MySQL 8.0.37
Source Code Documentation
auth_common.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef AUTH_COMMON_INCLUDED
25#define AUTH_COMMON_INCLUDED
26
27#include <assert.h>
28#include <stddef.h>
29#include <stdint.h>
30#include <sys/types.h>
31#include <functional>
32#include <list>
33#include <memory>
34#include <string>
35#include <utility>
36#include <vector>
37
38#include "lex_string.h"
39#include "my_command.h"
40
41#include "my_hostname.h" // HOSTNAME_LENGTH
42#include "my_inttypes.h"
43#include "mysql_com.h" // USERNAME_LENGTH
44#include "template_utils.h"
45
46#include <openssl/rsa.h>
47
48/* Forward Declarations */
49class Alter_info;
50class Field_iterator_table_ref;
51class Item;
52class LEX_COLUMN;
53class String;
54class THD;
55struct CHARSET_INFO;
56struct GRANT_INFO;
57struct GRANT_INTERNAL_INFO;
58struct HA_CREATE_INFO;
59struct LEX_USER;
60template <class T>
61class List;
62typedef struct user_conn USER_CONN;
63class Security_context;
64class ACL_USER;
65struct TABLE;
66struct MEM_ROOT;
67class Table_ref;
68enum class role_enum;
69enum class Consumer_type;
70class LEX_GRANT_AS;
71
72namespace consts {
73extern const std::string mysql;
74extern const std::string system_user;
75extern const std::string connection_admin;
76} // namespace consts
77
78/** user, host tuple which reference either acl_cache or g_default_roles */
79typedef std::pair<LEX_CSTRING, LEX_CSTRING> Auth_id_ref;
80typedef std::vector<Auth_id_ref> List_of_auth_id_refs;
81
82bool operator<(const Auth_id_ref &a, const Auth_id_ref &b);
83
84enum ACL_internal_access_result {
85 /**
86 Access granted for all the requested privileges,
87 do not use the grant tables.
88 This flag is used only for the INFORMATION_SCHEMA privileges,
89 for compatibility reasons.
90 */
91 ACL_INTERNAL_ACCESS_GRANTED,
92 /** Access denied, do not use the grant tables. */
93 ACL_INTERNAL_ACCESS_DENIED,
94 /** No decision yet, use the grant tables. */
95 ACL_INTERNAL_ACCESS_CHECK_GRANT
96};
97
98/* Classes */
99
100/**
101 Per internal table ACL access rules.
102 This class is an interface.
103 Per table(s) specific access rule should be implemented in a subclass.
104 @sa ACL_internal_schema_access
105*/
106class ACL_internal_table_access {
107 public:
108 ACL_internal_table_access() = default;
109
110 virtual ~ACL_internal_table_access() = default;
111
112 /**
113 Check access to an internal table.
114 When a privilege is granted, this method add the requested privilege
115 to save_priv.
116 @param want_access the privileges requested
117 @param [in, out] save_priv the privileges granted
118 @param any_combination_will_do true if it's enough to have any privilege
119 for any combination of the table columns.
120 @retval ACL_INTERNAL_ACCESS_GRANTED All the requested privileges
121 are granted, and saved in save_priv.
122 @retval ACL_INTERNAL_ACCESS_DENIED At least one of the requested
123 privileges was denied.
124 @retval ACL_INTERNAL_ACCESS_CHECK_GRANT No requested privilege
125 was denied, and grant should be checked for at least one
126 privilege. Requested privileges that are granted, if any, are saved
127 in save_priv.
128 */
129 virtual ACL_internal_access_result check(
130 ulong want_access, ulong *save_priv,
131 bool any_combination_will_do) const = 0;
132};
133
134/**
135 Per internal schema ACL access rules.
136 This class is an interface.
137 Each per schema specific access rule should be implemented
138 in a different subclass, and registered.
139 Per schema access rules can control:
140 - every schema privileges on schema.*
141 - every table privileges on schema.table
142 @sa ACL_internal_schema_registry
143*/
144class ACL_internal_schema_access {
145 public:
146 ACL_internal_schema_access() = default;
147
148 virtual ~ACL_internal_schema_access() = default;
149
150 /**
151 Check access to an internal schema.
152 @param want_access the privileges requested
153 @param [in, out] save_priv the privileges granted
154 @param any_combination_will_do true if it's enough to have any privilege
155 for any combination of the table columns.
156 @retval ACL_INTERNAL_ACCESS_GRANTED All the requested privileges
157 are granted, and saved in save_priv.
158 @retval ACL_INTERNAL_ACCESS_DENIED At least one of the requested
159 privileges was denied.
160 @retval ACL_INTERNAL_ACCESS_CHECK_GRANT No requested privilege
161 was denied, and grant should be checked for at least one
162 privilege. Requested privileges that are granted, if any, are saved
163 in save_priv.
164 */
165 virtual ACL_internal_access_result check(
166 ulong want_access, ulong *save_priv,
167 bool any_combination_will_do) const = 0;
168
169 /**
170 Search for per table ACL access rules by table name.
171 @param name the table name
172 @return per table access rules, or NULL
173 */
174 virtual const ACL_internal_table_access *lookup(const char *name) const = 0;
175};
176
177/**
178 A registry for per internal schema ACL.
179 An 'internal schema' is a database schema maintained by the
180 server implementation, such as 'performance_schema' and 'INFORMATION_SCHEMA'.
181*/
182class ACL_internal_schema_registry {
183 public:
184 static void register_schema(const LEX_CSTRING &name,
185 const ACL_internal_schema_access *access);
186 static const ACL_internal_schema_access *lookup(const char *name);
187};
188
189/**
190 Extension of ACL_internal_schema_access for Information Schema
191*/
192class IS_internal_schema_access : public ACL_internal_schema_access {
193 public:
194 IS_internal_schema_access() = default;
195
196 ~IS_internal_schema_access() override = default;
197
198 ACL_internal_access_result check(ulong want_access, ulong *save_priv,
199 bool any_combination_will_do) const override;
200
201 const ACL_internal_table_access *lookup(const char *name) const override;
202};
203
204/* Data Structures */
205
206extern const std::vector<std::string> global_acls_vector;
207
208enum mysql_db_table_field {
209 MYSQL_DB_FIELD_HOST = 0,
210 MYSQL_DB_FIELD_DB,
211 MYSQL_DB_FIELD_USER,
212 MYSQL_DB_FIELD_SELECT_PRIV,
213 MYSQL_DB_FIELD_INSERT_PRIV,
214 MYSQL_DB_FIELD_UPDATE_PRIV,
215 MYSQL_DB_FIELD_DELETE_PRIV,
216 MYSQL_DB_FIELD_CREATE_PRIV,
217 MYSQL_DB_FIELD_DROP_PRIV,
218 MYSQL_DB_FIELD_GRANT_PRIV,
219 MYSQL_DB_FIELD_REFERENCES_PRIV,
220 MYSQL_DB_FIELD_INDEX_PRIV,
221 MYSQL_DB_FIELD_ALTER_PRIV,
222 MYSQL_DB_FIELD_CREATE_TMP_TABLE_PRIV,
223 MYSQL_DB_FIELD_LOCK_TABLES_PRIV,
224 MYSQL_DB_FIELD_CREATE_VIEW_PRIV,
225 MYSQL_DB_FIELD_SHOW_VIEW_PRIV,
226 MYSQL_DB_FIELD_CREATE_ROUTINE_PRIV,
227 MYSQL_DB_FIELD_ALTER_ROUTINE_PRIV,
228 MYSQL_DB_FIELD_EXECUTE_PRIV,
229 MYSQL_DB_FIELD_EVENT_PRIV,
230 MYSQL_DB_FIELD_TRIGGER_PRIV,
231 MYSQL_DB_FIELD_COUNT
232};
233
234enum mysql_user_table_field {
235 MYSQL_USER_FIELD_HOST = 0,
236 MYSQL_USER_FIELD_USER,
237 MYSQL_USER_FIELD_SELECT_PRIV,
238 MYSQL_USER_FIELD_INSERT_PRIV,
239 MYSQL_USER_FIELD_UPDATE_PRIV,
240 MYSQL_USER_FIELD_DELETE_PRIV,
241 MYSQL_USER_FIELD_CREATE_PRIV,
242 MYSQL_USER_FIELD_DROP_PRIV,
243 MYSQL_USER_FIELD_RELOAD_PRIV,
244 MYSQL_USER_FIELD_SHUTDOWN_PRIV,
245 MYSQL_USER_FIELD_PROCESS_PRIV,
246 MYSQL_USER_FIELD_FILE_PRIV,
247 MYSQL_USER_FIELD_GRANT_PRIV,
248 MYSQL_USER_FIELD_REFERENCES_PRIV,
249 MYSQL_USER_FIELD_INDEX_PRIV,
250 MYSQL_USER_FIELD_ALTER_PRIV,
251 MYSQL_USER_FIELD_SHOW_DB_PRIV,
252 MYSQL_USER_FIELD_SUPER_PRIV,
253 MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV,
254 MYSQL_USER_FIELD_LOCK_TABLES_PRIV,
255 MYSQL_USER_FIELD_EXECUTE_PRIV,
256 MYSQL_USER_FIELD_REPL_SLAVE_PRIV,
257 MYSQL_USER_FIELD_REPL_CLIENT_PRIV,
258 MYSQL_USER_FIELD_CREATE_VIEW_PRIV,
259 MYSQL_USER_FIELD_SHOW_VIEW_PRIV,
260 MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV,
261 MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV,
262 MYSQL_USER_FIELD_CREATE_USER_PRIV,
263 MYSQL_USER_FIELD_EVENT_PRIV,
264 MYSQL_USER_FIELD_TRIGGER_PRIV,
265 MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV,
266 MYSQL_USER_FIELD_SSL_TYPE,
267 MYSQL_USER_FIELD_SSL_CIPHER,
268 MYSQL_USER_FIELD_X509_ISSUER,
269 MYSQL_USER_FIELD_X509_SUBJECT,
270 MYSQL_USER_FIELD_MAX_QUESTIONS,
271 MYSQL_USER_FIELD_MAX_UPDATES,
272 MYSQL_USER_FIELD_MAX_CONNECTIONS,
273 MYSQL_USER_FIELD_MAX_USER_CONNECTIONS,
274 MYSQL_USER_FIELD_PLUGIN,
275 MYSQL_USER_FIELD_AUTHENTICATION_STRING,
276 MYSQL_USER_FIELD_PASSWORD_EXPIRED,
277 MYSQL_USER_FIELD_PASSWORD_LAST_CHANGED,
278 MYSQL_USER_FIELD_PASSWORD_LIFETIME,
279 MYSQL_USER_FIELD_ACCOUNT_LOCKED,
280 MYSQL_USER_FIELD_CREATE_ROLE_PRIV,
281 MYSQL_USER_FIELD_DROP_ROLE_PRIV,
282 MYSQL_USER_FIELD_PASSWORD_REUSE_HISTORY,
283 MYSQL_USER_FIELD_PASSWORD_REUSE_TIME,
284 MYSQL_USER_FIELD_PASSWORD_REQUIRE_CURRENT,
285 MYSQL_USER_FIELD_USER_ATTRIBUTES,
286 MYSQL_USER_FIELD_COUNT
287};
288
289enum mysql_proxies_priv_table_feild {
290 MYSQL_PROXIES_PRIV_FIELD_HOST = 0,
291 MYSQL_PROXIES_PRIV_FIELD_USER,
292 MYSQL_PROXIES_PRIV_FIELD_PROXIED_HOST,
293 MYSQL_PROXIES_PRIV_FIELD_PROXIED_USER,
294 MYSQL_PROXIES_PRIV_FIELD_WITH_GRANT,
295 MYSQL_PROXIES_PRIV_FIELD_GRANTOR,
296 MYSQL_PROXIES_PRIV_FIELD_TIMESTAMP,
297 MYSQL_PROXIES_PRIV_FIELD_COUNT
298};
299
300enum mysql_procs_priv_table_field {
301 MYSQL_PROCS_PRIV_FIELD_HOST = 0,
302 MYSQL_PROCS_PRIV_FIELD_DB,
303 MYSQL_PROCS_PRIV_FIELD_USER,
304 MYSQL_PROCS_PRIV_FIELD_ROUTINE_NAME,
305 MYSQL_PROCS_PRIV_FIELD_ROUTINE_TYPE,
306 MYSQL_PROCS_PRIV_FIELD_GRANTOR,
307 MYSQL_PROCS_PRIV_FIELD_PROC_PRIV,
308 MYSQL_PROCS_PRIV_FIELD_TIMESTAMP,
309 MYSQL_PROCS_PRIV_FIELD_COUNT
310};
311
312enum mysql_columns_priv_table_field {
313 MYSQL_COLUMNS_PRIV_FIELD_HOST = 0,
314 MYSQL_COLUMNS_PRIV_FIELD_DB,
315 MYSQL_COLUMNS_PRIV_FIELD_USER,
316 MYSQL_COLUMNS_PRIV_FIELD_TABLE_NAME,
317 MYSQL_COLUMNS_PRIV_FIELD_COLUMN_NAME,
318 MYSQL_COLUMNS_PRIV_FIELD_TIMESTAMP,
319 MYSQL_COLUMNS_PRIV_FIELD_COLUMN_PRIV,
320 MYSQL_COLUMNS_PRIV_FIELD_COUNT
321};
322
323enum mysql_tables_priv_table_field {
324 MYSQL_TABLES_PRIV_FIELD_HOST = 0,
325 MYSQL_TABLES_PRIV_FIELD_DB,
326 MYSQL_TABLES_PRIV_FIELD_USER,
327 MYSQL_TABLES_PRIV_FIELD_TABLE_NAME,
328 MYSQL_TABLES_PRIV_FIELD_GRANTOR,
329 MYSQL_TABLES_PRIV_FIELD_TIMESTAMP,
330 MYSQL_TABLES_PRIV_FIELD_TABLE_PRIV,
331 MYSQL_TABLES_PRIV_FIELD_COLUMN_PRIV,
332 MYSQL_TABLES_PRIV_FIELD_COUNT
333};
334
335enum mysql_role_edges_table_field {
336 MYSQL_ROLE_EDGES_FIELD_FROM_HOST = 0,
337 MYSQL_ROLE_EDGES_FIELD_FROM_USER,
338 MYSQL_ROLE_EDGES_FIELD_TO_HOST,
339 MYSQL_ROLE_EDGES_FIELD_TO_USER,
340 MYSQL_ROLE_EDGES_FIELD_WITH_ADMIN_OPTION,
341 MYSQL_ROLE_EDGES_FIELD_COUNT
342};
343
344enum mysql_default_roles_table_field {
345 MYSQL_DEFAULT_ROLES_FIELD_HOST = 0,
346 MYSQL_DEFAULT_ROLES_FIELD_USER,
347 MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_HOST,
348 MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_USER,
349 MYSQL_DEFAULT_ROLES_FIELD_COUNT
350};
351
352enum mysql_password_history_table_field {
353 MYSQL_PASSWORD_HISTORY_FIELD_HOST = 0,
354 MYSQL_PASSWORD_HISTORY_FIELD_USER,
355 MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD_TIMESTAMP,
356 MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD,
357 MYSQL_PASSWORD_HISTORY_FIELD_COUNT
358};
359
360enum mysql_dynamic_priv_table_field {
361 MYSQL_DYNAMIC_PRIV_FIELD_USER = 0,
362 MYSQL_DYNAMIC_PRIV_FIELD_HOST,
363 MYSQL_DYNAMIC_PRIV_FIELD_PRIV,
364 MYSQL_DYNAMIC_PRIV_FIELD_WITH_GRANT_OPTION,
365 MYSQL_DYNAMIC_PRIV_FIELD_COUNT
366};
367
368/* When we run mysql_upgrade we must make sure that the server can be run
369 using previous mysql.user table schema during acl_load.
370
371 User_table_schema is a common interface for the current and the
372 previous mysql.user table schema.
