Bug #79654 Information missing in LOG connect events
Submitted: 16 Dec 2015 0:52 Modified: 22 Aug 2018 6:25
Reporter: Manuel Ung Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Security: Audit Severity:S3 (Non-critical)
Version:5.6 OS:Any
Assigned to: Chiranjeevi Battula CPU Architecture:Any

[16 Dec 2015 0:52] Manuel Ung
Description:
In sql/sql_acl.cc, we have the following code:
  general_log_print(thd, command, "%s@%s as %s on %s", ...);

However, general_log_print does not forward that information to the audit plugin. The offending code below:

bool general_log_print(THD *thd, enum enum_server_command command,
                       const char *format, ...)
{
...
  if (! logger.log_command(thd, command, "", 0))
    return FALSE;
...
}

Because the call to mysql_audit_general_log is inside LOGGER::log_command, the audit event does not contain information about who is connecting. This information should be present.

How to repeat:
Look at a audit event during a LOG connect event. Notice that the "query" field is empty.

Suggested fix:
Forward the information needed.

Note that this is not a problem in 5.7 because the call to mysql_audit_general_log was moved out of LOGGER::log_command. This is another possible fix.
[22 Aug 2018 6:25] Manuel Ung
I'm closing because 5.6 is near EOL, so this bug is not as relevant.