diff options
Diffstat (limited to 'mysql-test/suite/plugins/t/server_audit.test')
-rw-r--r-- | mysql-test/suite/plugins/t/server_audit.test | 235 |
1 files changed, 235 insertions, 0 deletions
diff --git a/mysql-test/suite/plugins/t/server_audit.test b/mysql-test/suite/plugins/t/server_audit.test new file mode 100644 index 00000000..01da4975 --- /dev/null +++ b/mysql-test/suite/plugins/t/server_audit.test @@ -0,0 +1,235 @@ +--source include/have_plugin_auth.inc +--source include/not_embedded.inc + +if (!$SERVER_AUDIT_SO) { + skip No SERVER_AUDIT plugin; +} + +# An unfortunate wait for check-testcase.test to complete disconnect. +let count_sessions= 1; +source include/wait_until_count_sessions.inc; + +let $MYSQLD_DATADIR= `SELECT @@datadir`; +let SEARCH_FILE= $MYSQLD_DATADIR/server_audit.log; + +install plugin server_audit soname 'server_audit'; + +show variables like 'server_audit%'; +set global server_audit_file_path=null; +set global server_audit_incl_users=null; +set global server_audit_file_path='server_audit.log'; +set global server_audit_output_type=file; +set global server_audit_logging=on; + +--error ER_WRONG_VALUE_FOR_VAR +set global server_audit_incl_users= repeat("'root',", 10000); +show variables like 'server_audit_incl_users'; +--error ER_WRONG_VALUE_FOR_VAR +set global server_audit_excl_users= repeat("'root',", 10000); +show variables like 'server_audit_excl_users'; +let SEARCH_COUNT= 5; +source include/wait_for_line_count_in_file.inc; + +connect (con1,localhost,root,,mysql); +disconnect con1; +let SEARCH_COUNT= 7; +source include/wait_for_line_count_in_file.inc; + +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT +--error ER_ACCESS_DENIED_ERROR +connect (con1,localhost,no_such_user,,mysql); +let SEARCH_COUNT= 9; +source include/wait_for_line_count_in_file.inc; + +connection default; +set global server_audit_incl_users='odin, dva, tri'; +create table t1 (id int); +set global server_audit_incl_users='odin, root, dva, tri'; +create table t2 (id int); +set global server_audit_excl_users='odin, dva, tri'; +insert into t1 values (1), (2); +select * from t1; +set global server_audit_incl_users='odin, root, dva, tri'; +insert into t2 values (1), (2); +select * from t2; +alter table t1 rename renamed_t1; +set global server_audit_events='connect,query'; +select 1, + 2, +# comment + 3; +insert into t2 values (1), (2); +select * from t2; +--disable_ps_protocol +--error ER_NO_SUCH_TABLE +select * from t_doesnt_exist; +--enable_ps_protocol +--error 1064 +syntax_error_query; +drop table renamed_t1, t2; +show variables like 'server_audit%'; +set global server_audit_mode=1; +set global server_audit_events=''; +create database sa_db; +let SEARCH_COUNT= 47; +source include/wait_for_line_count_in_file.inc; + +connect (con1,localhost,root,,test); +create table t1 (id2 int); +insert into t1 values (1), (2); +select * from t1; +drop table t1; +use sa_db; +create table sa_t1(id int); +insert into sa_t1 values (1), (2); +drop table sa_t1; +drop database sa_db; +disconnect con1; +let SEARCH_COUNT= 80; +source include/wait_for_line_count_in_file.inc; + +connection default; +create database sa_db; +use sa_db; +CREATE USER u1 IDENTIFIED BY 'pwd-123'; +GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321"; +SET PASSWORD FOR u1 = PASSWORD('pwd 098'); +CREATE USER u3 IDENTIFIED BY ''; +ALTER USER u3 IDENTIFIED BY 'pwd-456'; +drop user u1, u2, u3; + +set global server_audit_events='query_ddl'; +create table t1(id int); +insert into t1 values (1), (2); +select * from t1; +select 2; +(select 2); +/*! select 2*/; +/*comment*/ select 2; +drop table t1; + +create procedure pr1() insert into test.t1 values ("foo", 42); +create