373 */
374class User_table_schema {
375 public:
376 virtual uint host_idx() = 0;
377 virtual uint user_idx() = 0;
378 virtual uint password_idx() = 0;
379 virtual uint select_priv_idx() = 0;
380 virtual uint insert_priv_idx() = 0;
381 virtual uint update_priv_idx() = 0;
382 virtual uint delete_priv_idx() = 0;
383 virtual uint create_priv_idx() = 0;
384 virtual uint drop_priv_idx() = 0;
385 virtual uint reload_priv_idx() = 0;
386 virtual uint shutdown_priv_idx() = 0;
387 virtual uint process_priv_idx() = 0;
388 virtual uint file_priv_idx() = 0;
389 virtual uint grant_priv_idx() = 0;
390 virtual uint references_priv_idx() = 0;
391 virtual uint index_priv_idx() = 0;
392 virtual uint alter_priv_idx() = 0;
393 virtual uint show_db_priv_idx() = 0;
394 virtual uint super_priv_idx() = 0;
395 virtual uint create_tmp_table_priv_idx() = 0;
396 virtual uint lock_tables_priv_idx() = 0;
397 virtual uint execute_priv_idx() = 0;
398 virtual uint repl_slave_priv_idx() = 0;
399 virtual uint repl_client_priv_idx() = 0;
400 virtual uint create_view_priv_idx() = 0;
401 virtual uint show_view_priv_idx() = 0;
402 virtual uint create_routine_priv_idx() = 0;
403 virtual uint alter_routine_priv_idx() = 0;
404 virtual uint create_user_priv_idx() = 0;
405 virtual uint event_priv_idx() = 0;
406 virtual uint trigger_priv_idx() = 0;
407 virtual uint create_tablespace_priv_idx() = 0;
408 virtual uint create_role_priv_idx() = 0;
409 virtual uint drop_role_priv_idx() = 0;
410 virtual uint ssl_type_idx() = 0;
411 virtual uint ssl_cipher_idx() = 0;
412 virtual uint x509_issuer_idx() = 0;
413 virtual uint x509_subject_idx() = 0;
414 virtual uint max_questions_idx() = 0;
415 virtual uint max_updates_idx() = 0;
416 virtual uint max_connections_idx() = 0;
417 virtual uint max_user_connections_idx() = 0;
418 virtual uint plugin_idx() = 0;
419 virtual uint authentication_string_idx() = 0;
420 virtual uint password_expired_idx() = 0;
421 virtual uint password_last_changed_idx() = 0;
422 virtual uint password_lifetime_idx() = 0;
423 virtual uint account_locked_idx() = 0;
424 virtual uint password_reuse_history_idx() = 0;
425 virtual uint password_reuse_time_idx() = 0;
426 // Added in 8.0.13
427 virtual uint password_require_current_idx() = 0;
428 // Added in 8.0.14
429 virtual uint user_attributes_idx() = 0;
430
431 virtual ~User_table_schema() = default;
432};
433
434/*
435 This class describes indices for the current mysql.user table schema.
436 */
437class User_table_current_schema : public User_table_schema {
438 public:
439 uint host_idx() override { return MYSQL_USER_FIELD_HOST; }
440 uint user_idx() override { return MYSQL_USER_FIELD_USER; }
441 // not available
442 uint password_idx() override {
443 assert(0);
444 return MYSQL_USER_FIELD_COUNT;
445 }
446 uint select_priv_idx() override { return MYSQL_USER_FIELD_SELECT_PRIV; }
447 uint insert_priv_idx() override { return MYSQL_USER_FIELD_INSERT_PRIV; }
448 uint update_priv_idx() override { return MYSQL_USER_FIELD_UPDATE_PRIV; }
449 uint delete_priv_idx() override { return MYSQL_USER_FIELD_DELETE_PRIV; }
450 uint create_priv_idx() override { return MYSQL_USER_FIELD_CREATE_PRIV; }
451 uint drop_priv_idx() override { return MYSQL_USER_FIELD_DROP_PRIV; }
452 uint reload_priv_idx() override { return MYSQL_USER_FIELD_RELOAD_PRIV; }
453 uint shutdown_priv_idx() override { return MYSQL_USER_FIELD_SHUTDOWN_PRIV; }
454 uint process_priv_idx() override { return MYSQL_USER_FIELD_PROCESS_PRIV; }
455 uint file_priv_idx() override { return MYSQL_USER_FIELD_FILE_PRIV; }
456 uint grant_priv_idx() override { return MYSQL_USER_FIELD_GRANT_PRIV; }
457 uint references_priv_idx() override {
458 return MYSQL_USER_FIELD_REFERENCES_PRIV;
459 }
460 uint index_priv_idx() override { return MYSQL_USER_FIELD_INDEX_PRIV; }
461 uint alter_priv_idx() override { return MYSQL_USER_FIELD_ALTER_PRIV; }
462 uint show_db_priv_idx() override { return MYSQL_USER_FIELD_SHOW_DB_PRIV; }
463 uint super_priv_idx() override { return MYSQL_USER_FIELD_SUPER_PRIV; }
464 uint create_role_priv_idx() override {
465 return MYSQL_USER_FIELD_CREATE_ROLE_PRIV;
466 }
467 uint drop_role_priv_idx() override { return MYSQL_USER_FIELD_DROP_ROLE_PRIV; }
468 uint create_tmp_table_priv_idx() override {
469 return MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV;
470 }
471 uint lock_tables_priv_idx() override {
472 return MYSQL_USER_FIELD_LOCK_TABLES_PRIV;
473 }
474 uint execute_priv_idx() override { return MYSQL_USER_FIELD_EXECUTE_PRIV; }
475 uint repl_slave_priv_idx() override {
476 return MYSQL_USER_FIELD_REPL_SLAVE_PRIV;
477 }
478 uint repl_client_priv_idx() override {
479 return MYSQL_USER_FIELD_REPL_CLIENT_PRIV;
480 }
481 uint create_view_priv_idx() override {
482 return MYSQL_USER_FIELD_CREATE_VIEW_PRIV;
483 }
484 uint show_view_priv_idx() override { return MYSQL_USER_FIELD_SHOW_VIEW_PRIV; }
485 uint create_routine_priv_idx() override {
486 return MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV;
487 }
488 uint alter_routine_priv_idx() override {
489 return MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV;
490 }
491 uint create_user_priv_idx() override {
492 return MYSQL_USER_FIELD_CREATE_USER_PRIV;
493 }
494 uint event_priv_idx() override { return MYSQL_USER_FIELD_EVENT_PRIV; }
495 uint trigger_priv_idx() override { return MYSQL_USER_FIELD_TRIGGER_PRIV; }
496 uint create_tablespace_priv_idx() override {
497 return MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV;
498 }
499 uint ssl_type_idx() override { return MYSQL_USER_FIELD_SSL_TYPE; }
500 uint ssl_cipher_idx() override { return MYSQL_USER_FIELD_SSL_CIPHER; }
501 uint x509_issuer_idx() override { return MYSQL_USER_FIELD_X509_ISSUER; }
502 uint x509_subject_idx() override { return MYSQL_USER_FIELD_X509_SUBJECT; }
503 uint max_questions_idx() override { return MYSQL_USER_FIELD_MAX_QUESTIONS; }
504 uint max_updates_idx() override { return MYSQL_USER_FIELD_MAX_UPDATES; }
505 uint max_connections_idx() override {
506 return MYSQL_USER_FIELD_MAX_CONNECTIONS;
507 }
508 uint max_user_connections_idx() override {
509 return MYSQL_USER_FIELD_MAX_USER_CONNECTIONS;
510 }
511 uint plugin_idx() override { return MYSQL_USER_FIELD_PLUGIN; }
512 uint authentication_string_idx() override {
513 return MYSQL_USER_FIELD_AUTHENTICATION_STRING;
514 }
515 uint password_expired_idx() override {
516 return MYSQL_USER_FIELD_PASSWORD_EXPIRED;
517 }
518 uint password_last_changed_idx() override {
519 return MYSQL_USER_FIELD_PASSWORD_LAST_CHANGED;
520 }
521 uint password_lifetime_idx() override {
522 return MYSQL_USER_FIELD_PASSWORD_LIFETIME;
523 }
524 uint account_locked_idx() override { return MYSQL_USER_FIELD_ACCOUNT_LOCKED; }
525 uint password_reuse_history_idx() override {
526 return MYSQL_USER_FIELD_PASSWORD_REUSE_HISTORY;
527 }
528 uint password_reuse_time_idx() override {
529 return MYSQL_USER_FIELD_PASSWORD_REUSE_TIME;
530 }
531 uint password_require_current_idx() override {
532 return MYSQL_USER_FIELD_PASSWORD_REQUIRE_CURRENT;
533 }
534 uint user_attributes_idx() override {
535 return MYSQL_USER_FIELD_USER_ATTRIBUTES;
536 }
537};
538
539/*
540 This class describes indices for the old mysql.user table schema.
541 */
542class User_table_old_schema : public User_table_schema {
543 public:
544 enum mysql_user_table_field_56 {
545 MYSQL_USER_FIELD_HOST_56 = 0,
546 MYSQL_USER_FIELD_USER_56,
547 MYSQL_USER_FIELD_PASSWORD_56,
548 MYSQL_USER_FIELD_SELECT_PRIV_56,
549 MYSQL_USER_FIELD_INSERT_PRIV_56,
550 MYSQL_USER_FIELD_UPDATE_PRIV_56,
551 MYSQL_USER_FIELD_DELETE_PRIV_56,
552 MYSQL_USER_FIELD_CREATE_PRIV_56,
553 MYSQL_USER_FIELD_DROP_PRIV_56,
554 MYSQL_USER_FIELD_RELOAD_PRIV_56,
555 MYSQL_USER_FIELD_SHUTDOWN_PRIV_56,
556 MYSQL_USER_FIELD_PROCESS_PRIV_56,
557 MYSQL_USER_FIELD_FILE_PRIV_56,
558 MYSQL_USER_FIELD_GRANT_PRIV_56,
559 MYSQL_USER_FIELD_REFERENCES_PRIV_56,
560 MYSQL_USER_FIELD_INDEX_PRIV_56,
561 MYSQL_USER_FIELD_ALTER_PRIV_56,
562 MYSQL_USER_FIELD_SHOW_DB_PRIV_56,
563 MYSQL_USER_FIELD_SUPER_PRIV_56,
564 MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV_56,
565 MYSQL_USER_FIELD_LOCK_TABLES_PRIV_56,
566 MYSQL_USER_FIELD_EXECUTE_PRIV_56,
567 MYSQL_USER_FIELD_REPL_SLAVE_PRIV_56,
568 MYSQL_USER_FIELD_REPL_CLIENT_PRIV_56,
569 MYSQL_USER_FIELD_CREATE_VIEW_PRIV_56,
570 MYSQL_USER_FIELD_SHOW_VIEW_PRIV_56,
571 MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV_56,
572 MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV_56,
573 MYSQL_USER_FIELD_CREATE_USER_PRIV_56,
574 MYSQL_USER_FIELD_EVENT_PRIV_56,
575 MYSQL_USER_FIELD_TRIGGER_PRIV_56,
576 MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV_56,
577 MYSQL_USER_FIELD_SSL_TYPE_56,
578 MYSQL_USER_FIELD_SSL_CIPHER_56,
579 MYSQL_USER_FIELD_X509_ISSUER_56,
580 MYSQL_USER_FIELD_X509_SUBJECT_56,
581 MYSQL_USER_FIELD_MAX_QUESTIONS_56,
582 MYSQL_USER_FIELD_MAX_UPDATES_56,
583 MYSQL_USER_FIELD_MAX_CONNECTIONS_56,
584 MYSQL_USER_FIELD_MAX_USER_CONNECTIONS_56,
585 MYSQL_USER_FIELD_PLUGIN_56,
586 MYSQL_USER_FIELD_AUTHENTICATION_STRING_56,
587 MYSQL_USER_FIELD_PASSWORD_EXPIRED_56,
588 MYSQL_USER_FIELD_COUNT_56
589 };
590
591 uint host_idx() override { return MYSQL_USER_FIELD_HOST_56; }
592 uint user_idx() override { return MYSQL_USER_FIELD_USER_56; }
593 uint password_idx() override { return MYSQL_USER_FIELD_PASSWORD_56; }
594 uint select_priv_idx() override { return MYSQL_USER_FIELD_SELECT_PRIV_56; }
595 uint insert_priv_idx() override { return MYSQL_USER_FIELD_INSERT_PRIV_56; }
596 uint update_priv_idx() override { return MYSQL_USER_FIELD_UPDATE_PRIV_56; }
597 uint delete_priv_idx() override { return MYSQL_USER_FIELD_DELETE_PRIV_56; }
598 uint create_priv_idx() override { return MYSQL_USER_FIELD_CREATE_PRIV_56; }
599 uint drop_priv_idx() override { return MYSQL_USER_FIELD_DROP_PRIV_56; }
600 uint reload_priv_idx() override { return MYSQL_USER_FIELD_RELOAD_PRIV_56; }
601 uint shutdown_priv_idx() override {
602 return MYSQL_USER_FIELD_SHUTDOWN_PRIV_56;
603 }
604 uint process_priv_idx() override { return MYSQL_USER_FIELD_PROCESS_PRIV_56; }
605 uint file_priv_idx() override { return MYSQL_USER_FIELD_FILE_PRIV_56; }
606 uint grant_priv_idx() override { return MYSQL_USER_FIELD_GRANT_PRIV_56; }
607 uint references_priv_idx() override {
608 return MYSQL_USER_FIELD_REFERENCES_PRIV_56;
609 }
610 uint index_priv_idx() override { return MYSQL_USER_FIELD_INDEX_PRIV_56; }
611 uint alter_priv_idx() override { return MYSQL_USER_FIELD_ALTER_PRIV_56; }
612 uint show_db_priv_idx() override { return MYSQL_USER_FIELD_SHOW_DB_PRIV_56; }
613 uint super_priv_idx() override { return MYSQL_USER_FIELD_SUPER_PRIV_56; }
614 uint create_tmp_table_priv_idx() override {
615 return MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV_56;
616 }
617 uint lock_tables_priv_idx() override {
618 return MYSQL_USER_FIELD_LOCK_TABLES_PRIV_56;
619 }
620 uint execute_priv_idx() override { return MYSQL_USER_FIELD_EXECUTE_PRIV_56; }
621 uint repl_slave_priv_idx() override {
622 return MYSQL_USER_FIELD_REPL_SLAVE_PRIV_56;
623 }
624 uint repl_client_priv_idx() override {
625 return MYSQL_USER_FIELD_REPL_CLIENT_PRIV_56;
626 }
627 uint create_view_priv_idx() override {
628 return MYSQL_USER_FIELD_CREATE_VIEW_PRIV_56;
629 }
630 uint show_view_priv_idx() override {
631 return MYSQL_USER_FIELD_SHOW_VIEW_PRIV_56;
632 }
633 uint create_routine_priv_idx() override {
634 return MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV_56;
635 }
636 uint alter_routine_priv_idx() override {
637 return MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV_56;
638 }
639 uint create_user_priv_idx() override {
640 return MYSQL_USER_FIELD_CREATE_USER_PRIV_56;
641 }
642 uint event_priv_idx() override { return MYSQL_USER_FIELD_EVENT_PRIV_56; }
643 uint trigger_priv_idx() override { return MYSQL_USER_FIELD_TRIGGER_PRIV_56; }
644 uint create_tablespace_priv_idx() override {
645 return MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV_56;
646 }
647 uint ssl_type_idx() override { return MYSQL_USER_FIELD_SSL_TYPE_56; }
648 uint ssl_cipher_idx() override { return MYSQL_USER_FIELD_SSL_CIPHER_56; }
649 uint x509_issuer_idx() override { return MYSQL_USER_FIELD_X509_ISSUER_56; }
650 uint x509_subject_idx() override { return MYSQL_USER_FIELD_X509_SUBJECT_56; }
651 uint max_questions_idx() override {
652 return MYSQL_USER_FIELD_MAX_QUESTIONS_56;
653 }
654 uint max_updates_idx() override { return MYSQL_USER_FIELD_MAX_UPDATES_56; }
655 uint max_connections_idx() override {
656 return MYSQL_USER_FIELD_MAX_CONNECTIONS_56;
657 }
658 uint max_user_connections_idx() override {
659 return MYSQL_USER_FIELD_MAX_USER_CONNECTIONS_56;
660 }
661 uint plugin_idx() override { return MYSQL_USER_FIELD_PLUGIN_56; }
662 uint authentication_string_idx() override {
663 return MYSQL_USER_FIELD_AUTHENTICATION_STRING_56;
664 }
665 uint password_expired_idx() override {
666 return MYSQL_USER_FIELD_PASSWORD_EXPIRED_56;
667 }
668
669 // those fields are not available in 5.6 db schema
670 uint password_last_changed_idx() override {
671 return MYSQL_USER_FIELD_COUNT_56;
672 }
673 uint password_lifetime_idx() override { return MYSQL_USER_FIELD_COUNT_56; }
674 uint account_locked_idx() override { return MYSQL_USER_FIELD_COUNT_56; }
675 uint create_role_priv_idx() override { return MYSQL_USER_FIELD_COUNT_56; }
676 uint drop_role_priv_idx() override { return MYSQL_USER_FIELD_COUNT_56; }
677 uint password_reuse_history_idx() override {
678 return MYSQL_USER_FIELD_COUNT_56;
679 }
680 uint password_reuse_time_idx() override { return MYSQL_USER_FIELD_COUNT_56; }
681 uint password_require_current_idx() override {
682 return MYSQL_USER_FIELD_COUNT_56;
683 }
684 uint user_attributes_idx() override { return MYSQL_USER_FIELD_COUNT_56; }
685};
686
687class User_table_schema_factory {
688 public:
689 virtual User_table_schema *get_user_table_schema(TABLE *table) {
690 return is_old_user_table_schema(table)
691 ? implicit_cast<User_table_schema *>(new User_table_old_schema())
692 : implicit_cast<User_table_schema *>(
693 new User_table_current_schema());
694 }
695
696 virtual bool is_old_user_table_schema(TABLE *table);
697 virtual ~User_table_schema_factory() = default;
698};
699
700extern bool mysql_user_table_is_in_short_password_format;
701extern bool disconnect_on_expired_password;
702extern const char *any_db; // Special symbol for check_access
703/** controls the extra checks on plugin availability for mysql.user records */
704
705extern bool validate_user_plugins;
706
707/* Function Declarations */
708
709/* sql_authentication */
710
711int set_default_auth_plugin(char *plugin_name, size_t plugin_name_length);
712std::string get_default_autnetication_plugin_name();
713
714void acl_log_connect(const char *user, const char *host, const char *auth_as,
715 const char *db, THD *thd,
716 enum enum_server_command command);
717int acl_authenticate(THD *thd, enum_server_command command);
718bool acl_check_host(THD *thd, const char *host, const char *ip);
719
720/*
721 User Attributes are the once which are defined during CREATE/ALTER/GRANT
722 statement. These attributes are divided into following categories.
