6.44/usr/sbin/mysqld (5.6.44) + {"5.6.44","e849a781256d44e55cd898cfe549722f", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.7.26/usr/sbin/mysqld (5.7.26) + {"5.7.26","5dd7e67055f299bf575dd836f8f5891e", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, //offsets for: /mysqlrpm/5.6.43/usr/sbin/mysqld (5.6.43) {"5.6.43","0dbe6f81766c5deffda7fccdccded1bc", 4676, 4704, 2660, 3052, 36, 1748, 60, 0, 20, 64, 72, 4776, 2980, 2268, 2272, 2276, 348, 0, 0, 4204, 4228, 4212, 8660, 548, 516}, //offsets for: /mysqlrpm/5.7.25/usr/sbin/mysqld (5.7.25) @@ -916,6 +1046,54 @@ const ThdOffsets thd_offsets_arr[] = const ThdOffsets thd_offsets_arr[] = { /* +++ MARIADB 32 OFFSETS GO HERE +++ */ + //offsets for: /mariadb/10.1.43/bin/mysqld (10.1.43-MariaDB) + {"10.1.43-MariaDB","e0e44c5fa79d68f4266ca97ece05e764", 8540, 8576, 3884, 5344, 44, 1932, 4, 0, 8, 12, 84, 8648, 5212, 2604, 2608, 2612, 356, 0, 0, 8064, 8088, 8072, 13180, 548, 516}, + //offsets for: /mariadb/10.2.27/bin/mysqld (10.2.27-MariaDB) + {"10.2.27-MariaDB","b5e02d52fe8a803add2c05bc846c9cff", 8640, 8676, 3988, 5456, 44, 2032, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13488, 548, 516}, + //offsets for: /mariadb/10.2.29/bin/mysqld (10.2.29-MariaDB) + {"10.2.29-MariaDB","9a6d57a5c420f8357e3d3dd4823b0756", 8640, 8676, 3988, 5456, 44, 2032, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13488, 548, 516}, + //offsets for: /mariadb/5.5.66/bin/mysqld (5.5.66-MariaDB) + {"5.5.66-MariaDB","fd2c0a1cd70e42a45e76307a6cfb6ad3", 7276, 7312, 3460, 4468, 44, 1884, 4, 0, 8, 12, 84, 7372, 4400, 0, 0, 0, 340, 0, 0, 7176, 7200, 7184, 7236, 548, 516}, + //offsets for: /mariadb/10.1.47/bin/mysqld (10.1.47-MariaDB) + {"10.1.47-MariaDB","1875f21a9783cb50bb9214e1ba15bad4", 8516, 8552, 3860, 5320, 44, 1928, 4, 0, 8, 12, 84, 8624, 5188, 2604, 2608, 2612, 356, 0, 0, 8040, 8064, 8048, 13152, 548, 516}, + //offsets for: /mariadb/10.2.34/bin/mysqld (10.2.34-MariaDB) + {"10.2.34-MariaDB","229474e5966945b70e0f795ceb37d4be", 8616, 8652, 3964, 5432, 44, 2032, 4, 0, 8, 12, 84, 8736, 5292, 2604, 2608, 2612, 376, 0, 0, 8140, 8164, 8148, 13468, 548, 516}, + //offsets for: /mariadb/10.2.30/bin/mysqld (10.2.30-MariaDB) + {"10.2.30-MariaDB","c8fdfa05e5262a42f630b879cb0208f7", 8640, 8676, 3988, 5456, 44, 2032, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13488, 548, 516}, + //offsets for: /mariadb/10.2.33/bin/mysqld (10.2.33-MariaDB) + {"10.2.33-MariaDB","09da575acaea44eb61ecb03900d370ec", 8616, 8652, 3964, 5432, 44, 2032, 4, 0, 8, 12, 84, 8736, 5292, 2604, 2608, 2612, 376, 0, 0, 8140, 8164, 8148, 13468, 548, 516}, + //offsets for: /mariadb/10.1.46/bin/mysqld (10.1.46-MariaDB) + {"10.1.46-MariaDB","6ea657fe50fa68eff407912d75a39120", 8516, 8552, 3860, 5320, 44, 1928, 4, 0, 8, 12, 84, 8624, 5188, 2604, 2608, 2612, 356, 0, 0, 8040, 8064, 8048, 13152, 548, 516}, + //offsets for: /mariadb/10.2.32/bin/mysqld (10.2.32-MariaDB) + {"10.2.32-MariaDB","9cbcd8dfa5590ab8db7bf55f6f31f992", 8616, 8652, 3964, 5432, 44, 2028, 4, 0, 8, 12, 84, 8736, 5292, 2604, 2608, 2612, 376, 0, 0, 8140, 8164, 8148, 13460, 548, 516}, + //offsets for: /mariadb/10.1.44/bin/mysqld (10.1.44-MariaDB) + {"10.1.44-MariaDB","b5542ac9eafee566d86896be802293eb", 8540, 8576, 3884, 5344, 44, 1928, 4, 0, 8, 12, 84, 8648, 5212, 2604, 2608, 2612, 356, 0, 0, 8064, 8088, 8072, 13176, 548, 516}, + //offsets for: /mariadb/10.1.45/bin/mysqld (10.1.45-MariaDB) + {"10.1.45-MariaDB","891616e964a5ff3957022519d6496909", 8516, 8552, 3860, 5320, 44, 1928, 4, 0, 8, 12, 84, 8624, 5188, 2604, 2608, 2612, 356, 0, 0, 8040, 8064, 8048, 13152, 548, 516}, + //offsets for: /mariadb/10.2.31/bin/mysqld (10.2.31-MariaDB) + {"10.2.31-MariaDB","6ffdbfb680448d85803149d8ba5d087a", 8640, 8676, 3988, 5456, 44, 2028, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13484, 548, 516}, + //offsets for: /mariadb/5.5.67/bin/mysqld (5.5.67-MariaDB) + {"5.5.67-MariaDB","7b1a93e0e54c84dce4763862199980cb", 7276, 7312, 3460, 4468, 44, 1884, 4, 0, 8, 12, 84, 7372, 4400, 0, 0, 0, 340, 0, 0, 7176, 7200, 7184, 7236, 548, 516}, + //offsets for: /mariadb/5.5.68/bin/mysqld (5.5.68-MariaDB) + {"5.5.68-MariaDB","042bec4b00532423dd46da4ff5ce7e9e", 7276, 7312, 3460, 4468, 44, 1884, 4, 0, 8, 12, 84, 7372, 4400, 0, 0, 0, 340, 0, 0, 7176, 7200, 7184, 7236, 548, 516}, + //offsets for: /mariadb/10.1.41/bin/mysqld (10.1.41-MariaDB) + {"10.1.41-MariaDB","eb3a635b47ffd30f3a975bd678d21545", 8540, 8576, 3884, 5344, 44, 1932, 4, 0, 8, 12, 84, 8648, 5212, 2604, 2608, 2612, 356, 0, 0, 8064, 