function fn1(i int) returns int deterministic return i+1; +drop procedure pr1; +drop function fn1; + +set global server_audit_events='query_ddl,query_dml'; +create table t1(id int); +insert into t1 values (1), (2); +select * from t1; +select 2; +drop table t1; +set global server_audit_events='query_dml'; +create table t1(id int); +insert into t1 values (1), (2); +select * from t1; +select 2; +(select 2); +/*! select 2*/; +/*comment*/ select 2; +drop table t1; +set global server_audit_events='query_dcl'; +create table t1(id int); +insert into t1 values (1), (2); +select * from t1; +CREATE USER u1 IDENTIFIED BY 'pwd-123'; +GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321"; +SET PASSWORD +# comment +FOR u1 = PASSWORD('pwd 098'); +--error 1064 +SET PASSWORD FOR u1=<secret>; +CREATE USER u3 IDENTIFIED BY ''; +drop user u1, u2, u3; +select 2; +(select 2); +/*! select 2*/; +/*comment*/ select 2; +drop table t1; +set global server_audit_events='query_dml_no_select'; +create table t1(id int); +insert into t1 values (1), (2); +select * from t1; +select 2; +drop table t1; +create procedure pr1() insert into test.t1 values ("foo", 42); +create function fn1(i int) returns int deterministic return i+1; +drop procedure pr1; +drop function fn1; + +create procedure pr1() insert into test.t1 values ("foo", 42); +create function fn1(i int) returns int deterministic return i+1; +drop procedure pr1; +drop function fn1; + +set global server_audit_events='table'; +set global server_audit_incl_users='user1'; + +create user user1@localhost; +grant all on sa_db.* to user1@localhost; + +connect (cn1,localhost,user1,,sa_db); +connection cn1; + +create table t1(id int) engine=myisam; +insert delayed into t1 values (1); +connection default; +--echo # Waiting until INSERT DELAYED thread does the insert. +let $wait_condition= SELECT COUNT(*) = 1 FROM t1; +--source include/wait_condition.inc +drop table t1; + +set global server_audit_logging= off; +set global server_audit_incl_users='root'; +set global server_audit_logging= on; +disconnect cn1; +let $count_sessions=1; +source include/wait_until_count_sessions.inc; + +drop user user1@localhost; + +set global server_audit_events=''; +set global server_audit_incl_users='root, plug_dest'; + +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +--sleep 2 +--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK +--error ER_ACCESS_DENIED_ERROR : this should fail : no grant +connect(plug_con,localhost,plug,plug_dest); +--sleep 2 +GRANT PROXY ON plug_dest TO plug; +--sleep 2 +connect(plug_con,localhost,plug,plug_dest); +connection plug_con; +select USER(),CURRENT_USER(); +connection default; +disconnect plug_con; +--sleep 2 +--sleep 2 +DROP USER plug; +DROP USER plug_dest; + +set global server_audit_query_log_limit= 15; +select (1), (2), (3), (4); +select 'A', 'B', 'C', 'D'; +set global server_audit_query_log_limit= 1024; +drop database sa_db; + +set global server_audit_file_path='.'; +--replace_regex /\.[\\\/]/HOME_DIR\// +show status like 'server_audit_current_log'; +set global server_audit_file_path=''; +show status like 'server_audit_current_log'; +set global server_audit_file_path=' '; +show status like 'server_audit_current_log'; +set global server_audit_file_path='nonexisting_dir/'; +show status like 'server_audit_current_log'; +show variables like 'server_audit%'; +uninstall plugin server_audit; + +# replace the timestamp and the hostname with constant values +--replace_regex /[0-9]* [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\,[^,]*\,/TIME,HOSTNAME,/ /\,[1-9][0-9]*\,/,1,/ /\,[1-9][0-9]*/,ID/ +cat_file $MYSQLD_DATADIR/server_audit.log; +remove_file $MYSQLD_DATADIR/server_audit.log; + |