723*/
724
725#define NONE_ATTR 0L
726#define DEFAULT_AUTH_ATTR (1L << 0) /* update defaults auth */
727#define PLUGIN_ATTR (1L << 1) /* update plugin */
728 /* authentication_string */
729#define SSL_ATTR (1L << 2) /* ex: SUBJECT,CIPHER.. */
730#define RESOURCE_ATTR (1L << 3) /* ex: MAX_QUERIES_PER_HOUR.. */
731#define PASSWORD_EXPIRE_ATTR (1L << 4) /* update password expire col */
732#define ACCESS_RIGHTS_ATTR (1L << 5) /* update privileges */
733#define ACCOUNT_LOCK_ATTR (1L << 6) /* update account lock status */
734#define DIFFERENT_PLUGIN_ATTR \
735 (1L << 7) /* updated plugin with a different value */
736#define USER_ATTRIBUTES (1L << 8) /* Request to update user attributes */
737
738/* sql_user */
739void log_user(THD *thd, String *str, LEX_USER *user, bool comma);
740bool check_change_password(THD *thd, const char *host, const char *user,
741 bool retain_current_password);
742bool change_password(THD *thd, LEX_USER *user, const char *password,
743 const char *current_password,
744 bool retain_current_password);
745bool mysql_create_user(THD *thd, List<LEX_USER> &list, bool if_not_exists,
746 bool is_role);
747bool mysql_alter_user(THD *thd, List<LEX_USER> &list, bool if_exists);
748bool mysql_drop_user(THD *thd, List<LEX_USER> &list, bool if_exists,
749 bool drop_role);
750bool mysql_rename_user(THD *thd, List<LEX_USER> &list);
751bool acl_can_access_user(THD *thd, LEX_USER *user);
752
753/* sql_auth_cache */
754void init_acl_memory();
755int wild_case_compare(CHARSET_INFO *cs, const char *str, const char *wildstr);
756int wild_case_compare(CHARSET_INFO *cs, const char *str, size_t str_len,
757 const char *wildstr, size_t wildstr_len);
758bool hostname_requires_resolving(const char *hostname);
759bool acl_init(bool dont_read_acl_tables);
760bool is_acl_inited();
761void acl_free(bool end = false);
762bool check_engine_type_for_acl_table(THD *thd, bool mdl_locked);
763bool grant_init(bool skip_grant_tables);
764void grant_free(void);
765bool reload_acl_caches(THD *thd, bool mdl_locked);
766ulong acl_get(THD *thd, const char *host, const char *ip, const char *user,
767 const char *db, bool db_is_pattern);
768bool is_acl_user(THD *thd, const char *host, const char *user);
769bool acl_getroot(THD *thd, Security_context *sctx, const char *user,
770 const char *host, const char *ip, const char *db);
771bool check_acl_tables_intact(THD *thd, bool mdl_locked);
772bool check_acl_tables_intact(THD *thd, Table_ref *tables);
773void notify_flush_event(THD *thd);
774bool wildcard_db_grant_exists();
775void append_auth_id_string(const THD *thd, const char *user, size_t user_len,
776 const char *host, size_t host_len, String *str);
777
778/* sql_authorization */
779bool skip_grant_tables();
780bool mysql_set_active_role_none(THD *thd);
781bool mysql_set_role_default(THD *thd);
782bool mysql_set_active_role_all(THD *thd, const List<LEX_USER> *except_users);
783bool mysql_set_active_role(THD *thd, const List<LEX_USER> *role_list);
784bool mysql_grant(THD *thd, const char *db, List<LEX_USER> &list, ulong rights,
785 bool revoke_grant, bool is_proxy,
786 const List<LEX_CSTRING> &dynamic_privilege,
787 bool grant_all_current_privileges, LEX_GRANT_AS *grant_as);
788bool mysql_routine_grant(THD *thd, Table_ref *table, bool is_proc,
789 List<LEX_USER> &user_list, ulong rights, bool revoke,
790 bool write_to_binlog);
791int mysql_table_grant(THD *thd, Table_ref *table, List<LEX_USER> &user_list,
792 List<LEX_COLUMN> &column_list, ulong rights, bool revoke);
793bool check_grant(THD *thd, ulong want_access, Table_ref *tables,
794 bool any_combination_will_do, uint number, bool no_errors);
795bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name,
796 const char *table_name, const char *name, size_t length,
797 Security_context *sctx, ulong want_privilege);
798bool check_column_grant_in_table_ref(THD *thd, Table_ref *table_ref,
799 const char *name, size_t length,
800 ulong want_privilege);
801bool check_grant_all_columns(THD *thd, ulong want_access,
802 Field_iterator_table_ref *fields);
803bool check_grant_routine(THD *thd, ulong want_access, Table_ref *procs,
804 bool is_proc, bool no_error);
805bool check_grant_db(THD *thd, const char *db,
806 const bool check_table_grant = false);
807bool acl_check_proxy_grant_access(THD *thd, const char *host, const char *user,
808 bool with_grant);
809void get_privilege_desc(char *to, uint max_length, ulong access);
810void get_mqh(THD *thd, const char *user, const char *host, USER_CONN *uc);
811ulong get_table_grant(THD *thd, Table_ref *table);
812ulong get_column_grant(THD *thd, GRANT_INFO *grant, const char *db_name,
813 const char *table_name, const char *field_name);
814bool mysql_show_grants(THD *, LEX_USER *, const List_of_auth_id_refs &, bool,
815 bool);
816bool mysql_show_create_user(THD *thd, LEX_USER *user, bool are_both_users_same);
817bool mysql_revoke_all(THD *thd, List<LEX_USER> &list);
818bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name,
819 bool is_proc);
820bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
821 bool is_proc);
822void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
823 const char *db, const char *table);
824int fill_schema_user_privileges(THD *thd, Table_ref *tables, Item *cond);
825int fill_schema_schema_privileges(THD *thd, Table_ref *tables, Item *cond);
826int fill_schema_table_privileges(THD *thd, Table_ref *tables, Item *cond);
827int fill_schema_column_privileges(THD *thd, Table_ref *tables, Item *cond);
828const ACL_internal_schema_access *get_cached_schema_access(
829 GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name);
830
831bool lock_tables_precheck(THD *thd, Table_ref *tables);
832bool create_table_precheck(THD *thd, Table_ref *tables,
833 Table_ref *create_table);
834bool check_fk_parent_table_access(THD *thd, HA_CREATE_INFO *create_info,
835 Alter_info *alter_info);
836bool check_lock_view_underlying_table_access(THD *thd, Table_ref *tbl,
837 bool *fake_lock_tables_acl);
838bool check_readonly(THD *thd, bool err_if_readonly);
839void err_readonly(THD *thd);
840
841bool is_secure_transport(int vio_type);
842
843bool check_one_table_access(THD *thd, ulong privilege, Table_ref *tables);
844bool check_single_table_access(THD *thd, ulong privilege, Table_ref *tables,
845 bool no_errors);
846bool check_routine_access(THD *thd, ulong want_access, const char *db,
847 char *name, bool is_proc, bool no_errors);
848bool check_some_access(THD *thd, ulong want_access, Table_ref *table);
849bool has_full_view_routine_access(THD *thd, const char *db,
850 const char *definer_user,
851 const char *definer_host);
852bool has_partial_view_routine_access(THD *thd, const char *db,
853 const char *routine_name, bool is_proc);
854bool check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
855 GRANT_INTERNAL_INFO *grant_internal_info,
856 bool dont_check_global_grants, bool no_errors);
857bool check_table_access(THD *thd, ulong requirements, Table_ref *tables,
858 bool any_combination_of_privileges_will_do, uint number,
859 bool no_errors);
860bool check_table_encryption_admin_access(THD *thd);
861bool mysql_grant_role(THD *thd, const List<LEX_USER> *users,
862 const List<LEX_USER> *roles, bool with_admin_opt);
863bool mysql_revoke_role(THD *thd, const List<LEX_USER> *users,
864 const List<LEX_USER> *roles);
865void get_default_roles(const Auth_id_ref &user, List_of_auth_id_refs &list);
866
867bool is_granted_table_access(THD *thd, ulong required_acl, Table_ref *table);
868
869bool mysql_alter_or_clear_default_roles(THD *thd, role_enum role_type,
870 const List<LEX_USER> *users,
871 const List<LEX_USER> *roles);
872void roles_graphml(THD *thd, String *);
873bool has_grant_role_privilege(THD *thd, const List<LEX_USER> *roles);
874Auth_id_ref create_authid_from(const LEX_USER *user);
875std::string create_authid_str_from(const LEX_USER *user);
876std::pair<std::string, std::string> get_authid_from_quoted_string(
877 std::string str);
878void append_identifier(String *packet, const char *name, size_t length);
879bool is_role_id(LEX_USER *authid);
880void shutdown_acl_cache();
881bool is_granted_role(LEX_CSTRING user, LEX_CSTRING host, LEX_CSTRING role,
882 LEX_CSTRING role_host);
883bool is_mandatory_role(LEX_CSTRING role, LEX_CSTRING role_host,
884 bool *is_mandatory);
885bool check_global_access(THD *thd, ulong want_access);
886
887/* sql_user_table */
888void commit_and_close_mysql_tables(THD *thd);
889bool is_acl_table_name(const char *name);
890#ifndef NDEBUG
891bool is_acl_table(const TABLE *table);
892#endif
893
894typedef enum ssl_artifacts_status {
895 SSL_ARTIFACTS_NOT_FOUND = 0,
896 SSL_ARTIFACTS_VIA_OPTIONS,
897 SSL_ARTIFACT_TRACES_FOUND,
898 SSL_ARTIFACTS_AUTO_DETECTED
899} ssl_artifacts_status;
900
901ulong get_global_acl_cache_size();
902extern bool opt_auto_generate_certs;
903bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status,
904 const char **ssl_ca, const char **ssl_key,
905 const char **ssl_cert);
906
907#define DEFAULT_SSL_CA_CERT "ca.pem"
908#define DEFAULT_SSL_CA_KEY "ca-key.pem"
909#define DEFAULT_SSL_SERVER_CERT "server-cert.pem"
910#define DEFAULT_SSL_SERVER_KEY "server-key.pem"
911
912void update_mandatory_roles(void);
913bool check_authorization_id_string(THD *thd, LEX_STRING &mandatory_roles);
914void func_current_role(const THD *thd, String *active_role);
915
916extern uint32 global_password_history, global_password_reuse_interval;
917
918struct Security_context_policy {
919 enum Operation { Precheck, Execute };
920 Security_context_policy() = default;
921 virtual ~Security_context_policy() = default;
922 Security_context_policy(const Security_context_policy &) = default;
923 virtual bool operator()(Security_context *, Operation) = 0;
924};
925
926typedef std::function<bool(Security_context *,
927 Security_context_policy::Operation)>
928 Security_context_functor;
929
930template <class Derived>
931class Create_authid : public Security_context_policy {
932 public:
933 bool operator()(Security_context *sctx, Operation op) override {
934 if (op == Precheck && static_cast<Derived *>(this)->precheck(sctx))
935 return true;
936 if (op == Execute && static_cast<Derived *>(this)->create(sctx))
937 return true;
938 return false;
939 }
940};
941
942template <class Derived>
943class Grant_privileges : public Security_context_policy {
944 public:
945 bool operator()(Security_context *sctx, Operation op) override {
946 if (op == Precheck && static_cast<Derived *>(this)->precheck(sctx))
947 return true;
948 if (op == Execute && static_cast<Derived *>(this)->grant_privileges(sctx))
949 return true;
950 return false;
951 }
952};
953
954template <typename T>
955using Sctx_ptr = std::unique_ptr<T, std::function<void(T *)>>;
956
957/**
958 Factory for creating any Security_context given a pre-constructed policy.
959*/
960class Security_context_factory {
961 public:
962 /**
963 Default Security_context factory implementation. Given two policies and
964 a authid this class returns a Security_context.
965 @param thd The thread handle
966 @param user User name associated with auth id
967 @param host Host name associated with auth id
968 @param extend_user_profile The policy for creating the user profile
969 @param priv The policy for authorizing the authid to
970 use the server.
971 @param static_priv Static privileges for authid.
972 @param drop_policy The policy for deleting the authid and
973 revoke privileges
974 */
975 Security_context_factory(THD *thd, std::string user, std::string host,
976 Security_context_functor extend_user_profile,
977 Security_context_functor priv,
978 Security_context_functor static_priv,
979 std::function<void(Security_context *)> drop_policy)
980 : m_thd(thd),
981 m_user(std::move(user)),
982 m_host(std::move(host)),
983 m_user_profile(std::move(extend_user_profile)),
984 m_privileges(std::move(priv)),
985 m_static_privileges(std::move(static_priv)),
986 m_drop_policy(std::move(drop_policy)) {}
987
988 Sctx_ptr<Security_context> create();
989
990 private:
991 bool apply_pre_constructed_policies(Security_context *sctx);
992
993 THD *m_thd;
994 std::string m_user;
995 std::string m_host;
996 Security_context_functor m_user_profile;
997 Security_context_functor m_privileges;
998 Security_context_functor m_static_privileges;
999 const std::function<void(Security_context *)> m_drop_policy;
1000};
1001
1002class Default_local_authid : public Create_authid<Default_local_authid> {
1003 public:
1004 Default_local_authid(const THD *thd);
1005 bool precheck(Security_context *sctx);
1006 bool create(Security_context *sctx);
1007
1008 private:
1009 const THD *m_thd;
1010};
1011
1012/**
1013 Grant the privilege temporarily to the in-memory global privileges map.
1014 This class is not thread safe.
1015 */
1016class Grant_temporary_dynamic_privileges
1017 : public Grant_privileges<Grant_temporary_dynamic_privileges> {
1018 public:
1019 Grant_temporary_dynamic_privileges(const THD *thd,
1020 std::vector<std::string> privs);
1021 bool precheck(Security_context *sctx);
1022 bool grant_privileges(Security_context *sctx);
1023
1024 private:
1025 const THD *m_thd;
1026 const std::vector<std::string> m_privs;
1027};
1028
1029class Drop_temporary_dynamic_privileges {
1030 public:
1031 explicit Drop_temporary_dynamic_privileges(std::vector<std::string> privs)
1032 : m_privs(std::move(privs)) {}
1033 void operator()(Security_context *sctx);
1034
1035 private:
1036 std::vector<std::string> m_privs;
1037};
1038
1039class Grant_temporary_static_privileges
1040 : public Grant_privileges<Grant_temporary_static_privileges> {
1041 public:
1042 Grant_temporary_static_privileges(const THD *thd, const ulong privs);
1043 bool precheck(Security_context *sctx);
1044 bool grant_privileges(Security_context *sctx);
1045
1046 private:
1047 /** THD handle */
1048 const THD *m_thd;
1049
1050 /** Privileges */
1051 const ulong m_privs;
1052};
1053
1054bool operator==(const LEX_CSTRING &a, const LEX_CSTRING &b);
1055bool is_partial_revoke_exists(THD *thd);
1056void set_system_user_flag(THD *thd, bool check_for_main_security_ctx = false);
1057void set_connection_admin_flag(THD *thd,
1058 bool check_for_main_security_ctx = false);
1059
1060/**
1061 Storage container for default auth ids. Default roles are only weakly
1062 depending on ACL_USERs. You can retain a default role even if the
1063 corresponding ACL_USER is missing in the acl_cache.
