Bug #75408 Audit log version not increased
Submitted: 5 Jan 2015 9:07 Modified: 1 Apr 2015 4:16
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Security: Audit Severity:S3 (Non-critical)
Version:5.6.21, 5.6.22, 5.7.6, 5.5.41 OS:Any
Assigned to: CPU Architecture:Any
Tags: audit, audit_log, logging, Security, versioning

[5 Jan 2015 9:07] Daniël van Eeden
Description:
There are differences in the audit_log plugin between 5.6.14 and 5.6.21, but the version is identical

How to repeat:
Run the following on 5.6.14 and 5.6.21:
install plugin audit_log soname 'audit_log.so';
select * from information_schema.plugins where plugin_name='audit_log'\G
show global variables like 'audit_log%';

/// 5.6.14

mysql-5.6.14-enterprise-commercial-advanced > install plugin audit_log soname 'audit_log.so';
Query OK, 0 rows affected (0.00 sec)

mysql-5.6.14-enterprise-commercial-advanced > select * from information_schema.plugins where plugin_name='audit_log'\G
*************************** 1. row ***************************
           PLUGIN_NAME: audit_log
        PLUGIN_VERSION: 0.1
         PLUGIN_STATUS: ACTIVE
           PLUGIN_TYPE: AUDIT
   PLUGIN_TYPE_VERSION: 3.1
        PLUGIN_LIBRARY: audit_log.so
PLUGIN_LIBRARY_VERSION: 1.4
         PLUGIN_AUTHOR: Oracle
    PLUGIN_DESCRIPTION: Auditing events logger
        PLUGIN_LICENSE: PROPRIETARY
           LOAD_OPTION: ON
1 row in set (0.01 sec)

mysql-5.6.14-enterprise-commercial-advanced > show global variables like 'audit_log%';
+--------------------------+--------------+
| Variable_name            | Value        |
+--------------------------+--------------+
| audit_log_buffer_size    | 1048576      |
| audit_log_file           | audit.log    |
| audit_log_flush          | OFF          |
| audit_log_format         | OLD          |
| audit_log_policy         | ALL          |
| audit_log_rotate_on_size | 0            |
| audit_log_strategy       | ASYNCHRONOUS |
+--------------------------+--------------+
7 rows in set (0.00 sec)

/// 5.6.21

mysql-5.6.21-enterprise-commercial-advanced > install plugin audit_log soname 'audit_log.so';
Query OK, 0 rows affected (0.01 sec)

mysql-5.6.21-enterprise-commercial-advanced > select * from information_schema.plugins where plugin_name='audit_log'\G
*************************** 1. row ***************************
           PLUGIN_NAME: audit_log
        PLUGIN_VERSION: 0.1
         PLUGIN_STATUS: ACTIVE
           PLUGIN_TYPE: AUDIT
   PLUGIN_TYPE_VERSION: 3.1
        PLUGIN_LIBRARY: audit_log.so
PLUGIN_LIBRARY_VERSION: 1.4
         PLUGIN_AUTHOR: Oracle
    PLUGIN_DESCRIPTION: Auditing events logger
        PLUGIN_LICENSE: PROPRIETARY
           LOAD_OPTION: ON
1 row in set (0.01 sec)

mysql-5.6.21-enterprise-commercial-advanced > show global variables like 'audit_log%';
+-----------------------------+--------------+
| Variable_name               | Value        |
+-----------------------------+--------------+
| audit_log_buffer_size       | 1048576      |
| audit_log_connection_policy | ALL          |
| audit_log_current_session   | OFF          |
| audit_log_exclude_accounts  |              |
| audit_log_file              | audit.log    |
| audit_log_flush             | OFF          |
| audit_log_format            | OLD          |
| audit_log_include_accounts  |              |
| audit_log_policy            | ALL          |
| audit_log_rotate_on_size    | 0            |
| audit_log_statement_policy  | ALL          |
| audit_log_strategy          | ASYNCHRONOUS |
+-----------------------------+--------------+
12 rows in set (0.00 sec)

Suggested fix:
Increase the version number if there are changes. 

