From 3ec0c137c9f787c4551be042cb77cded23622d0d Mon Sep 17 00:00:00 2001 From: wbarrettmcafee Date: Thu, 3 Dec 2020 15:15:07 +0000 Subject: [PATCH] Updating with the latest offsets for Percona64 5.7.30-33, 5.7.29-32, 5.7.28-31, 5.7.27-30, 5.7.26-29 MySQL64 8.0.22, 9.0.21, 8.0.20, 8.0.19, 8.0.18, 8.0.17, 8.0.16, 8.0.15, 8.0.14, 8.0.13, 8.0.12, 8.0.11, 5.6.49, 5.7.31, 5.6.46, 5.6.47, 5.6.48, 5.7.30, 5.7.29, 5.7.28, 5.6.45, 5.7.27, 5.6.44, 5.7.26 MariaDB64 10.1.43, 10.2.27, 10.2.29, 5.5.66, 10.1.47, 10.2.34, 10.2.30, 10.2.33, 10.1.46, 10.2.31, 10.1.44, 10.1.45, 10.2.32, 5.5.67, 5.5.68, 10.1.41, 10.2.26, 5.5.65, 10.2.25, 10.1.40, 10.1.39, 10.2.24, 10.2.23, 5.5.64 MySQL32 5.6.49, 5.7.31, 5.6.46, 5.6.47, 5.6.48, 5.7.28, 5.7.29, 5.7.30, 5.6.45, 5.7.27, 5.6.44, 5.7.26 MariaDB32 10.1.43, 10.2.27, 10.2.29, 5.5.66, 10.1.47, 10.2.34, 10.2.30, 10.2.33, 10.1.46, 10.2.32, 10.1.44, 10.1.45, 10.2.31, 5.5.67, 5.5.68, 10.1.41, 10.2.26, 5.5.65, 10.2.25, 10.1.40, 10.1.39, 10.2.24, 10.2.23, 5.5.64 --- compiling.txt | 17 +++ config/ac_mysql.m4 | 2 +- configure.ac | 3 +- include/audit_handler.h | 35 ++++-- include/hot_patch.h | 10 +- include/mysql_inc.h | 101 +++++++++++++++++- offset-extract/offset-extract.sh | 24 +++-- src/audit_handler.cc | 105 ++++++++++++++++-- src/audit_offsets.cc | 178 +++++++++++++++++++++++++++++++ src/audit_plugin.cc | 177 ++++++++++++++++++++---------- src/hot_patch.cc | 87 +++++++++++++-- udis86/libudis86/Makefile.am | 3 + 12 files changed, 640 insertions(+), 102 deletions(-) diff --git a/compiling.txt b/compiling.txt index bb10abf..62db17b 100644 --- a/compiling.txt +++ b/compiling.txt @@ -81,3 +81,20 @@ Some documentation about configure command for mysql: http://dev.mysql.com/doc/refman/5.1/en/source-configuration-options.html + +==== MariaDB 10.2.10 ====== +1. Firstly checkout the source code:- + - svn co https://beasource3.corp.nai.org/svn/projects/DBSec-MySQL audit_plugin_mysql +2. cd audit_plugin_mysql +3. unzip zip-sources/mariadb-10.2.10.zip +4. cd mariadb-10.2.10 +5. CC=gcc CXX=g++ cmake . -DBUILD_CONFIG=mysql_release -DGNUTLS_INCLUDE_DIR=./zip-sources/mariadb-10.2.10/gnutls-3.3.24/64b/include -DGNUTLS_LIBRARY=./zip-sources/mariadb-10.2.10/gnutls-3.3.24/64b/lib +6. cd mariadb-10.2.10/libservices +7. make +8. cd ../extra +9. make +10. cd ../.. +11. chmod +x bootstrap.sh +12. ./bootstrap.sh +13. CXX='gcc -static-libgcc' CC='gcc -static-libgcc' MYSQL_AUDIT_PLUGIN_VERSION=1.1.7 MYSQL_AUDIT_PLUGIN_REVISION=`svn info|grep ^Revision|awk -F ": " '{print $2}'` ./configure --enable-debug=no --with-mysql=mariadb-10.2.10 --with-mysql-libservices=mariadb-10.2.10/libservices/libmysqlservices.a +14. gmake <======== This will create the plugin "libaudit_plugin.so" diff --git a/config/ac_mysql.m4 b/config/ac_mysql.m4 index 8e548ad..6852378 100644 --- a/config/ac_mysql.m4 +++ b/config/ac_mysql.m4 @@ -33,7 +33,7 @@ dnl dnl table_id.h included from table.h included by mysql_inc.h is dnl in libbinlogevents/include. AC_DEFINE([MYSQL_SRC], [1], [Source directory for MySQL]) - MYSQL_INC="-I$withval/sql -I$withval/libbinlogevents/export -I$withval/libbinlogevents/include -I$withval/include -I$withval/regex -I$withval" + MYSQL_INC="-I$withval/sql -I$withval/libbinlogevents/export -I$withval/libbinlogevents/include -I$withval/include -I$withval/regex -I$withval -I$withval/extra/rapidjson/include" AC_MSG_RESULT(["$withval"]) ], [ diff --git a/configure.ac b/configure.ac index b6498ae..2a98855 100644 --- a/configure.ac +++ b/configure.ac @@ -96,8 +96,7 @@ AC_PATH_PROG(DIFF, diff, diff) #we can add the following flags for better error catching: -Werror -Wimplicit CPPFLAGS="$CPPFLAGS -Werror -Wall" CFLAGS="$CFLAGS -Wimplicit" -# From MySQL: Disable exceptions as they seams to create problems with gcc and threads. -CXXFLAGS="-fno-implicit-templates -fno-exceptions -fno-rtti -Wno-reorder -Wno-strict-aliasing" +CXXFLAGS="-fno-implicit-templates -fno-strict-aliasing" #add pthread libs LIBS="$LIBS -lpthread" diff --git a/include/audit_handler.h b/include/audit_handler.h index 47701ff..4e8c910 100644 --- a/include/audit_handler.h +++ b/include/audit_handler.h @@ -104,6 +104,7 @@ typedef struct ThdOffsets { OFFSET stmt_da; OFFSET da_status; OFFSET da_sql_errno; + OFFSET view_tables; } ThdOffsets; /* @@ -224,7 +225,9 @@ public: virtual ssize_t stop_msg_format(IWriter *writer) { return 0; } static const char *retrieve_object_type(TABLE_LIST *pObj); +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 static QueryTableInf *getQueryCacheTableList1(THD *thd); +#endif // utility functions for fetching thd stuff static int thd_client_port(THD *thd); @@ -579,7 +582,10 @@ static inline const CHARSET_INFO * pfs_connect_attrs_cs(void * pfs) static inline bool table_is_view(TABLE_LIST *table) { - return table->view_tables != 0; + if (!Audit_formatter::thd_offsets.view_tables) + return table->view_tables != 0; + List **view_tables = (List **)((char*)table + Audit_formatter::thd_offsets.view_tables); + return *view_tables; } }; @@ -592,14 +598,14 @@ public: static const char *DEF_MSG_DELIMITER; Audit_json_formatter() - : m_msg_delimiter(NULL), - m_write_start_msg(true), + : m_write_start_msg(true), m_write_sess_connect_attrs(true), m_write_client_capabilities(false), m_write_socket_creds(true), - m_password_mask_regex_preg(NULL), + m_perform_password_masking(NULL), + m_msg_delimiter(NULL), m_password_mask_regex_compiled(false), - m_perform_password_masking(NULL) + m_password_mask_regex_preg(NULL) { } @@ -706,8 +712,12 @@ public: static void stop_all(); Audit_handler() : - m_initialized(false), m_enabled(false), m_print_offset_err(true), - m_formatter(NULL), m_failed(false), m_log_io_errors(true) + m_formatter() + ,m_initialized() + ,m_enabled() + ,m_failed() + ,m_log_io_errors(true) + ,m_print_offset_err(true) { } @@ -873,7 +883,10 @@ class Audit_file_handler: public Audit_io_handler { public: Audit_file_handler() : - m_sync_period(0), m_log_file(NULL), m_sync_counter(0), m_bufsize(0) + m_sync_period(0) + , m_bufsize(0) + , m_log_file(NULL) + , m_sync_counter(0) { m_io_type = "file"; } @@ -920,8 +933,10 @@ class Audit_socket_handler: public Audit_io_handler { public: Audit_socket_handler() : - m_vio(NULL), m_connect_timeout(1), m_write_timeout(0), - m_log_with_error_severity(false) + m_connect_timeout(1) + , m_write_timeout() + , m_vio() + , m_log_with_error_severity() { m_io_type = "socket"; } diff --git a/include/hot_patch.h b/include/hot_patch.h index e3c1252..74179ee 100644 --- a/include/hot_patch.h +++ b/include/hot_patch.h @@ -4,7 +4,6 @@ * Created on: Jan 10, 2011 * Author: Guyl */ - #ifndef HOT_PATCH_H_ #define HOT_PATCH_H_ @@ -14,9 +13,14 @@ #define GETPAGESIZE() sysconf (_SC_PAGE_SIZE) -int hot_patch_function(void* targetFunction, void* newFunction, void* trampolineFunction, unsigned int *trampolinesize, unsigned int *usedsize, bool log_info); +struct SavedCode { + char code [1024]; + size_t size; +}; -void remove_hot_patch_function(void* targetFunction, void* trampolineFunction, unsigned int trampolinesize, bool log_info); +int hot_patch_function(void* targetFunction, void* newFunction, void* trampolineFunction, unsigned int *trampolinesize, unsigned int *usedsize, bool log_info, SavedCode* saved_code); + +void remove_hot_patch_function(void* targetFunction, void* trampolineFunction, unsigned int trampolinesize, bool log_info, SavedCode* saved_code); //8KB NOP + 16 //can be used to define a block of memory to use for trampolines diff --git a/include/mysql_inc.h b/include/mysql_inc.h index f15eecd..febbab8 100644 --- a/include/mysql_inc.h +++ b/include/mysql_inc.h @@ -33,7 +33,26 @@ #include #include +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 80019 +#include +#include +#include +#endif +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 80000 +using my_bool = bool; +#if MYSQL_VERSION_ID < 80012 +#define PLUGIN_VAR_NOSYSVAR 0x0400 +#endif +#include +#include +#include +#include +#include +#include +#else #include +typedef struct st_mysql_sys_var SYS_VAR; +#endif #include #include #include @@ -73,10 +92,7 @@ # endif #endif -// MariaDB doesn't have my_getsystime (returns 100 nano seconds) function. They replaced with my_hrtime_t my_hrtime() which returns microseconds -#if defined(MARIADB_BASE_VERSION) - -#define my_getsystime() ((my_hrtime()).val * 10) +#if defined(MARIADB_BASE_VERSION) // MariaDB has a kill service that overrides thd_killed as a macro. It also has thd_killed function defined for backwards compatibility, so we redefine it. #undef thd_killed extern "C" int thd_killed(const MYSQL_THD thd); @@ -85,7 +101,6 @@ extern "C" int thd_killed(const MYSQL_THD thd); #if MYSQL_VERSION_ID >= 100010 extern "C" char *thd_security_context(MYSQL_THD thd, char *buffer, unsigned int length, unsigned int max_query_len); #endif - #endif //Define HAVE_SESS_CONNECT_ATTRS. We define it for mysql 5.6 and above @@ -93,4 +108,80 @@ extern "C" char *thd_security_context(MYSQL_THD thd, char *buffer, unsigned int #define HAVE_SESS_CONNECT_ATTRS 1 #endif + +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 +#include +#endif + +namespace compat { +/*************************/ +/* my_getsystime */ +/*************************/ +#if defined(MARIADB_BASE_VERSION) +// MariaDB doesn't have my_getsystime (returns 100 nano seconds) function. They replaced with my_hrtime_t my_hrtime() which returns microseconds +static inline unsigned long long int my_getsystime() { return (my_hrtime()).val * 10; } +#elif MYSQL_VERSION_ID < 80000 +static inline unsigned long long int my_getsystime() { return ::my_getsystime(); } +#else +static inline unsigned long long int my_getsystime() { +#ifdef HAVE_CLOCK_GETTIME + // Performance regression testing showed this to be preferable + struct timespec tp; + clock_gettime(CLOCK_REALTIME, &tp); + return (static_cast(tp.tv_sec) * 10000000 + + static_cast(tp.tv_nsec) / 100); +#else + return std::chrono::duration_cast< + std::chrono::duration>>( + UTC_clock::now().time_since_epoch()) + .count(); +#endif /* HAVE_CLOCK_GETTIME */ +} +#endif + +/*********************************************/ +/* vio_socket_connect */ +/*********************************************/ +#if MYSQL_VERSION_ID >= 50600 +#ifndef MYSQL_VIO +#define MYSQL_VIO Vio* +#endif +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 +static inline bool vio_socket_connect(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, int timeout) +{ + return ::vio_socket_connect(vio, addr, len, timeout); +} +#else +/*********************************************/ +/* */ +/* resolve the symbols manualy to permit */ +/* loading of the plugin in their absence */ +/* */ +/*********************************************/ +extern bool (*_vio_socket_connect)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, int timeout); +extern bool (*_vio_socket_connect_80016)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, bool nonblocking, int timeout); +extern bool (*_vio_socket_connect_80020)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, bool nonblocking, int timeout, bool *connect_done); + +static inline bool vio_socket_connect(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, int timeout) +{ + if (_vio_socket_connect) return _vio_socket_connect(vio, addr, len, timeout); + if (_vio_socket_connect_80016) return _vio_socket_connect_80016(vio, addr, len, false, timeout); + if (_vio_socket_connect_80020) return _vio_socket_connect_80020(vio, addr, len, false, timeout, nullptr); + return true; +} +static inline bool init() +{ + void* handle = dlopen(NULL, RTLD_LAZY); + if (!handle) + return false; + _vio_socket_connect = (decltype(_vio_socket_connect))dlsym(handle, "_Z18vio_socket_connectP3VioP8sockaddrji"); + _vio_socket_connect_80016 = (decltype(_vio_socket_connect_80016))dlsym(handle, "_Z18vio_socket_connectP3VioP8sockaddrjbi"); + _vio_socket_connect_80020 = (decltype(_vio_socket_connect_80020))dlsym(handle, "_Z18vio_socket_connectP3VioP8sockaddrjbiPb"); + dlclose(handle); + return _vio_socket_connect || _vio_socket_connect_80016 || _vio_socket_connect_80020; +} +#endif +#endif +} + #endif // MYSQL_INCL_H diff --git a/offset-extract/offset-extract.sh b/offset-extract/offset-extract.sh index 400e82b..f9fc945 100644 --- a/offset-extract/offset-extract.sh +++ b/offset-extract/offset-extract.sh @@ -32,7 +32,7 @@ DB=db CLIENT_CAPS="print_offset THD client_capabilities" # In 5.6 command member is named m_command -if echo $MYVER | grep -P '^(5\.6|5\.7|10\.)' > /dev/null +if echo $MYVER | grep -P '^(5\.6|5\.7|8\.|10\.)' > /dev/null then COMMAND_MEMBER=m_command HAS_CONNECT_ATTRS=yes @@ -40,7 +40,7 @@ fi CONNECT_ATTRS_CS=m_session_connect_attrs_cs # In 5.7 thread_id changed to m_thread_id. main_security_ctx changed to m_main_security_ctx -if echo $MYVER | grep -P '^(5\.7)' > /dev/null +if echo $MYVER | grep -P '^(5\.7|8\.)' > /dev/null then THREAD_ID=m_thread_id SEC_CONTEXT=m_main_security_ctx @@ -59,7 +59,7 @@ fi # In 5.6.15 and up, 5.7 and mariabdb 10.0.11 and up, mariadb 10.1 # m_session_connect_attrs_cs changed to m_session_connect_attrs_cs_number -if echo $MYVER | grep -P '^(5\.7|10\.[1-2]|5\.6\.(1[5-9]|[2-9][0-9])|10.0.(1[1-9]|[2-9][0-9]))' > /dev/null +if echo $MYVER | grep -P '^(5\.7|8\.|10\.[1-2]|5\.6\.(1[5-9]|[2-9][0-9])|10.0.(1[1-9]|[2-9][0-9]))' > /dev/null then CONNECT_ATTRS_CS=m_session_connect_attrs_cs_number fi @@ -75,7 +75,7 @@ else CONNECT_ATTRS='printf ", 0, 0, 0"' fi -if echo $MYVER | grep -P '^5\.7' > /dev/null +if echo $MYVER | grep -P '^(5\.7|8\.0)' > /dev/null then if echo $MYVER | grep -P '^5\.7\.8' > /dev/null then @@ -115,7 +115,7 @@ DA_STATUS="print_offset Diagnostics_area m_status" # 5.5, 5.6, 5.7, mariadb 10. DA_SQL_ERRNO="print_offset Diagnostics_area m_sql_errno" # 5.5, 5.6, mariadb 10.0, 10.1, 10.2 STMT_DA="print_offset THD m_stmt_da" # 5.6, 5.7, mariadb 10.0, 10.1, 10.2 -if echo $MYVER | grep -P '^(5\.7)' > /dev/null +if echo $MYVER | grep -P '^(5\.7|8\.0)' > /dev/null then DA_SQL_ERRNO="print_offset Diagnostics_area m_mysql_errno" elif echo $MYVER | grep -P '^(5\.6|10\.)' > /dev/null @@ -130,6 +130,17 @@ else DA_SQL_ERRNO='printf ", 0"' fi +LEX_COMMENT="" +VIEW_TABLES="" +if echo $MYVER | grep -P '^(8\.0)' > /dev/null +then + LEX_COMMENT='printf ", 0"' + VIEW_TABLES="print_offset TABLE_LIST view_tables" +else + LEX_COMMENT="print_offset LEX comment" + VIEW_TABLES='printf ", 0"' +fi + cat < offsets.gdb set logging on set width 0 @@ -142,7 +153,7 @@ print_offset THD $THREAD_ID print_offset THD $SEC_CONTEXT print_offset THD $COMMAND_MEMBER print_offset THD lex -print_offset LEX comment +$LEX_COMMENT print_offset Security_context $USER print_offset Security_context $HOST print_offset Security_context $IP @@ -159,6 +170,7 @@ $ROW_COUNT_FUNC $STMT_DA $DA_STATUS $DA_SQL_ERRNO +$VIEW_TABLES printf "}" EOF diff --git a/src/audit_handler.cc b/src/audit_handler.cc index 2b9a22f..63eda86 100644 --- a/src/audit_handler.cc +++ b/src/audit_handler.cc @@ -508,7 +508,7 @@ int Audit_socket_handler::open(const char *io_dest, bool log_errors) m_connect_timeout)) #else // in 5.6 timeout is in ms - if (vio_socket_connect((Vio*)m_vio,(struct sockaddr *) &UNIXaddr, sizeof(UNIXaddr), + if (compat::vio_socket_connect((Vio*)m_vio,(struct sockaddr *) &UNIXaddr, sizeof(UNIXaddr), m_connect_timeout * 1000)) #endif { @@ -585,7 +585,7 @@ static void yajl_add_uint64(yajl_gen gen, const char *name, uint64 num) { const size_t max_int64_str_len = 21; char buf[max_int64_str_len]; - snprintf(buf, max_int64_str_len, "%llu", num); + snprintf(buf, max_int64_str_len, "%llu", (unsigned long long)num); yajl_add_string_val(gen, name, buf); } @@ -622,8 +622,11 @@ static const char *retrieve_user(THD *thd) // starting with MySQL version 5.1.41 thd_query_string is added // And at 5.7 it changed #if ! defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 50709 - +#if MYSQL_VERSION_ID >= 80000 +extern LEX_CSTRING thd_query_unsafe(MYSQL_THD thd); +#else extern "C" LEX_CSTRING thd_query_unsafe(MYSQL_THD thd); +#endif static const char *thd_query_str(THD *thd, size_t *len) { @@ -694,7 +697,7 @@ ssize_t Audit_json_formatter::start_msg_format(IWriter *writer) yajl_gen gen = yajl_gen_alloc(NULL); yajl_gen_map_open(gen); yajl_add_string_val(gen, "msg-type", "header"); - uint64 ts = my_getsystime() / (10000); + uint64 ts = compat::my_getsystime() / (10000); yajl_add_uint64(gen, "date", ts); yajl_add_string_val(gen, "audit-version", MYSQL_AUDIT_PLUGIN_VERSION "-" MYSQL_AUDIT_PLUGIN_REVISION); yajl_add_string_val(gen, "audit-protocol-version", AUDIT_PROTOCOL_VERSION); @@ -758,6 +761,7 @@ static const char *replace_in_string(THD *thd, #ifdef HAVE_SESS_CONNECT_ATTRS #include +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 //declare the function: parse_length_encoded_string from: storage/perfschema/table_session_connect.cc bool parse_length_encoded_string(const char **ptr, char *dest, uint dest_size, @@ -767,6 +771,72 @@ bool parse_length_encoded_string(const char **ptr, const CHARSET_INFO *from_cs, uint nchars_max); +#else +// the function is not exported in MySQL 8 +/** + Take a length encoded string + + @arg ptr inout the input string array + @arg dest where to store the result + @arg dest_size max size of @c dest + @arg copied_len the actual length of the data copied + @arg start_ptr pointer to the start of input + @arg input_length the length of the incoming data + @arg from_cs character set in which @c ptr is encoded + @arg nchars_max maximum number of characters to read + @return status + @retval true parsing failed + @retval false parsing succeeded +*/ +static bool parse_length_encoded_string( + const char **ptr + ,char *dest + ,uint dest_size + ,uint *copied_len + ,const char *start_ptr + ,uint input_length + ,bool /* unused */ + ,const CHARSET_INFO *from_cs + ,uint nchars_max +) +{ + ulong copy_length, data_length; + const char *well_formed_error_pos = NULL, *cannot_convert_error_pos = NULL, + *from_end_pos = NULL; + + copy_length = data_length = net_field_length((uchar **)ptr); + + /* we don't tolerate NULL as a length */ + if (data_length == NULL_LENGTH) { + return true; + } + + if (*ptr - start_ptr + data_length > input_length) { + return true; + } + + /* + TODO: Migrate the data itself to UTF8MB4, + this is still UTF8MB3 printed in a UTF8MB4 column. + */ + copy_length = well_formed_copy_nchars( + &my_charset_utf8_bin + , dest + , dest_size + , from_cs + , *ptr + , data_length + , nchars_max + , &well_formed_error_pos + , &cannot_convert_error_pos + , &from_end_pos + ); + *copied_len = copy_length; + (*ptr) += data_length; + + return false; +} +#endif /** * Code based upon read_nth_attribute of storage/perfschema/table_session_connect.cc * Only difference we do once loop and write out the attributes @@ -776,7 +846,11 @@ static void log_session_connect_attrs(yajl_gen gen, THD *thd) PFS_thread * pfs = PFS_thread::get_current_thread(); const char * connect_attrs = Audit_formatter::pfs_connect_attrs(pfs); const uint connect_attrs_length = Audit_formatter::pfs_connect_attrs_length(pfs); +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 const CHARSET_INFO *connect_attrs_cs = Audit_formatter::pfs_connect_attrs_cs(pfs); +#else + const CHARSET_INFO *connect_attrs_cs = get_charset(pfs->m_session_connect_attrs_cs_number, MYF(0)); +#endif //sanity max attributes const uint max_idx = 32; @@ -861,7 +935,7 @@ ssize_t Audit_json_formatter::event_format(ThdSesData *pThdData, IWriter *writer // TODO: get the start date from THD (but it is not in millis. Need to think about how we handle this) // for now simply use the current time. // my_getsystime() time since epoc in 100 nanosec units. Need to devide by 1000*(1000/100) to reach millis - uint64 ts = my_getsystime() / (10000); + uint64 ts = compat::my_getsystime() / (10000); yajl_add_uint64(gen, "date", ts); yajl_add_uint64(gen, "thread-id", thdid); yajl_add_uint64(gen, "query-id", qid); @@ -1077,10 +1151,19 @@ ssize_t Audit_json_formatter::event_format(ThdSesData *pThdData, IWriter *writer } ThdSesData::ThdSesData(THD *pTHD, StatementSource source) - : m_pThd (pTHD), m_CmdName(NULL), m_UserName(NULL), - m_objIterType(OBJ_NONE), m_tables(NULL), m_firstTable(true), - m_tableInf(NULL), m_index(0), m_isSqlCmd(false), - m_port(-1), m_source(source), m_errorCode(0), m_setErrorCode(false) + : m_pThd (pTHD) + , m_CmdName() + , m_UserName() + , m_isSqlCmd() + , m_objIterType(OBJ_NONE) + , m_tables() + , m_firstTable(true) + , m_tableInf() + , m_index() + , m_source(source) + , m_port(-1) + , m_errorCode() + , m_setErrorCode() { m_CmdName = retrieve_command (m_pThd, m_isSqlCmd); m_UserName = retrieve_user (m_pThd); @@ -1109,15 +1192,17 @@ bool ThdSesData::startGetObjects() m_tables = NULL; m_firstTable = true; m_index = 0; - m_tableInf = Audit_formatter::getQueryCacheTableList1(getTHD()); int command = Audit_formatter::thd_inst_command(getTHD()); LEX *pLex = Audit_formatter::thd_lex(getTHD()); +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 // query cache case + m_tableInf = Audit_formatter::getQueryCacheTableList1(getTHD()); if (pLex && command == COM_QUERY && m_tableInf && m_tableInf->num_of_elem > 0) { m_objIterType = OBJ_QUERY_CACHE; return true; } +#endif const char *cmd = getCmdName(); // commands which have single database object if (strcmp(cmd,"Init DB") == 0 diff --git a/src/audit_offsets.cc b/src/audit_offsets.cc index f5bab82..c82b7ab 100644 --- a/src/audit_offsets.cc +++ b/src/audit_offsets.cc @@ -25,6 +25,16 @@ const ThdOffsets thd_offsets_arr[] = { /* +++ PERCONA 64 OFFSETS GO HERE +++ */ + //offsets for: /perconarpm/usr/sbin/mysqld (5.7.30-33) + {"5.7.30-33","9ca6e80ea4c210aee6bb39116f38c0c2", 8360, 8424, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8556, 4656, 3648, 3656, 3660, 6560, 2088, 8, 7592, 7632, 7616, 14328, 148, 672}, + //offsets for: /perconarpm/usr/sbin/mysqld (5.7.29-32) + {"5.7.29-32","09e9c392e9be8499026f12407358bdab", 8360, 8424, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8556, 4656, 3648, 3656, 3660, 6560, 2088, 8, 7592, 7632, 7616, 14328, 148, 672}, + //offsets for: /perconarpm/usr/sbin/mysqld (5.7.28-31) + {"5.7.28-31","0b464e1bd825128da4d263fc4b531cb1", 8360, 8424, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8556, 4656, 3648, 3656, 3660, 6560, 2088, 8, 7592, 7632, 7616, 14328, 148, 672}, + //offsets for: /perconarpm/usr/sbin/mysqld (5.7.27-30) + {"5.7.27-30","815ef6b339dbd55eb776a811b61b93fb", 8360, 8424, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8556, 4656, 3648, 3656, 3660, 6560, 2088, 8, 7592, 7632, 7616, 14328, 148, 672}, + //offsets for: /perconarpm/usr/sbin/mysqld (5.7.26-29) + {"5.7.26-29","a137d1d93fe1d5553370426412d67249", 8312, 8376, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8508, 4656, 3648, 3656, 3660, 6512, 2088, 8, 7544, 7584, 7568, 14280, 148, 672}, //offsets for: /perconarpm/usr/sbin/mysqld (5.7.25-28) {"5.7.25-28","6a4e7d9fb6c932541d48d0ef3826d96c", 8312, 8376, 3928, 5088, 456, 360, 0, 32, 64, 160, 536, 8508, 4656, 4032, 4040, 4044, 6512, 2088, 8, 7544, 7584, 7568, 14280, 148, 672}, //offsets for: /perconarpm/usr/sbin/mysqld (5.7.24-27) @@ -53,6 +63,54 @@ const ThdOffsets thd_offsets_arr[] = const ThdOffsets thd_offsets_arr[] = { /* +++ MYSQL 64 OFFSETS GO HERE +++ */ + //offsets for: ./mysqld-8.0.22 (8.0.22) + {"8.0.22","d33b22129504158cacdad5664d21a4a5", 8672, 8720, 4056, 5664, 520, 0, 0, 32, 64, 160, 600, 8836, 5296, 4208, 4216, 4220, 6968, 1600, 32, 7928, 7968, 7952, 11760, 140, 664, 320}, + //offsets for: ./mysqld-8.0.21 (8.0.21) + {"8.0.21","93b401ddbe0484ac527524e8da26d02f", 8656, 8704, 4040, 5648, 520, 0, 0, 32, 64, 160, 600, 8820, 5280, 4200, 4208, 4212, 6952, 1592, 40, 7912, 7952, 7936, 11744, 140, 664, 328}, + //offsets for: ./mysqld-8.0.20 (8.0.20) + {"8.0.20","d0cb4bd30cd1a325c24313d8edd4530b", 8656, 8704, 4040, 5648, 520, 0, 0, 32, 64, 160, 600, 8820, 5280, 4200, 4208, 4212, 6952, 1544, 40, 7912, 7952, 7936, 11744, 140, 664, 328}, + //offsets for: ./mysqld-8.0.19 (8.0.19) + {"8.0.19","3e06dfd8490afdcd0075ef1395891ae8", 8632, 8680, 4016, 5624, 520, 0, 0, 32, 64, 160, 600, 8796, 5256, 4200, 4208, 4212, 6928, 1544, 40, 7888, 7928, 7912, 11696, 140, 664, 328}, + //offsets for: ./mysqld-8.0.18 (8.0.18) + {"8.0.18","172a119d1acf6a743d155de9d9433124", 8608, 8656, 3992, 5600, 520, 0, 0, 32, 64, 160, 600, 8772, 5232, 4200, 4208, 4212, 6904, 1504, 40, 7864, 7904, 7888, 11672, 140, 664, 328}, + //offsets for: ./mysqld-8.0.17 (8.0.17) + {"8.0.17","0feb95f129f62fa3350c6895d556e7d9", 8744, 8792, 3912, 5736, 520, 0, 0, 32, 64, 160, 600, 8908, 5368, 4200, 4208, 4212, 7040, 1456, 40, 8000, 8040, 8024, 11808, 140, 664, 328}, + //offsets for: ./mysqld-8.0.16 (8.0.16) + {"8.0.16","ab69e3d19774ad65491dea8a722e6af1", 8360, 8408, 3912, 5352, 520, 0, 0, 32, 64, 160, 600, 8524, 4984, 4000, 4008, 4012, 6656, 1456, 40, 7616, 7656, 7640, 11416, 140, 664, 328}, + //offsets for: ./mysqld-8.0.15 (8.0.15) + {"8.0.15","aa0a7deef2aaba81b081e4e498859af1", 8136, 8184, 3936, 5120, 520, 0, 0, 32, 64, 160, 600, 8300, 4752, 4000, 4008, 4012, 6424, 1424, 24, 7392, 7432, 7416, 11192, 140, 664, 328}, + //offsets for: ./mysqld-8.0.14 (8.0.14) + {"8.0.14","649589cdd3e5b56f72790793a039e924", 8136, 8184, 3936, 5120, 520, 0, 0, 32, 64, 160, 600, 8300, 4752, 4000, 4008, 4012, 6424, 1424, 24, 7392, 7432, 7416, 11192, 140, 664, 328}, + //offsets for: ./mysqld-8.0.13 (8.0.13) + {"8.0.13","665c9cb36af00034f1d3e8823e50f028", 8112, 8160, 3912, 5096, 520, 0, 0, 32, 64, 160, 600, 8276, 4728, 4000, 4008, 4012, 6400, 1424, 24, 7360, 7408, 7392, 11144, 140, 664, 328}, + //offsets for: ./mysqld-8.0.12 (8.0.12) + {"8.0.12","261db244348c9750a6a08a12c36ecbbe", 8112, 8160, 3888, 5096, 520, 0, 0, 32, 64, 160, 600, 8276, 4728, 3992, 4000, 4004, 6400, 1416, 24, 7360, 7408, 7392, 11144, 140, 664, 328}, + //offsets for: ./mysqld-8.0.11 (8.0.11) + {"8.0.11","1e42c35650057a8c339ddf498808ca89", 8080, 8128, 3888, 5064, 520, 0, 0, 32, 64, 160, 600, 8244, 4696, 3992, 4000, 4004, 6368, 1416, 24, 7328, 7376, 7360, 11112, 140, 664, 328}, + //offsets for: /mysqlrpm/5.6.49/usr/sbin/mysqld (5.6.49) + {"5.6.49","bd064dfd82d5e05499f6a77a87673919", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.7.31/usr/sbin/mysqld (5.7.31) + {"5.7.31","a61aff0065ab76c5d8c98547a1d263ca", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, + //offsets for: /mysqlrpm/5.6.46/usr/sbin/mysqld (5.6.46) + {"5.6.46","f61171f2e38d9d4d2aae64757070d978", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.6.47/usr/sbin/mysqld (5.6.47) + {"5.6.47","549f0e278d3556bfe58633ce225b189d", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.6.48/usr/sbin/mysqld (5.6.48) + {"5.6.48","d1617f9dc54fcc2d72b0adec6aef3c77", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.7.30/usr/sbin/mysqld (5.7.30) + {"5.7.30","eac501d6343901af6618e560acfaf2ed", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, + //offsets