1064*/
1065class Auth_id {
1066 public:
1067 Auth_id();
1068 Auth_id(const char *user, size_t user_len, const char *host, size_t host_len);
1069 Auth_id(const Auth_id_ref &id);
1070 Auth_id(const LEX_CSTRING &user, const LEX_CSTRING &host);
1071 Auth_id(const std::string &user, const std::string &host);
1072 Auth_id(const LEX_USER *lex_user);
1073 Auth_id(const ACL_USER *acl_user);
1074
1075 ~Auth_id();
1076 Auth_id(const Auth_id &id);
1077 Auth_id &operator=(const Auth_id &) = default;
1078
1079 bool operator<(const Auth_id &id) const;
1080 void auth_str(std::string *out) const;
1081 std::string auth_str() const;
1082 const std::string &user() const;
1083 const std::string &host() const;
1084
1085 private:
1086 void create_key();
1087 /** User part */
1088 std::string m_user;
1089 /** Host part */
1090 std::string m_host;
1091 /**
1092 Key: Internal representation mainly to facilitate use of
1093 Auth_id class in standard container.
1094 Format: 'user\0host\0'
1095 */
1096 std::string m_key;
1097};
1098
1099/*
1100 As of now Role_id is an alias of Auth_id.
1101 We may extend the Auth_id as Role_id once
1102 more substances are added to latter.
1103*/
1104using Role_id = Auth_id;
1105
1106/**
1107 Length of string buffer, that is enough to contain
1108 username and hostname parts of the user identifier with trailing zero in
1109 MySQL standard format:
1110 user_name_part\@host_name_part\\0
1111*/
1112static constexpr int USER_HOST_BUFF_SIZE =
1113 HOSTNAME_LENGTH + USERNAME_LENGTH + 2;
1114
1115struct random_password_info {
1116 std::string user;
1117 std::string host;
1118 std::string password;
1119 unsigned int authentication_factor;
1120};
1121
1122void generate_random_password(std::string *password, uint32_t);
1123typedef std::list<random_password_info> Userhostpassword_list;
1124bool send_password_result_set(THD *thd,
1125 const Userhostpassword_list &generated_passwords);
1126bool lock_and_get_mandatory_roles(std::vector<Role_id> *mandatory_roles);
1127bool mysql_alter_user_comment(THD *thd, const List<LEX_USER> *users,
1128 const std::string &json_blob, bool expect_text);
1129
1130/* helper method to check if sandbox mode should be turned off or not */
1131bool turn_off_sandbox_mode(THD *thd, LEX_USER *user);
1132
1133#if OPENSSL_VERSION_NUMBER >= 0x30000000L
1134bool decrypt_RSA_private_key(uchar *pkt, int cipher_length,
1135 unsigned char *plain_text, size_t plain_text_len,
1136 EVP_PKEY *private_key);
1137#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
1138bool decrypt_RSA_private_key(uchar *pkt, int cipher_length,
1139 unsigned char *plain_text, size_t plain_text_len,
1140 RSA *private_key);
1141#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
1142
1143#endif /* AUTH_COMMON_INCLUDED */
mysql_dynamic_priv_table_field
mysql_dynamic_priv_table_field
Definition: auth_common.h:360
MYSQL_DYNAMIC_PRIV_FIELD_PRIV
@ MYSQL_DYNAMIC_PRIV_FIELD_PRIV
Definition: auth_common.h:363
MYSQL_DYNAMIC_PRIV_FIELD_HOST
@ MYSQL_DYNAMIC_PRIV_FIELD_HOST
Definition: auth_common.h:362
MYSQL_DYNAMIC_PRIV_FIELD_USER
@ MYSQL_DYNAMIC_PRIV_FIELD_USER
Definition: auth_common.h:361
MYSQL_DYNAMIC_PRIV_FIELD_COUNT
@ MYSQL_DYNAMIC_PRIV_FIELD_COUNT
Definition: auth_common.h:365
MYSQL_DYNAMIC_PRIV_FIELD_WITH_GRANT_OPTION
@ MYSQL_DYNAMIC_PRIV_FIELD_WITH_GRANT_OPTION
Definition: auth_common.h:364
mysql_columns_priv_table_field
mysql_columns_priv_table_field
Definition: auth_common.h:312
MYSQL_COLUMNS_PRIV_FIELD_COLUMN_NAME
@ MYSQL_COLUMNS_PRIV_FIELD_COLUMN_NAME
Definition: auth_common.h:317
MYSQL_COLUMNS_PRIV_FIELD_HOST
@ MYSQL_COLUMNS_PRIV_FIELD_HOST
Definition: auth_common.h:313
MYSQL_COLUMNS_PRIV_FIELD_COLUMN_PRIV
@ MYSQL_COLUMNS_PRIV_FIELD_COLUMN_PRIV
Definition: auth_common.h:319
MYSQL_COLUMNS_PRIV_FIELD_TABLE_NAME
@ MYSQL_COLUMNS_PRIV_FIELD_TABLE_NAME
Definition: auth_common.h:316
MYSQL_COLUMNS_PRIV_FIELD_COUNT
@ MYSQL_COLUMNS_PRIV_FIELD_COUNT
Definition: auth_common.h:320
MYSQL_COLUMNS_PRIV_FIELD_DB
@ MYSQL_COLUMNS_PRIV_FIELD_DB
Definition: auth_common.h:314
MYSQL_COLUMNS_PRIV_FIELD_USER
@ MYSQL_COLUMNS_PRIV_FIELD_USER
Definition: auth_common.h:315
MYSQL_COLUMNS_PRIV_FIELD_TIMESTAMP
@ MYSQL_COLUMNS_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:318
roles_graphml
void roles_graphml(THD *thd, String *)
Definition: sql_authorization.cc:4874
check_fk_parent_table_access
bool check_fk_parent_table_access(THD *thd, HA_CREATE_INFO *create_info, Alter_info *alter_info)
Checks foreign key's parent table access.
Definition: sql_authorization.cc:5905
mysql_procs_priv_table_field
mysql_procs_priv_table_field
Definition: auth_common.h:300
MYSQL_PROCS_PRIV_FIELD_PROC_PRIV
@ MYSQL_PROCS_PRIV_FIELD_PROC_PRIV
Definition: auth_common.h:307
MYSQL_PROCS_PRIV_FIELD_ROUTINE_NAME
@ MYSQL_PROCS_PRIV_FIELD_ROUTINE_NAME
Definition: auth_common.h:304
MYSQL_PROCS_PRIV_FIELD_COUNT
@ MYSQL_PROCS_PRIV_FIELD_COUNT
Definition: auth_common.h:309
MYSQL_PROCS_PRIV_FIELD_HOST
@ MYSQL_PROCS_PRIV_FIELD_HOST
Definition: auth_common.h:301
MYSQL_PROCS_PRIV_FIELD_DB
@ MYSQL_PROCS_PRIV_FIELD_DB
Definition: auth_common.h:302
MYSQL_PROCS_PRIV_FIELD_ROUTINE_TYPE
@ MYSQL_PROCS_PRIV_FIELD_ROUTINE_TYPE
Definition: auth_common.h:305
MYSQL_PROCS_PRIV_FIELD_GRANTOR
@ MYSQL_PROCS_PRIV_FIELD_GRANTOR
Definition: auth_common.h:306
MYSQL_PROCS_PRIV_FIELD_USER
@ MYSQL_PROCS_PRIV_FIELD_USER
Definition: auth_common.h:303
MYSQL_PROCS_PRIV_FIELD_TIMESTAMP
@ MYSQL_PROCS_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:308
acl_check_host
bool acl_check_host(THD *thd, const char *host, const char *ip)
Definition: sql_authentication.cc:2023
lock_tables_precheck
bool lock_tables_precheck(THD *thd, Table_ref *tables)
Check privileges for LOCK TABLES statement.
Definition: sql_authorization.cc:1691
skip_grant_tables
bool skip_grant_tables()
Definition: sql_auth_cache.cc:160
acl_check_proxy_grant_access
bool acl_check_proxy_grant_access(THD *thd, const char *host, const char *user, bool with_grant)
Definition: sql_authorization.cc:5527
check_access
bool check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, GRANT_INTERNAL_INFO *grant_internal_info, bool dont_check_global_grants, bool no_errors)
Compare requested privileges with the privileges acquired from the User- and Db-tables.
Definition: sql_authorization.cc:2116
func_current_role
void func_current_role(const THD *thd, String *active_role)
Helper function for Item_func_current_role.
Definition: sql_authorization.cc:6241
check_column_grant_in_table_ref
bool check_column_grant_in_table_ref(THD *thd, Table_ref *table_ref, const char *name, size_t length, ulong want_privilege)
Check the privileges for a column depending on the type of table.
Definition: sql_authorization.cc:4017
global_password_history
uint32 global_password_history
Global sysvar: the number of old passwords to check in the history.
Definition: sql_auth_cache.cc:3631
mysql_alter_or_clear_default_roles
bool mysql_alter_or_clear_default_roles(THD *thd, role_enum role_type, const List< LEX_USER > *users, const List< LEX_USER > *roles)
Set the default roles to NONE, ALL or list of authorization IDs as roles, depending upon the role_typ...
Definition: sql_authorization.cc:6382
fill_schema_table_privileges
int fill_schema_table_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5727
is_granted_table_access
bool is_granted_table_access(THD *thd, ulong required_acl, Table_ref *table)
Given a Table_ref object this function checks against.
Definition: sql_authorization.cc:2433
check_some_access
bool check_some_access(THD *thd, ulong want_access, Table_ref *table)
Check if the given table has any of the asked privileges.
Definition: sql_authorization.cc:2006
append_auth_id_string
void append_auth_id_string(const THD *thd, const char *user, size_t user_len, const char *host, size_t host_len, String *str)
Append the user@host to the str.
Definition: sql_auth_cache.cc:711
Auth_id_ref
std::pair< LEX_CSTRING, LEX_CSTRING > Auth_id_ref
user, host tuple which reference either acl_cache or g_default_roles
Definition: auth_common.h:79
Sctx_ptr
std::unique_ptr< T, std::function< void(T *)> > Sctx_ptr
Definition: auth_common.h:955
check_one_table_access
bool check_one_table_access(THD *thd, ulong privilege, Table_ref *tables)
Check grants for commands which work only with one table and all other tables belonging to subselects...
Definition: sql_authorization.cc:1878
mysql_role_edges_table_field
mysql_role_edges_table_field
Definition: auth_common.h:335
MYSQL_ROLE_EDGES_FIELD_TO_USER
@ MYSQL_ROLE_EDGES_FIELD_TO_USER
Definition: auth_common.h:339
MYSQL_ROLE_EDGES_FIELD_WITH_ADMIN_OPTION
@ MYSQL_ROLE_EDGES_FIELD_WITH_ADMIN_OPTION
Definition: auth_common.h:340
MYSQL_ROLE_EDGES_FIELD_FROM_USER
@ MYSQL_ROLE_EDGES_FIELD_FROM_USER
Definition: auth_common.h:337
MYSQL_ROLE_EDGES_FIELD_TO_HOST
@ MYSQL_ROLE_EDGES_FIELD_TO_HOST
Definition: auth_common.h:338
MYSQL_ROLE_EDGES_FIELD_FROM_HOST
@ MYSQL_ROLE_EDGES_FIELD_FROM_HOST
Definition: auth_common.h:336
MYSQL_ROLE_EDGES_FIELD_COUNT
@ MYSQL_ROLE_EDGES_FIELD_COUNT
Definition: auth_common.h:341
acl_log_connect
void acl_log_connect(const char *user, const char *host, const char *auth_as, const char *db, THD *thd, enum enum_server_command command)
Logging connection for the general query log, extracted from acl_authenticate() as it's reused at dif...
Definition: sql_authentication.cc:3690
reload_acl_caches
bool reload_acl_caches(THD *thd, bool mdl_locked)
Reload all ACL caches.
Definition: sql_auth_cache.cc:3649
is_acl_table_name
bool is_acl_table_name(const char *name)
Check if given table name is a ACL table name.
Definition: sql_user_table.cc:2218
fill_schema_schema_privileges
int fill_schema_schema_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5666
Security_context_functor
std::function< bool(Security_context *, Security_context_policy::Operation)> Security_context_functor
Definition: auth_common.h:928
check_routine_access
bool check_routine_access(THD *thd, ulong want_access, const char *db, char *name, bool is_proc, bool no_errors)
Definition: sql_authorization.cc:1954
validate_user_plugins
bool validate_user_plugins
controls the extra checks on plugin availability for mysql.user records
Definition: sql_auth_cache.cc:164
mysql_user_table_is_in_short_password_format
bool mysql_user_table_is_in_short_password_format
acl_free
void acl_free(bool end=false)
Definition: sql_auth_cache.cc:1973
mysql_revoke_role
bool mysql_revoke_role(THD *thd, const List< LEX_USER > *users, const List< LEX_USER > *roles)
Definition: sql_authorization.cc:3067
check_acl_tables_intact
bool check_acl_tables_intact(THD *thd, bool mdl_locked)
Opens the ACL tables and checks their sanity.
Definition: sql_auth_cache.cc:2097
mysql_show_grants
bool mysql_show_grants(THD *, LEX_USER *, const List_of_auth_id_refs &, bool, bool)
SHOW GRANTS FOR user USING [ALL | role [,role ...]].
Definition: sql_authorization.cc:4768
init_acl_memory
void init_acl_memory()
Allocates the memory in the the global_acl_memory MEM_ROOT.
Definition: sql_auth_cache.cc:186
sp_grant_privileges
bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, bool is_proc)
Grant EXECUTE,ALTER privilege for a stored procedure.
Definition: sql_authorization.cc:5370
mysql_db_table_field
mysql_db_table_field
Definition: auth_common.h:208
MYSQL_DB_FIELD_GRANT_PRIV
@ MYSQL_DB_FIELD_GRANT_PRIV
Definition: auth_common.h:218
MYSQL_DB_FIELD_DELETE_PRIV
@ MYSQL_DB_FIELD_DELETE_PRIV
Definition: auth_common.h:215
MYSQL_DB_FIELD_INDEX_PRIV
@ MYSQL_DB_FIELD_INDEX_PRIV
Definition: auth_common.h:220
MYSQL_DB_FIELD_UPDATE_PRIV
@ MYSQL_DB_FIELD_UPDATE_PRIV
Definition: auth_common.h:214
MYSQL_DB_FIELD_CREATE_VIEW_PRIV
@ MYSQL_DB_FIELD_CREATE_VIEW_PRIV
Definition: auth_common.h:224
MYSQL_DB_FIELD_ALTER_PRIV
@ MYSQL_DB_FIELD_ALTER_PRIV
Definition: auth_common.h:221
MYSQL_DB_FIELD_LOCK_TABLES_PRIV
@ MYSQL_DB_FIELD_LOCK_TABLES_PRIV
Definition: auth_common.h:223
MYSQL_DB_FIELD_COUNT
@ MYSQL_DB_FIELD_COUNT
Definition: auth_common.h:231
MYSQL_DB_FIELD_TRIGGER_PRIV
@ MYSQL_DB_FIELD_TRIGGER_PRIV
Definition: auth_common.h:230
MYSQL_DB_FIELD_CREATE_PRIV
@ MYSQL_DB_FIELD_CREATE_PRIV
Definition: auth_common.h:216
MYSQL_DB_FIELD_CREATE_ROUTINE_PRIV
@ MYSQL_DB_FIELD_CREATE_ROUTINE_PRIV
Definition: auth_common.h:226
MYSQL_DB_FIELD_SELECT_PRIV
@ MYSQL_DB_FIELD_SELECT_PRIV
Definition: auth_common.h:212
MYSQL_DB_FIELD_EXECUTE_PRIV
@ MYSQL_DB_FIELD_EXECUTE_PRIV
Definition: auth_common.h:228
MYSQL_DB_FIELD_INSERT_PRIV
@ MYSQL_DB_FIELD_INSERT_PRIV
Definition: auth_common.h:213
MYSQL_DB_FIELD_EVENT_PRIV
@ MYSQL_DB_FIELD_EVENT_PRIV
Definition: auth_common.h:229
MYSQL_DB_FIELD_ALTER_ROUTINE_PRIV
@ MYSQL_DB_FIELD_ALTER_ROUTINE_PRIV
Definition: auth_common.h:227
MYSQL_DB_FIELD_CREATE_TMP_TABLE_PRIV
@ MYSQL_DB_FIELD_CREATE_TMP_TABLE_PRIV
Definition: auth_common.h:222
MYSQL_DB_FIELD_USER
@ MYSQL_DB_FIELD_USER
Definition: auth_common.h:211
MYSQL_DB_FIELD_HOST
@ MYSQL_DB_FIELD_HOST
Definition: auth_common.h:209
MYSQL_DB_FIELD_DROP_PRIV
@ MYSQL_DB_FIELD_DROP_PRIV
Definition: auth_common.h:217
MYSQL_DB_FIELD_DB
@ MYSQL_DB_FIELD_DB
Definition: auth_common.h:210
MYSQL_DB_FIELD_SHOW_VIEW_PRIV
@ MYSQL_DB_FIELD_SHOW_VIEW_PRIV
Definition: auth_common.h:225
MYSQL_DB_FIELD_REFERENCES_PRIV
@ MYSQL_DB_FIELD_REFERENCES_PRIV
Definition: auth_common.h:219
is_mandatory_role
bool is_mandatory_role(LEX_CSTRING role, LEX_CSTRING role_host, bool *is_mandatory)
Determine if a role@role_host authid is a mandatory role.