It seems like the versions should have been:
5.6.10 - 0.1
5.6.14 - 0.2
5.6.20 - 0.3

This could also help to clarify differences between the plugin in 5.5, 5.6 and 5.7.

It would be possible to use a newer version of the plugin with an older release of the server so the version of the server should not be the only indication about which features are available. (Note that this is uncommon, not a best practice and probably unsupported)
[5 Jan 2015 11:29] MySQL Verification Team
Hello Daniël,

Thank you for the report.
Observed that "PLUGIN_VERSION" is constant in 5.5.41/5.6.10/5.622/5.7.6.
But PLUGIN_LIBRARY_VERSION changed in major versions, and PLUGIN_TYPE_VERSION in minor versions.

Thanks,
Umesh
[5 Jan 2015 11:30] MySQL Verification Team
// 5.6.10

mysql> install plugin audit_log soname 'audit_log.so';
Query OK, 0 rows affected (0.00 sec)

mysql> select * from information_schema.plugins where plugin_name='audit_log'\G
*************************** 1. row ***************************
           PLUGIN_NAME: audit_log
        PLUGIN_VERSION: 0.1
         PLUGIN_STATUS: ACTIVE
           PLUGIN_TYPE: AUDIT
   PLUGIN_TYPE_VERSION: 3.0
        PLUGIN_LIBRARY: audit_log.so
PLUGIN_LIBRARY_VERSION: 1.4
         PLUGIN_AUTHOR: Oracle
    PLUGIN_DESCRIPTION: Auditing events logger
        PLUGIN_LICENSE: PROPRIETARY
           LOAD_OPTION: ON
1 row in set (0.00 sec)

mysql> show global variables like 'audit_log%';
+--------------------------+--------------+
| Variable_name            | Value        |
+--------------------------+--------------+
| audit_log_buffer_size    | 1048576      |
| audit_log_file           | audit.log    |
| audit_log_flush          | OFF          |
| audit_log_policy         | ALL          |
| audit_log_rotate_on_size | 0            |
| audit_log_strategy       | ASYNCHRONOUS |
+--------------------------+--------------+
6 rows in set (0.00 sec)

// 5.6.22

mysql> install plugin audit_log soname 'audit_log.so';
Query OK, 0 rows affected (0.02 sec)

mysql> select * from information_schema.plugins where plugin_name='audit_log'\G
*************************** 1. row ***************************
           PLUGIN_NAME: audit_log
        PLUGIN_VERSION: 0.1
         PLUGIN_STATUS: ACTIVE
           PLUGIN_TYPE: AUDIT
   PLUGIN_TYPE_VERSION: 3.1
        PLUGIN_LIBRARY: audit_log.so
PLUGIN_LIBRARY_VERSION: 1.4
         PLUGIN_AUTHOR: Oracle
    PLUGIN_DESCRIPTION: Auditing events logger
        PLUGIN_LICENSE: PROPRIETARY
           LOAD_OPTION: ON
1 row in set (0.00 sec)

mysql> show global variables like 'audit_log%';
+-----------------------------+--------------+
| Variable_name               | Value        |
+-----------------------------+--------------+
| audit_log_buffer_size       | 1048576      |
| audit_log_connection_policy | ALL          |
| audit_log_current_session   | OFF          |
| audit_log_exclude_accounts  |              |
| audit_log_file              | audit.log    |
| audit_log_flush             | OFF          |
| audit_log_format            | OLD          |
| audit_log_include_accounts  |              |
| audit_log_policy            | ALL          |
| audit_log_rotate_on_size    | 0            |
| audit_log_statement_policy  | ALL          |
| audit_log_strategy          | ASYNCHRONOUS |
+-----------------------------+--------------+
12 rows in set (0.00 sec)
[5 Jan 2015 11:30] MySQL Verification Team
// 5.7.6

mysql> install plugin audit_log soname 'audit_log.so';
Query OK, 0 rows affected (0.02 sec)

