Skip to content

Commit

Permalink
Merge pull request #117 from tsthght/feature/login
Browse files Browse the repository at this point in the history
add audit function
  • Loading branch information
tsthght authored Aug 15, 2018
2 parents 0c543cc + c0e6cf2 commit 69c249d
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 8 deletions.
6 changes: 4 additions & 2 deletions src/chassis-sql-log.c
Original file line number Diff line number Diff line change
Expand Up @@ -493,7 +493,7 @@ log_sql_backend_sharding(network_mysqld_con *con, server_session_t *session)
}

void
log_sql_connect(network_mysqld_con *con)
log_sql_connect(network_mysqld_con *con, gchar *errmsg)
{
if (!con || !con->srv) {
g_critical("con or con->srv is NULL when call log_sql_connect()");
Expand All @@ -511,9 +511,11 @@ log_sql_backend_sharding(network_mysqld_con *con, server_session_t *session)
}
GString *message = g_string_sized_new(sizeof("2004-01-01T00:00:00.000Z"));
get_current_time_str(message);
g_string_append_printf(message, ": #connect# %s@%s Connect Cetus, C_id:%u C_db:%s C_charset:%u C_auth_plugin:%s C_ssl:%s C_cap:%x S_cap:%x\n",
g_string_append_printf(message, ": #connect# %s@%s Connect Cetus %s msg:%s, C_id:%u C_db:%s C_charset:%u C_auth_plugin:%s C_ssl:%s C_cap:%x S_cap:%x\n",
con->client->response->username->str,//C_usr
con->client->src->name->str,//C_ip
errmsg == NULL ? "success" : "failed",
errmsg == NULL ? "": errmsg,
con->client->challenge->thread_id,//C_id
con->client->response->database->str,//C_db
con->client->response->charset,//C_charset
Expand Down
6 changes: 3 additions & 3 deletions src/chassis-sql-log.h
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,9 @@ struct sql_log_mgr {
SQL_LOG_MODE sql_log_mode;
guint sql_log_maxsize;
gulong sql_log_cursize;
volatile guint sql_log_action;
volatile SQL_LOG_ACTION sql_log_action;

volatile SQL_LOG_ACTION sql_log_idletime;
volatile guint sql_log_idletime;
volatile guint sql_log_maxnum;

gchar *sql_log_filename;
Expand All @@ -79,7 +79,7 @@ gpointer sql_log_mainloop(gpointer user_data);
void cetus_sql_log_start_thread_once(struct sql_log_mgr *mgr);
void sql_log_thread_start(struct sql_log_mgr *mgr);

void log_sql_connect(network_mysqld_con *con);
void log_sql_connect(network_mysqld_con *con, gchar *errmsg);
void log_sql_client(network_mysqld_con *con);
void log_sql_backend(network_mysqld_con *con, injection *inj);
void log_sql_backend_sharding(network_mysqld_con *con, server_session_t *session);
Expand Down
10 changes: 7 additions & 3 deletions src/plugin-common.c
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de
if (con->client->response == NULL) {

if (con->client->challenge == NULL) {
log_sql_connect(con, "client's challenge is NULL");
return NETWORK_SOCKET_ERROR;
}

Expand All @@ -142,6 +143,7 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de
int err = network_mysqld_proto_get_auth_response(&packet, auth);
if (err) {
network_mysqld_auth_response_free(auth);
log_sql_connect(con, "get auth response failed");
return NETWORK_SOCKET_ERROR;
}

Expand All @@ -161,6 +163,7 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de
network_mysqld_queue_append(con->client, con->client->send_queue,
C("\xff\xd7\x07" "4.0 protocol is not supported"));
network_mysqld_auth_response_free(auth);
log_sql_connect(con, "4.0 protocol is not supported");
return NETWORK_SOCKET_ERROR;
}

Expand Down Expand Up @@ -204,7 +207,6 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de
auth = con->client->response;
g_debug("sock:%p, 2nd round auth", con);
}
log_sql_connect(con);
/* Check allow and deny IP */
gboolean check_ip;
if (allow_ip_table || deny_ip_table) {
Expand All @@ -227,6 +229,7 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de
g_strfreev(client_addr_arr);
if (check_ip) {
network_mysqld_con_send_error_full(recv_sock, L(ip_err_msg), 1045, "28000");
log_sql_connect(con, ip_err_msg);
g_free(ip_err_msg);
con->state = ST_SEND_ERROR;
return NETWORK_SOCKET_SUCCESS;
Expand All @@ -250,22 +253,23 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de
network_mysqld_auth_response *response = con->client->response;
if (cetus_users_authenticate_client(users, challenge, response)) {
con->state = ST_SEND_AUTH_RESULT;
network_mysqld_con_send_ok(recv_sock);
network_mysqld_con_send_ok(recv_sock);\
log_sql_connect(con, NULL);
} else {
char msg[256] = { 0 };
snprintf(msg, sizeof(msg),
"Access denied for user '%s'@'%s' (using password: YES)",
response->username->str, con->client->src->name->str);
network_mysqld_con_send_error_full(con->client, L(msg), ER_ACCESS_DENIED_ERROR, "28000");
g_message("%s", msg);
log_sql_connect(con, msg);
con->state = ST_SEND_ERROR;
}

g_string_free(g_queue_pop_tail(recv_sock->recv_queue->chunks), TRUE);
if (recv_sock->recv_queue->chunks->length > 0) {
g_warning("%s: client-recv-queue-len = %d", G_STRLOC, recv_sock->recv_queue->chunks->length);
}

return NETWORK_SOCKET_SUCCESS;
}

Expand Down

0 comments on commit 69c249d

Please sign in to comment.