From c1f2b5a14172fe6740558a02b8ef2d3287b46d1f Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Wed, 19 Mar 2025 21:33:46 +0100
Subject: [PATCH] MDEV-33834 post-merge

* move TLS version into the "object" column
* show that TLS version follows db name
* correctly check for have_ssl
---
 include/mysql/plugin_audit.h                  |  1 +
 .../suite/plugins/r/server_audit.result       | 42 ++++++++++---------
 mysql-test/suite/plugins/t/server_audit.test  |  6 +--
 plugin/server_audit/server_audit.c            | 11 ++---
 4 files changed, 33 insertions(+), 27 deletions(-)

diff --git a/include/mysql/plugin_audit.h b/include/mysql/plugin_audit.h
index 9771f959fce..588d82f2d34 100644
--- a/include/mysql/plugin_audit.h
+++ b/include/mysql/plugin_audit.h
@@ -102,6 +102,7 @@ struct mysql_event_connection
   const char *ip;
   unsigned int ip_length;
   MYSQL_CONST_LEX_STRING database;
+  /* Added in version 0x303 */
   const char *tls_version;
   unsigned int tls_version_length;
 };
diff --git a/mysql-test/suite/plugins/r/server_audit.result b/mysql-test/suite/plugins/r/server_audit.result
index fa62b4dd782..f48a3e6c499 100644
--- a/mysql-test/suite/plugins/r/server_audit.result
+++ b/mysql-test/suite/plugins/r/server_audit.result
@@ -257,10 +257,11 @@ disconnect plug_con;
 DROP USER plug;
 DROP USER plug_dest;
 CREATE USER ssl_user1@localhost require SSL;
-connect  conssl1,localhost,ssl_user1,,,,,SSL;
-SHOW STATUS LIKE 'Ssl_cipher';
-Variable_name	Value
-Ssl_cipher	CIPHER_NAME
+GRANT ALL ON sa_db TO ssl_user1@localhost;
+connect  conssl1,localhost,ssl_user1,,sa_db,,,SSL;
+select variable_value > '' as 'have_ssl' from information_schema.session_status where variable_name='ssl_cipher';
+have_ssl
+1
 disconnect conssl1;
 connection default;
 DROP USER ssl_user1@localhost;
@@ -326,10 +327,10 @@ TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_incl_user
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'show variables like \'server_audit_incl_users\'',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_excl_users= repeat("\'root\',", 10000)',ID
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'show variables like \'server_audit_excl_users\'',0
-TIME,HOSTNAME,root,localhost,ID,0,CONNECT,mysql,,0,
-TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,mysql,,0,
-TIME,HOSTNAME,no_such_user,localhost,ID,0,FAILED_CONNECT,,,ID,
-TIME,HOSTNAME,no_such_user,localhost,ID,0,DISCONNECT,,,0,
+TIME,HOSTNAME,root,localhost,ID,0,CONNECT,mysql,,0
+TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,mysql,,0
+TIME,HOSTNAME,no_such_user,localhost,ID,0,FAILED_CONNECT,,,ID
+TIME,HOSTNAME,no_such_user,localhost,ID,0,DISCONNECT,,,0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_incl_users=\'odin, dva, tri\'',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_incl_users=\'odin, root, dva, tri\'',0
 TIME,HOSTNAME,root,localhost,ID,ID,CREATE,test,t2,
@@ -368,7 +369,7 @@ TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'show variables like \'server_audi
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_mode=1',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_events=\'\'',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'create database sa_db',0
-TIME,HOSTNAME,root,localhost,ID,0,CONNECT,test,,0,
+TIME,HOSTNAME,root,localhost,ID,0,CONNECT,test,,0
 TIME,HOSTNAME,root,localhost,ID,ID,CREATE,test,t1,
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'create table t1 (id2 int)',0
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,test,t1,
@@ -400,7 +401,7 @@ TIME,HOSTNAME,root,localhost,ID,ID,READ,mysql,proc,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proc,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,event,
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop database sa_db',0
-TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,,,0,
+TIME,HOSTNAME,root,localhost,ID,0,DISCONNECT,,,0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'create database sa_db',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'use sa_db',0
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
@@ -486,15 +487,15 @@ TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,global_priv,
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER plug_dest IDENTIFIED BY *****',0
-TIME,HOSTNAME,plug,localhost,ID,0,FAILED_CONNECT,,,ID,
-TIME,HOSTNAME,plug,localhost,ID,0,DISCONNECT,,,0,
+TIME,HOSTNAME,plug,localhost,ID,0,FAILED_CONNECT,,,ID
+TIME,HOSTNAME,plug,localhost,ID,0,DISCONNECT,,,0
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,global_priv,
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'GRANT PROXY ON plug_dest TO plug',0
-TIME,HOSTNAME,plug,localhost,ID,0,CONNECT,,,0,
-TIME,HOSTNAME,plug,localhost,ID,0,PROXY_CONNECT,,`plug_dest`@`%`,0,
+TIME,HOSTNAME,plug,localhost,ID,0,CONNECT,,,0
+TIME,HOSTNAME,plug,localhost,ID,0,PROXY_CONNECT,,`plug_dest`@`%`,0
 TIME,HOSTNAME,plug,localhost,ID,ID,QUERY,,'select USER(),CURRENT_USER()',0
-TIME,HOSTNAME,plug,localhost,ID,0,DISCONNECT,,,0,
+TIME,HOSTNAME,plug,localhost,ID,0,DISCONNECT,,,0
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,
@@ -519,10 +520,13 @@ TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,global_priv,
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER ssl_user1@localhost require SSL',0
-TIME,HOSTNAME,ssl_user1,localhost,ID,0,CONNECT,,,0,TLS_VERSION
-TIME,HOSTNAME,ssl_user1,localhost,ID,ID,QUERY,Access denied for user 'ssl_user1'@'localhost' to database 'test','SHOW STATUS LIKE \'Ssl_version\'',0
-TIME,HOSTNAME,ssl_user1,localhost,ID,ID,QUERY,Access denied for user 'ssl_user1'@'localhost' to database 'test','SHOW STATUS LIKE \'Ssl_cipher\'',0
-TIME,HOSTNAME,ssl_user1,localhost,ID,0,DISCONNECT,,,0,TLS_VERSION
+TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
+TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,global_priv,
+TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'GRANT ALL ON sa_db TO ssl_user1@localhost',0
+TIME,HOSTNAME,ssl_user1,localhost,ID,0,CONNECT,sa_db,TLS_VERSION,0
+TIME,HOSTNAME,ssl_user1,localhost,ID,ID,QUERY,sa_db,'SHOW STATUS LIKE \'Ssl_version\'',0
+TIME,HOSTNAME,ssl_user1,localhost,ID,ID,QUERY,sa_db,'select variable_value > \'\' as \'have_ssl\' from information_schema.session_status where variable_name=\'ssl_cipher\'',0
+TIME,HOSTNAME,ssl_user1,localhost,ID,0,DISCONNECT,sa_db,TLS_VERSION,0
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,
diff --git a/mysql-test/suite/plugins/t/server_audit.test b/mysql-test/suite/plugins/t/server_audit.test
index 906f635536f..4c8bd9017d6 100644
--- a/mysql-test/suite/plugins/t/server_audit.test
+++ b/mysql-test/suite/plugins/t/server_audit.test
@@ -214,10 +214,10 @@ DROP USER plug;
 DROP USER plug_dest;
 
