database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-33834 post-merge

Browse Source 
* move TLS version into the "object" column
* show that TLS version follows db name
* correctly check for have_ssl
This commit is contained in:
Sergei Golubchik
2025-03-19 21:33:46 +01:00
parent 2b464774f2
commit c1f2b5a141
4 changed files with 33 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/mysql/plugin_audit.h
View File

@@ -102,6 +102,7 @@ struct mysql_event_connection
const char *ip; const char *ip;
unsigned int ip_length; unsigned int ip_length;
MYSQL_CONST_LEX_STRING database; MYSQL_CONST_LEX_STRING database;
/* Added in version 0x303 */
const char *tls_version; const char *tls_version;
unsigned int tls_version_length; unsigned int tls_version_length;
}; };

42
mysql-test/suite/plugins/r/server_audit.result
View File

@@ -257,10 +257,11 @@ disconnect plug_con;
DROP USER plug; DROP USER plug;
DROP USER plug_dest; DROP USER plug_dest;
CREATE USER ssl_user1@localhost require SSL; CREATE USER ssl_user1@localhost require SSL;
connect conssl1,localhost,ssl_user1,,,,,SSL; GRANT ALL ON sa_db TO ssl_user1@localhost;
SHOW STATUS LIKE 'Ssl_cipher'; connect conssl1,localhost,ssl_user1,,sa_db,,,SSL;
Variable_name Value select variable_value > '' as 'have_ssl' from information_schema.session_status where variable_name='ssl_cipher';
Ssl_cipher CIPHER_NAME have_ssl
1
disconnect conssl1; disconnect conssl1;
connection default; connection default;
DROP USER ssl_user1@localhost; DROP USER ssl_user1@localhost;
@@ -326,10 +327,10 @@ TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_incl_user
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'show variables like \'server_audit_incl_users\'',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'show variables like \'server_audit_incl_users\'',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_excl_users= repeat("\'root\',", 10000)',ID TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_excl_users= repeat("\'root\',", 10000)',ID
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'show variables like \'server_audit_excl_users\'',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'show variables like \'server_audit_excl_users\'',0
TIME,HOSTNAME,root,localhost,ID,0,CONNECT,mysql,,0, TIME,HOSTNAME,root,localhost,ID,0,CONNECT,mysql,,0
TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,mysql,,0, TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,mysql,,0
TIME,HOSTNAME,no_such_user,localhost,ID,0,FAILED_CONNECT,,,ID, TIME,HOSTNAME,no_such_user,localhost,ID,0,FAILED_CONNECT,,,ID
TIME,HOSTNAME,no_such_user,localhost,ID,0,DISCONNECT,,,0, TIME,HOSTNAME,no_such_user,localhost,ID,0,DISCONNECT,,,0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_incl_users=\'odin, dva, tri\'',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_incl_users=\'odin, dva, tri\'',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_incl_users=\'odin, root, dva, tri\'',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_incl_users=\'odin, root, dva, tri\'',0
TIME,HOSTNAME,root,localhost,ID,ID,CREATE,test,t2, TIME,HOSTNAME,root,localhost,ID,ID,CREATE,test,t2,
@@ -368,7 +369,7 @@ TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'show variables like \'server_audi
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_mode=1',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_mode=1',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_events=\'\'',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_events=\'\'',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'create database sa_db',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'create database sa_db',0
TIME,HOSTNAME,root,localhost,ID,0,CONNECT,test,,0, TIME,HOSTNAME,root,localhost,ID,0,CONNECT,test,,0
TIME,HOSTNAME,root,localhost,ID,ID,CREATE,test,t1, TIME,HOSTNAME,root,localhost,ID,ID,CREATE,test,t1,
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'create table t1 (id2 int)',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'create table t1 (id2 int)',0
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,test,t1, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,test,t1,
@@ -400,7 +401,7 @@ TIME,HOSTNAME,root,localhost,ID,ID,READ,mysql,proc,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proc, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proc,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,event, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,event,
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop database sa_db',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop database sa_db',0
TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,,,0, TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,,,0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'create database sa_db',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'create database sa_db',0
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'use sa_db',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'use sa_db',0
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
@@ -486,15 +487,15 @@ TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,global_priv, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,global_priv,
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER plug_dest IDENTIFIED BY *****',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER plug_dest IDENTIFIED BY *****',0
TIME,HOSTNAME,plug,localhost,ID,0,FAILED_CONNECT,,,ID, TIME,HOSTNAME,plug,localhost,ID,0,FAILED_CONNECT,,,ID
TIME,HOSTNAME,plug,localhost,ID,0,DISCONNECT,,,0, TIME,HOSTNAME,plug,localhost,ID,0,DISCONNECT,,,0
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,global_priv, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,global_priv,
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'GRANT PROXY ON plug_dest TO plug',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'GRANT PROXY ON plug_dest TO plug',0
TIME,HOSTNAME,plug,localhost,ID,0,CONNECT,,,0, TIME,HOSTNAME,plug,localhost,ID,0,CONNECT,,,0
TIME,HOSTNAME,plug,localhost,ID,0,PROXY_CONNECT,,`plug_dest`@`%`,0, TIME,HOSTNAME,plug,localhost,ID,0,PROXY_CONNECT,,`plug_dest`@`%`,0
TIME,HOSTNAME,plug,localhost,ID,ID,QUERY,,'select USER(),CURRENT_USER()',0 TIME,HOSTNAME,plug,localhost,ID,ID,QUERY,,'select USER(),CURRENT_USER()',0
TIME,HOSTNAME,plug,localhost,ID,0,DISCONNECT,,,0, TIME,HOSTNAME,plug,localhost,ID,0,DISCONNECT,,,0
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,
@@ -519,10 +520,13 @@ TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,global_priv, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,global_priv,
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER ssl_user1@localhost require SSL',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER ssl_user1@localhost require SSL',0
TIME,HOSTNAME,ssl_user1,localhost,ID,0,CONNECT,,,0,TLS_VERSION TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
TIME,HOSTNAME,ssl_user1,localhost,ID,ID,QUERY,Access denied for user 'ssl_user1'@'localhost' to database 'test','SHOW STATUS LIKE \'Ssl_version\'',0 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,global_priv,
TIME,HOSTNAME,ssl_user1,localhost,ID,ID,QUERY,Access denied for user 'ssl_user1'@'localhost' to database 'test','SHOW STATUS LIKE \'Ssl_cipher\'',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'GRANT ALL ON sa_db TO ssl_user1@localhost',0
TIME,HOSTNAME,ssl_user1,localhost,ID,0,DISCONNECT,,,0,TLS_VERSION TIME,HOSTNAME,ssl_user1,localhost,ID,0,CONNECT,sa_db,TLS_VERSION,0
TIME,HOSTNAME,ssl_user1,localhost,ID,ID,QUERY,sa_db,'SHOW STATUS LIKE \'Ssl_version\'',0
TIME,HOSTNAME,ssl_user1,localhost,ID,ID,QUERY,sa_db,'select variable_value > \'\' as \'have_ssl\' from information_schema.session_status where variable_name=\'ssl_cipher\'',0
TIME,HOSTNAME,ssl_user1,localhost,ID,0,DISCONNECT,sa_db,TLS_VERSION,0
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,

