MDEV-12182 Add Client TCP Port Number to MySQL Audit Plugin Logs

In environments with load balancers or proxies, the audit plugin logs
only the IP address, making it difficult to differentiate individual client
connections from the same IP.

Add a new 'port' field to the appropriate event objects to capture the
client's TCP port number. Populate the port field with thd->port  in the
appropriate functions. The audit plugin receives and logs this port field
along  with  other connection information, enabling better identification
of individual client connections.

All new code of the whole pull request, including one or several files that
are either new files or modified ones, are contributed under the BSD-new license.
I am contributing on behalf of my employer Amazon Web Services, Inc.

plugin/server_audit/server_audit.c

@@ -16,7 +16,7 @@
 
 
 #define PLUGIN_VERSION 0x104
-#define PLUGIN_STR_VERSION "1.4.14"
+#define PLUGIN_STR_VERSION "1.5.14"
 
 #define _my_thread_var loc_thread_var
 
@@ -336,6 +336,7 @@ struct connection_info
   char query_buffer[1024];
   time_t query_time;
   int log_always;
+  unsigned int port;
   char proxy[USERNAME_CHAR_LENGTH+1];
   int proxy_length;
   char proxy_host[HOSTNAME_LENGTH+1];
@@ -1199,6 +1200,7 @@ static void setup_connection_simple(struct connection_info *ci)
   ci->query_length= 0;
   ci->header= 0;
   ci->proxy_length= 0;
+  ci->port= 0;
 }
 
 
@@ -1445,16 +1447,22 @@ static size_t log_header(char *message, size_t message_len,
                       const char *username, unsigned int username_len,
                       const char *host, unsigned int host_len,
                       const char *userip, unsigned int userip_len,
-                      unsigned int connection_id, long long query_id,
-                      const char *operation)
+                      unsigned int connection_id, unsigned int port,
+                      long long query_id, const char *operation)
 {
   struct tm tm_time;
-
+  char port_str[16];
   if (host_len == 0 && userip_len != 0)
   {
     host_len= userip_len;
     host= userip;
   }
+  if (port == 0) {
+    strncpy(port_str, "unavailable", sizeof(port_str) - 1);
+    port_str[sizeof(port_str) - 1] = '\0'; 
+  } else {
+    my_snprintf(port_str, sizeof(port_str), "%u", port);
+  }
 
   /*
     That was added to find the possible cause of the MENT-1438.
@@ -1468,20 +1476,20 @@ static size_t log_header(char *message, size_t message_len,
 
   if (output_type == OUTPUT_SYSLOG)
     return my_snprintf(message, message_len,
-        "%.*s,%.*s,%.*s,%d,%lld,%s",
+        "%.*s,%.*s,%.*s:%s,%d,%lld,%s",
         (int) serverhost_len, serverhost,
         username_len, username,
-        host_len, host,
+        host_len, host, port_str,
         connection_id, query_id, operation);
 
   (void) localtime_r(ts, &tm_time);
   return my_snprintf(message, message_len,
-      "%04d%02d%02d %02d:%02d:%02d,%.*s,%.*s,%.*s,%d,%lld,%s",
+      "%04d%02d%02d %02d:%02d:%02d,%.*s,%.*s,%.*s:%s,%d,%lld,%s",
       tm_time.tm_year+1900, tm_time.tm_mon+1, tm_time.tm_mday,
       tm_time.tm_hour, tm_time.tm_min, tm_time.tm_sec,
       (int) serverhost_len, serverhost,
       username_len, username,
-      host_len, host,
+      host_len, host, port_str,
       connection_id, query_id, operation);
 }
 
@@ -1511,7 +1519,8 @@ static int log_proxy(const struct connection_info *cn,
                     cn->user, cn->user_length,
                     cn->host, cn->host_length,
                     cn->ip, cn->ip_length,
-                    event->thread_id, 0, "PROXY_CONNECT");
+                    event->thread_id, event->port,
+                    0, "PROXY_CONNECT");
   csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
     ",%.*s,`%.*s`@`%.*s`,%d", cn->db_length, cn->db,
                      cn->proxy_length, cn->proxy,
@@ -1538,7 +1547,7 @@ static int log_connection(const struct connection_info *cn,
                     cn->user, cn->user_length,
                     cn->host, cn->host_length,
                     cn->ip, cn->ip_length,
-                    event->thread_id, 0, type);
+                    event->thread_id, event->port, 0, type);
 
   obj_len= create_tls_obj(event, tls_obj, sizeof(tls_obj));
   csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
@@ -1564,7 +1573,7 @@ static int log_connection_event(const struct mysql_event_connection *event,
                     event->user, event->user_length,
                     event->host, event->host_length,
                     event->ip, event->ip_length,
-                    event->thread_id, 0, type);
+                    event->thread_id, event->port, 0, type);
   obj_len= create_tls_obj(event, tls_obj, sizeof(tls_obj));
   csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
     ",%.*s,%.*s,%d", (int) event->database.length,event->database.str,
@@ -1953,7 +1962,7 @@ do_log_query:
   csize= log_header(message, message_size-1, &ev_time,
                     servhost, servhost_len,
                     cn->user, cn->user_length,cn->host, cn->host_length,
-                    cn->ip, cn->ip_length, thd_id, query_id, type);
+                    cn->ip, cn->ip_length, thd_id, cn->port, query_id, type);
 
   csize+= my_snprintf(message+csize, message_size - 1 - csize,
       ",%.*s,\'", db_length, db);
@@ -2039,13 +2048,15 @@ static int log_table(const struct connection_info *cn,
   char message[1024];
   time_t ctime;
 
+
+
   (void) time(&ctime);
   csize= log_header(message, sizeof(message)-1, &ctime,
                     servhost, servhost_len,
                     event->user, SAFE_STRLEN_UI(event->user),
                     event->host, SAFE_STRLEN_UI(event->host),
                     event->ip, SAFE_STRLEN_UI(event->ip),
-                    event->thread_id, cn->query_id, type);
+                    event->thread_id, event->port, cn->query_id, type);
   csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize, ",%.*s,%.*s,",
                      (int) event->database.length, event->database.str,
                      (int) event->table.length, event->table.str);
@@ -2067,7 +2078,8 @@ static int log_rename(const struct connection_info *cn,
                     event->user, SAFE_STRLEN_UI(event->user),
                     event->host, SAFE_STRLEN_UI(event->host),
                     event->ip, SAFE_STRLEN_UI(event->ip),
-                    event->thread_id, cn->query_id, "RENAME");
+                    event->thread_id, event->port, 
+                    cn->query_id, "RENAME");
   csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
                       ",%.*s,%.*s|%.*s.%.*s,",
                       (int) event->database.length, event->database.str,
@@ -2126,6 +2138,7 @@ static void update_connection_info(MYSQL_THD thd, struct connection_info *cn,
   {
     const struct mysql_event_general *event =
       (const struct mysql_event_general *) ev;
+    cn->port= event->port;
     switch (event->event_subclass) {
       case MYSQL_AUDIT_GENERAL_LOG:
       {
@@ -2209,6 +2222,7 @@ static void update_connection_info(MYSQL_THD thd, struct connection_info *cn,
   {
     const struct mysql_event_table *event =
       (const struct mysql_event_table *) ev;
+    cn->port= event->port;
     if (ci_needs_setup(cn))
       setup_connection_table(cn, event);
 
@@ -2234,6 +2248,7 @@ static void update_connection_info(MYSQL_THD thd, struct connection_info *cn,
   {
     const struct mysql_event_connection *event =
       (const struct mysql_event_connection *) ev;
+    cn->port= event->port;
     switch (event->event_subclass)
     {
       case MYSQL_AUDIT_CONNECTION_CONNECT:
@@ -2856,7 +2871,7 @@ static void log_current_query(MYSQL_THD thd)
   {
     cn->log_always= 1;
     log_statement_ex(cn, cn->query_time, thd_get_thread_id(thd),
-		     cn->query, cn->query_length, 0, "QUERY", 0);
+		cn->query, cn->query_length, 0, "QUERY", 0);
     cn->log_always= 0;
   }
 }