Hi, Alexey!
On Oct 23, Alexey Botchkov wrote:
Hi, Sergei.
I'd like to draw your attention to this old issue:
https://jira.mariadb.org/browse/MDEV-7389
The idea was to make a bigger thing - to modify the plugin API
so it is easier to use and let user to do more. Particularly to
notify warnings to the audit plugins for this 7389 task.
That was done with this task: https://jira.mariadb.org/browse/MDEV-5313
Just to refresh our memory:
I proposed to get rid off the API versions and version-dependent
memory structures that are used to transfer data to and from the plugin.
All we need to do is adding new 'audit_plugin_service'. Which is
just the normal service that offer methods to the auditing plugin to
send commands to the server and get the server data. You can look at the
patch http://lists.askmonty.org/pipermail/commits/2016-February/009025.html
So, Serg, do you have anything to say on that subject?
Well...
First, I'll say that I'm sorry for not replying earlier :)
Now, "service" is a server functionality provided openly to all
plugins. Kind of a utility library, like alloc() or printf().
Moving audit to a service, means there is no longer audit plugin type
(we won't remove it, but it becomes useless) because any plugin can use
audit functionality. Is that what we want? Audit is not a
general-purpose thing. May be you mean that we should deprecate all
plugin types and move everything to services (not now, but over time)?
That one possible approach. But just moving audit to a service is not
very logical.
Another approach would be to keep audit plugin as a *type*, but still
use your callback approach. That's fine, callbacks don't need to be done
via services, there are plugin-type-specific callbacks too.
In that case an audit plugin will get some kind of an audit handler from
the server, and will invoke its audit methods, for example
audit_handler->get_database(thd);
etc.
Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx