| Bug #47059 | In audit plugin I cannot see the event subclasses, e.g.MYSQL_AUDIT_GENERAL_ERROR | ||
|---|---|---|---|
| Submitted: | 2 Sep 2009 11:05 | Modified: | 30 Apr 2010 1:14 |
| Reporter: | Horst Hunger | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | azalea | OS: | Any |
| Assigned to: | Sergey Vojtovich | CPU Architecture: | Any |
| Tags: | audit, plugin | ||
[2 Sep 2009 11:05]
Horst Hunger
[2 Sep 2009 11:07]
Horst Hunger
audit_null source file
Attachment: audit_null.c (text/x-csrc), 3.70 KiB.
[3 Sep 2009 9:59]
Sveta Smirnova
Thank you for the report. What is the expected result of the test? I get: INSTALL PLUGIN null_audit SONAME 'adt_null.so'; CREATE TABLE t1 (c1 int, c2 char(20)); INSERT INTO t1 VALUES (1,'a'),(2,'b'),(3,'c'); SELECT * FROM t1; c1 c2 1 a 2 b 3 c DROP TABLE t1; show status like 'audit_null_called'; Variable_name Value audit_null_called 10 UNINSTALL PLUGIN null_audit ; Warnings: Warning 1620 Plugin is busy and will be uninstalled on shutdown
[4 Sep 2009 7:37]
Horst Hunger
The purpose of the test is to show quickly that audit_null as short example for an audit plugin is working. It also allows to generate a trace to follow the calls and see the poorness of the interface. The criticism of that bug is the poorness of that interface for audit plugins.
[4 Sep 2009 8:47]
Sveta Smirnova
Thank you for the feedback. Verified as described: T@4 : | | >audit_null_notify T@4 : | | | event_class : : 0 T@4 : | | | number_of_calls : : 7 T@4 : | | <audit_null_notify ... T@4 : | | >audit_null_notify T@4 : | | | event_class : : 0 T@4 : | | | number_of_calls : : 8 T@4 : | | <audit_null_notify ...
[9 Sep 2009 14:47]
Sergei Golubchik
I don't remember any specific reason why it wasn't added. If it's simply an omission (and it looks like a one), we can add it easily.
[5 Mar 2010 20:23]
Paul DuBois
re: "That depends on the implementation of "st_mysql_audit",
especially the parameters of "event_notify". The question is, why
does this function not have mysql_event_general as parameter?"
1) The notify function actually *does* get a mysql_event_general
parameter, even though the notify function prototype specifies a
mysql_event. sql_audit.cc:general_class_handler() takes all the
parameters passed to it, packages them into a mysql_event_general
structure, and passes that structure to the notify function (cast
as a mysql_event structure):
/**
MYSQL_AUDIT_GENERAL_CLASS handler
@param[in] thd
@param[in] event_subtype
@param[in] error_code
@param[in] ap
*/
static void general_class_handler(THD *thd, uint event_subtype, va_list ap)
{
mysql_event_general event;
event.event_class= MYSQL_AUDIT_GENERAL_CLASS;
event.general_error_code= va_arg(ap, int);
event.general_thread_id= thd ? thd->thread_id : 0;
event.general_time= va_arg(ap, time_t);
event.general_user= va_arg(ap, const char *);
event.general_user_length= va_arg(ap, unsigned int);
event.general_command= va_arg(ap, const char *);
event.general_command_length= va_arg(ap, unsigned int);
event.general_query= va_arg(ap, const char *);
event.general_query_length= va_arg(ap, unsigned int);
event.general_charset= va_arg(ap, struct charset_info_st *);
event.general_rows= (unsigned long long) va_arg(ap, ha_rows);
event_class_dispatch(thd, (const mysql_event*) &event);
}
event_class_dispatch routes the call to the notify function.
2) The event subtype *is* passed to general_class_handler().
However, you can see that nothing is done with it, so this is where
it's lost.
Looks like we'd need these changes:
1) Change the definition of mysql_event_general to add an
event_class_subtype member.
2) Modify general_class_handler to initialize event_class_subtype
from its event_subtype parameter.
[10 Mar 2010 10:09]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/102841 3117 Sergey Vojtovich 2010-03-10 BUG#47059 - In audit plugin I cannot see the event subclasses, e.g.MYSQL_AUDIT_GENERAL_ERROR General audit API (MYSQL_AUDIT_GENERAL_CLASS) didn't expose event subtype to plugins. This patch exposes event subtype to plugins via struct mysql_event_general::event_subtype. This change is not compatible with existing general audit plugins. Audit interface major version has been incremented. @ include/mysql/plugin_audit.h Expose event subtype to audit general plugins. @ plugin/audit_null/audit_null.c Added distinct counters for general event sub-types. Removed printf() from deinit(). One can easily see number of calls via status variables. To make code nicer, modified class mask to use macro instead of hardcoded number. Incremented audit plugin minor version. @ sql/sql_audit.cc Expose event subtype to audit general plugins.
