server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon MariaDB

MDEV-12182 Add client tcp port to audit plugin logs

Open HashimSyedUBC opened this issue 1 year ago • 6 comments
trafficstars

  • [x] The Jira issue number for this PR is: MDEV-12182

Description

In environments with load balancers or proxies, the audit plugin logs only the IP address, making it difficult to differentiate individual client connections from the same IP.

Add a new 'port' field to the appropriate event objects to capture the client's TCP port number. Populate the port field with thd->port in the appropriate functions. The audit plugin receives and logs this port field along with other connection information, enabling better identification of individual client connections.

Release Notes

N/A

How can this PR be tested?

  • All existing tests pass when running ./mtr.
  • Execute server_audit.test file to verify to port logging feature.

Basing the PR against the correct MariaDB version

  • [x] This is a new feature and the PR is based against the latest MariaDB development branch.\

PR quality check

  • [x] I checked the CODING_STANDARDS.md file and my PR conforms to this where appropriate.
  • [x] For any trivial modifications to the PR, I am ok with the reviewer making the changes themselves.

All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.

HashimSyedUBC avatar Jun 10 '24 17:06 HashimSyedUBC

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Jun 10 '24 17:06 CLAassistant

I think it is a good feature to add, many thanks for the contribution.

I've added a couple of comments for some minor things. Also, the following things will be needed:

  • MYSQL_AUDIT_INTERFACE_VERSION version will need to be bumped
  • The version in server_audit.c will need to be bumped
  • A MDEV will need to be attached to this, so it can be tracked through review / testing / documentation processes.

I can help with the last one of these if you wish.

Updated the minor version in server_audit.c and updated MYSQL_AUDIT_INTERFACE_VERSION. Also embedded the MDEV tickets in the first comment.

HashimSyedUBC avatar Jun 11 '24 18:06 HashimSyedUBC

Currently working on work-around for windows specific failing audit plugin test

HashimSyedUBC avatar Jul 18 '24 22:07 HashimSyedUBC

All failures have now been resolved. Please note that the failing tests were pre-existing and are not related to this recent change.

HashimSyedUBC avatar Jul 22 '24 20:07 HashimSyedUBC

#3425 All the failing tests are confirmed to be on main branch and not due to any changes made in this PR

HashimSyedUBC avatar Jul 29 '24 15:07 HashimSyedUBC

The thing is, MDEV-12182 is marked as blocked by MDEV-5313 "Improving audit api". That is instead if adding more fields ad hoc to audit plugin structures we wanted to consider a systematic approach to audit API extensions, and this was MDEV-5313. Which didn't go anywhere.

So, now we need to decide whether to add a new field ad hoc to audit plugin structures just this one time as an exception or design the extensible audit API firts, as Jira says.

What is the compelling reason to make an exception here? Does anyone need a port in the audit log particularly badly?

vuvova avatar Sep 04 '24 20:09 vuvova

Tomorrow's the last day, if there won't be a patch we can accept and you won't say "just fix it yourself", it will miss 12.0

vuvova avatar Mar 16 '25 19:03 vuvova

pushed into 12.0, thanks

vuvova avatar May 03 '25 11:05 vuvova