for: /mysqlrpm/5.7.29/usr/sbin/mysqld (5.7.29) + {"5.7.29","46aa02a6fd09fdcf6d3fecf46b5702e1", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, + //offsets for: /mysqlrpm/5.7.28/usr/sbin/mysqld (5.7.28) + {"5.7.28","90ee3ca7ce1ebd2568d36b736f29953b", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, + //offsets for: /mysqlrpm/5.6.45/usr/sbin/mysqld (5.6.45) + {"5.6.45","e3809543079babc8d7d466577f282a6e", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.7.27/usr/sbin/mysqld (5.7.27) + {"5.7.27","a9e8881fb2fb5dd6a9ee98281fac2071", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, + //offsets for: /mysqlrpm/5.6.44/usr/sbin/mysqld (5.6.44) + {"5.6.44","c3f51e2426f75dd07551d23d5f631cc6", 7000, 7048, 4008, 4528, 72, 2704, 96, 0, 32, 104, 136, 7136, 4400, 2800, 2808, 2812, 536, 0, 0, 6368, 6392, 6376, 13056, 548, 516}, + //offsets for: /mysqlrpm/5.7.26/usr/sbin/mysqld (5.7.26) + {"5.7.26","6810d7713e6bced7524fa54ca621a9ec", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672}, //offsets for: /mysqlrpm/5.6.43/usr/sbin/mysqld (5.6.43) {"5.6.43","9475a14433d66a8cedaaa76c6bb3d78e", 6992, 7040, 4000, 4520, 72, 2704, 96, 0, 32, 104, 136, 7128, 4392, 2800, 2808, 2812, 536, 0, 0, 6360, 6384, 6368, 13048, 548, 516}, //offsets for: /mysqlrpm/5.7.25/usr/sbin/mysqld (5.7.25) @@ -346,6 +404,54 @@ const ThdOffsets thd_offsets_arr[] = const ThdOffsets thd_offsets_arr[] = { /* +++ MARIADB 64 OFFSETS GO HERE +++ */ + //offsets for: /mariadb/10.1.43/bin/mysqld (10.1.43-MariaDB) + {"10.1.43-MariaDB","4de77f18da6c8086f743eac1f5db94b1", 13712, 13776, 6488, 8096, 88, 3040, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20680, 548, 516}, + //offsets for: /mariadb/10.2.27/bin/mysqld (10.2.27-MariaDB) + {"10.2.27-MariaDB","a216829766a945325eece35408d911bb", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/10.2.29/bin/mysqld (10.2.29-MariaDB) + {"10.2.29-MariaDB","cb647967ccf176601e55c1fa7df4fd6f", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/5.5.66/bin/mysqld (5.5.66-MariaDB) + {"5.5.66-MariaDB","dd0aa7ad33051460119df0241eb61a32", 12032, 12096, 5800, 6904, 88, 2976, 8, 0, 16, 24, 152, 12168, 6784, 0, 0, 0, 536, 0, 0, 11888, 11912, 11896, 11960, 548, 516}, + //offsets for: /mariadb/10.1.47/bin/mysqld (10.1.47-MariaDB) + {"10.1.47-MariaDB","0d5e0df36a5d55a5ff48a1a418c73aac", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20672, 548, 516}, + //offsets for: /mariadb/10.2.34/bin/mysqld (10.2.34-MariaDB) + {"10.2.34-MariaDB","9aad93c7cb827d2cb905a39733626293", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/10.2.30/bin/mysqld (10.2.30-MariaDB) + {"10.2.30-MariaDB","ba2ecaad20de3a74498721dbf19dde45", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/10.2.33/bin/mysqld (10.2.33-MariaDB) + {"10.2.33-MariaDB","508b3b5be1083bc2ab14a0cd99854f8b", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/10.1.46/bin/mysqld (10.1.46-MariaDB) + {"10.1.46-MariaDB","cacf06452e59833499660b0fdd9adad1", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20672, 548, 516}, + //offsets for: /mariadb/10.2.31/bin/mysqld (10.2.31-MariaDB) + {"10.2.31-MariaDB","391128431e16ac5b98831b4375ae013a", 13880, 13944, 6672, 8288, 88, 3200, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21208, 548, 516}, + //offsets for: /mariadb/10.1.44/bin/mysqld (10.1.44-MariaDB) + {"10.1.44-MariaDB","60a119ad7a72b056f8a5ea8c57e9fef1", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20672, 548, 516}, + //offsets for: /mariadb/10.1.45/bin/mysqld (10.1.45-MariaDB) + {"10.1.45-MariaDB","45154ae9fd381e6ad2a7275cc7a96e80", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20672, 548, 516}, + //offsets for: /mariadb/10.2.32/bin/mysqld (10.2.32-MariaDB) + {"10.2.32-MariaDB","c01338f35c5564e0219c5e68ecaef0c7", 13880, 13944, 6672, 8288, 88, 3200, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21208, 548, 516}, + //offsets for: /mariadb/5.5.67/bin/mysqld (5.5.67-MariaDB) + {"5.5.67-MariaDB","84b34923e859f70644e4cad942446990", 12032, 12096, 5800, 6904, 88, 2976, 8, 0, 16, 24, 152, 12168, 6784, 0, 0, 0, 536, 0, 0, 11888, 11912, 11896, 11960, 548, 516}, + //offsets for: /mariadb/5.5.68/bin/mysqld (5.5.68-MariaDB) + {"5.5.68-MariaDB","85d03b4ef67225579235c6312fa4ed2b", 12032, 12096, 5800, 6904, 88, 2976, 8, 0, 16, 24, 152, 12168, 6784, 0, 0, 0, 536, 0, 0, 11888, 11912, 11896, 11960, 548, 516}, + //offsets for: /mariadb/10.1.41/bin/mysqld (10.1.41-MariaDB) + {"10.1.41-MariaDB","3c8a4882971a3ee4671f093a0215b955", 13712, 13776, 6488, 8096, 88, 3040, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20680, 548, 516}, + //offsets for: /mariadb/10.2.26/bin/mysqld (10.2.26-MariaDB) + {"10.2.26-MariaDB","523e563f20512468cb555ad01398872b", 13880, 13944, 6672, 8288, 88, 3208, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21216, 548, 516}, + //offsets for: /mariadb/5.5.65/bin/mysqld (5.5.65-MariaDB) + {"5.5.65-MariaDB","f7187d236feaf618ef4522abaee22fa1", 12032, 12096, 5800, 6904, 88, 2976, 8, 0, 16, 24, 152, 12168, 6784, 0, 0, 0, 536, 0, 0, 11888, 11912, 11896, 11960, 548, 516}, + //offsets for: /mariadb/10.2.25/bin/mysqld (10.2.25-MariaDB) + {"10.2.25-MariaDB","cb52b4ff1b8ad4ec889f820cb261af89", 13880, 13944, 6672, 8288, 88, 3200, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21200, 548, 516}, + //offsets for: /mariadb/10.1.40/bin/mysqld (10.1.40-MariaDB) + {"10.1.40-MariaDB","f90a471397d82b15a6756788fad1eb16", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20664, 548, 516}, + //offsets for: /mariadb/10.1.39/bin/mysqld (10.1.39-MariaDB) + {"10.1.39-MariaDB","40ac6dfbdf7af2848e80e34b98671092", 13712, 13776, 6488, 8096, 88, 3032, 8, 0, 16, 24, 152, 13868, 7864, 2984, 2992, 2996, 568, 0, 0, 13088, 13112, 13096, 20664, 548, 516}, + //offsets for: /mariadb/10.2.24/bin/mysqld (10.2.24-MariaDB) + {"10.2.24-MariaDB","55ba5d0b3c80cb6acabb286920622694", 13880, 13944, 6672, 8288, 88, 3200, 8, 0, 16, 24, 152, 14044, 8048, 2984, 2992, 2996, 608, 0, 0, 13256, 13280, 13264, 21200, 548, 516}, + //offsets for: /mariadb/10.2.23/bin/mysqld (10.2.23-MariaDB) + {"10.2.23-MariaDB","b955b4775d8bf1ea320b1db6b30beec0", 13880, 13944, 6672, 8288, 88, 3200, 8, 0, 16, 24, 152, 14044, 8048, 3136, 3144, 3148, 608, 0, 0, 13256, 13280, 13264, 21200, 548, 516}, + //offsets for: /mariadb/5.5.64/bin/mysqld (5.5.64-MariaDB) + {"5.5.64-MariaDB","aefa82168c5251432d5fcdce396e8694", 12032, 12096, 5800, 6904, 88, 2968, 8, 0, 16, 24, 152, 12168, 6784, 0, 0, 0, 536, 0, 0, 11888, 11912, 11896, 11960, 548, 516}, //offsets for: /mariadb/10.2.22/bin/mysqld (10.2.22-MariaDB) {"10.2.22-MariaDB","ba086874b7acabc1de00ec7e8ac54079", 13864, 13928, 6656, 8272, 88, 3200, 8, 0, 16, 24, 152, 14028, 8032, 3136, 3144, 3148, 608, 0, 0, 13240, 13264, 13248, 21200, 548, 516}, //offsets for: /mariadb/10.1.38/bin/mysqld (10.1.38-MariaDB) @@ -629,6 +735,30 @@ const ThdOffsets thd_offsets_arr[] = const ThdOffsets thd_offsets_arr[] = { /* +++ MYSQL 32 OFFSETS GO HERE +++ */ + //offsets for: /mysqlrpm/5.6.49/usr/sbin/mysqld (5.6.49) + {"5.6.49","2d3f8c93e042cf09b247b55016b3c0b3", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.7.31/usr/sbin/mysqld (5.7.31) + {"5.7.31","597a23bebe174f3d86d69e9616f5b668", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, + //offsets for: /mysqlrpm/5.6.46/usr/sbin/mysqld (5.6.46) + {"5.6.46","908df568e2a9b70d4f952500a42b4869", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.6.47/usr/sbin/mysqld (5.6.47) + {"5.6.47","2e4b0d22423ed1628b1b3036e0265836", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.6.48/usr/sbin/mysqld (5.6.48) + {"5.6.48","b4df1419dd500b5c46d89a69fbef1ec4", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.7.28/usr/sbin/mysqld (5.7.28) + {"5.7.28","e0eac037982665321a51456270b73b62", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, + //offsets for: /mysqlrpm/5.7.29/usr/sbin/mysqld (5.7.29) + {"5.7.29","6502a2f344054a85249b507dff890c17", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, + //offsets for: /mysqlrpm/5.7.30/usr/sbin/mysqld (5.7.30) + {"5.7.30","3e1f557e58b63dba8ea5c875ecb92a47", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, + //offsets for: /mysqlrpm/5.6.45/usr/sbin/mysqld (5.6.45) + {"5.6.45","a429e9854cffc5a66f8c03b98794b24d", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.7.27/usr/sbin/mysqld (5.7.27) + {"5.7.27","49410d4e2d72fa949669488e2e918a6a", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, + //offsets for: /mysqlrpm/5.6.44/usr/sbin/mysqld (5.6.44) + {"5.6.44","e849a781256d44e55cd898cfe549722f", 4680, 4708, 2664, 3056, 36, 1748, 60, 0, 20, 64, 72, 4780, 2984, 2268, 2272, 2276, 348, 0, 0, 4208, 4232, 4216, 8664, 548, 516}, + //offsets for: /mysqlrpm/5.7.26/usr/sbin/mysqld (5.7.26) + {"5.7.26","5dd7e67055f299bf575dd836f8f5891e", 5084, 5112, 2212, 3036, 296, 200, 0, 20, 40, 100, 340, 5196, 2776, 3108, 3112, 3116, 3720, 1152, 4, 4536, 4572, 4556, 9044, 80, 604}, //offsets for: /mysqlrpm/5.6.43/usr/sbin/mysqld (5.6.43) {"5.6.43","0dbe6f81766c5deffda7fccdccded1bc", 4676, 4704, 2660, 3052, 36, 1748, 60, 0, 20, 64, 72, 4776, 2980, 2268, 2272, 2276, 348, 0, 0, 4204, 4228, 4212, 8660, 548, 516}, //offsets for: /mysqlrpm/5.7.25/usr/sbin/mysqld (5.7.25) @@ -916,6 +1046,54 @@ const ThdOffsets thd_offsets_arr[] = const ThdOffsets thd_offsets_arr[] = { /* +++ MARIADB 32 OFFSETS GO HERE +++ */ + //offsets for: /mariadb/10.1.43/bin/mysqld (10.1.43-MariaDB) + {"10.1.43-MariaDB","e0e44c5fa79d68f4266ca97ece05e764", 8540, 8576, 3884, 5344, 44, 1932, 4, 0, 8, 12, 84, 8648, 5212, 2604, 2608, 2612, 356, 0, 0, 8064, 8088, 8072, 13180, 548, 516}, + //offsets for: /mariadb/10.2.27/bin/mysqld (10.2.27-MariaDB) + {"10.2.27-MariaDB","b5e02d52fe8a803add2c05bc846c9cff", 8640, 8676, 3988, 5456, 44, 2032, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13488, 548, 516}, + //offsets for: /mariadb/10.2.29/bin/mysqld (10.2.29-MariaDB) + {"10.2.29-MariaDB","9a6d57a5c420f8357e3d3dd4823b0756", 8640, 8676, 3988, 5456, 44, 2032, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13488, 548, 516}, + //offsets for: /mariadb/5.5.66/bin/mysqld (5.5.66-MariaDB) + {"5.5.66-MariaDB","fd2c0a1cd70e42a45e76307a6cfb6ad3", 7276, 7312, 3460, 4468, 44, 1884, 4, 0, 8, 12, 84, 7372, 4400, 0, 0, 0, 340, 0, 0, 7176, 7200, 7184, 7236, 548, 516}, + //offsets for: /mariadb/10.1.47/bin/mysqld (10.1.47-MariaDB) + {"10.1.47-MariaDB","1875f21a9783cb50bb9214e1ba15bad4", 8516, 8552, 3860, 5320, 44, 1928, 4, 0, 8, 12, 84, 8624, 5188, 2604, 2608, 2612, 356, 0, 0, 8040, 8064, 8048, 13152, 548, 516}, + //offsets for: /mariadb/10.2.34/bin/mysqld (10.2.34-MariaDB) + {"10.2.34-MariaDB","229474e5966945b70e0f795ceb37d4be", 8616, 8652, 3964, 5432, 44, 2032, 4, 0, 8, 12, 84, 8736, 5292, 2604, 2608, 2612, 376, 0, 0, 8140, 8164, 8148, 13468, 548, 516}, + //offsets for: /mariadb/10.2.30/bin/mysqld (10.2.30-MariaDB) + {"10.2.30-MariaDB","c8fdfa05e5262a42f630b879cb0208f7", 8640, 8676, 3988, 5456, 44, 2032, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13488, 548, 516}, + //offsets for: /mariadb/10.2.33/bin/mysqld (10.2.33-MariaDB) + {"10.2.33-MariaDB","09da575acaea44eb61ecb03900d370ec", 8616, 8652, 3964, 5432, 44, 2032, 4, 0, 8, 12, 84, 8736, 5292, 2604, 2608, 2612, 376, 0, 0, 8140, 8164, 8148, 13468, 548, 516}, + //offsets for: /mariadb/10.1.46/bin/mysqld (10.1.46-MariaDB) + {"10.1.46-MariaDB","6ea657fe50fa68eff407912d75a39120", 8516, 8552, 3860, 5320, 44, 1928, 4, 0, 8, 12, 84, 8624, 5188, 2604, 2608, 2612, 356, 0, 0, 8040, 8064, 8048, 13152, 548, 516}, + //offsets for: /mariadb/10.2.32/bin/mysqld (10.2.32-MariaDB) + {"10.2.32-MariaDB","9cbcd8dfa5590ab8db7bf55f6f31f992", 8616, 8652, 3964, 5432, 44, 2028, 4, 0, 8, 12, 84, 8736, 5292, 2604, 2608, 2612, 376, 0, 0, 8140, 8164, 8148, 13460, 548, 516}, + //offsets for: /mariadb/10.1.44/bin/mysqld (10.1.44-MariaDB) + {"10.1.44-MariaDB","b5542ac9eafee566d86896be802293eb", 8540, 8576, 3884, 5344, 44, 1928, 4, 0, 8, 12, 84, 8648, 5212, 2604, 2608, 2612, 356, 0, 0, 8064, 8088, 8072, 13176, 548, 516}, + //offsets for: /mariadb/10.1.45/bin/mysqld (10.1.45-MariaDB) + {"10.1.45-MariaDB","891616e964a5ff3957022519d6496909", 8516, 8552, 3860, 5320, 44, 1928, 4, 0, 8, 12, 84, 8624, 5188, 2604, 2608, 2612, 356, 0, 0, 8040, 8064, 8048, 13152, 548, 516}, + //offsets for: /mariadb/10.2.31/bin/mysqld (10.2.31-MariaDB) + {"10.2.31-MariaDB","6ffdbfb680448d85803149d8ba5d087a", 8640, 8676, 3988, 5456, 44, 2028, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13484, 548, 516}, + //offsets for: /mariadb/5.5.67/bin/mysqld (5.5.67-MariaDB) + {"5.5.67-MariaDB","7b1a93e0e54c84dce4763862199980cb", 7276, 7312, 3460, 4468, 44, 1884, 4, 0, 8, 12, 84, 7372, 4400, 0, 0, 0, 340, 0, 0, 7176, 7200, 7184, 7236, 548, 516}, + //offsets for: /mariadb/5.5.68/bin/mysqld (5.5.68-MariaDB) + {"5.5.68-MariaDB","042bec4b00532423dd46da4ff5ce7e9e", 7276, 7312, 3460, 4468, 44, 1884, 4, 0, 8, 12, 84, 7372, 4400, 0, 0, 0, 340, 0, 0, 7176, 7200, 7184, 7236, 548, 516}, + //offsets for: /mariadb/10.1.41/bin/mysqld (10.1.41-MariaDB) + {"10.1.41-MariaDB","eb3a635b47ffd30f3a975bd678d21545", 8540, 8576, 3884, 5344, 44, 1932, 4, 0, 8, 12, 84, 8648, 5212, 2604, 2608, 2612, 356, 0, 0, 8064, 8088, 8072, 13180, 548, 516}, + //offsets for: /mariadb/10.2.26/bin/mysqld (10.2.26-MariaDB) + {"10.2.26-MariaDB","7335b29f0539c2f51da78f6665ae3ed8", 8640, 8676, 3988, 5456, 44, 2032, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13488, 548, 516}, + //offsets for: /mariadb/5.5.65/bin/mysqld (5.5.65-MariaDB) + {"5.5.65-MariaDB","af42f2c2c37a62b31c8ffab002a3c215", 7276, 7312, 3460, 4468, 44, 1884, 4, 0, 8, 12, 84, 7372, 4400, 0, 0, 0, 340, 0, 0, 7176, 7200, 7184, 7236, 548, 516}, + //offsets for: /mariadb/10.2.25/bin/mysqld (10.2.25-MariaDB) + {"10.2.25-MariaDB","fc3aa9473db8ce277daa94a9b2ea4cb9", 8640, 8676, 3988, 5456, 44, 2028, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13480, 548, 516}, + //offsets for: /mariadb/10.1.40/bin/mysqld (10.1.40-MariaDB) + {"10.1.40-MariaDB","1d75d817dd5c588765024ffa5ed0fb15", 8540, 8576, 3884, 5344, 44, 1928, 4, 0, 8, 12, 84, 8648, 5212, 2604, 2608, 2612, 356, 0, 0, 8064, 8088, 8072, 13172, 548, 516}, + //offsets for: /mariadb/10.1.39/bin/mysqld (10.1.39-MariaDB) + {"10.1.39-MariaDB","b092e8bb10ab3e3f03e9dad79cd765e0", 8540, 8576, 3884, 5344, 44, 1928, 4, 0, 8, 12, 84, 8648, 5212, 2604, 2608, 2612, 356, 0, 0, 8064, 8088, 8072, 13172, 548, 516}, + //offsets for: /mariadb/10.2.24/bin/mysqld (10.2.24-MariaDB) + {"10.2.24-MariaDB","d453d1882851ae30242639ae81ab2185", 8640, 8676, 3988, 5456, 44, 2028, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13480, 548, 516}, + //offsets for: /mariadb/10.2.23/bin/mysqld (10.2.23-MariaDB) + {"10.2.23-MariaDB","74b14e0fa8520f3143154f73ceb84c0c", 8640, 8676, 3988, 5456, 44, 2028, 4, 0, 8, 12, 84, 8760, 5316, 2604, 2608, 2612, 376, 0, 0, 8164, 8188, 8172, 13480, 548, 516}, + //offsets for: /mariadb/5.5.64/bin/mysqld (5.5.64-MariaDB) + {"5.5.64-MariaDB","3dba0232419ef10c1f342a40687f3de0", 7276, 7312, 3460, 4468, 44, 1880, 4, 0, 8, 12, 84, 7372, 4400, 0, 0, 0, 340, 0, 0, 7176, 7200, 7184, 7236, 548, 516}, //offsets for: /mariadb/10.2.22/bin/mysqld (10.2.22-MariaDB) {"10.2.22-MariaDB","97cdec65b3a1f4a9e83f4c8b6b74167a", 8632, 8668, 3980, 5448, 44, 2028, 4, 0, 8, 12, 84, 8752, 5308, 2604, 2608, 2612, 376, 0, 0, 8156, 8180, 8164, 13480, 548, 516}, //offsets for: /mariadb/10.1.38/bin/mysqld (10.1.38-MariaDB) diff --git a/src/audit_plugin.cc b/src/audit_plugin.cc index 8bff272..44ca3e5 100644 --- a/src/audit_plugin.cc +++ b/src/audit_plugin.cc @@ -11,7 +11,6 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - #include "mysql_inc.h" #include "hot_patch.h" #include @@ -47,14 +46,14 @@ static Audit_socket_handler json_socket_handler; static Audit_json_formatter json_formatter; // flags to hold if audit handlers are enabled -static my_bool json_file_handler_enable = FALSE; -static my_bool force_record_logins_enable = FALSE; -static my_bool json_file_handler_flush = FALSE; -static my_bool json_socket_handler_enable = FALSE; -static my_bool uninstall_plugin_enable = FALSE; -static my_bool validate_checksum_enable = FALSE; -static my_bool offsets_by_version_enable = FALSE; -static my_bool validate_offsets_extended_enable = FALSE; +static my_bool json_file_handler_enable; +static my_bool force_record_logins_enable; +static my_bool json_file_handler_flush; +static my_bool json_socket_handler_enable; +static my_bool uninstall_plugin_enable; +static my_bool validate_checksum_enable; +static my_bool offsets_by_version_enable; +static my_bool validate_offsets_extended_enable; static char *offsets_string = NULL; static char *checksum_string = NULL; static int delay_ms_val = 0; @@ -129,12 +128,15 @@ static char json_socket_name_buff[1024] = {0}; */ static int (*trampoline_mysql_execute_command)(THD *thd) = NULL; static unsigned int trampoline_mysql_execute_size = 0; +SavedCode trampoline_mysql_execute_saved_code; #if MYSQL_VERSION_ID < 50600 static void (*trampoline_log_slow_statement)(THD *thd) = NULL; static unsigned int trampoline_log_slow_statement_size = 0; +SavedCode trampoline_log_slow_statement_saved_code; static bool (*trampoline_acl_authenticate)(THD *thd, uint connect_errors, uint com_change_user_pkt_len) = NULL; static unsigned int trampoline_acl_authenticate_size = 0; +SavedCode trampoline_acl_authenticate_saved_code; #endif static MYSQL_THDVAR_ULONG(is_thd_printed_list, @@ -245,7 +247,7 @@ static void initializePeerCredentials(THD *pThd) peer = (PeerInfo *) THDVAR(pThd, peer_info); if (peer != NULL) { - memset(peer, 0, sizeof(PeerInfo)); + *peer = PeerInfo(); } #endif @@ -365,10 +367,10 @@ static void initializePeerCredentials(THD *pThd) } // set that we have a UDS, so that THD vars will be used - THDVAR(pThd, peer_is_uds) = TRUE; + THDVAR(pThd, peer_is_uds) = true; done: - THDVAR(pThd, set_peer_cred) = TRUE; + THDVAR(pThd, set_peer_cred) = true; } PeerInfo *retrieve_peerinfo(THD *thd) @@ -575,11 +577,15 @@ static void audit(ThdSesData *pThdData) #if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 50709 static int (*trampoline_send_result_to_client)(Query_cache *pthis, THD *thd, char *sql, uint query_length) = NULL; -#else +#elif MYSQL_VERSION_ID < 80000 static int (*trampoline_send_result_to_client)(Query_cache *pthis, THD *thd, const LEX_CSTRING& sql_query) = NULL; #endif -#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 + +#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID == 100224 +static bool (*trampoline_open_tables)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, + Sroutine_hash_entry **sroutine_to_open, uint flags, Prelocking_strategy *prelocking_strategy) = NULL; +#elif defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 static bool (*trampoline_open_tables)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, uint flags, Prelocking_strategy *prelocking_strategy) = NULL; #elif MYSQL_VERSION_ID > 50505 @@ -590,10 +596,12 @@ static int (*trampoline_open_tables)(THD *thd, TABLE_LIST **start, uint *counter #endif +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 QueryTableInf *Audit_formatter::getQueryCacheTableList1(THD *thd) { return (QueryTableInf*) THDVAR(thd, query_cache_table_list); } +#endif static bool (*trampoline_check_table_access)(THD *thd, ulong want_access,TABLE_LIST *tables, bool any_combination_of_privileges_will_do, @@ -635,7 +643,9 @@ static bool audit_check_table_access(THD *thd, ulong want_access,TABLE_LIST *tab } static unsigned int trampoline_check_table_access_size = 0; +SavedCode trampoline_check_table_access_saved_code; +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 #if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 50709 static int audit_send_result_to_client(Query_cache *pthis, THD *thd, char *sql, uint query_length) #else @@ -667,8 +677,16 @@ static int audit_send_result_to_client(Query_cache *pthis, THD *thd, const LEX_ } static unsigned int trampoline_send_result_to_client_size = 0; +SavedCode trampoline_send_result_to_client_saved_code; +#endif // defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 -#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 +#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID == 100224 +static bool audit_open_tables(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, + Sroutine_hash_entry **sroutine_to_open, uint flags, Prelocking_strategy *prelocking_strategy) +{ + bool res; + res = trampoline_open_tables (thd, options, start, counter, sroutine_to_open, flags, prelocking_strategy); +#elif defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 static bool audit_open_tables(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, uint flags, Prelocking_strategy *prelocking_strategy) { @@ -699,6 +717,7 @@ static int audit_open_tables(THD *thd, TABLE_LIST **start, uint *counter, uint f } static unsigned int trampoline_open_tables_size = 0; +SavedCode trampoline_open_tables_saved_code; // called by log_slow_statement and general audit event caught by audit interface static void audit_post_execute(THD * thd) @@ -833,13 +852,16 @@ static struct st_mysql_audit audit_plugin = #endif // some extern definitions which are not in include files +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 extern void log_slow_statement(THD *thd); +#endif extern int mysql_execute_command(THD *thd); #if defined(MARIADB_BASE_VERSION) extern void end_connection(THD *thd); static int (*trampoline_end_connection)(THD *thd) = NULL; static unsigned int trampoline_end_connection_size = 0; +SavedCode trampoline_end_connection_saved_code; #endif void remove_hot_functions() @@ -849,15 +871,21 @@ void remove_hot_functions() #if MYSQL_VERSION_ID < 50600 target_function = (void *) log_slow_statement; remove_hot_patch_function(target_function, - (void*) trampoline_log_slow_statement, trampoline_log_slow_statement_size, true); + (void*) trampoline_log_slow_statement, trampoline_log_slow_statement_size, true, &trampoline_log_slow_statement_saved_code); trampoline_log_slow_statement_size = 0; + trampoline_log_slow_statement_saved_code.size = 0; target_function = (void *) acl_authenticate; remove_hot_patch_function(target_function, - (void*) trampoline_acl_authenticate, trampoline_acl_authenticate_size, true); + (void*) trampoline_acl_authenticate, trampoline_acl_authenticate_size, true, &trampoline_acl_authenticate_saved_code); trampoline_acl_authenticate_size = 0; + trampoline_acl_authenticate_saved_code.size = 0; #endif -#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 + +#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID == 100224 + target_function = (void *)*(bool (*)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, + Sroutine_hash_entry **sroutine_to_open, uint flags, Prelocking_strategy *prelocking_strategy)) &open_tables; +#elif defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 target_function = (void *)*(bool (*)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, uint flags, Prelocking_strategy *prelocking_strategy)) &open_tables; #elif MYSQL_VERSION_ID > 50505 @@ -867,9 +895,11 @@ void remove_hot_functions() target_function = (void *)*(int (*)(THD *thd, TABLE_LIST **start, uint *counter, uint flags)) &open_tables; #endif remove_hot_patch_function(target_function, - (void*) trampoline_open_tables, trampoline_open_tables_size, true); + (void*) trampoline_open_tables, trampoline_open_tables_size, true, &trampoline_open_tables_saved_code); trampoline_open_tables_size = 0; + trampoline_open_tables_saved_code.size = 0; +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 #if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 50709 int (Query_cache::*pf_send_result_to_client)(THD *,char *, uint) = &Query_cache::send_result_to_client; #else @@ -877,13 +907,16 @@ void remove_hot_functions() #endif target_function = *(void **) &pf_send_result_to_client; remove_hot_patch_function(target_function, - (void*) trampoline_send_result_to_client, trampoline_send_result_to_client_size, true); + (void*) trampoline_send_result_to_client, trampoline_send_result_to_client_size, true, &trampoline_send_result_to_client_saved_code); trampoline_send_result_to_client_size = 0; + trampoline_send_result_to_client_saved_code.size = 0; +#endif remove_hot_patch_function((void*) check_table_access, (void*) trampoline_check_table_access, - trampoline_check_table_access_size, true); + trampoline_check_table_access_size, true, &trampoline_check_table_access_saved_code); trampoline_check_table_access_size=0; + trampoline_check_table_access_saved_code.size = 0; #if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 50709 target_function = (void*) mysql_execute_command; @@ -896,14 +929,16 @@ void remove_hot_functions() target_function = (void*) end_connection; remove_hot_patch_function(target_function, (void*) trampoline_end_connection, - trampoline_end_connection_size, true); + trampoline_end_connection_size, true, &trampoline_end_connection_saved_code); trampoline_end_connection_size = 0; + trampoline_end_connection_saved_code.size = 0; #endif remove_hot_patch_function(target_function, (void*) trampoline_mysql_execute_command, - trampoline_mysql_execute_size, true); + trampoline_mysql_execute_size, true, &trampoline_mysql_execute_saved_code); trampoline_mysql_execute_size = 0; + trampoline_mysql_execute_saved_code.size = 0; } int is_remove_patches(ThdSesData *pThdData) @@ -1083,10 +1118,10 @@ static void audit_end_connection(THD *thd) static bool parse_thd_offsets_string (char *poffsets_string) { - char offset_str[2048] = {0}; + char offset_str[2049] = {0}; char *poffset_str = offset_str; - strncpy(poffset_str,poffsets_string,array_elements(offset_str)); + strncpy(poffset_str,poffsets_string,array_elements(offset_str)-1); char *comma_delimiter = strchr(poffset_str, ','); size_t i = 0; @@ -1197,9 +1232,16 @@ static bool validate_offsets(const ThdOffsets *offset) (*(const char **) (((unsigned char *) sctx) + offset->sec_ctx_user)) = user_test_val; } +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 80000 + PSI_mutex_key key_LOCK_thd_query_validate=99999; + mysql_mutex_init(key_LOCK_thd_query_validate, &thd->LOCK_thd_query, MY_MUTEX_INIT_FAST); +#endif char buffer[2048] = {0}; thd_security_context(thd, buffer, 2048, 1000); +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 80000 + mysql_mutex_destroy(&thd->LOCK_thd_query); +#endif // verfiy our buffer contains query id if (strstr(buffer, " 789") == NULL || strstr(buffer, user_test_val) == NULL) { @@ -1739,7 +1781,7 @@ static void *trampoline_mem_free = NULL; * Utility method for hot patching */ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_size, - void* target_function, void* audit_function, const char * func_name) + void* target_function, void* audit_function, const char * func_name, SavedCode* saved_code) { // 16 byte align the pointer DATATYPE_ADDRESS addrs = (DATATYPE_ADDRESS)trampoline_mem_free + 15; @@ -1748,7 +1790,7 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si // hot patch functions unsigned int used_size; int res = hot_patch_function(target_function, audit_function, - *trampoline_func_pp, trampoline_size, &used_size, true); + *trampoline_func_pp, trampoline_size, &used_size, true, saved_code); if (res != 0) { // hot patch failed. @@ -1764,7 +1806,7 @@ static int do_hot_patch(void ** trampoline_func_pp, unsigned int * trampoline_si } #define DECLARE_STRING_ARR_UPDATE_FUNC(NAME) \ -static void NAME ## _string_update(THD *thd, struct st_mysql_sys_var *var, void *tgt, const void *save)\ +static void NAME ## _string_update(THD *thd, SYS_VAR *var, void *tgt, const void *save)\ {\ num_ ## NAME = string_to_array(save, NAME ## _array, array_elements( NAME ## _array), sizeof( NAME ## _array[0]));\ /* handle "set global audit_xxx = null;" */ \ @@ -1788,7 +1830,7 @@ DECLARE_STRING_ARR_UPDATE_FUNC(password_masking_cmds) DECLARE_STRING_ARR_UPDATE_FUNC(whitelist_users) DECLARE_STRING_ARR_UPDATE_FUNC(record_objs) -static void password_masking_regex_string_update(THD *thd, struct st_mysql_sys_var *var, void *tgt, const void *save) +static void password_masking_regex_string_update(THD *thd, SYS_VAR *var, void *tgt, const void *save) { const char *str_val = ""; char *const* save_p = static_cast(save); @@ -1846,7 +1888,7 @@ static void replace_char(char *str, const char tofind, const char rplc) } } -static void json_socket_name_update(THD *thd, struct st_mysql_sys_var *var, void *tgt, const void *save) +static void json_socket_name_update(THD *thd, SYS_VAR *var, void *tgt, const void *save) { const char *str_val = NULL; char *const* save_p = static_cast(save); @@ -1917,7 +1959,7 @@ static void json_socket_name_update(THD *thd, struct st_mysql_sys_var *var, void } // check that the regex compiles. Return 0 on success. -static int password_masking_regex_check(THD *thd, struct st_mysql_sys_var *var, void *save, st_mysql_value *value) +static int password_masking_regex_check(THD *thd, SYS_VAR *var, void *save, st_mysql_value *value) { int length = array_elements(password_masking_regex_check_buff); const char *str = value->val_str(value, password_masking_regex_check_buff, &length); @@ -1937,7 +1979,7 @@ static int password_masking_regex_check(THD *thd, struct st_mysql_sys_var *var, } // extended method to set also record_empty_objs_set -static void record_objs_string_update_extended(THD *thd, struct st_mysql_sys_var *var, void *tgt, const void *save) +static void record_objs_string_update_extended(THD *thd, SYS_VAR *var, void *tgt, const void *save) { record_objs_string_update(thd, var, tgt, save); if (num_record_objs > 0) // check if to record also the empty set of objects @@ -1962,10 +2004,24 @@ static void record_objs_string_update_extended(THD *thd, struct st_mysql_sys_var * 0 success * 1 failure */ + +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID > 80000 +bool (*compat::_vio_socket_connect)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, int timeout); +bool (*compat::_vio_socket_connect_80016)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, bool nonblocking, int timeout); +bool (*compat::_vio_socket_connect_80020)(MYSQL_VIO vio, struct sockaddr *addr, socklen_t len, bool nonblocking, int timeout, bool *connect_done); +#endif static int audit_plugin_init(void *p) { DBUG_ENTER("audit_plugin_init"); +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID > 80000 + const bool compat_init_ok = compat::init(); + if (!compat_init_ok) + { + sql_print_error("%s unable to init compatibility layer. Aborting.", log_prefix); + DBUG_RETURN(1); + } +#endif #ifdef __x86_64__ const char * arch = "64bit"; @@ -2080,7 +2136,7 @@ static int audit_plugin_init(void *p) trampoline_mem = NULL; #ifdef __x86_64__ - size_t func_in_mysqld = (size_t)log_slow_statement; + size_t func_in_mysqld = (size_t)check_table_access; size_t func_in_plugin = (size_t)trampoline_dummy_func_for_mem; if (func_in_mysqld < INT_MAX && func_in_plugin > INT_MAX) { @@ -2141,14 +2197,14 @@ static int audit_plugin_init(void *p) #endif if (do_hot_patch((void **)&trampoline_mysql_execute_command, &trampoline_mysql_execute_size, - target_function, (void *)audit_mysql_execute_command, "mysql_execute_command")) + target_function, (void *)audit_mysql_execute_command, "mysql_execute_command", &trampoline_mysql_execute_saved_code)) { DBUG_RETURN(1); } #if MYSQL_VERSION_ID < 50600 if (do_hot_patch((void **)&trampoline_log_slow_statement, &trampoline_log_slow_statement_size, - (void *)log_slow_statement, (void *)audit_log_slow_statement, "log_slow_statement")) + (void *)log_slow_statement, (void *)audit_log_slow_statement, "log_slow_statement", &trampoline_log_slow_statement_saved_code)) { sql_print_error("%s Failed hot patch. Continuing as non-critical.", log_prefix); @@ -2156,13 +2212,14 @@ static int audit_plugin_init(void *p) } if (do_hot_patch((void **)&trampoline_acl_authenticate, &trampoline_acl_authenticate_size, - (void *)acl_authenticate, (void *)audit_acl_authenticate, "acl_authenticate")) + (void *)acl_authenticate, (void *)audit_acl_authenticate, "acl_authenticate", &trampoline_acl_authenticate_saved_code)) { DBUG_RETURN(1); } #endif +#if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 80000 #if defined(MARIADB_BASE_VERSION) || MYSQL_VERSION_ID < 50709 int (Query_cache::*pf_send_result_to_client)(THD *,char *, uint) = &Query_cache::send_result_to_client; #else @@ -2170,18 +2227,22 @@ static int audit_plugin_init(void *p) #endif target_function = *(void **) &pf_send_result_to_client; if (do_hot_patch((void **)&trampoline_send_result_to_client, &trampoline_send_result_to_client_size, - (void *)target_function, (void *)audit_send_result_to_client, "send_result_to_client")) + (void *)target_function, (void *)audit_send_result_to_client, "send_result_to_client", &trampoline_send_result_to_client_saved_code)) { DBUG_RETURN(1); } +#endif if (do_hot_patch((void **)&trampoline_check_table_access, &trampoline_check_table_access_size, - (void *)check_table_access, (void *)audit_check_table_access, "check_table_access")) + (void *)check_table_access, (void *)audit_check_table_access, "check_table_access", &trampoline_check_table_access_saved_code)) { DBUG_RETURN(1); } -#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 +#if defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID == 100224 + target_function = (void *)*(bool (*)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, + Sroutine_hash_entry **sroutine_to_open, uint flags, Prelocking_strategy *prelocking_strategy)) &open_tables; +#elif defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 100108 target_function = (void *)*(bool (*)(THD *thd, const DDL_options_st &options, TABLE_LIST **start, uint *counter, uint flags, Prelocking_strategy *prelocking_strategy)) &open_tables; #elif MYSQL_VERSION_ID > 50505 @@ -2191,7 +2252,7 @@ static int audit_plugin_init(void *p) target_function = (void *)*(int (*)(THD *thd, TABLE_LIST **start, uint *counter, uint flags)) &open_tables; #endif if (do_hot_patch((void **)&trampoline_open_tables, &trampoline_open_tables_size, - (void *)target_function, (void *)audit_open_tables, "open_tables")) + (void *)target_function, (void *)audit_open_tables, "open_tables", &trampoline_open_tables_saved_code)) { DBUG_RETURN(1); } @@ -2199,7 +2260,7 @@ static int audit_plugin_init(void *p) #if defined(MARIADB_BASE_VERSION) target_function = (void*) end_connection; if (do_hot_patch((void **)&trampoline_end_connection, &trampoline_end_connection_size, - (void *)target_function, (void *)audit_end_connection, "end_connection")) + (void *)target_function, (void *)audit_end_connection, "end_connection", &trampoline_end_connection_saved_code)) { DBUG_RETURN(1); } @@ -2239,7 +2300,7 @@ static int audit_plugin_deinit(void *p) Plugin status variables for SHOW STATUS */ -static struct st_mysql_show_var audit_status[] = +static SHOW_VAR audit_status[] = { { "Audit_version", (char *) MYSQL_AUDIT_PLUGIN_VERSION "-" MYSQL_AUDIT_PLUGIN_REVISION, @@ -2260,32 +2321,32 @@ static struct st_mysql_show_var audit_status[] = -static void json_log_file_enable(THD *thd, struct st_mysql_sys_var *var, +static void json_log_file_enable(THD *thd, SYS_VAR *var, void *tgt, const void *save) { - json_file_handler_enable = *(my_bool *) save ? TRUE : FALSE; + json_file_handler_enable = *(my_bool *) save ? true : false; if (json_file_handler.is_init()) { json_file_handler.set_enable(json_file_handler_enable); } } -static void json_log_file_flush(THD *thd, struct st_mysql_sys_var *var, +static void json_log_file_flush(THD *thd, SYS_VAR *var, void *tgt, const void *save) { // always set to false. as we just flush if set to true and leave at 0 - json_file_handler_flush = FALSE; - my_bool val = *(my_bool *) save ? TRUE : FALSE; + json_file_handler_flush = false; + my_bool val = *(my_bool *) save ? true : false; if (val && json_file_handler.is_init()) { json_file_handler.flush(); } } -static void json_log_socket_enable(THD *thd, struct st_mysql_sys_var *var, +static void json_log_socket_enable(THD *thd, SYS_VAR *var, void *tgt, const void *save) { - json_socket_handler_enable = *(my_bool *) save ? TRUE : FALSE; + json_socket_handler_enable = *(my_bool *) save ? true : false; if (json_socket_handler.is_init()) { json_socket_handler.set_enable(json_socket_handler_enable); @@ -2456,7 +2517,7 @@ static MYSQL_SYSVAR_ENUM(before_after, before_after_mode, /* * Plugin system vars */ -static struct st_mysql_sys_var* audit_system_variables[] = +static SYS_VAR* audit_system_variables[] = { #ifdef HAVE_SESS_CONNECT_ATTRS MYSQL_SYSVAR(sess_connect_attrs), @@ -2508,12 +2569,18 @@ mysql_declare_plugin(audit_plugin) "McAfee Inc", "AUDIT plugin, creates a file mysql-audit.log to log activity", PLUGIN_LICENSE_GPL, - audit_plugin_init, /* Plugin Init */ - audit_plugin_deinit, /* Plugin Deinit */ - 0x0100 /* 1.0 */, - audit_status, /* status variables */ + audit_plugin_init, /* Plugin Init */ +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 80000 + nullptr, /* check uninstall function */ +#endif + audit_plugin_deinit, /* Plugin Deinit */ + 0x0100 /* 1.0 */, + audit_status, /* status variables */ audit_system_variables, /* system variables */ - NULL /* config options */ + NULL, /* config options */ +#if MYSQL_VERSION_ID >= 50516 + 0 /* flags for plugin */ +#endif } mysql_declare_plugin_end; diff --git a/src/hot_patch.cc b/src/hot_patch.cc index e03c2ff..5f9eee2 100644 --- a/src/hot_patch.cc +++ b/src/hot_patch.cc @@ -228,7 +228,7 @@ static void WriteJump32(void *pAddress, ULONG_PTR JumpTo) // Hooks a function // static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG_PTR trampolineFunction, - unsigned int *trampolinesize, unsigned int *usedsize) + unsigned int *trampolinesize, unsigned int *usedsize, SavedCode* saved_code) { #define MAX_INSTRUCTIONS 100 uint8_t raw[MAX_INSTRUCTIONS]; @@ -293,6 +293,9 @@ static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG_ ud_obj.operand[0].type == UD_OP_JIMM) { bool cannot_disassemble = true; + sql_print_information("ud_obj.mnemonic == UD_Ijmp: %d", ud_obj.mnemonic == UD_Ijmp); + sql_print_information("ud_obj.mnemonic == UD_Icall: %d", ud_obj.mnemonic == UD_Icall); + sql_print_information("ud_obj.operand[0].type == UD_OP_JIMM: %d", ud_obj.operand[0].type == UD_OP_JIMM); #ifdef __i386__ const BYTE *pc = (const BYTE *)targetFunction + InstrSize; @@ -324,7 +327,59 @@ static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG_ cannot_disassemble = false; } } + sql_print_error("in __i386__"); +#else + // If there is a relative jump or call in the to be overwritten chunk, + // construct an absolute jump/call in the trampoline. +#ifdef __x86_64__ + sql_print_information("__x86_64__"); +#endif + if (ud_obj.operand[0].type == UD_OP_JIMM && (ud_obj.mnemonic == UD_Ijmp || ud_obj.mnemonic == UD_Icall)) { + // jump or call + size_t rewrite_size = 0; + switch (ud_obj.mnemonic) { + case UD_Ijmp: + sql_print_information("rewriting relative jump as absolute"); + memcpy((void*)(trampolineFunction + uCurrentSize), "\xff\x25\x00\x00\x00\x00", 6); // jmpq *0x0(%rip) + rewrite_size = 6; + break; + case UD_Icall: + sql_print_information("rewriting relative call as absolute"); + memcpy((void*)(trampolineFunction + uCurrentSize), "\xff\x15\x02\x00\x00\x00", 6); // callq *0x2(%rip) -- call the function via the address stored at RIP+2 + memcpy((void*)(trampolineFunction + uCurrentSize + 6), "\xeb\x08", 2); // jmp 0x08 -- jump over the function address (8 bytes forward) + rewrite_size = 8; + break; + default: + break; + } + + // calculate the jump target from the instruction pointer and the immediate operand + unsigned long jump_target = ud_obj.pc; + switch (ud_obj.operand[0].size) { + case 8: + jump_target += ud_obj.operand[0].lval.sbyte; + break; + case 16: + jump_target += ud_obj.operand[0].lval.sword; + break; + case 32: + jump_target += ud_obj.operand[0].lval.sdword; + break; + } + memcpy((void*)(trampolineFunction + uCurrentSize + rewrite_size), &jump_target, 8); + rewrite_size += 8; + + // update the indexes + uCurrentSize += rewrite_size; + InstrSize += ud_insn_len (&ud_obj); + + // clear the flag + cannot_disassemble = false; + + sql_print_information("target address: [0x%016lx]", jump_target); + sql_print_information("original instruction: [%s]", ud_insn_asm(&ud_obj)); + } #endif if (cannot_disassemble) { @@ -381,8 +436,17 @@ static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG_ return false; } - WriteJump((BYTE*)trampolineFunction + uCurrentSize, targetFunction + InstrSize); + // Save the original code that is going to be overwitten by the jump. + // The code in the trampoline can be larger due to rewriting of RIP + // relative instructions and unsuitable for writting back on unhook. + memcpy(saved_code->code, (void*)targetFunction, InstrSize); + saved_code->size = InstrSize; + + // jump from trampoline back to continue the original function + WriteJump((BYTE*)trampolineFunction + uCurrentSize, targetFunction + InstrSize); *usedsize = uCurrentSize + JUMP_SIZE; + + // jump from the begin of the original function to our function #ifndef __x86_64__ WriteJump((void *) targetFunction, newFunction); #else @@ -411,7 +475,7 @@ static bool HookFunction(ULONG_PTR targetFunction, ULONG_PTR newFunction, ULONG_ // -static void UnhookFunction(ULONG_PTR Function, ULONG_PTR trampolineFunction, unsigned int trampolinesize) +static void UnhookFunction(ULONG_PTR Function, ULONG_PTR trampolineFunction, unsigned int trampolinesize, SavedCode* saved_code) { DATATYPE_ADDRESS FunctionPage = get_page_address((void*)Function); if (unprotect((void*)FunctionPage, PAGE_SIZE) != 0) @@ -421,7 +485,7 @@ static void UnhookFunction(ULONG_PTR Function, ULONG_PTR trampolineFunction, uns log_prefix, (void *) FunctionPage); return; } - memcpy((void *) Function, (void*)trampolineFunction,trampolinesize); + memcpy((void *) Function, saved_code->code, saved_code->size); protect((void*)FunctionPage, PAGE_SIZE); } @@ -442,12 +506,12 @@ static void UnhookFunction(ULONG_PTR Function, ULONG_PTR trampolineFunction, uns * @Return 0 on success otherwise failure * @See MS Detours paper: http:// research.microsoft.com/pubs/68568/huntusenixnt99.pdf for some background info. */ -int hot_patch_function(void *targetFunction, void *newFunction, void *trampolineFunction, unsigned int *trampolinesize, unsigned int *usedsize, bool info_print) +int hot_patch_function(void *targetFunction, void *newFunction, void *trampolineFunction, unsigned int *trampolinesize, unsigned int *usedsize, bool info_print, SavedCode* saved_code) { DATATYPE_ADDRESS trampolinePage = get_page_address(trampolineFunction); cond_info_print(info_print, "%s hot patching function: %p, trampolineFunction: %p trampolinePage: %p",log_prefix, (void *)targetFunction, (void *)trampolineFunction, (void *)trampolinePage); if (HookFunction((ULONG_PTR) targetFunction, (ULONG_PTR) newFunction, - (ULONG_PTR) trampolineFunction, trampolinesize, usedsize)) + (ULONG_PTR) trampolineFunction, trampolinesize, usedsize, saved_code)) { return 0; } @@ -466,15 +530,18 @@ int hot_patch_function(void *targetFunction, void *newFunction, void *trampoline * @param trampolineFunction a function which contains a jump back to the targetFunction. * @param log_file if not null will log about progress of installing the plugin */ -void remove_hot_patch_function(void *targetFunction, void *trampolineFunction, unsigned int trampolinesize, bool info_print) +void remove_hot_patch_function(void *targetFunction, void *trampolineFunction, unsigned int trampolinesize, bool info_print, SavedCode* saved_code) { - if (trampolinesize == 0) + sql_print_information("trampolinesize: %d", trampolinesize); + sql_print_information("saved_code->size: %zd", saved_code->size); + if (trampolinesize == 0 || !saved_code->size) { // nothing todo. As hot patch was not set. - return; + cond_info_print(info_print, "%s not removing as hot patch was not set: %p",log_prefix, (void *)targetFunction); + return; } DATATYPE_ADDRESS targetPage = get_page_address(targetFunction); cond_info_print(info_print, "%s removing hot patching function: %p targetPage: %p trampolineFunction: %p",log_prefix, (void *)targetFunction, (void *)targetPage, (void *)trampolineFunction); - UnhookFunction ((ULONG_PTR) targetFunction, (ULONG_PTR)trampolineFunction,trampolinesize); + UnhookFunction ((ULONG_PTR) targetFunction, (ULONG_PTR)trampolineFunction,trampolinesize, saved_code); return; } diff --git a/udis86/libudis86/Makefile.am b/udis86/libudis86/Makefile.am index c5f37d2..5cce407 100644 --- a/udis86/libudis86/Makefile.am +++ b/udis86/libudis86/Makefile.am @@ -22,3 +22,6 @@ libudis86_la_SOURCES = itab.c \ itab.c itab.h: ../docs/x86optable.xml opgen.py python ./opgen.py + +# generate the generated sources prior to the compilation +BUILT_SOURCES = itab.c itab.h