[22 Mar 2010 12:29]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/103972 3117 Sergey Vojtovich 2010-03-22 BUG#47059 - In audit plugin I cannot see the event subclasses, e.g.MYSQL_AUDIT_GENERAL_ERROR General audit API (MYSQL_AUDIT_GENERAL_CLASS) didn't expose event subtype to plugins. This patch exposes event subtype to plugins via struct mysql_event_general::event_subtype. This change is not compatible with existing general audit plugins. Audit interface major version has been incremented. @ include/mysql/plugin_audit.h Expose event subtype to audit general plugins. @ plugin/audit_null/audit_null.c Added distinct counters for general event sub-types. Removed printf() from deinit(). One can easily see number of calls via status variables. To make code nicer, modified class mask to use macro instead of hardcoded number. Incremented audit plugin minor version. @ sql/sql_audit.cc Expose event subtype to audit general plugins.
[1 Apr 2010 16:48]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/104929 3117 Sergey Vojtovich 2010-04-01 BUG#47059 - In audit plugin I cannot see the event subclasses, e.g.MYSQL_AUDIT_GENERAL_ERROR General audit API (MYSQL_AUDIT_GENERAL_CLASS) didn't expose event subtype to plugins. This patch exposes event subtype to plugins via struct mysql_event_general::event_subtype. This change is not compatible with existing general audit plugins. Audit interface major version has been incremented. @ include/mysql/plugin_audit.h Expose event subtype to audit general plugins. @ plugin/audit_null/audit_null.c Added distinct counters for general event sub-types. Removed printf() from deinit(). One can easily see number of calls via status variables. To make code nicer, modified class mask to use macro instead of hardcoded number. Incremented audit plugin minor version. @ sql/sql_audit.cc Expose event subtype to audit general plugins.
[15 Apr 2010 9:05]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/105697 3117 Sergey Vojtovich 2010-04-15 BUG#47059 - In audit plugin I cannot see the event subclasses, e.g.MYSQL_AUDIT_GENERAL_ERROR General audit API (MYSQL_AUDIT_GENERAL_CLASS) didn't expose event subclass to plugins. This patch exposes event subclass to plugins via struct mysql_event_general::event_subclass. This change is not compatible with existing general audit plugins. Audit interface major version has been incremented. @ include/mysql/plugin_audit.h Expose event subclass to audit general plugins. @ plugin/audit_null/audit_null.c Added distinct counters for general event sub-classes. Removed printf() from deinit(). One can easily see number of calls via status variables. To make code nicer, modified class mask to use macro instead of hardcoded number. Incremented audit plugin minor version. @ sql/sql_audit.cc Expose event subclass to audit general plugins.
[27 Apr 2010 9:46]
Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100427094135-5s49ecp3ckson6e2) (version source revid:alik@sun.com-20100427093843-uekr85qkd7orx12t) (merge vers: 6.0.14-alpha) (pib:16)
[27 Apr 2010 9:48]
Bugs System
Pushed into 5.5.5-m3 (revid:alik@sun.com-20100427093804-a2k3rrjpwu5jegu8) (version source revid:alik@sun.com-20100427093804-a2k3rrjpwu5jegu8) (merge vers: 5.5.5-m3) (pib:16)
[27 Apr 2010 9:51]
Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100427094036-38frbg3famdlvjup) (version source revid:alik@sun.com-20100427093825-92wc8b22d4yg34ju) (pib:16)
[30 Apr 2010 1:14]
Paul DuBois
Noted in 5.5.5, 6.0.14 changelogs. For events of MYSQL_AUDIT_GENERAL_CLASS, the event subtype was not passed to audit plugins even though the server passed the subtype to the plugin handler. The subtype is now available through the following changes: * The struct mysql_event_general structure has a new event_subtype member. * The new member changes the interface, so the audit plugin interface version, MYSQL_AUDIT_INTERFACE_VERSION, has been incremented from 0x0100 to 0x0200. Plugins that require access to the new member should check that the version is 0x0200 or higher. The example plugin in the plugin/audit_null directory has been modified to count events of each subtype, based on the event_subtype value. See http://dev.mysql.com/doc/refman/5.5/en/writing-audit-plugins.html.