Definition: sql_authorization.cc:6782
acl_authenticate
int acl_authenticate(THD *thd, enum_server_command command)
Perform the handshake, authorize the client and update thd sctx variables.
Definition: sql_authentication.cc:3826
global_acls_vector
const std::vector< std::string > global_acls_vector
Consts for static privileges.
Definition: auth_acls.cc:62
lock_and_get_mandatory_roles
bool lock_and_get_mandatory_roles(std::vector< Role_id > *mandatory_roles)
Copy a list of mandatory role authorization IDs.
Definition: sql_authorization.cc:6294
create_authid_from
Auth_id_ref create_authid_from(const LEX_USER *user)
Definition: sql_authorization.cc:6620
mysql_grant_role
bool mysql_grant_role(THD *thd, const List< LEX_USER > *users, const List< LEX_USER > *roles, bool with_admin_opt)
Grants a list of roles to a list of users.
Definition: sql_authorization.cc:3296
check_change_password
bool check_change_password(THD *thd, const char *host, const char *user, bool retain_current_password)
Definition: sql_user.cc:153
get_privilege_desc
void get_privilege_desc(char *to, uint max_length, ulong access)
Definition: sql_authorization.cc:4502
wild_case_compare
int wild_case_compare(CHARSET_INFO *cs, const char *str, const char *wildstr)
Definition: sql_auth_cache.cc:796
mysql_alter_user_comment
bool mysql_alter_user_comment(THD *thd, const List< LEX_USER > *users, const std::string &json_blob, bool expect_text)
get_mqh
void get_mqh(THD *thd, const char *user, const char *host, USER_CONN *uc)
Definition: sql_auth_cache.cc:3096
is_acl_table
bool is_acl_table(const TABLE *table)
Check if given TABLE* is a ACL table name.
Definition: sql_user_table.cc:2236
mysql_show_create_user
bool mysql_show_create_user(THD *thd, LEX_USER *user, bool are_both_users_same)
Auxiliary function for constructing CREATE USER sql for a given user.
Definition: sql_user.cc:256
get_table_grant
ulong get_table_grant(THD *thd, Table_ref *table)
Definition: sql_authorization.cc:4408
do_auto_cert_generation
bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status, const char **ssl_ca, const char **ssl_key, const char **ssl_cert)
Check auto_generate_certs option and generate SSL certificates if required.
Definition: sql_authentication.cc:5862
any_db
const char * any_db
Definition: sql_authorization.cc:499
check_lock_view_underlying_table_access
bool check_lock_view_underlying_table_access(THD *thd, Table_ref *tbl, bool *fake_lock_tables_acl)
For LOCK TABLES on a view checks if user in which context view is executed or user that has initiated...
Definition: sql_authorization.cc:5969
set_connection_admin_flag
void set_connection_admin_flag(THD *thd, bool check_for_main_security_ctx=false)
Set the connection_admin flag in the THD.
Definition: auth_common.cc:189
mysql_rename_user
bool mysql_rename_user(THD *thd, List< LEX_USER > &list)
Definition: sql_user.cc:3190
check_global_access
bool check_global_access(THD *thd, ulong want_access)
check for global access and give descriptive error message if it fails.
Definition: sql_authorization.cc:5880
grant_init
bool grant_init(bool skip_grant_tables)
Initialize structures responsible for table/column-level privilege checking and load information for ...
Definition: sql_auth_cache.cc:2341
global_password_reuse_interval
uint32 global_password_reuse_interval
Definition: auth_common.h:916
commit_and_close_mysql_tables
void commit_and_close_mysql_tables(THD *thd)
A helper function to commit statement transaction and close ACL tables after reading some data from t...
Definition: sql_user_table.cc:507
List_of_auth_id_refs
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:80
get_default_autnetication_plugin_name
std::string get_default_autnetication_plugin_name()
Return the default authentication plugin name.
Definition: sql_authentication.cc:1421
set_system_user_flag
void set_system_user_flag(THD *thd, bool check_for_main_security_ctx=false)
Set the system_user flag in the THD.
Definition: auth_common.cc:166
check_grant_column
bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *name, size_t length, Security_context *sctx, ulong want_privilege)
Definition: sql_authorization.cc:3937
acl_getroot
bool acl_getroot(THD *thd, Security_context *sctx, const char *user, const char *host, const char *ip, const char *db)
Definition: sql_auth_cache.cc:1495
get_global_acl_cache_size
ulong get_global_acl_cache_size()
Definition: sql_auth_cache.cc:107
create_table_precheck
bool create_table_precheck(THD *thd, Table_ref *tables, Table_ref *create_table)
CREATE TABLE query pre-check.
Definition: sql_authorization.cc:1719
mysql_set_active_role_none
bool mysql_set_active_role_none(THD *thd)
Reset active roles.
Definition: sql_authorization.cc:6684
check_readonly
bool check_readonly(THD *thd, bool err_if_readonly)
Performs standardized check whether to prohibit (true) or allow (false) operations based on read_only...
Definition: sql_authorization.cc:1821
set_default_auth_plugin
int set_default_auth_plugin(char *plugin_name, size_t plugin_name_length)
Initialize default authentication plugin based on command line options or configuration file settings...
Definition: sql_authentication.cc:1395
check_grant
bool check_grant(THD *thd, ulong want_access, Table_ref *tables, bool any_combination_will_do, uint number, bool no_errors)
Check table level grants.
Definition: sql_authorization.cc:3753
acl_init
bool acl_init(bool dont_read_acl_tables)
Definition: sql_auth_cache.cc:1738
acl_can_access_user
bool acl_can_access_user(THD *thd, LEX_USER *user)
Auxiliary function for the CAN_ACCESS_USER internal function used to check if a row from mysql....
Definition: sql_user.cc:205
change_password
bool change_password(THD *thd, LEX_USER *user, const char *password, const char *current_password, bool retain_current_password)
Change a password hash for a user.
Definition: sql_user.cc:2015
Userhostpassword_list
std::list< random_password_info > Userhostpassword_list
Definition: auth_common.h:1123
get_cached_schema_access
const ACL_internal_schema_access * get_cached_schema_access(GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name)
Get a cached internal schema access.
Definition: sql_authorization.cc:1624
send_password_result_set
bool send_password_result_set(THD *thd, const Userhostpassword_list &generated_passwords)
Sends the result set of generated passwords to the client.
Definition: sql_user.cc:974
operator<
bool operator<(const Auth_id_ref &a, const Auth_id_ref &b)
Definition: sql_authorization.cc:7463
create_authid_str_from
std::string create_authid_str_from(const LEX_USER *user)
Helper used for producing a key to a key-value-map.
Definition: sql_authorization.cc:6612
mysql_set_active_role_all
bool mysql_set_active_role_all(THD *thd, const List< LEX_USER > *except_users)
Activates all granted role in the current security context.
Definition: sql_authorization.cc:6728
mysql_revoke_all
bool mysql_revoke_all(THD *thd, List< LEX_USER > &list)
Definition: sql_authorization.cc:5112
ACL_internal_access_result
ACL_internal_access_result
Definition: auth_common.h:84
ACL_INTERNAL_ACCESS_GRANTED
@ ACL_INTERNAL_ACCESS_GRANTED
Access granted for all the requested privileges, do not use the grant tables.
Definition: auth_common.h:91
ACL_INTERNAL_ACCESS_CHECK_GRANT
@ ACL_INTERNAL_ACCESS_CHECK_GRANT
No decision yet, use the grant tables.
Definition: auth_common.h:95
ACL_INTERNAL_ACCESS_DENIED
@ ACL_INTERNAL_ACCESS_DENIED
Access denied, do not use the grant tables.
Definition: auth_common.h:93
turn_off_sandbox_mode
bool turn_off_sandbox_mode(THD *thd, LEX_USER *user)
Helper method to turn off sandbox mode once registration step is complete.
Definition: sql_user.cc:1018
mysql_password_history_table_field
mysql_password_history_table_field
Definition: auth_common.h:352
MYSQL_PASSWORD_HISTORY_FIELD_COUNT
@ MYSQL_PASSWORD_HISTORY_FIELD_COUNT
Definition: auth_common.h:357
MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD_TIMESTAMP
@ MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD_TIMESTAMP
Definition: auth_common.h:355
MYSQL_PASSWORD_HISTORY_FIELD_HOST
@ MYSQL_PASSWORD_HISTORY_FIELD_HOST
Definition: auth_common.h:353
MYSQL_PASSWORD_HISTORY_FIELD_USER
@ MYSQL_PASSWORD_HISTORY_FIELD_USER
Definition: auth_common.h:354
MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD
@ MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD
Definition: auth_common.h:356
mysql_create_user
bool mysql_create_user(THD *thd, List< LEX_USER > &list, bool if_not_exists, bool is_role)
Definition: sql_user.cc:2752
check_grant_routine
bool check_grant_routine(THD *thd, ulong want_access, Table_ref *procs, bool is_proc, bool no_error)
Definition: sql_authorization.cc:4306
fill_effective_table_privileges
void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant, const char *db, const char *table)
Definition: sql_authorization.cc:5460
operator==
bool operator==(const LEX_CSTRING &a, const LEX_CSTRING &b)
Definition: sql_authorization.cc:7480
get_default_roles
void get_default_roles(const Auth_id_ref &user, List_of_auth_id_refs &list)
Shallow copy a list of default role authorization IDs from an Role_id storage.
Definition: sql_authorization.cc:6272
fill_schema_column_privileges
int fill_schema_column_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5792
check_table_encryption_admin_access
bool check_table_encryption_admin_access(THD *thd)
Check if a current user has the privilege TABLE_ENCRYPTION_ADMIN required to create encrypted table.
Definition: sql_authorization.cc:2399
is_role_id
bool is_role_id(LEX_USER *authid)
Definition: sql_authorization.cc:781
check_grant_all_columns
bool check_grant_all_columns(THD *thd, ulong want_access, Field_iterator_table_ref *fields)
check if a query can access a set of columns
Definition: sql_authorization.cc:4095
is_granted_role
bool is_granted_role(LEX_CSTRING user, LEX_CSTRING host, LEX_CSTRING role, LEX_CSTRING role_host)
This function works just like check_if_granted_role, but also guarantees that the proper lock is take...
Definition: sql_authorization.cc:6761
mysql_default_roles_table_field
mysql_default_roles_table_field
Definition: auth_common.h:344
MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_USER
@ MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_USER
Definition: auth_common.h:348
MYSQL_DEFAULT_ROLES_FIELD_COUNT
@ MYSQL_DEFAULT_ROLES_FIELD_COUNT
Definition: auth_common.h:349
MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_HOST
@ MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_HOST
Definition: auth_common.h:347
MYSQL_DEFAULT_ROLES_FIELD_HOST
@ MYSQL_DEFAULT_ROLES_FIELD_HOST
Definition: auth_common.h:345
MYSQL_DEFAULT_ROLES_FIELD_USER
@ MYSQL_DEFAULT_ROLES_FIELD_USER
Definition: auth_common.h:346
append_identifier
void append_identifier(String *packet, const char *name, size_t length)
Convert and quote the given identifier if needed and append it to the target string.
Definition: sql_show.cc:1463
mysql_grant
bool mysql_grant(THD *thd, const char *db, List< LEX_USER > &list, ulong rights, bool revoke_grant, bool is_proxy, const List< LEX_CSTRING > &dynamic_privilege, bool grant_all_current_privileges, LEX_GRANT_AS *grant_as)
Definition: sql_authorization.cc:3419
is_acl_user
bool is_acl_user(THD *thd, const char *host, const char *user)
Definition: sql_auth_cache.cc:1213
update_mandatory_roles
void update_mandatory_roles(void)
Definition: sql_authorization.cc:7304
has_full_view_routine_access
bool has_full_view_routine_access(THD *thd, const char *db, const char *definer_user, const char *definer_host)
Check if user has full access to view routine's properties (i.e including stored routine code).
Definition: sql_authorization.cc:2036
notify_flush_event
void notify_flush_event(THD *thd)
Audit notification for flush.
Definition: sql_auth_cache.cc:1681
check_table_access
bool check_table_access(THD *thd, ulong requirements, Table_ref *tables, bool any_combination_of_privileges_will_do, uint number, bool no_errors)
Check if the requested privileges exists in either User-, DB- or, tables- tables.
Definition: sql_authorization.cc:2329
is_secure_transport
bool is_secure_transport(int vio_type)
Definition: sql_authentication.cc:4262
disconnect_on_expired_password
bool disconnect_on_expired_password
Definition: sql_authentication.cc:1119
wildcard_db_grant_exists
bool wildcard_db_grant_exists()
mysql_tables_priv_table_field
mysql_tables_priv_table_field
Definition: auth_common.h:323
MYSQL_TABLES_PRIV_FIELD_HOST
@ MYSQL_TABLES_PRIV_FIELD_HOST
Definition: auth_common.h:324
MYSQL_TABLES_PRIV_FIELD_GRANTOR
@ MYSQL_TABLES_PRIV_FIELD_GRANTOR
Definition: auth_common.h:328
MYSQL_TABLES_PRIV_FIELD_COUNT
@ MYSQL_TABLES_PRIV_FIELD_COUNT
Definition: auth_common.h:332
MYSQL_TABLES_PRIV_FIELD_COLUMN_PRIV
@ MYSQL_TABLES_PRIV_FIELD_COLUMN_PRIV
Definition: auth_common.h:331
MYSQL_TABLES_PRIV_FIELD_TABLE_NAME
@ MYSQL_TABLES_PRIV_FIELD_TABLE_NAME
Definition: auth_common.h:327
MYSQL_TABLES_PRIV_FIELD_TABLE_PRIV
@ MYSQL_TABLES_PRIV_FIELD_TABLE_PRIV
Definition: auth_common.h:330
MYSQL_TABLES_PRIV_FIELD_TIMESTAMP
@ MYSQL_TABLES_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:329
MYSQL_TABLES_PRIV_FIELD_USER
@ MYSQL_TABLES_PRIV_FIELD_USER
Definition: auth_common.h:326
MYSQL_TABLES_PRIV_FIELD_DB
@ MYSQL_TABLES_PRIV_FIELD_DB
Definition: auth_common.h:325
shutdown_acl_cache
void shutdown_acl_cache()
Shutdown the global Acl_cache system which was only initialized if the rwlocks were initialized.
Definition: sql_auth_cache.cc:3440
log_user
void log_user(THD *thd, String *str, LEX_USER *user, bool comma)
Auxiliary function for constructing a user list string.
Definition: sql_user.cc:123
sp_revoke_privileges
bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name, bool is_proc)
Revoke privileges for all users on a stored procedure.
Definition: sql_authorization.cc:5281
mysql_proxies_priv_table_feild
mysql_proxies_priv_table_feild
Definition: auth_common.h:289
MYSQL_PROXIES_PRIV_FIELD_HOST
@ MYSQL_PROXIES_PRIV_FIELD_HOST
Definition: auth_common.h:290
MYSQL_PROXIES_PRIV_FIELD_PROXIED_USER
@ MYSQL_PROXIES_PRIV_FIELD_PROXIED_USER
Definition: auth_common.h:293
MYSQL_PROXIES_PRIV_FIELD_PROXIED_HOST
@ MYSQL_PROXIES_PRIV_FIELD_PROXIED_HOST
Definition: auth_common.h:292
MYSQL_PROXIES_PRIV_FIELD_COUNT
@ MYSQL_PROXIES_PRIV_FIELD_COUNT
Definition: auth_common.h:297
MYSQL_PROXIES_PRIV_FIELD_WITH_GRANT
@ MYSQL_PROXIES_PRIV_FIELD_WITH_GRANT
Definition: auth_common.h:294
MYSQL_PROXIES_PRIV_FIELD_USER
@ MYSQL_PROXIES_PRIV_FIELD_USER
Definition: auth_common.h:291
MYSQL_PROXIES_PRIV_FIELD_GRANTOR
@ MYSQL_PROXIES_PRIV_FIELD_GRANTOR
Definition: auth_common.h:295
MYSQL_PROXIES_PRIV_FIELD_TIMESTAMP
@ MYSQL_PROXIES_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:296
check_single_table_access
bool check_single_table_access(THD *thd, ulong privilege, Table_ref *tables, bool no_errors)
Check grants for commands which work only with one table.