8088, 8072, 13180, 548, 516}, + //offsets for: /mariadb/10.2.26/bin/mysqld (10.2.26-MariaDB) + {"10.2.26-MariaDB","7335b29f0539c2f51da78f6665ae3ed8", 8640, 8676, 3988, 5456, 44, 2032, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13488, 548, 516}, + //offsets for: /mariadb/5.5.65/bin/mysqld (5.5.65-MariaDB) + {"5.5.65-MariaDB","af42f2c2c37a62b31c8ffab002a3c215", 7276, 7312, 3460, 4468, 44, 1884, 4, 0, 8, 12, 84, 7372, 4400, 0, 0, 0, 340, 0, 0, 7176, 7200, 7184, 7236, 548, 516}, + //offsets for: /mariadb/10.2.25/bin/mysqld (10.2.25-MariaDB) + {"10.2.25-MariaDB","fc3aa9473db8ce277daa94a9b2ea4cb9", 8640, 8676, 3988, 5456, 44, 2028, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13480, 548, 516}, + //offsets for: /mariadb/10.1.40/bin/mysqld (10.1.40-MariaDB) + {"10.1.40-MariaDB","1d75d817dd5c588765024ffa5ed0fb15", 8540, 8576, 3884, 5344, 44, 1928, 4, 0, 8, 12, 84, 8648, 5212, 2604, 2608, 2612, 356, 0, 0, 8064, 8088, 8072, 13172, 548, 516}, + //offsets for: /mariadb/10.1.39/bin/mysqld (10.1.39-MariaDB) + {"10.1.39-MariaDB","b092e8bb10ab3e3f03e9dad79cd765e0", 8540, 8576, 3884, 5344, 44, 1928, 4, 0, 8, 12, 84, 8648, 5212, 2604, 2608, 2612, 356, 0, 0, 8064, 8088, 8072, 13172, 548, 516}, + //offsets for: /mariadb/10.2.24/bin/mysqld (10.2.24-MariaDB) + {"10.2.24-MariaDB","d453d1882851ae30242639ae81ab2185", 8640, 8676, 3988, 5456, 44, 2028, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13480, 548, 516}, + //offsets for: /mariadb/10.2.23/bin/mysqld (10.2.23-MariaDB) + {"10.2.23-MariaDB","74b14e0fa8520f3143154f73ceb84c0c", 8640, 8676, 3988, 5456, 44, 2028, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13480, 548, 516}, + //offsets for: /mariadb/5.5.64/bin/mysqld (5.5.64-MariaDB) + {"5.5.64-MariaDB","3dba0232419ef10c1f342a40687f3de0", 7276, 7312, 3460, 4468, 44, 1880, 4, 0, 8, 12, 84, 7372, 4400, 0, 0, 0, 340, 0, 0, 7176, 7200, 7184, 7236, 548, 516}, //offsets for: /mariadb/10.2.22/bin/mysqld (10.2.22-MariaDB) {"10.2.22-MariaDB","97cdec65b3a1f4a9e83f4c8b6b74167a", 8632, 8668, 3980, 5448, 44, 2028, 4, 0, 8, 12, 84, 8752, 5308, 2604, 2608, 2612, 376, 0, 0, 8156, 8180, 8164, 13480, 548, 516}, //offsets for: /mariadb/10.1.38/bin/mysqld (10.1.38-MariaDB) diff --git a/src/audit_plugin.cc b/src/audit_plugin.cc index 8bff272..44ca3e5 100644 --- a/src/audit_plugin.cc +++ b/src/audit_plugin.cc @@ -11,7 +11,6 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - #include "mysql_inc.h" #include "hot_patch.h" #include @@ -47,14 +46,14 @@ static Audit_socket_handler json_socket_handler; static Audit_json_formatter json_formatter; // flags to hold if audit handlers are enabled -static my_bool json_file_handler_enable = FALSE; -static my_bool force_record_logins_enable = FALSE; -static my_bool json_file_handler_flush = FALSE; -static my_bool json_socket_handler_enable = FALSE; -static my_bool uninstall_plugin_enable = FALSE; -static my_bool validate_checksum_enable = FALSE; -static my_bool offsets_by_version_enable = FALSE; -static my_bool validate_offsets_extended_enable = FALSE; +static my_bool json_file_handler_enable; +static my_bool force_record_logins_enable; +static my_bool json_file_handler_flush; +static my_bool json_socket_handler_enable; +static my_bool uninstall_plugin_enable; +static my_bool validate_checksum_enable; +static my_bool offsets_by_version_enable; +static my_bool validate_offsets_extended_enable; static char *offsets_string = NULL; static char *checksum_string = NULL; static int delay_ms_val = 0; @@ -129,12 +128,15 @@ static char json_socket_name_buff[1024] = {0}; */ static int (*trampoline_mysql_execute_command)(THD *thd) = NULL; static unsigned int trampoline_mysql_execute_size = 0; +SavedCode trampoline_mysql_execute_saved_code; #if MYSQL_VERSION_ID < 50600 static void (*trampoline_log_slow_statement)(THD *thd) = NULL; static unsigned int trampoline_log_slow_statement_size = 0; +SavedCode trampoline_log_slow_statement_saved_code; static bool (*trampoline_acl_authenticate)(THD *thd, uint connect_errors, uint com_change_user_pkt_len) = NULL; static unsigned int trampoline_acl_authenticate_size = 0; +SavedCode trampoline_acl_authenticate_saved_code; #endif static MYSQL_THDVAR_ULONG(is_thd_printed_list, @@ -245,7 +247,7 @@ static void initializePeerCredentials(THD *pThd) peer = (PeerInfo *) THDVAR(pThd, peer_info); if (peer != NULL) { - memset(peer, 0, sizeof(PeerInfo)); + *peer = PeerInfo(); } #endif @@ -365,10 +367,10 @@ static void initializePeerCredentials(THD *pThd) } // set that we have