mysql> select * from information_schema.plugins where plugin_name='audit_log'\G
*************************** 1. row ***************************
           PLUGIN_NAME: audit_log
        PLUGIN_VERSION: 0.1
         PLUGIN_STATUS: ACTIVE
           PLUGIN_TYPE: AUDIT
   PLUGIN_TYPE_VERSION: 3.1
        PLUGIN_LIBRARY: audit_log.so
PLUGIN_LIBRARY_VERSION: 1.5
         PLUGIN_AUTHOR: Oracle
    PLUGIN_DESCRIPTION: Auditing events logger
        PLUGIN_LICENSE: PROPRIETARY
           LOAD_OPTION: ON
1 row in set (0.00 sec)

mysql> show global variables like 'audit_log%';
+-----------------------------+--------------+
| Variable_name               | Value        |
+-----------------------------+--------------+
| audit_log_buffer_size       | 1048576      |
| audit_log_connection_policy | ALL          |
| audit_log_current_session   | OFF          |
| audit_log_exclude_accounts  |              |
| audit_log_file              | audit.log    |
| audit_log_flush             | OFF          |
| audit_log_format            | NEW          |
| audit_log_include_accounts  |              |
| audit_log_policy            | ALL          |
| audit_log_rotate_on_size    | 0            |
| audit_log_statement_policy  | ALL          |
| audit_log_strategy          | ASYNCHRONOUS |
+-----------------------------+--------------+
12 rows in set (0.00 sec)

// 5.5.41

mysql> install plugin audit_log soname 'audit_log.so';
Query OK, 0 rows affected (0.00 sec)

mysql> select * from information_schema.plugins where plugin_name='audit_log'\G
*************************** 1. row ***************************
           PLUGIN_NAME: audit_log
        PLUGIN_VERSION: 0.1
         PLUGIN_STATUS: ACTIVE
           PLUGIN_TYPE: AUDIT
   PLUGIN_TYPE_VERSION: 3.1
        PLUGIN_LIBRARY: audit_log.so
PLUGIN_LIBRARY_VERSION: 1.3
         PLUGIN_AUTHOR: Oracle
    PLUGIN_DESCRIPTION: Auditing events logger
        PLUGIN_LICENSE: PROPRIETARY
           LOAD_OPTION: ON
1 row in set (0.00 sec)

mysql> show global variables like 'audit_log%';
+--------------------------+--------------+
| Variable_name            | Value        |
+--------------------------+--------------+
| audit_log_buffer_size    | 1048576      |
| audit_log_file           | audit.log    |
| audit_log_flush          | OFF          |
| audit_log_format         | OLD          |
| audit_log_policy         | ALL          |
| audit_log_rotate_on_size | 0            |
| audit_log_strategy       | ASYNCHRONOUS |
+--------------------------+--------------+
7 rows in set (0.00 sec)
[10 Jan 2015 10:08] Daniël van Eeden
From which bug would this be a duplicate?
[10 Jan 2015 13:03] MySQL Verification Team
This is duplicate of internally reported Bug 19502900 - VERSION AUDIT PLUGIN APPROPRIATELY
[1 Apr 2015 4:16] Erlend Dahl
[22 Feb 2015 18:41] Paul Dubois

Noted in 5.6.24 changelog.

Many new features were added to the audit log plugin in MySQL 5.6.20,
but the version number was not increased. The version has been bumped
to 1.1.
[27 Apr 2015 11:35] Laurynas Biveinis
commit fc3adce401e1d4f4e2c629cbe70f858614572ad4
Author: Ramil Kalimullin <ramil.kalimullin@oracle.com>
Date:   Sun Feb 15 09:38:23 2015 +0400

    Fix for:
    Bug #19509398    ACCOUNT FILTERING ISN'T APPLIED FOR CONNECTION EVENTS
    Bug #19509373    NON-ERROR COM_QUIT EVENTS RECORDED INCORRECTLY
    Bug #19509263    AUDIT_LOG_EVENTS_FILTERED DOESN'T INCLUDE EVENTS FILTERED BASED ON ACCOUNTS
    Bug #19509336    AUDIT LOG STATISTICS DON'T ADD UP
    Bug #19502900    VERSION AUDIT PLUGIN APPROPRIATELY
    Bug #14584292    AUDIT_LOG PLUGIN INITIALISATION FAILED ONCE SERVER CRASHED AND RESTARTED
    
    Audit_log code cleanups.