6
mysql-test/suite/plugins/t/server_audit.test
View File

@@ -214,10 +214,10 @@ DROP USER plug;
DROP USER plug_dest; DROP USER plug_dest;
CREATE USER ssl_user1@localhost require SSL; CREATE USER ssl_user1@localhost require SSL;
connect (conssl1,localhost,ssl_user1,,,,,SSL); GRANT ALL ON sa_db TO ssl_user1@localhost;
connect (conssl1,localhost,ssl_user1,,sa_db,,,SSL);
--let $ssl_version = query_get_value(SHOW STATUS LIKE 'Ssl_version', Value, 1) --let $ssl_version = query_get_value(SHOW STATUS LIKE 'Ssl_version', Value, 1)
--replace_column 2 CIPHER_NAME select variable_value > '' as 'have_ssl' from information_schema.session_status where variable_name='ssl_cipher';
SHOW STATUS LIKE 'Ssl_cipher';
disconnect conssl1; disconnect conssl1;
connection default; connection default;
--sleep 2 --sleep 2

11
plugin/server_audit/server_audit.c
View File

@@ -1513,10 +1513,10 @@ static int log_proxy(const struct connection_info *cn,
cn->ip, cn->ip_length, cn->ip, cn->ip_length,
event->thread_id, 0, "PROXY_CONNECT"); event->thread_id, 0, "PROXY_CONNECT");
csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize, csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
",%.*s,`%.*s`@`%.*s`,%d,%.*s", cn->db_length, cn->db, ",%.*s,`%.*s`@`%.*s`,%d", cn->db_length, cn->db,
cn->proxy_length, cn->proxy, cn->proxy_length, cn->proxy,
cn->proxy_host_length, cn->proxy_host, cn->proxy_host_length, cn->proxy_host,
event->status, cn->tls_version_length, cn->tls_version); event->status);
message[csize]= '\n'; message[csize]= '\n';
return write_log(message, csize + 1, 1); return write_log(message, csize + 1, 1);
} }
@@ -1542,7 +1542,8 @@ static int log_connection(const struct connection_info *cn,
obj_len= create_tls_obj(event, tls_obj, sizeof(tls_obj)); obj_len= create_tls_obj(event, tls_obj, sizeof(tls_obj));
csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize, csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
",%.*s,,%d,%.*s", cn->db_length, cn->db, event->status, (int) obj_len, tls_obj); ",%.*s,%.*s,%d", cn->db_length, cn->db, (int) obj_len, tls_obj,
event->status);
message[csize]= '\n'; message[csize]= '\n';
return write_log(message, csize + 1, 1); return write_log(message, csize + 1, 1);
} }
@@ -1566,8 +1567,8 @@ static int log_connection_event(const struct mysql_event_connection *event,
event->thread_id, 0, type); event->thread_id, 0, type);
obj_len= create_tls_obj(event, tls_obj, sizeof(tls_obj)); obj_len= create_tls_obj(event, tls_obj, sizeof(tls_obj));
csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize, csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
",%.*s,,%d,%.*s", (int) event->database.length,event->database.str, ",%.*s,%.*s,%d", (int) event->database.length,event->database.str,
event->status, (int) obj_len, tls_obj); (int) obj_len, tls_obj, event->status);
message[csize]= '\n'; message[csize]= '\n';
return write_log(message, csize + 1, 1); return write_log(message, csize + 1, 1);
} }