a UDS, so that THD vars will be used - THDVAR(pThd, peer_is_uds) = TRUE; + THDVAR(pThd, peer_is_uds) = true; done: - THDVAR(pThd, set_peer_cred) = TRUE; + THDVAR(pThd, set_peer_cred) = true; } PeerInfo *retrieve_peerinfo(THD *thd) @@ -575,11 +577,15 @@ static void audit(ThdSesData *pThdData) #if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 50709 static int (*trampoline_send_result_to_client)(Query_cache *pthis, THD *thd, char *sql, uint query_length) = NULL; -#else +#elif MYSQL_VERSION_ID < 80000 static int (*trampoline_send_result_to_client)(Query_cache *pthis, THD *thd, const LEX_CSTRING& sql_query) = NULL; #endif -#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 + +#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID == 100224 +static bool (*trampoline_open_tables)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, + Sroutine_hash_entry **sroutine_to_open, uint flags, Prelocking_strategy *prelocking_strategy) = NULL; +#elif defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 static bool (*trampoline_open_tables)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, uint flags, Prelocking_strategy *prelocking_strategy) = NULL; #elif MYSQL_VERSION_ID > 50505 @@ -590,10 +596,12 @@ static int (*trampoline_open_tables)(THD *thd, TABLE_LIST **start, uint *counter #endif +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 QueryTableInf *Audit_formatter::getQueryCacheTableList1(THD *thd) { return (QueryTableInf*) THDVAR(thd, query_cache_table_list); } +#endif static bool (*trampoline_check_table_access)(THD *thd, ulong want_access,TABLE_LIST *tables, bool any_combination_of_privileges_will_do, @@ -635,7 +643,9 @@ static bool audit_check_table_access(THD *thd, ulong want_access,TABLE_LIST *tab } static unsigned int trampoline_check_table_access_size = 0; +SavedCode trampoline_check_table_access_saved_code; +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 #if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 50709 static int audit_send_result_to_client(Query_cache *pthis, THD *thd, char *sql, uint query_length) #else @@ -667,8 +677,16 @@ static int audit_send_result_to_client(Query_cache *pthis, THD *thd, const LEX_ } static unsigned int trampoline_send_result_to_client_size = 0; +SavedCode trampoline_send_result_to_client_saved_code; +#endif // defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 -#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 +#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID == 100224 +static bool audit_open_tables(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, + Sroutine_hash_entry **sroutine_to_open, uint flags, Prelocking_strategy *prelocking_strategy) +{ + bool res; + res = trampoline_open_tables (thd, options, start, counter, sroutine_to_open, flags, prelocking_strategy); +#elif defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 static bool audit_open_tables(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, uint flags, Prelocking_strategy *prelocking_strategy) { @@ -699,6 +717,7 @@ static int audit_open_tables(THD *thd, TABLE_LIST **start, uint *counter, uint f } static unsigned int trampoline_open_tables_size = 0; +SavedCode trampoline_open_tables_saved_code; // called by log_slow_statement and general audit event caught by audit interface static void audit_post_execute(THD * thd) @@ -833,13 +852,16 @@ static struct st_mysql_audit audit_plugin = #endif // some extern definitions which are not in include files +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 extern void log_slow_statement(THD *thd); +#endif extern int mysql_execute_command(THD *thd); #if defined(MARIADB_BASE_VERSION) extern void end_connection(THD *thd); static int (*trampoline_end_connection)(THD *thd) = NULL; static unsigned int trampoline_end_connection_size = 0; +SavedCode trampoline_end_connection_saved_code; #endif void remove_hot_functions() @@ -849,15 +871,21 @@ void remove_hot_functions() #if MYSQL_VERSION_ID < 50600 target_function = (void *) log_slow_statement; remove_hot_patch_function(target_function, - (void*) trampoline_log_slow_statement, trampoline_log_slow_statement_size, true); + (void*) trampoline_log_slow_statement, trampoline_log_slow_statement_size, true, &trampoline_log_slow_statement_saved_code); trampoline_log_slow_statement_size = 0; + trampoline_log_slow_statement_saved_code.size = 0; target_function = (void *) acl_authenticate; remove_hot_patch_function(target_function, - (void*) trampoline_acl_authenticate, trampoline_acl_authenticate_size, true); + (void*) trampoline_acl_authenticate, trampoline_acl_authenticate_size, true, &trampoline_acl_authenticate_saved_code); trampoline_acl_authenticate_size = 0; + trampoline_acl_authenticate_saved_code.size = 0; #endif -#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 + +#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID == 100224 + target_function = (void *)*(bool (*)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, + Sroutine_hash_entry **sroutine_to_open, uint flags, Prelocking_strategy *prelocking_strategy)) &open_tables; +#elif defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 target_function = (void *)*(bool (*)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, uint flags, Prelocking_strategy *prelocking_strategy)) &open_tables; #elif MYSQL_VERSION_ID > 50505 @@ -867,9 +895,11 @@ void remove_hot_functions() target_function = (void *)*(int (*)(THD *thd, TABLE_LIST **start, uint *counter, uint flags)) &open_tables; #endif remove_hot_patch_function(target_function, - (void*) trampoline_open_tables, trampoline_open_tables_size, true); + (void*) trampoline_open_tables, trampoline_open_tables_size, true, &trampoline_open_tables_saved_code); trampoline_open_tables_size = 0; + trampoline_open_tables_saved_code.size = 0; +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 #if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 50709 int (Query_cache::*pf_send_result_to_client)(THD *,char *, uint) = &Query_cache::send_result_to_client; #else @@ -877,13 +907,16 @@ void remove_hot_functions() #endif target_function = *(void **) &pf_send_result_to_client; remove_hot_patch_function(target_function, - (void*) trampoline_send_result_to_client, trampoline_send_result_to_client_size, true); + (void*) trampoline_send_result_to_client, trampoline_send_result_to_client_size, true, &trampoline_send_result_to_client_saved_code); trampoline_send_result_to_client_size = 0; + trampoline_send_result_to_client_saved_code.size = 0; +#endif remove_hot_patch_function((void*) check_table_access, (void*) trampoline_check_table_access, - trampoline_check_table_access_size, true); + trampoline_check_table_access_size, true, &trampoline_check_table_access_saved_code); trampoline_check_table_access_size=0; + trampoline_check_table_access_saved_code.size = 0; #if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 50709 target_function = (void*) mysql_execute_command; @@ -896,14 +929,16 @@ void remove_hot_functions() target_function = (void*) end_connection; remove_hot_patch_function(target_function, (void*) trampoline_end_connection, - trampoline_end_connection_size, true); + trampoline_end_connection_size, true, &trampoline_end_connection_saved_code); trampoline_end_connection_size = 0; + trampoline_end_connection_saved_code.size = 0; #endif remove_hot_patch_function(target_function, (void*) trampoline_mysql_execute_command, - trampoline_mysql_execute_size, true); + trampoline_mysql_execute_size, true, &trampoline_mysql_execute_saved_code); trampoline_mysql_execute_size = 0; + trampoline_mysql_execute_saved_code.size = 0; } int is_remove_patches(ThdSesData *pThdData) @@ -1083,10 +1118,10 @@ static void audit_end_connection(THD *thd) static bool parse_thd_offsets_string (char *poffsets_string) { - char offset_str[2048] = {0}; + char offset_str[2049] = {0}; char *poffset_str = offset_str; - strncpy(poffset_str,poffsets_string,array_elements(offset_str)); + strncpy(poffset_str,poffsets_string,array_elements(offset_str)-1); char *comma_delimiter = strchr(poffset_str, ','); size_t i = 0; @@ -1197,9 +1232,16 @@ static bool validate_offsets(const ThdOffsets *offset) (*(const char **) (((unsigned char *) sctx) + offset->sec_ctx_user)) = user_test_val; } +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 80000 + PSI_mutex_key key_LOCK_thd_query_validate=99999; + mysql_mutex_init(key_LOCK_thd_query_validate, &thd->LOCK_thd_query, MY_MUTEX_INIT_FAST); +#endif char buffer[2048] = {0}; thd_security_context(thd, buffer, 2048, 1000); +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 80000 + mysql_mutex_destroy(&thd->LOCK_thd_query); +#endif // verfiy our buffer contains query id if (strstr(buffer, " 789") == NULL || strstr(buffer, user_test_val) == NULL) { @@ -1739,7 +1781,7 @@ static void *trampoline_mem_free = NULL; * Utility method for hot patching */ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_size, - void* target_function, void* audit_function, const char * func_name) + void* target_function, void* audit_function, const char * func_name, SavedCode* saved_code) { // 16 byte align the pointer DATATYPE_ADDRESS addrs = (DATATYPE_ADDRESS)trampoline_mem_free + 15; @@ -1748,7 +1790,7 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si // hot patch functions unsigned int used_size; int res = hot_patch_function(target_function, audit_function, - *trampoline_func_pp, trampoline_size, &used_size, true); + *trampoline_func_pp, trampoline_size, &used_size, true, saved_code); if (res != 0) { // hot patch failed. @@ -1764,7 +1806,7 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si } #define DECLARE_STRING_ARR_UPDATE_FUNC(NAME) \ -static void NAME ## _string_update(THD *thd, struct st_mysql_sys_var *var, void *tgt, const void *save)\ +static void NAME ## _string_update(THD *thd, SYS_VAR *var, void *tgt, const void *save)\ {\ num_ ## NAME = string_to_array(save, NAME ## _array, array_elements( NAME ## _array), sizeof( NAME ## _array[0]));\ /* handle "set global audit_xxx = null;" */ \ @@ -1788,7 +1830,7 @@ DECLARE_STRING_ARR_UPDATE_FUNC(password_masking_cmds) DECLARE_STRING_ARR_UPDATE_FUNC(whitelist_users) DECLARE_STRING_ARR_UPDATE_FUNC(record_objs) -static void password_masking_regex_string_update(THD *thd, struct st_mysql_sys_var *var, void *tgt, const void *save) +static void password_masking_regex_string_update(THD *thd, SYS_VAR *var, void *tgt, const void *save) { const char *str_val = ""; char *const* save_p = static_cast(save); @@ -1846,7 +1888,7 @@ static void replace_char(char *str, const char tofind, const char rplc) } } -static void json_socket_name_update(THD *thd, struct st_mysql_sys_var *var, void *tgt, const void *save) +static void json_socket_name_update(THD *thd, SYS_VAR *var, void *tgt, const void *save) { const char *str_val = NULL; char *const* save_p = static_cast(save); @@ -1917,7 +1959,7 @@ static void json_socket_name_update(THD *thd, struct st_mysql_sys_var *var, void } // check that the regex compiles. Return 0 on success. -static int password_masking_regex_check(THD *thd, struct st_mysql_sys_var *var, void *save, st_mysql_value *value) +static int password_masking_regex_check(THD *thd, SYS_VAR *var, void *save, st_mysql_value *value) { int length = array_elements(password_masking_regex_check_buff); const char *str = value->val_str(value, password_masking_regex_check_buff, &length); @@ -1937,7 +1979,7 @@ static int password_masking_regex_check(THD *thd, struct st_mysql_sys_var *var, } // extended method to set also record_empty_objs_set -static void record_objs_string_update_extended(THD *thd, struct st_mysql_sys_var *var, void *tgt, const void *save) +static void record_objs_string_update_extended(THD *thd, SYS_VAR *var, void *tgt, const void *save) { record_objs_string_update(thd, var, tgt, save); if (num_record_objs > 0) // check if to record also the empty set of objects @@ -1962,10 +2004,24 @@ static void record_objs_string_update_extended(THD *thd, struct st_mysql_sys_var * 0 success * 1 failure */ + +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID > 80000 +bool (*compat::_vio_socket_connect)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, int timeout); +bool (*compat::_vio_socket_connect_80016)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, bool nonblocking, int timeout); +bool (*compat::_vio_socket_connect_80020)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, bool nonblocking, int timeout, bool *connect_done); +#endif static int audit_plugin_init(void *p) { DBUG_ENTER("audit_plugin_init"); +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID > 80000 + const bool compat_init_ok = compat::init(); + if (!compat_init_ok) + { + sql_print_error("%s unable to init compatibility layer. Aborting.", log_prefix); + DBUG_RETURN(1); + } +#endif #ifdef __x86_64__ const char * arch = "64bit"; @@ -2080,7 +2136,7 @@ static int audit_plugin_init(void *p) trampoline_mem = NULL; #ifdef __x86_64__ - size_t func_in_mysqld = (size_t)log_slow_statement; + size_t func_in_mysqld = (size_t)check_table_access; size_t func_in_plugin = (size_t)trampoline_dummy_func_for_mem; if (func_in_mysqld < INT_MAX && func_in_plugin > INT_MAX) { @@ -2141,14 +2197,14 @@ static int audit_plugin_init(void *p) #endif if (do_hot_patch((void **)&trampoline_mysql_execute_command, &trampoline_mysql_execute_size, - target_function, (void *)audit_mysql_execute_command, "mysql_execute_command")) + target_function, (void *)audit_mysql_execute_command, "mysql_execute_command", &trampoline_mysql_execute_saved_code)) { DBUG_RETURN(1); } #if MYSQL_VERSION_ID < 50600 if (do_hot_patch((void **)&trampoline_log_slow_statement, &trampoline_log_slow_statement_size, - (void *)log_slow_statement, (void *)audit_log_slow_statement, "log_slow_statement")) + (void *)log_slow_statement, (void *)audit_log_slow_statement, "log_slow_statement", &trampoline_log_slow_statement_saved_code)) { sql_print_error("%s Failed hot patch. Continuing as non-critical.", log_prefix); @@ -2156,13 +2212,14 @@ static int audit_plugin_init(void *p) } if (do_hot_patch((void **)&trampoline_acl_authenticate, &trampoline_acl_authenticate_size, - (void *)acl_authenticate, (void *)audit_acl_authenticate, "acl_authenticate")) + (void *)acl_authenticate, (void *)audit_acl_authenticate, "acl_authenticate", &trampoline_acl_authenticate_saved_code)) { DBUG_RETURN(1); } #endif +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 #if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 50709 int (Query_cache::*pf_send_result_to_client)(THD *,char *, uint) = &Query_cache::send_result_to_client; #else @@ -2170,18 +2227,22 @@ static int audit_plugin_init(void *p) #endif target_function = *(void **) &pf_send_result_to_client; if (do_hot_patch((void **)&trampoline_send_result_to_client, &trampoline_send_result_to_client_size, - (void *)target_function, (void *)audit_send_result_to_client, "send_result_to_client")) + (void *)target_function, (void *)audit_send_result_to_client, "send_result_to_client", &trampoline_send_result_to_client_saved_code)) { DBUG_RETURN(1); } +#endif if (do_hot_patch((void **)&trampoline_check_table_access, &trampoline_check_table_access_size, - (void *)check_table_access, (void *)audit_check_table_access, "check_table_access")) + (void *)check_table_access, (void *)audit_check_table_access, "check_table_access", &trampoline_check_table_access_saved_code)) { DBUG_RETURN(1); } -#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 +#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID == 100224 + target_function = (void *)*(bool (*)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, + Sroutine_hash_entry **sroutine_to_open, uint flags, Prelocking_strategy *prelocking_strategy)) &open_tables; +#elif defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 target_function = (void *)*(bool (*)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, uint flags, Prelocking_strategy *prelocking_strategy)) &open_tables; #elif MYSQL_VERSION_ID > 50505 @@ -2191,7 +2252,7 @@ static int audit_plugin_init(void *p) target_function = (void *)*(int (*)(THD *thd, TABLE_LIST **start, uint *counter, uint flags)) &open_tables; #endif if (do_hot_patch((void **)&trampoline_open_tables, &trampoline_open_tables_size, - (void *)target_function, (void *)audit_open_tables, "open_tables")) + (void *)target_function, (void *)audit_open_tables, "open_tables", &trampoline_open_tables_saved_code)) { DBUG_RETURN(1); } @@ -2199,7 +2260,7 @@ static int audit_plugin_init(void *p) #if defined(MARIADB_BASE_VERSION) target_function = (void*) end_connection; if (do_hot_patch((void **)&trampoline_end_connection, &trampoline_end_connection_size, - (void *)target_function, (void *)audit_end_connection, "end_connection")) + (void *)target_function, (void *)audit_end_connection, "end_connection", &trampoline_end_connection_saved_code)) { DBUG_RETURN(1); } @@ -2239,7 +2300,7 @@ static int audit_plugin_deinit(void *p) Plugin status variables for SHOW STATUS */ -static struct st_mysql_show_var audit_status[] = +static SHOW_VAR audit_status[] = { { "Audit_version", (char *) MYSQL_AUDIT_PLUGIN_VERSION "-" MYSQL_AUDIT_PLUGIN_REVISION, @@ -2260,32 +2321,32 @@ static struct st_mysql_show_var audit_status[] = -static void json_log_file_enable(THD *thd, struct st_mysql_sys_var *var, +static void json_log_file_enable(THD *thd, SYS_VAR *var, void *tgt, const void *save) { - json_file_handler_enable = *(my_bool *) save ? TRUE : FALSE; + json_file_handler_enable = *(my_bool *) save ? true : false; if (json_file_handler.is_init()) { json_file_handler.set_enable(json_file_handler_enable); } } -static void json_log_file_flush(THD *thd, struct st_mysql_sys_var *var, +static void json_log_file_flush(THD *thd, SYS_VAR *var, void *tgt, const void *save) { // always set to false. as we just flush if set to true and leave at 0 - json_file_handler_flush = FALSE; - my_bool val = *(my_bool *) save ? TRUE : FALSE; + json_file_handler_flush = false; + my_bool val = *(my_bool *) save ? true : false; if (val && json_file_handler.is_init()) { json_file_handler.flush(); } } -static void json_log_socket_enable(THD *thd, struct st_mysql_sys_var *var, +static void json_log_socket_enable(THD *thd, SYS_VAR *var, void *tgt, const void *save) { - json_socket_handler_enable = *(my_bool *) save ? TRUE : FALSE; + json_socket_handler_enable = *(my_bool *) save ? true : false; if (json_socket_handler.is_init()) { json_socket_handler.set_enable(json_socket_handler_enable); @@ -2456,7 +2517,7 @@ static MYSQL_SYSVAR_ENUM(before_after, before_after_mode, /* * Plugin system vars */ -static struct st_mysql_sys_var* audit_system_variables[] = +static SYS_VAR* audit_system_variables[] = { #ifdef HAVE_SESS_CONNECT_ATTRS MYSQL_SYSVAR(sess_connect_attrs), @@ -2508,12 +2569,18 @@ mysql_declare_plugin(audit_plugin) "McAfee Inc", "AUDIT plugin, creates a file mysql-audit.log to log activity", PLUGIN_LICENSE_GPL, - audit_plugin_init, /* Plugin Init */ - audit_plugin_deinit, /* Plugin Deinit */ - 0x0100 /* 1.0 */, - audit_status, /* status variables */ + audit_plugin_init, /* Plugin Init */ +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 80000 + nullptr, /* check uninstall function */ +#endif + audit_plugin_deinit, /* Plugin Deinit */ + 0x0100 /* 1.0 */, + audit_status, /* status variables */ audit_system_variables, /* system variables */ - NULL /* config options */ + NULL, /* config options */ +#if MYSQL_VERSION_ID >= 50516 + 0 /* flags for plugin */ +#endif } mysql_declare_plugin_end; diff --git a/src/hot_patch.cc b/src/hot_patch.cc index e03c2ff..5f9eee2 100644 --- a/src/hot_patch.cc +++ b/src/hot_patch.cc @@ -228,7 +228,7 @@ static void WriteJump32(void *pAddress, ULONG_PTR JumpTo) // Hooks a function // static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG_PTR trampolineFunction, - unsigned int *trampolinesize, unsigned int *usedsize) + unsigned int *trampolinesize, unsigned int *usedsize, SavedCode* saved_code) { #define MAX_INSTRUCTIONS 100 uint8_t raw[MAX_INSTRUCTIONS]; @@ -293,6 +293,9 @@ static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG_ ud_obj.operand[0].type == UD_OP_JIMM) { bool cannot_disassemble = true; + sql_print_information("ud_obj.mnemonic == UD_Ijmp: %d", ud_obj.mnemonic == UD_Ijmp); + sql_print_information("ud_obj.mnemonic == UD_Icall: %d", ud_obj.mnemonic == UD_Icall); + sql_print_information("ud_obj.operand[0].type == UD_OP_JIMM: %d", ud_obj.operand[0].type == UD_OP_JIMM); #ifdef __i386__ const BYTE *pc = (const BYTE *)targetFunction + InstrSize; @@ -324,7 +327,59 @@ static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG_ cannot_disassemble = false; } } + sql_print_error("in __i386__"); +#else + // If there is a relative jump or call in the to be overwritten chunk, + // construct an absolute jump/call in the trampoline. +#ifdef __x86_64__ + sql_print_information("__x86_64__"); +#endif + if (ud_obj.operand[0].type == UD_OP_JIMM && (ud_obj.mnemonic == UD_Ijmp || ud_obj.mnemonic == UD_Icall)) { + // jump or call + size_t rewrite_size = 0; + switch (ud_obj.mnemonic) { + case UD_Ijmp: + sql_print_information("rewriting relative jump as absolute"); + memcpy((void*)(trampolineFunction + uCurrentSize), "\xff\x25\x00\x00\x00\x00", 6); // jmpq *0x0(%rip) + rewrite_size = 6; + break; + case UD_Icall: + sql_print_information("rewriting relative call as absolute"); + memcpy((void*)(trampolineFunction + uCurrentSize), "\xff\x15\x02\x00\x00\x00", 6); // callq *0x2(%rip) -- call the function via the address stored at RIP+2 + memcpy((void*)(trampolineFunction + uCurrentSize + 6), "\xeb\x08", 2); // jmp 0x08 -- jump over the function address (8 bytes forward) + rewrite_size = 8; + break; + default: + break; + } + + // calculate the jump target from the instruction pointer and the immediate operand + unsigned long jump_target = ud_obj.pc; + switch (ud_obj.operand[0].size) { + case 8: + jump_target += ud_obj.operand[0].lval.sbyte; + break; + case 16: + jump_target += ud_obj.operand[0].lval.sword; + break; + case 32: + jump_target += ud_obj.operand[0].lval.sdword; + break; + } + memcpy((void*)(trampolineFunction + uCurrentSize + rewrite_size), &jump_target, 8); + rewrite_size += 8; + + // update the indexes + uCurrentSize += rewrite_size; + InstrSize += ud_insn_len (&ud_obj); + + // clear the flag + cannot_disassemble = false; + + sql_print_information("target address: [0x%016lx]", jump_target); + sql_print_information("original instruction: [%s]", ud_insn_asm(&ud_obj)); + } #endif