Definition: sql_authorization.cc:1917
err_readonly
void err_readonly(THD *thd)
Generates appropriate error messages for read-only state depending on whether user has SUPER privileg...
Definition: sql_authorization.cc:1857
grant_free
void grant_free(void)
Definition: sql_auth_cache.cc:2321
check_grant_db
bool check_grant_db(THD *thd, const char *db, const bool check_table_grant=false)
Check if a user has the right to access a database.
Definition: sql_authorization.cc:4244
mysql_routine_grant
bool mysql_routine_grant(THD *thd, Table_ref *table, bool is_proc, List< LEX_USER > &user_list, ulong rights, bool revoke, bool write_to_binlog)
Store routine level grants in the privilege tables.
Definition: sql_authorization.cc:2902
generate_random_password
void generate_random_password(std::string *password, uint32_t)
Generates a random password of the length decided by the system variable generated_random_password_le...
Definition: sql_user.cc:954
decrypt_RSA_private_key
bool decrypt_RSA_private_key(uchar *pkt, int cipher_length, unsigned char *plain_text, size_t plain_text_len, RSA *private_key)
Decrypt pkt data using RSA private key.
Definition: auth_common.cc:229
is_acl_inited
bool is_acl_inited()
Definition: sql_auth_cache.cc:3880
get_authid_from_quoted_string
std::pair< std::string, std::string > get_authid_from_quoted_string(std::string str)
Return the unquoted authorization id as a user,host-tuple.
Definition: sql_authorization.cc:4576
ssl_artifacts_status
ssl_artifacts_status
Definition: auth_common.h:894
SSL_ARTIFACTS_VIA_OPTIONS
@ SSL_ARTIFACTS_VIA_OPTIONS
Definition: auth_common.h:896
SSL_ARTIFACTS_AUTO_DETECTED
@ SSL_ARTIFACTS_AUTO_DETECTED
Definition: auth_common.h:898
SSL_ARTIFACT_TRACES_FOUND
@ SSL_ARTIFACT_TRACES_FOUND
Definition: auth_common.h:897
SSL_ARTIFACTS_NOT_FOUND
@ SSL_ARTIFACTS_NOT_FOUND
Definition: auth_common.h:895
mysql_table_grant
int mysql_table_grant(THD *thd, Table_ref *table, List< LEX_USER > &user_list, List< LEX_COLUMN > &column_list, ulong rights, bool revoke)
Definition: sql_authorization.cc:2615
mysql_drop_user
bool mysql_drop_user(THD *thd, List< LEX_USER > &list, bool if_exists, bool drop_role)
Drop a list of users and all their privileges.
Definition: sql_user.cc:3038
acl_get
ulong acl_get(THD *thd, const char *host, const char *ip, const char *user, const char *db, bool db_is_pattern)
Get privilege for a host, user, and db combination.
Definition: sql_auth_cache.cc:1341
is_partial_revoke_exists
bool is_partial_revoke_exists(THD *thd)
Method to check if there exists at least one partial revokes in the cache.
Definition: sql_auth_cache.cc:3864
mysql_set_active_role
bool mysql_set_active_role(THD *thd, const List< LEX_USER > *role_list)
Definition: sql_authorization.cc:6738
mysql_alter_user
bool mysql_alter_user(THD *thd, List< LEX_USER > &list, bool if_exists)
Definition: sql_user.cc:3385
fill_schema_user_privileges
int fill_schema_user_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5591
mysql_user_table_field
mysql_user_table_field
Definition: auth_common.h:234
MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV
@ MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV
Definition: auth_common.h:265
MYSQL_USER_FIELD_SUPER_PRIV
@ MYSQL_USER_FIELD_SUPER_PRIV
Definition: auth_common.h:252
MYSQL_USER_FIELD_DROP_PRIV
@ MYSQL_USER_FIELD_DROP_PRIV
Definition: auth_common.h:242
MYSQL_USER_FIELD_ACCOUNT_LOCKED
@ MYSQL_USER_FIELD_ACCOUNT_LOCKED
Definition: auth_common.h:279
MYSQL_USER_FIELD_SSL_TYPE
@ MYSQL_USER_FIELD_SSL_TYPE
Definition: auth_common.h:266
MYSQL_USER_FIELD_SSL_CIPHER
@ MYSQL_USER_FIELD_SSL_CIPHER
Definition: auth_common.h:267
MYSQL_USER_FIELD_REPL_CLIENT_PRIV
@ MYSQL_USER_FIELD_REPL_CLIENT_PRIV
Definition: auth_common.h:257
MYSQL_USER_FIELD_MAX_USER_CONNECTIONS
@ MYSQL_USER_FIELD_MAX_USER_CONNECTIONS
Definition: auth_common.h:273
MYSQL_USER_FIELD_COUNT
@ MYSQL_USER_FIELD_COUNT
Definition: auth_common.h:286
MYSQL_USER_FIELD_PROCESS_PRIV
@ MYSQL_USER_FIELD_PROCESS_PRIV
Definition: auth_common.h:245
MYSQL_USER_FIELD_SELECT_PRIV
@ MYSQL_USER_FIELD_SELECT_PRIV
Definition: auth_common.h:237
MYSQL_USER_FIELD_USER
@ MYSQL_USER_FIELD_USER
Definition: auth_common.h:236
MYSQL_USER_FIELD_MAX_CONNECTIONS
@ MYSQL_USER_FIELD_MAX_CONNECTIONS
Definition: auth_common.h:272
MYSQL_USER_FIELD_REFERENCES_PRIV
@ MYSQL_USER_FIELD_REFERENCES_PRIV
Definition: auth_common.h:248
MYSQL_USER_FIELD_PASSWORD_EXPIRED
@ MYSQL_USER_FIELD_PASSWORD_EXPIRED
Definition: auth_common.h:276
MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV
@ MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV
Definition: auth_common.h:260
MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV
@ MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV
Definition: auth_common.h:261
MYSQL_USER_FIELD_PLUGIN
@ MYSQL_USER_FIELD_PLUGIN
Definition: auth_common.h:274
MYSQL_USER_FIELD_MAX_UPDATES
@ MYSQL_USER_FIELD_MAX_UPDATES
Definition: auth_common.h:271
MYSQL_USER_FIELD_EVENT_PRIV
@ MYSQL_USER_FIELD_EVENT_PRIV
Definition: auth_common.h:263
MYSQL_USER_FIELD_RELOAD_PRIV
@ MYSQL_USER_FIELD_RELOAD_PRIV
Definition: auth_common.h:243
MYSQL_USER_FIELD_UPDATE_PRIV
@ MYSQL_USER_FIELD_UPDATE_PRIV
Definition: auth_common.h:239
MYSQL_USER_FIELD_TRIGGER_PRIV
@ MYSQL_USER_FIELD_TRIGGER_PRIV
Definition: auth_common.h:264
MYSQL_USER_FIELD_X509_ISSUER
@ MYSQL_USER_FIELD_X509_ISSUER
Definition: auth_common.h:268
MYSQL_USER_FIELD_LOCK_TABLES_PRIV
@ MYSQL_USER_FIELD_LOCK_TABLES_PRIV
Definition: auth_common.h:254
MYSQL_USER_FIELD_CREATE_ROLE_PRIV
@ MYSQL_USER_FIELD_CREATE_ROLE_PRIV
Definition: auth_common.h:280
MYSQL_USER_FIELD_PASSWORD_LAST_CHANGED
@ MYSQL_USER_FIELD_PASSWORD_LAST_CHANGED
Definition: auth_common.h:277
MYSQL_USER_FIELD_INSERT_PRIV
@ MYSQL_USER_FIELD_INSERT_PRIV
Definition: auth_common.h:238
MYSQL_USER_FIELD_REPL_SLAVE_PRIV
@ MYSQL_USER_FIELD_REPL_SLAVE_PRIV
Definition: auth_common.h:256
MYSQL_USER_FIELD_FILE_PRIV
@ MYSQL_USER_FIELD_FILE_PRIV
Definition: auth_common.h:246
MYSQL_USER_FIELD_DROP_ROLE_PRIV
@ MYSQL_USER_FIELD_DROP_ROLE_PRIV
Definition: auth_common.h:281
MYSQL_USER_FIELD_INDEX_PRIV
@ MYSQL_USER_FIELD_INDEX_PRIV
Definition: auth_common.h:249
MYSQL_USER_FIELD_HOST
@ MYSQL_USER_FIELD_HOST
Definition: auth_common.h:235
MYSQL_USER_FIELD_PASSWORD_LIFETIME
@ MYSQL_USER_FIELD_PASSWORD_LIFETIME
Definition: auth_common.h:278
MYSQL_USER_FIELD_X509_SUBJECT
@ MYSQL_USER_FIELD_X509_SUBJECT
Definition: auth_common.h:269
MYSQL_USER_FIELD_AUTHENTICATION_STRING
@ MYSQL_USER_FIELD_AUTHENTICATION_STRING
Definition: auth_common.h:275
MYSQL_USER_FIELD_SHOW_DB_PRIV
@ MYSQL_USER_FIELD_SHOW_DB_PRIV
Definition: auth_common.h:251
MYSQL_USER_FIELD_SHOW_VIEW_PRIV
@ MYSQL_USER_FIELD_SHOW_VIEW_PRIV
Definition: auth_common.h:259
MYSQL_USER_FIELD_CREATE_USER_PRIV
@ MYSQL_USER_FIELD_CREATE_USER_PRIV
Definition: auth_common.h:262
MYSQL_USER_FIELD_EXECUTE_PRIV
@ MYSQL_USER_FIELD_EXECUTE_PRIV
Definition: auth_common.h:255
MYSQL_USER_FIELD_MAX_QUESTIONS
@ MYSQL_USER_FIELD_MAX_QUESTIONS
Definition: auth_common.h:270
MYSQL_USER_FIELD_CREATE_VIEW_PRIV
@ MYSQL_USER_FIELD_CREATE_VIEW_PRIV
Definition: auth_common.h:258
MYSQL_USER_FIELD_SHUTDOWN_PRIV
@ MYSQL_USER_FIELD_SHUTDOWN_PRIV
Definition: auth_common.h:244
MYSQL_USER_FIELD_CREATE_PRIV
@ MYSQL_USER_FIELD_CREATE_PRIV
Definition: auth_common.h:241
MYSQL_USER_FIELD_ALTER_PRIV
@ MYSQL_USER_FIELD_ALTER_PRIV
Definition: auth_common.h:250
MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV
@ MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV
Definition: auth_common.h:253
MYSQL_USER_FIELD_GRANT_PRIV
@ MYSQL_USER_FIELD_GRANT_PRIV
Definition: auth_common.h:247
MYSQL_USER_FIELD_PASSWORD_REQUIRE_CURRENT
@ MYSQL_USER_FIELD_PASSWORD_REQUIRE_CURRENT
Definition: auth_common.h:284
MYSQL_USER_FIELD_PASSWORD_REUSE_TIME
@ MYSQL_USER_FIELD_PASSWORD_REUSE_TIME
Definition: auth_common.h:283
MYSQL_USER_FIELD_USER_ATTRIBUTES
@ MYSQL_USER_FIELD_USER_ATTRIBUTES
Definition: auth_common.h:285
MYSQL_USER_FIELD_DELETE_PRIV
@ MYSQL_USER_FIELD_DELETE_PRIV
Definition: auth_common.h:240
MYSQL_USER_FIELD_PASSWORD_REUSE_HISTORY
@ MYSQL_USER_FIELD_PASSWORD_REUSE_HISTORY
Definition: auth_common.h:282
hostname_requires_resolving
bool hostname_requires_resolving(const char *hostname)
Check if the given host name needs to be resolved or not.
Definition: sql_auth_cache.cc:875
has_grant_role_privilege
bool has_grant_role_privilege(THD *thd, const List< LEX_USER > *roles)
Definition: sql_authorization.cc:2503
mysql_set_role_default
bool mysql_set_role_default(THD *thd)
Activates all the default roles in the current security context.
Definition: sql_authorization.cc:6705
check_authorization_id_string
bool check_authorization_id_string(THD *thd, LEX_STRING &mandatory_roles)
Definition: sql_authorization.cc:7216
check_engine_type_for_acl_table
bool check_engine_type_for_acl_table(THD *thd, bool mdl_locked)
Definition: sql_auth_cache.cc:2001
has_partial_view_routine_access
bool has_partial_view_routine_access(THD *thd, const char *db, const char *routine_name, bool is_proc)
Check if user has partial access to view routine's properties (i.e.
Definition: sql_authorization.cc:2064
USER_HOST_BUFF_SIZE
static constexpr int USER_HOST_BUFF_SIZE
Length of string buffer, that is enough to contain username and hostname parts of the user identifier...
Definition: auth_common.h:1112
opt_auto_generate_certs
bool opt_auto_generate_certs
Definition: sql_authentication.cc:1135
get_column_grant
ulong get_column_grant(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *field_name)
Definition: sql_authorization.cc:4445
drop_role
bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table, const Auth_id_ref &authid_user)
Definition: sql_authorization.cc:609
ACL_USER
Definition: sql_auth_cache.h:246
ACL_internal_schema_access
Per internal schema ACL access rules.
Definition: auth_common.h:144
ACL_internal_schema_access::lookup
virtual const ACL_internal_table_access * lookup(const char *name) const =0
Search for per table ACL access rules by table name.
ACL_internal_schema_access::check
virtual ACL_internal_access_result check(ulong want_access, ulong *save_priv, bool any_combination_will_do) const =0
Check access to an internal schema.
ACL_internal_schema_access::~ACL_internal_schema_access
virtual ~ACL_internal_schema_access()=default
ACL_internal_schema_access::ACL_internal_schema_access
ACL_internal_schema_access()=default
ACL_internal_schema_registry
A registry for per internal schema ACL.
Definition: auth_common.h:182
ACL_internal_schema_registry::lookup
static const ACL_internal_schema_access * lookup(const char *name)
Search per internal schema ACL by name.
Definition: sql_auth_cache.cc:210
ACL_internal_schema_registry::register_schema
static void register_schema(const LEX_CSTRING &name, const ACL_internal_schema_access *access)
Add an internal schema to the registry.
Definition: sql_auth_cache.cc:195
ACL_internal_table_access
Per internal table ACL access rules.
Definition: auth_common.h:106
ACL_internal_table_access::~ACL_internal_table_access
virtual ~ACL_internal_table_access()=default
ACL_internal_table_access::ACL_internal_table_access
ACL_internal_table_access()=default
ACL_internal_table_access::check
virtual ACL_internal_access_result check(ulong want_access, ulong *save_priv, bool any_combination_will_do) const =0
Check access to an internal table.
Alter_info
Data describing the table being created by CREATE TABLE or altered by ALTER TABLE.
Definition: sql_alter.h:204
Auth_id
Storage container for default auth ids.
Definition: auth_common.h:1065
Auth_id::host
const std::string & host() const
Definition: auth_common.cc:125
Auth_id::m_user
std::string m_user
User part.
Definition: auth_common.h:1088
Auth_id::operator=
Auth_id & operator=(const Auth_id &)=default
Auth_id::create_key
void create_key()
Definition: auth_common.cc:57
Auth_id::user
const std::string & user() const
Definition: auth_common.cc:124
Auth_id::operator<
bool operator<(const Auth_id &id) const
Definition: auth_common.cc:101
Auth_id::auth_str
std::string auth_str() const
Definition: auth_common.cc:116
Auth_id::Auth_id
Auth_id()
Auth_id::m_key
std::string m_key
Key: Internal representation mainly to facilitate use of Auth_id class in standard container.
Definition: auth_common.h:1096
Auth_id::m_host
std::string m_host
Host part.
Definition: auth_common.h:1090
Auth_id::~Auth_id
~Auth_id()
Create_authid
Definition: auth_common.h:931
Create_authid::operator()
bool operator()(Security_context *sctx, Operation op) override
Definition: auth_common.h:933
Default_local_authid
Definition: auth_common.h:1002
Default_local_authid::m_thd
const THD * m_thd
Definition: auth_common.h:1009
Default_local_authid::create
bool create(Security_context *sctx)
Create a local authid without modifying any tables.
Definition: sql_authorization.cc:7330
Default_local_authid::Default_local_authid
Default_local_authid(const THD *thd)
Definition: sql_authorization.cc:7310
Default_local_authid::precheck
bool precheck(Security_context *sctx)
Check if the security context can be created as a local authid.
Definition: sql_authorization.cc:7319
Drop_temporary_dynamic_privileges
Definition: auth_common.h:1029
Drop_temporary_dynamic_privileges::Drop_temporary_dynamic_privileges
Drop_temporary_dynamic_privileges(std::vector< std::string > privs)
Definition: auth_common.h:1031
Drop_temporary_dynamic_privileges::operator()
void operator()(Security_context *sctx)
Definition: sql_authorization.cc:7356
Drop_temporary_dynamic_privileges::m_privs
std::vector< std::string > m_privs
Definition: auth_common.h:1036
Field_iterator_table_ref
Generic iterator over the fields of an arbitrary table reference.
