WL#11378 Log the connection attributes into audit log's connection event

The client applications can send user-defined attributes to the server.
They can be queried through the performance_schema.session_account_connect_attrs table.
With this WL these connection attributes are logged in the audit log too.

RB#22551

components/mysql_server/mysql_connection_attributes_iterator_imp.h

@@ -0,0 +1,103 @@
+/* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License, version 2.0,
+   as published by the Free Software Foundation.
+
+   This program is also distributed with certain software (including
+   but not limited to OpenSSL) that is licensed under separate terms,
+   as designated in a particular file or component or in included license
+   documentation.  The authors of MySQL hereby grant you an additional
+   permission to link the program and your derivative works with the
+   separately licensed software that they have included with MySQL.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License, version 2.0, for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#ifndef MYSQL_CONNECTION_ATTRIBUTES_ITERATOR_IMP_H
+#define MYSQL_CONNECTION_ATTRIBUTES_ITERATOR_IMP_H
+
+#include <mysql/components/service_implementation.h>
+#include <mysql/components/services/mysql_connection_attributes_iterator.h>
+
+/**
+  @class mysql_thd_variables_service_imp
+
+  Thread variables' service implementation.
+
+  This service provides functions for plugins and storage engines to
+  obtain the thread's THD variables.
+
+  @sa mysql_connection_attributes_iterator
+*/
+
+class mysql_connection_attributes_iterator_imp {
+ public:
+  /**
+    Initialize an iterator.
+
+    Also position at the first attribute.
+
+    @param opaque_thd     The session to operate on. Can be null to use the
+                          current THD.
+    @param[out] iterator  Iterator pointer.
+
+    @return
+      @retval false Succeeded.
+      @retval true  Failed.
+
+    @sa mysql_connection_attributes_iterator::init
+    */
+  static DEFINE_BOOL_METHOD(init,
+                            (MYSQL_THD opaque_thd,
+                             my_h_connection_attributes_iterator *iterator));
+
+  /**
+    Deinitialize an iterator.
+
+    @param iterator Iterator pointer.
+
+    @return
+      @retval false Succeeded.
+      @retval true  Failed.
+
+    @sa mysql_connection_attributes_iterator::deinit
+  */
+  static DEFINE_BOOL_METHOD(deinit,
+                            (my_h_connection_attributes_iterator iterator));
+
+  /**
+    Fetch the current name/value pair from the iterator and move it forward.
+    Note: the attribute's name and value pointers are valid until the THD
+    object is alive.
+
+    @param      opaque_thd      The session to operate on. Can be NULL to use
+                                the current THD.
+    @param      iterator        Iterator pointer.
+    @param[out] name            The attribute name.
+    @param[out] name_length     The attribute name's length.
+    @param[out] value           The attribute value.
+    @param[out] value_length    The attribute value's length.
+    @param[out] client_charset  The character set, used for encoding the
+                                connection attributes pair
+
+    @return
+      @retval false Succeeded.
+      @retval true  Failed.
+
+    @sa mysql_connection_attributes_iterator::get
+    */
+  static DEFINE_BOOL_METHOD(get, (MYSQL_THD opaque_thd,
+                                  my_h_connection_attributes_iterator *iterator,
+                                  const char **name, size_t *name_length,
+                                  const char **value, size_t *value_length,
+                                  const char **client_charset));
+};
+
+#endif /* !MYSQL_CONNECTION_ATTRIBUTES_ITERATOR_IMP_H */

components/mysql_server/server_component.cc

@@ -44,6 +44,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
 #include "my_inttypes.h"
 #include "mysql_backup_lock.h"
 #include "mysql_clone_protocol.h"
+#include "mysql_connection_attributes_iterator_imp.h"
 #include "mysql_current_thread_reader_imp.h"
 #include "mysql_ongoing_transaction_query.h"
 #include "mysql_runtime_error_imp.h"
@@ -255,6 +256,11 @@ BEGIN_SERVICE_IMPLEMENTATION(mysql_server, component_sys_variable_register)
 mysql_component_sys_variable_imp::register_variable,
     mysql_component_sys_variable_imp::get_variable END_SERVICE_IMPLEMENTATION();
 