 CREATE USER ssl_user1@localhost require SSL;
-connect (conssl1,localhost,ssl_user1,,,,,SSL);
+GRANT ALL ON sa_db TO ssl_user1@localhost;
+connect (conssl1,localhost,ssl_user1,,sa_db,,,SSL);
 --let $ssl_version = query_get_value(SHOW STATUS LIKE 'Ssl_version', Value, 1)
---replace_column 2 CIPHER_NAME
-SHOW STATUS LIKE 'Ssl_cipher';
+select variable_value > '' as 'have_ssl' from information_schema.session_status where variable_name='ssl_cipher';
 disconnect conssl1;
 connection default;
 --sleep 2
diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c
index 53203c143c7..71d4666163a 100644
--- a/plugin/server_audit/server_audit.c
+++ b/plugin/server_audit/server_audit.c
@@ -1513,10 +1513,10 @@ static int log_proxy(const struct connection_info *cn,
                     cn->ip, cn->ip_length,
                     event->thread_id, 0, "PROXY_CONNECT");
   csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
-    ",%.*s,`%.*s`@`%.*s`,%d,%.*s", cn->db_length, cn->db,
+    ",%.*s,`%.*s`@`%.*s`,%d", cn->db_length, cn->db,
                      cn->proxy_length, cn->proxy,
                      cn->proxy_host_length, cn->proxy_host,
-                     event->status, cn->tls_version_length, cn->tls_version);
+                     event->status);
   message[csize]= '\n';
   return write_log(message, csize + 1, 1);
 }
@@ -1542,7 +1542,8 @@ static int log_connection(const struct connection_info *cn,
 
   obj_len= create_tls_obj(event, tls_obj, sizeof(tls_obj));
   csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
-    ",%.*s,,%d,%.*s", cn->db_length, cn->db, event->status, (int) obj_len, tls_obj);
+    ",%.*s,%.*s,%d", cn->db_length, cn->db, (int) obj_len, tls_obj,
+    event->status);
   message[csize]= '\n';
   return write_log(message, csize + 1, 1);
 }
@@ -1566,8 +1567,8 @@ static int log_connection_event(const struct mysql_event_connection *event,
                     event->thread_id, 0, type);
   obj_len= create_tls_obj(event, tls_obj, sizeof(tls_obj));
   csize+= my_snprintf(message+csize, sizeof(message) - 1 - csize,
-    ",%.*s,,%d,%.*s", (int) event->database.length,event->database.str,
-    event->status, (int) obj_len, tls_obj);
+    ",%.*s,%.*s,%d", (int) event->database.length,event->database.str,
+    (int) obj_len, tls_obj, event->status);
   message[csize]= '\n';
   return write_log(message, csize + 1, 1);
 }