Definition: table.h:4041
Grant_privileges
Definition: auth_common.h:943
Grant_privileges::operator()
bool operator()(Security_context *sctx, Operation op) override
Definition: auth_common.h:945
Grant_temporary_dynamic_privileges
Grant the privilege temporarily to the in-memory global privileges map.
Definition: auth_common.h:1017
Grant_temporary_dynamic_privileges::m_privs
const std::vector< std::string > m_privs
Definition: auth_common.h:1026
Grant_temporary_dynamic_privileges::Grant_temporary_dynamic_privileges
Grant_temporary_dynamic_privileges(const THD *thd, std::vector< std::string > privs)
Definition: sql_authorization.cc:7334
Grant_temporary_dynamic_privileges::grant_privileges
bool grant_privileges(Security_context *sctx)
Grant dynamic privileges to an in-memory global authid.
Definition: sql_authorization.cc:7350
Grant_temporary_dynamic_privileges::m_thd
const THD * m_thd
Definition: auth_common.h:1025
Grant_temporary_dynamic_privileges::precheck
bool precheck(Security_context *sctx)
Definition: sql_authorization.cc:7338
Grant_temporary_static_privileges
Definition: auth_common.h:1040
Grant_temporary_static_privileges::m_privs
const ulong m_privs
Privileges.
Definition: auth_common.h:1051
Grant_temporary_static_privileges::grant_privileges
bool grant_privileges(Security_context *sctx)
Definition: sql_authorization.cc:7370
Grant_temporary_static_privileges::precheck
bool precheck(Security_context *sctx)
Definition: sql_authorization.cc:7365
Grant_temporary_static_privileges::m_thd
const THD * m_thd
THD handle.
Definition: auth_common.h:1048
Grant_temporary_static_privileges::Grant_temporary_static_privileges
Grant_temporary_static_privileges(const THD *thd, const ulong privs)
Definition: sql_authorization.cc:7361
IS_internal_schema_access
Extension of ACL_internal_schema_access for Information Schema.
Definition: auth_common.h:192
IS_internal_schema_access::~IS_internal_schema_access
~IS_internal_schema_access() override=default
IS_internal_schema_access::IS_internal_schema_access
IS_internal_schema_access()=default
IS_internal_schema_access::lookup
const ACL_internal_table_access * lookup(const char *name) const override
Search for per table ACL access rules by table name.
Definition: sql_authorization.cc:1675
IS_internal_schema_access::check
ACL_internal_access_result check(ulong want_access, ulong *save_priv, bool any_combination_will_do) const override
Check access to an internal schema.
Definition: sql_authorization.cc:1657
Item
Base class that is used to represent any kind of expression in a relational query.
Definition: item.h:851
LEX_COLUMN
Definition: sql_lex.h:3633
LEX_GRANT_AS
Definition: sql_lex.h:3645
List
Definition: sql_list.h:434
Security_context_factory
Factory for creating any Security_context given a pre-constructed policy.
Definition: auth_common.h:960
Security_context_factory::m_static_privileges
Security_context_functor m_static_privileges
Definition: auth_common.h:998
Security_context_factory::m_privileges
Security_context_functor m_privileges
Definition: auth_common.h:997
Security_context_factory::Security_context_factory
Security_context_factory(THD *thd, std::string user, std::string host, Security_context_functor extend_user_profile, Security_context_functor priv, Security_context_functor static_priv, std::function< void(Security_context *)> drop_policy)
Default Security_context factory implementation.
Definition: auth_common.h:975
Security_context_factory::m_user
std::string m_user
Definition: auth_common.h:994
Security_context_factory::create
Sctx_ptr< Security_context > create()
Definition: sql_authorization.cc:7406
Security_context_factory::m_host
std::string m_host
Definition: auth_common.h:995
Security_context_factory::apply_pre_constructed_policies
bool apply_pre_constructed_policies(Security_context *sctx)
Definition: sql_authorization.cc:7376
Security_context_factory::m_user_profile
Security_context_functor m_user_profile
Definition: auth_common.h:996
Security_context_factory::m_thd
THD * m_thd
Definition: auth_common.h:993
Security_context_factory::m_drop_policy
const std::function< void(Security_context *)> m_drop_policy
Definition: auth_common.h:999
Security_context
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:54
String
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:168
THD
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:34
Table_ref
Definition: table.h:2790
User_table_current_schema
Definition: auth_common.h:437
User_table_current_schema::repl_client_priv_idx
uint repl_client_priv_idx() override
Definition: auth_common.h:478
User_table_current_schema::max_user_connections_idx
uint max_user_connections_idx() override
Definition: auth_common.h:508
User_table_current_schema::plugin_idx
uint plugin_idx() override
Definition: auth_common.h:511
User_table_current_schema::create_tablespace_priv_idx
uint create_tablespace_priv_idx() override
Definition: auth_common.h:496
User_table_current_schema::account_locked_idx
uint account_locked_idx() override
Definition: auth_common.h:524
User_table_current_schema::create_priv_idx
uint create_priv_idx() override
Definition: auth_common.h:450
User_table_current_schema::create_tmp_table_priv_idx
uint create_tmp_table_priv_idx() override
Definition: auth_common.h:468
User_table_current_schema::password_idx
uint password_idx() override
Definition: auth_common.h:442
User_table_current_schema::trigger_priv_idx
uint trigger_priv_idx() override
Definition: auth_common.h:495
User_table_current_schema::max_questions_idx
uint max_questions_idx() override
Definition: auth_common.h:503
User_table_current_schema::create_view_priv_idx
uint create_view_priv_idx() override
Definition: auth_common.h:481
User_table_current_schema::index_priv_idx
uint index_priv_idx() override
Definition: auth_common.h:460
User_table_current_schema::insert_priv_idx
uint insert_priv_idx() override
Definition: auth_common.h:447
User_table_current_schema::user_idx
uint user_idx() override
Definition: auth_common.h:440
User_table_current_schema::alter_routine_priv_idx
uint alter_routine_priv_idx() override
Definition: auth_common.h:488
User_table_current_schema::create_user_priv_idx
uint create_user_priv_idx() override
Definition: auth_common.h:491
User_table_current_schema::password_reuse_time_idx
uint password_reuse_time_idx() override
Definition: auth_common.h:528
User_table_current_schema::password_expired_idx
uint password_expired_idx() override
Definition: auth_common.h:515
User_table_current_schema::password_require_current_idx
uint password_require_current_idx() override
Definition: auth_common.h:531
User_table_current_schema::shutdown_priv_idx
uint shutdown_priv_idx() override
Definition: auth_common.h:453
User_table_current_schema::drop_priv_idx
uint drop_priv_idx() override
Definition: auth_common.h:451
User_table_current_schema::host_idx
uint host_idx() override
Definition: auth_common.h:439
User_table_current_schema::file_priv_idx
uint file_priv_idx() override
Definition: auth_common.h:455
User_table_current_schema::authentication_string_idx
uint authentication_string_idx() override
Definition: auth_common.h:512
User_table_current_schema::drop_role_priv_idx
uint drop_role_priv_idx() override
Definition: auth_common.h:467
User_table_current_schema::repl_slave_priv_idx
uint repl_slave_priv_idx() override
Definition: auth_common.h:475
User_table_current_schema::x509_subject_idx
uint x509_subject_idx() override
Definition: auth_common.h:502
User_table_current_schema::references_priv_idx
uint references_priv_idx() override
Definition: auth_common.h:457
User_table_current_schema::password_lifetime_idx
uint password_lifetime_idx() override
Definition: auth_common.h:521
User_table_current_schema::event_priv_idx
uint event_priv_idx() override
Definition: auth_common.h:494
User_table_current_schema::process_priv_idx
uint process_priv_idx() override
Definition: auth_common.h:454
User_table_current_schema::max_connections_idx
uint max_connections_idx() override
Definition: auth_common.h:505
User_table_current_schema::password_reuse_history_idx
uint password_reuse_history_idx() override
Definition: auth_common.h:525
User_table_current_schema::create_routine_priv_idx
uint create_routine_priv_idx() override
Definition: auth_common.h:485
User_table_current_schema::ssl_cipher_idx
uint ssl_cipher_idx() override
Definition: auth_common.h:500
User_table_current_schema::super_priv_idx
uint super_priv_idx() override
Definition: auth_common.h:463
User_table_current_schema::update_priv_idx
uint update_priv_idx() override
Definition: auth_common.h:448
User_table_current_schema::reload_priv_idx
uint reload_priv_idx() override
Definition: auth_common.h:452
User_table_current_schema::create_role_priv_idx
uint create_role_priv_idx() override
Definition: auth_common.h:464
User_table_current_schema::password_last_changed_idx
uint password_last_changed_idx() override
Definition: auth_common.h:518
User_table_current_schema::lock_tables_priv_idx
uint lock_tables_priv_idx() override
Definition: auth_common.h:471
User_table_current_schema::show_db_priv_idx
uint show_db_priv_idx() override
Definition: auth_common.h:462
User_table_current_schema::user_attributes_idx
uint user_attributes_idx() override
Definition: auth_common.h:534
User_table_current_schema::x509_issuer_idx
uint x509_issuer_idx() override
Definition: auth_common.h:501
User_table_current_schema::grant_priv_idx
uint grant_priv_idx() override
Definition: auth_common.h:456
User_table_current_schema::ssl_type_idx
uint ssl_type_idx() override
Definition: auth_common.h:499
User_table_current_schema::alter_priv_idx
uint alter_priv_idx() override
Definition: auth_common.h:461
User_table_current_schema::max_updates_idx
uint max_updates_idx() override
Definition: auth_common.h:504
User_table_current_schema::execute_priv_idx
uint execute_priv_idx() override
Definition: auth_common.h:474
User_table_current_schema::select_priv_idx
uint select_priv_idx() override
Definition: auth_common.h:446
User_table_current_schema::show_view_priv_idx
uint show_view_priv_idx() override
Definition: auth_common.h:484
User_table_current_schema::delete_priv_idx
uint delete_priv_idx() override
Definition: auth_common.h:449
User_table_old_schema
Definition: auth_common.h:542
User_table_old_schema::file_priv_idx
uint file_priv_idx() override
Definition: auth_common.h:605
User_table_old_schema::user_idx
uint user_idx() override
Definition: auth_common.h:592
User_table_old_schema::insert_priv_idx
uint insert_priv_idx() override
Definition: auth_common.h:595
User_table_old_schema::shutdown_priv_idx
uint shutdown_priv_idx() override
Definition: auth_common.h:601
User_table_old_schema::account_locked_idx
uint account_locked_idx() override
Definition: auth_common.h:674
User_table_old_schema::x509_issuer_idx
uint x509_issuer_idx() override
Definition: auth_common.h:649
User_table_old_schema::password_reuse_time_idx
uint password_reuse_time_idx() override
Definition: auth_common.h:680
User_table_old_schema::host_idx
uint host_idx() override
Definition: auth_common.h:591
User_table_old_schema::x509_subject_idx
uint x509_subject_idx() override
Definition: auth_common.h:650
User_table_old_schema::index_priv_idx
uint index_priv_idx() override
Definition: auth_common.h:610
User_table_old_schema::mysql_user_table_field_56
mysql_user_table_field_56
Definition: auth_common.h:544
User_table_old_schema::MYSQL_USER_FIELD_SUPER_PRIV_56
@ MYSQL_USER_FIELD_SUPER_PRIV_56
Definition: auth_common.h:563
User_table_old_schema::MYSQL_USER_FIELD_SELECT_PRIV_56
@ MYSQL_USER_FIELD_SELECT_PRIV_56
Definition: auth_common.h:548
User_table_old_schema::MYSQL_USER_FIELD_REFERENCES_PRIV_56
@ MYSQL_USER_FIELD_REFERENCES_PRIV_56
Definition: auth_common.h:559
User_table_old_schema::MYSQL_USER_FIELD_SHOW_DB_PRIV_56
@ MYSQL_USER_FIELD_SHOW_DB_PRIV_56
Definition: auth_common.h:562
User_table_old_schema::MYSQL_USER_FIELD_UPDATE_PRIV_56
@ MYSQL_USER_FIELD_UPDATE_PRIV_56
Definition: auth_common.h:550
User_table_old_schema::MYSQL_USER_FIELD_DROP_PRIV_56
@ MYSQL_USER_FIELD_DROP_PRIV_56
Definition: auth_common.h:553
User_table_old_schema::MYSQL_USER_FIELD_PLUGIN_56
@ MYSQL_USER_FIELD_PLUGIN_56
Definition: auth_common.h:585
User_table_old_schema::MYSQL_USER_FIELD_FILE_PRIV_56
@ MYSQL_USER_FIELD_FILE_PRIV_56
Definition: auth_common.h:557
User_table_old_schema::MYSQL_USER_FIELD_X509_SUBJECT_56
@ MYSQL_USER_FIELD_X509_SUBJECT_56
Definition: auth_common.h:580
User_table_old_schema::MYSQL_USER_FIELD_REPL_CLIENT_PRIV_56
@ MYSQL_USER_FIELD_REPL_CLIENT_PRIV_56
Definition: auth_common.h:568
User_table_old_schema::MYSQL_USER_FIELD_PASSWORD_56
@ MYSQL_USER_FIELD_PASSWORD_56
Definition: auth_common.h:547
User_table_old_schema::MYSQL_USER_FIELD_MAX_USER_CONNECTIONS_56
@ MYSQL_USER_FIELD_MAX_USER_CONNECTIONS_56
Definition: auth_common.h:584
User_table_old_schema::MYSQL_USER_FIELD_X509_ISSUER_56
@ MYSQL_USER_FIELD_X509_ISSUER_56
Definition: auth_common.h:579
User_table_old_schema::MYSQL_USER_FIELD_PROCESS_PRIV_56
@ MYSQL_USER_FIELD_PROCESS_PRIV_56
Definition: auth_common.h:556
User_table_old_schema::MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV_56
@ MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV_56
Definition: auth_common.h:572
User_table_old_schema::MYSQL_USER_FIELD_COUNT_56
@ MYSQL_USER_FIELD_COUNT_56
Definition: auth_common.h:588
User_table_old_schema::MYSQL_USER_FIELD_EVENT_PRIV_56
@ MYSQL_USER_FIELD_EVENT_PRIV_56
Definition: auth_common.h:574
User_table_old_schema::MYSQL_USER_FIELD_SHUTDOWN_PRIV_56
@ MYSQL_USER_FIELD_SHUTDOWN_PRIV_56
Definition: auth_common.h:555
User_table_old_schema::MYSQL_USER_FIELD_SSL_TYPE_56
@ MYSQL_USER_FIELD_SSL_TYPE_56
Definition: auth_common.h:577
User_table_old_schema::MYSQL_USER_FIELD_SSL_CIPHER_56
@ MYSQL_USER_FIELD_SSL_CIPHER_56
Definition: auth_common.h:578
User_table_old_schema::MYSQL_USER_FIELD_CREATE_VIEW_PRIV_56
@ MYSQL_USER_FIELD_CREATE_VIEW_PRIV_56
Definition: auth_common.h:569
User_table_old_schema::MYSQL_USER_FIELD_DELETE_PRIV_56
@ MYSQL_USER_FIELD_DELETE_PRIV_56
Definition: auth_common.h:551
User_table_old_schema::MYSQL_USER_FIELD_MAX_CONNECTIONS_56
@ MYSQL_USER_FIELD_MAX_CONNECTIONS_56
Definition: auth_common.h:583
User_table_old_schema::MYSQL_USER_FIELD_CREATE_USER_PRIV_56
@ MYSQL_USER_FIELD_CREATE_USER_PRIV_56
Definition: auth_common.h:573
User_table_old_schema::MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV_56
@ MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV_56
Definition: auth_common.h:571
User_table_old_schema::MYSQL_USER_FIELD_CREATE_PRIV_56
@ MYSQL_USER_FIELD_CREATE_PRIV_56
Definition: auth_common.h:552
User_table_old_schema::MYSQL_USER_FIELD_EXECUTE_PRIV_56
@ MYSQL_USER_FIELD_EXECUTE_PRIV_56
Definition: auth_common.h:566
User_table_old_schema::MYSQL_USER_FIELD_MAX_QUESTIONS_56
@ MYSQL_USER_FIELD_MAX_QUESTIONS_56
Definition: auth_common.h:581
User_table_old_schema::MYSQL_USER_FIELD_HOST_56
@ MYSQL_USER_FIELD_HOST_56
Definition: auth_common.h:545
User_table_old_schema::MYSQL_USER_FIELD_GRANT_PRIV_56
@ MYSQL_USER_FIELD_GRANT_PRIV_56
Definition: auth_common.h:558
User_table_old_schema::MYSQL_USER_FIELD_AUTHENTICATION_STRING_56
@ MYSQL_USER_FIELD_AUTHENTICATION_STRING_56
Definition: auth_common.h:586