+BEGIN_SERVICE_IMPLEMENTATION(mysql_server, mysql_connection_attributes_iterator)
+mysql_connection_attributes_iterator_imp::init,
+    mysql_connection_attributes_iterator_imp::deinit,
+    mysql_connection_attributes_iterator_imp::get END_SERVICE_IMPLEMENTATION();
+
 BEGIN_SERVICE_IMPLEMENTATION(mysql_server, component_sys_variable_unregister)
 mysql_component_sys_variable_imp::unregister_variable,
     END_SERVICE_IMPLEMENTATION();
@@ -380,6 +386,7 @@ PROVIDES_SERVICE(mysql_server, registry),
     PROVIDES_SERVICE(mysql_server, mysql_current_thread_reader),
     PROVIDES_SERVICE(mysql_server, mysql_keyring_iterator),
     PROVIDES_SERVICE(mysql_server, mysql_admin_session),
+    PROVIDES_SERVICE(mysql_server, mysql_connection_attributes_iterator),
     END_COMPONENT_PROVIDES();
 
 static BEGIN_COMPONENT_REQUIRES(mysql_server) END_COMPONENT_REQUIRES();

include/mysql/components/services/mysql_connection_attributes_iterator.h

@@ -0,0 +1,142 @@
+/* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License, version 2.0,
+as published by the Free Software Foundation.
+
+This program is also distributed with certain software (including
+but not limited to OpenSSL) that is licensed under separate terms,
+as designated in a particular file or component or in included license
+documentation.  The authors of MySQL hereby grant you an additional
+permission to link the program and your derivative works with the
+separately licensed software that they have included with MySQL.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License, version 2.0, for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#ifndef MYSQL_CONNECTION_ATTRIBUTES_ITERATOR_H
+#define MYSQL_CONNECTION_ATTRIBUTES_ITERATOR_H
+
+#include <mysql/components/service.h>
+#include <mysql/components/services/mysql_current_thread_reader.h>  // MYSQL_THD
+#include <stddef.h>
+
+/**
+  @ingroup group_components_services_inventory
+
+  A service to read the connection attributes from the current session
+  It provides a read-only iterator over the attributes.
+  This is some example code to use the iterator:
+
+  @code
+
+  // at init time. try to reuse the service handles as much as possible
+
+  my_service<SERVICE_TYPE(mysql_current_thread_reader)> thd_reader(
+     "mysql_current_thread_reader", m_reg_srv);
+   my_service<SERVICE_TYPE(mysql_connection_attributes_iterator)> service(
+      "mysql_connection_attributes_iterator", m_reg_srv);
+
+  if (!service.is_valid() || !thd_reader.is_valid) {
+    return; //error
+  }
+
+      ...
+
+  // at parse time
+
+  MYSQL_THD thd;
+  if (thd_reader->get(&thd))
+    return; //error
+
+  my_h_connection_attributes_iterator iterator;
+
+  MYSQL_LEX_CSTRING name;
+  MYSQL_LEX_CSTRING value;
+  const char *charset_string;
+  const CHARSET_INFO *charset = nullptr;
+
+  my_h_connection_attributes_iterator iterator;
+  if (service->init(thd, &iterator)) return;  // error
+
+  while (!service->get(thd, &iterator, &name.str, &name.length, &value.str,
+                        &value.length, &charset_string)) {
+    // Do something with name and value
+  }
+
+  service->deinit(iterator);
+
+  @endcode
+*/
+
+typedef const char *my_h_connection_attributes_iterator;
+
+BEGIN_SERVICE_DEFINITION(mysql_connection_attributes_iterator)
+
+/**
+  Initialize an iterator.
+
+  Also position at the first attribute.
+
+  @param      thd             The session to operate on. Can be NULL to use the
+                              current THD.
+  @param[out] iterator  Iterator pointer.
+
+  @return
+    @retval false Succeeded.
+    @retval true  Failed.
+
+  @sa mysql_connection_attributes_iterator_imp::init
+*/
+DECLARE_BOOL_METHOD(init, (MYSQL_THD thd,
+                           my_h_connection_attributes_iterator *iterator));
+
+/**
+  Deinitialize an iterator.
+
+  @param iterator Iterator pointer.
+
+  @return
+    @retval false Succeeded.
+    @retval true  Failed.
+
+  @sa mysql_connection_attributes_iterator_imp::deinit
+*/
+DECLARE_BOOL_METHOD(deinit, (my_h_connection_attributes_iterator iterator));
+
+/**
+  Fetch the current name/value pair from the iterator and move it forward.
+  Note: the attribute's name and value pointers are valid until the THD object
+  is alive.
+
+  @param      thd             The session to operate on. Can be NULL to use the
+                              current THD.
+  @param      iterator        Iterator pointer.
+  @param[out] name            The attribute name.
+  @param[out] name_length     The attribute name's length.
+  @param[out] value           The attribute value.
+  @param[out] value_length    The attribute value's length.
+  @param[out] client_charset  The character set, used for encoding the
+                              connection attributes pair
+
+  @return
+    @retval false Succeeded.
+    @retval true  Failed.
+
+  @sa mysql_connection_attributes_iterator_imp::get
+*/
+DECLARE_BOOL_METHOD(get,
+                    (MYSQL_THD thd,
+                     my_h_connection_attributes_iterator *iterator,
+                     const char **name, size_t *name_length, const char **value,
+                     size_t *value_length, const char **client_charset));
+
+END_SERVICE_DEFINITION(mysql_connection_attributes_iterator)
+
+#endif /* MYSQL_CONNECTION_ATTRIBUTES_ITERATOR_H */

libservices/HOWTO

@@ -1,4 +1,9 @@
-Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+NOTE: Document is deprecated
+Use Component Services instead
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 How to create a new service
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

sql/CMakeLists.txt

@@ -309,7 +309,8 @@ SET(MYSQL_SERVER_SUB_COMPONENT_SOURCES
   server_component/mysql_current_thread_reader_imp.cc
   server_component/keyring_iterator_service_imp.cc
   server_component/udf_metadata_imp.cc
-  )
+  server_component/mysql_connection_attributes_iterator_imp.cc
+)
 
 SET(SQL_SHARED_SOURCES
   abstract_query_plan.cc

sql/auth/sql_authentication.cc

@@ -1870,7 +1870,8 @@ static bool find_mpvio_user(THD *thd, MPVIO_EXT *mpvio) {
   return false;
 }
 
-static bool read_client_connect_attrs(char **ptr, size_t *max_bytes_available,
+static bool read_client_connect_attrs(THD *thd, char **ptr,
+                                      size_t *max_bytes_available,
                                       MPVIO_EXT *mpvio MY_ATTRIBUTE((unused))) {
   size_t length, length_length;
   char *ptr_save;
@@ -1903,8 +1904,14 @@ static bool read_client_connect_attrs(char **ptr, size_t *max_bytes_available,
            auth_info->host_or_ip, auth_info->authenticated_as,
            mpvio->can_authenticate() ? "yes" : "no");
 #endif /* HAVE_PSI_THREAD_INTERFACE */
+
+  // assign the connection attributes in the current thread
+  thd->m_connection_attributes = std::vector<char>(length);
+  std::copy(*ptr, *ptr + length, thd->m_connection_attributes.begin());
+
   *max_bytes_available -= length;
   *ptr = *ptr + length;
+
   return false;
 }
 
@@ -2204,8 +2211,8 @@ static bool parse_com_change_user_packet(THD *thd, MPVIO_EXT *mpvio,
   size_t bytes_remaining_in_packet = end - ptr;
 
   if (protocol->has_client_capability(CLIENT_CONNECT_ATTRS) &&
-      read_client_connect_attrs(&ptr, &bytes_remaining_in_packet, mpvio))
-    return packet_error;
+      read_client_connect_attrs(thd, &ptr, &bytes_remaining_in_packet, mpvio))
+    return true;
 
   DBUG_PRINT("info", ("client_plugin=%s, restart", client_plugin));
   /*
@@ -2687,7 +2694,7 @@ static size_t parse_client_handshake_packet(THD *thd, MPVIO_EXT *mpvio,
   }
 
   if (protocol->has_client_capability(CLIENT_CONNECT_ATTRS) &&
-      read_client_connect_attrs(&end, &bytes_remaining_in_packet, mpvio))
+      read_client_connect_attrs(thd, &end, &bytes_remaining_in_packet, mpvio))
     return packet_error;
 
   NET_SERVER *ext = static_cast<NET_SERVER *>(protocol->get_net()->extension);
@@ -4341,9 +4348,9 @@ typedef std::string Sql_string_t;
 static bool resize_no_exception(Sql_string_t &content, size_t size) {
   try {
     content.resize(size);
-  } catch (const std::length_error &le) {
+  } catch (const std::length_error &) {
     return false;
-  } catch (std::bad_alloc &ba) {
+  } catch (std::bad_alloc &) {
     return false;
   }
   return true;

sql/mysqld.cc

@@ -1746,6 +1746,8 @@ static bool component_infrastructure_init() {
   return false;
 }
 
+extern void mysql_connection_attributes_iterator_imp_init(void);
+
 /**
   This function is used to initialize the mysql_server component services.
   Most of the init functions are dummy functions, to solve the linker issues.
@@ -1770,6 +1772,7 @@ static void server_component_init() {
   mysql_current_thread_reader_imp_init();
   mysql_keyring_iterator_service_init();
   mysql_comp_udf_extension_init();
+  mysql_connection_attributes_iterator_imp_init();
 }
 
 /**