if (cannot_disassemble) { @@ -381,8 +436,17 @@ static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG_ return false; } - WriteJump((BYTE*)trampolineFunction + uCurrentSize, targetFunction + InstrSize); + // Save the original code that is going to be overwitten by the jump. + // The code in the trampoline can be larger due to rewriting of RIP + // relative instructions and unsuitable for writting back on unhook. + memcpy(saved_code->code, (void*)targetFunction, InstrSize); + saved_code->size = InstrSize; + + // jump from trampoline back to continue the original function + WriteJump((BYTE*)trampolineFunction + uCurrentSize, targetFunction + InstrSize); *usedsize = uCurrentSize + JUMP_SIZE; + + // jump from the begin of the original function to our function #ifndef __x86_64__ WriteJump((void *) targetFunction, newFunction); #else @@ -411,7 +475,7 @@ static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG_ // -static void UnhookFunction(ULONG_PTR Function, ULONG_PTR trampolineFunction, unsigned int trampolinesize) +static void UnhookFunction(ULONG_PTR Function, ULONG_PTR trampolineFunction, unsigned int trampolinesize, SavedCode* saved_code) { DATATYPE_ADDRESS FunctionPage = get_page_address((void*)Function); if (unprotect((void*)FunctionPage, PAGE_SIZE) != 0) @@ -421,7 +485,7 @@ static void UnhookFunction(ULONG_PTR Function, ULONG_PTR trampolineFunction, uns log_prefix, (void *) FunctionPage); return; } - memcpy((void *) Function, (void*)trampolineFunction,trampolinesize); + memcpy((void *) Function, saved_code->code, saved_code->size); protect((void*)FunctionPage, PAGE_SIZE); } @@ -442,12 +506,12 @@ static void UnhookFunction(ULONG_PTR Function, ULONG_PTR trampolineFunction, uns * @Return 0 on success otherwise failure * @See MS Detours paper: http:// research.microsoft.com/pubs/68568/huntusenixnt99.pdf for some background info. */ -int hot_patch_function(void *targetFunction, void *newFunction, void *trampolineFunction, unsigned int *trampolinesize, unsigned int *usedsize, bool info_print) +int hot_patch_function(void *targetFunction, void *newFunction, void *trampolineFunction, unsigned int *trampolinesize, unsigned int *usedsize, bool info_print, SavedCode* saved_code) { DATATYPE_ADDRESS trampolinePage = get_page_address(trampolineFunction); cond_info_print(info_print, "%s hot patching function: %p, trampolineFunction: %p trampolinePage: %p",log_prefix, (void *)targetFunction, (void *)trampolineFunction, (void *)trampolinePage); if (HookFunction((ULONG_PTR) targetFunction, (ULONG_PTR) newFunction, - (ULONG_PTR) trampolineFunction, trampolinesize, usedsize)) + (ULONG_PTR) trampolineFunction, trampolinesize, usedsize, saved_code)) { return 0; } @@ -466,15 +530,18 @@ int hot_patch_function(void *targetFunction, void *newFunction, void *trampoline * @param trampolineFunction a function which contains a jump back to the targetFunction. * @param log_file if not null will log about progress of installing the plugin */ -void remove_hot_patch_function(void *targetFunction, void *trampolineFunction, unsigned int trampolinesize, bool info_print) +void remove_hot_patch_function(void *targetFunction, void *trampolineFunction, unsigned int trampolinesize, bool info_print, SavedCode* saved_code) { - if (trampolinesize == 0) + sql_print_information("trampolinesize: %d", trampolinesize); + sql_print_information("saved_code->size: %zd", saved_code->size); + if (trampolinesize == 0 || !saved_code->size) { // nothing todo. As hot patch was not set. - return; + cond_info_print(info_print, "%s not removing as hot patch was not set: %p",log_prefix, (void *)targetFunction); + return; } DATATYPE_ADDRESS targetPage = get_page_address(targetFunction); cond_info_print(info_print, "%s removing hot patching function: %p targetPage: %p trampolineFunction: %p",log_prefix, (void *)targetFunction, (void *)targetPage, (void *)trampolineFunction); - UnhookFunction ((ULONG_PTR) targetFunction, (ULONG_PTR)trampolineFunction,trampolinesize); + UnhookFunction ((ULONG_PTR) targetFunction, (ULONG_PTR)trampolineFunction,trampolinesize, saved_code); return; } diff --git a/udis86/libudis86/Makefile.am b/udis86/libudis86/Makefile.am index c5f37d2..5cce407 100644 --- a/udis86/libudis86/Makefile.am +++ b/udis86/libudis86/Makefile.am @@ -22,3 +22,6 @@ libudis86_la_SOURCES = itab.c \ itab.c itab.h: ../docs/x86optable.xml opgen.py python ./opgen.py + +# generate the generated sources prior to the compilation +BUILT_SOURCES = itab.c itab.h