User_table_old_schema::MYSQL_USER_FIELD_RELOAD_PRIV_56
@ MYSQL_USER_FIELD_RELOAD_PRIV_56
Definition: auth_common.h:554
User_table_old_schema::MYSQL_USER_FIELD_SHOW_VIEW_PRIV_56
@ MYSQL_USER_FIELD_SHOW_VIEW_PRIV_56
Definition: auth_common.h:570
User_table_old_schema::MYSQL_USER_FIELD_LOCK_TABLES_PRIV_56
@ MYSQL_USER_FIELD_LOCK_TABLES_PRIV_56
Definition: auth_common.h:565
User_table_old_schema::MYSQL_USER_FIELD_TRIGGER_PRIV_56
@ MYSQL_USER_FIELD_TRIGGER_PRIV_56
Definition: auth_common.h:575
User_table_old_schema::MYSQL_USER_FIELD_PASSWORD_EXPIRED_56
@ MYSQL_USER_FIELD_PASSWORD_EXPIRED_56
Definition: auth_common.h:587
User_table_old_schema::MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV_56
@ MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV_56
Definition: auth_common.h:564
User_table_old_schema::MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV_56
@ MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV_56
Definition: auth_common.h:576
User_table_old_schema::MYSQL_USER_FIELD_USER_56
@ MYSQL_USER_FIELD_USER_56
Definition: auth_common.h:546
User_table_old_schema::MYSQL_USER_FIELD_INSERT_PRIV_56
@ MYSQL_USER_FIELD_INSERT_PRIV_56
Definition: auth_common.h:549
User_table_old_schema::MYSQL_USER_FIELD_INDEX_PRIV_56
@ MYSQL_USER_FIELD_INDEX_PRIV_56
Definition: auth_common.h:560
User_table_old_schema::MYSQL_USER_FIELD_ALTER_PRIV_56
@ MYSQL_USER_FIELD_ALTER_PRIV_56
Definition: auth_common.h:561
User_table_old_schema::MYSQL_USER_FIELD_REPL_SLAVE_PRIV_56
@ MYSQL_USER_FIELD_REPL_SLAVE_PRIV_56
Definition: auth_common.h:567
User_table_old_schema::MYSQL_USER_FIELD_MAX_UPDATES_56
@ MYSQL_USER_FIELD_MAX_UPDATES_56
Definition: auth_common.h:582
User_table_old_schema::drop_role_priv_idx
uint drop_role_priv_idx() override
Definition: auth_common.h:676
User_table_old_schema::user_attributes_idx
uint user_attributes_idx() override
Definition: auth_common.h:684
User_table_old_schema::lock_tables_priv_idx
uint lock_tables_priv_idx() override
Definition: auth_common.h:617
User_table_old_schema::create_tmp_table_priv_idx
uint create_tmp_table_priv_idx() override
Definition: auth_common.h:614
User_table_old_schema::password_lifetime_idx
uint password_lifetime_idx() override
Definition: auth_common.h:673
User_table_old_schema::process_priv_idx
uint process_priv_idx() override
Definition: auth_common.h:604
User_table_old_schema::create_view_priv_idx
uint create_view_priv_idx() override
Definition: auth_common.h:627
User_table_old_schema::plugin_idx
uint plugin_idx() override
Definition: auth_common.h:661
User_table_old_schema::max_user_connections_idx
uint max_user_connections_idx() override
Definition: auth_common.h:658
User_table_old_schema::select_priv_idx
uint select_priv_idx() override
Definition: auth_common.h:594
User_table_old_schema::references_priv_idx
uint references_priv_idx() override
Definition: auth_common.h:607
User_table_old_schema::grant_priv_idx
uint grant_priv_idx() override
Definition: auth_common.h:606
User_table_old_schema::repl_slave_priv_idx
uint repl_slave_priv_idx() override
Definition: auth_common.h:621
User_table_old_schema::max_updates_idx
uint max_updates_idx() override
Definition: auth_common.h:654
User_table_old_schema::delete_priv_idx
uint delete_priv_idx() override
Definition: auth_common.h:597
User_table_old_schema::create_user_priv_idx
uint create_user_priv_idx() override
Definition: auth_common.h:639
User_table_old_schema::repl_client_priv_idx
uint repl_client_priv_idx() override
Definition: auth_common.h:624
User_table_old_schema::show_view_priv_idx
uint show_view_priv_idx() override
Definition: auth_common.h:630
User_table_old_schema::password_reuse_history_idx
uint password_reuse_history_idx() override
Definition: auth_common.h:677
User_table_old_schema::update_priv_idx
uint update_priv_idx() override
Definition: auth_common.h:596
User_table_old_schema::create_priv_idx
uint create_priv_idx() override
Definition: auth_common.h:598
User_table_old_schema::max_questions_idx
uint max_questions_idx() override
Definition: auth_common.h:651
User_table_old_schema::drop_priv_idx
uint drop_priv_idx() override
Definition: auth_common.h:599
User_table_old_schema::alter_priv_idx
uint alter_priv_idx() override
Definition: auth_common.h:611
User_table_old_schema::execute_priv_idx
uint execute_priv_idx() override
Definition: auth_common.h:620
User_table_old_schema::password_idx
uint password_idx() override
Definition: auth_common.h:593
User_table_old_schema::password_expired_idx
uint password_expired_idx() override
Definition: auth_common.h:665
User_table_old_schema::password_last_changed_idx
uint password_last_changed_idx() override
Definition: auth_common.h:670
User_table_old_schema::authentication_string_idx
uint authentication_string_idx() override
Definition: auth_common.h:662
User_table_old_schema::show_db_priv_idx
uint show_db_priv_idx() override
Definition: auth_common.h:612
User_table_old_schema::create_tablespace_priv_idx
uint create_tablespace_priv_idx() override
Definition: auth_common.h:644
User_table_old_schema::password_require_current_idx
uint password_require_current_idx() override
Definition: auth_common.h:681
User_table_old_schema::ssl_type_idx
uint ssl_type_idx() override
Definition: auth_common.h:647
User_table_old_schema::max_connections_idx
uint max_connections_idx() override
Definition: auth_common.h:655
User_table_old_schema::reload_priv_idx
uint reload_priv_idx() override
Definition: auth_common.h:600
User_table_old_schema::create_role_priv_idx
uint create_role_priv_idx() override
Definition: auth_common.h:675
User_table_old_schema::alter_routine_priv_idx
uint alter_routine_priv_idx() override
Definition: auth_common.h:636
User_table_old_schema::create_routine_priv_idx
uint create_routine_priv_idx() override
Definition: auth_common.h:633
User_table_old_schema::super_priv_idx
uint super_priv_idx() override
Definition: auth_common.h:613
User_table_old_schema::ssl_cipher_idx
uint ssl_cipher_idx() override
Definition: auth_common.h:648
User_table_old_schema::trigger_priv_idx
uint trigger_priv_idx() override
Definition: auth_common.h:643
User_table_old_schema::event_priv_idx
uint event_priv_idx() override
Definition: auth_common.h:642
User_table_schema_factory
Definition: auth_common.h:687
User_table_schema_factory::~User_table_schema_factory
virtual ~User_table_schema_factory()=default
User_table_schema_factory::get_user_table_schema
virtual User_table_schema * get_user_table_schema(TABLE *table)
Definition: auth_common.h:689
User_table_schema_factory::is_old_user_table_schema
virtual bool is_old_user_table_schema(TABLE *table)
Definition: auth_common.cc:48
User_table_schema
Definition: auth_common.h:374
User_table_schema::user_attributes_idx
virtual uint user_attributes_idx()=0
User_table_schema::event_priv_idx
virtual uint event_priv_idx()=0
User_table_schema::update_priv_idx
virtual uint update_priv_idx()=0
User_table_schema::max_connections_idx
virtual uint max_connections_idx()=0
User_table_schema::user_idx
virtual uint user_idx()=0
User_table_schema::select_priv_idx
virtual uint select_priv_idx()=0
User_table_schema::repl_client_priv_idx
virtual uint repl_client_priv_idx()=0
User_table_schema::x509_issuer_idx
virtual uint x509_issuer_idx()=0
User_table_schema::references_priv_idx
virtual uint references_priv_idx()=0
User_table_schema::alter_priv_idx
virtual uint alter_priv_idx()=0
User_table_schema::password_last_changed_idx
virtual uint password_last_changed_idx()=0
User_table_schema::host_idx
virtual uint host_idx()=0
User_table_schema::trigger_priv_idx
virtual uint trigger_priv_idx()=0
User_table_schema::show_view_priv_idx
virtual uint show_view_priv_idx()=0
User_table_schema::process_priv_idx
virtual uint process_priv_idx()=0
User_table_schema::create_tablespace_priv_idx
virtual uint create_tablespace_priv_idx()=0
User_table_schema::reload_priv_idx
virtual uint reload_priv_idx()=0
User_table_schema::drop_priv_idx
virtual uint drop_priv_idx()=0
User_table_schema::password_expired_idx
virtual uint password_expired_idx()=0
User_table_schema::max_user_connections_idx
virtual uint max_user_connections_idx()=0
User_table_schema::max_updates_idx
virtual uint max_updates_idx()=0
User_table_schema::password_reuse_time_idx
virtual uint password_reuse_time_idx()=0
User_table_schema::create_view_priv_idx
virtual uint create_view_priv_idx()=0
User_table_schema::create_tmp_table_priv_idx
virtual uint create_tmp_table_priv_idx()=0
User_table_schema::ssl_type_idx
virtual uint ssl_type_idx()=0
User_table_schema::password_lifetime_idx
virtual uint password_lifetime_idx()=0
User_table_schema::show_db_priv_idx
virtual uint show_db_priv_idx()=0
User_table_schema::password_reuse_history_idx
virtual uint password_reuse_history_idx()=0
User_table_schema::create_role_priv_idx
virtual uint create_role_priv_idx()=0
User_table_schema::create_priv_idx
virtual uint create_priv_idx()=0
User_table_schema::account_locked_idx
virtual uint account_locked_idx()=0
User_table_schema::x509_subject_idx
virtual uint x509_subject_idx()=0
User_table_schema::alter_routine_priv_idx
virtual uint alter_routine_priv_idx()=0
User_table_schema::super_priv_idx
virtual uint super_priv_idx()=0
User_table_schema::password_require_current_idx
virtual uint password_require_current_idx()=0
User_table_schema::repl_slave_priv_idx
virtual uint repl_slave_priv_idx()=0
User_table_schema::shutdown_priv_idx
virtual uint shutdown_priv_idx()=0
User_table_schema::lock_tables_priv_idx
virtual uint lock_tables_priv_idx()=0
User_table_schema::authentication_string_idx
virtual uint authentication_string_idx()=0
User_table_schema::drop_role_priv_idx
virtual uint drop_role_priv_idx()=0
User_table_schema::ssl_cipher_idx
virtual uint ssl_cipher_idx()=0
User_table_schema::create_user_priv_idx
virtual uint create_user_priv_idx()=0
User_table_schema::password_idx
virtual uint password_idx()=0
User_table_schema::grant_priv_idx
virtual uint grant_priv_idx()=0
User_table_schema::plugin_idx
virtual uint plugin_idx()=0
User_table_schema::index_priv_idx
virtual uint index_priv_idx()=0
User_table_schema::max_questions_idx
virtual uint max_questions_idx()=0
User_table_schema::create_routine_priv_idx
virtual uint create_routine_priv_idx()=0
User_table_schema::execute_priv_idx
virtual uint execute_priv_idx()=0
User_table_schema::delete_priv_idx
virtual uint delete_priv_idx()=0
User_table_schema::file_priv_idx
virtual uint file_priv_idx()=0
User_table_schema::insert_priv_idx
virtual uint insert_priv_idx()=0
User_table_schema::~User_table_schema
virtual ~User_table_schema()=default
sp_name
Definition: sp_head.h:120
create_table
PFS_table * create_table(PFS_table_share *share, PFS_thread *opening_thread, const void *identity)
Create instrumentation for a table instance.
Definition: pfs_instr.cc:1296
lex_string.h
my_command.h
enum_server_command
enum_server_command
A list of all MySQL protocol commands.
Definition: my_command.h:48
my_hostname.h
Common definition used by mysys, performance schema and server & client.
HOSTNAME_LENGTH
static constexpr int HOSTNAME_LENGTH
Definition: my_hostname.h:43
my_inttypes.h
Some integer typedefs for easier portability.
uchar
unsigned char uchar
Definition: my_inttypes.h:52
uint32
uint32_t uint32
Definition: my_inttypes.h:67
mysql_com.h
Common definition between mysql server & client.
USERNAME_LENGTH
#define USERNAME_LENGTH
Definition: mysql_com.h:69
password
static char * password
Definition: mysql_secure_installation.cc:56
user
char * user
Definition: mysqladmin.cc:60
host
const char * host
Definition: mysqladmin.cc:59
anonymous_namespace{config_generator.cc}::str
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1044
consts
Definition: acl_table_user.cc:80
consts::mysql
const std::string mysql
consts::system_user
const std::string system_user
consts::connection_admin
const std::string connection_admin
cs
Definition: commit_order_queue.h:34
gis::length
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:76
reference_caching::channel::create
static mysql_service_status_t create(const char *service_names[], reference_caching_channel *out_channel) noexcept
Definition: component.cc:36
rules_table_service::table_name
const char * table_name
Definition: rules_table_service.cc:56
rules_table_service::end
Cursor end()
A past-the-end Cursor.
Definition: rules_table_service.cc:192
rules_table_service::db_name
const char * db_name
Definition: rules_table_service.cc:55
std
Definition: gcs_xcom_synode.h:64
ut::unique_ptr
std::conditional_t< !std::is_array< T >::value, std::unique_ptr< T, detail::Deleter< T > >, std::conditional_t< detail::is_unbounded_array_v< T >, std::unique_ptr< T, detail::Array_deleter< std::remove_extent_t< T > > >, void > > unique_ptr
The following is a common type that is returned by all the ut::make_unique (non-aligned) specializati...
Definition: ut0new.h:2438
ut::list
std::list< T, ut::allocator< T > > list
Specialization of list which uses ut_allocator.
Definition: ut0new.h:2878
role_enum
role_enum
Definition: sql_admin.h:225
RSA
struct rsa_st RSA
Definition: sql_authentication.h:103
plugin_name
LEX_CSTRING * plugin_name(st_plugin_int **ref)
Definition: sql_plugin_ref.h:95
Consumer_type
Consumer_type
Target types where the rewritten query will be added.
Definition: sql_rewrite.h:38
name
case opt name
Definition: sslopt-case.h:33
CHARSET_INFO
Definition: m_ctype.h:385
GRANT_INFO
The current state of the privilege checking process for the current user, SQL statement and SQL objec...
Definition: table.h:357
GRANT_INTERNAL_INFO
State information for internal tables grants.
Definition: table.h:334
HA_CREATE_INFO
Struct to hold information about the table that should be created.
Definition: handler.h:3044
LEX_USER
Definition: table.h:2657
MEM_ROOT
The MEM_ROOT is a simple arena, where allocations are carved out of larger blocks.
Definition: my_alloc.h:83
MYSQL_LEX_CSTRING
Definition: mysql_lex_string.h:40
MYSQL_LEX_STRING
Definition: mysql_lex_string.h:35
Security_context_policy
Definition: auth_common.h:918
Security_context_policy::operator()
virtual bool operator()(Security_context *, Operation)=0
Security_context_policy::Security_context_policy
Security_context_policy(const Security_context_policy &)=default
Security_context_policy::Operation
Operation
Definition: auth_common.h:919
Security_context_policy::Precheck
@ Precheck
Definition: auth_common.h:919
Security_context_policy::Execute
@ Execute
Definition: auth_common.h:919
Security_context_policy::Security_context_policy
Security_context_policy()=default
Security_context_policy::~Security_context_policy
virtual ~Security_context_policy()=default
TABLE
Definition: table.h:1398
random_password_info
Definition: auth_common.h:1115
random_password_info::host
std::string host
Definition: auth_common.h:1117
random_password_info::user
std::string user
Definition: auth_common.h:1116
random_password_info::authentication_factor
unsigned int authentication_factor
Definition: auth_common.h:1119
random_password_info::password
std::string password
Definition: auth_common.h:1118
user_conn
Definition: sql_connect.h:70
template_utils.h
uint
unsigned int uint
Definition: uca9-dump.cc:75
command
command
Definition: version_token.cc:280
vio_type
enum enum_vio_type vio_type(const MYSQL_VIO vio)