26#ifndef MYSQL_HARNESS_ACCESS_RIGHTS_INCLUDED
27#define MYSQL_HARNESS_ACCESS_RIGHTS_INCLUDED
29#include "harness_export.h"
40#include <system_error>
50namespace posix::access_rights {
60 static constexpr const mode_t
kMask = Mask;
64 static_assert(!(
kMask & ~kFullAccessMask));
68 if ((perms &
kMask) != 0) {
83 static constexpr const mode_t
kMask = Mask;
101namespace win32::access_rights {
105 void operator()(
void *ptr) { LocalFree(ptr); }
109using LocalAllocated = std::unique_ptr<T, LocalDeleter>;
129 using allocated_type = LocalAllocated<T>;
130 using pointer =
typename allocated_type::pointer;
131 using element_type =
typename allocated_type::element_type;
138 explicit Allocated(
size_t size)
139 : allocated_{reinterpret_cast<pointer>(LocalAlloc(LPTR, size))} {}
146 Allocated(pointer
p) : allocated_{
p} {}
148 pointer
get() const noexcept {
return allocated_.get(); }
150 pointer operator->()
const {
return allocated_.get(); }
152 void reset(pointer ptr) { allocated_.reset(ptr); }
155 allocated_type allocated_;
162class SizedAllocated :
public Allocated<T> {
169 SizedAllocated(
size_t size) : Allocated<T>{size}, size_{size} {}
171 [[nodiscard]]
size_t size() const noexcept {
return size_; }
183create_well_known_sid(WELL_KNOWN_SID_TYPE well_known_sid);
194class HARNESS_EXPORT
Sid {
201 BYTE revision()
const {
return sid_->Revision; }
202 BYTE sub_authority_count()
const {
return sid_->SubAuthorityCount; }
203 SID_IDENTIFIER_AUTHORITY identifier_authority()
const {
204 return sid_->IdentifierAuthority;
209 SID *
native() {
return sid_; }
218 return EqualSid(a.sid_, b.sid_);
226class HARNESS_EXPORT Ace {
228 Ace(ACE_HEADER *ace) : ace_{
std::
move(ace)} {}
230 BYTE
type()
const {
return ace_->AceType; }
231 BYTE
flags()
const {
return ace_->AceFlags; }
232 WORD size()
const {
return ace_->AceSize; }
234 void *data()
const {
return ace_; }
245class HARNESS_EXPORT Acl {
247 explicit Acl(ACL *acl) : acl_{
std::
move(acl)} {}
249 class HARNESS_EXPORT iterator {
254 iterator(ACL *acl,
size_t ndx) : acl_{acl}, ndx_{ndx} {}
256 reference operator*();
267 iterator begin()
const {
return {acl_, 0}; }
268 iterator
end()
const {
return {acl_, size()}; }
281class HARNESS_EXPORT AccessAllowedAce {
283 explicit AccessAllowedAce(ACCESS_ALLOWED_ACE *ace) : ace_{ace} {}
285 ACCESS_MASK
mask()
const {
return ace_->Mask; }
286 Sid sid()
const {
return reinterpret_cast<SID *
>(&ace_->SidStart); }
291 ACCESS_ALLOWED_ACE *ace_;
302using OptionalDacl = std::optional<ACL *>;
311class HARNESS_EXPORT SecurityDescriptor {
318 explicit SecurityDescriptor(SECURITY_DESCRIPTOR *desc) : desc_{desc} {}
332 DWORD revision = SECURITY_DESCRIPTOR_REVISION);
338 bool dacl_defaulted);
348 bool is_self_relative()
const {
349 return control().value_or(0) & SE_SELF_RELATIVE;
361 make_self_relative();
369 SECURITY_DESCRIPTOR *desc_;
372class HARNESS_EXPORT AclBuilder {
374 struct WellKnownSid {
375 WELL_KNOWN_SID_TYPE sid;
381 struct CurrentUser {};
392 static EXPLICIT_ACCESSW ace_grant_access(SID *sid, DWORD rights);
402 static EXPLICIT_ACCESSW ace_set_access(SID *sid, DWORD rights);
411 static EXPLICIT_ACCESSW ace_revoke_access(SID *sid);
426 AclBuilder &grant(CurrentUser, DWORD rights);
431 AclBuilder &grant(
const WellKnownSid &owner, DWORD rights);
433 AclBuilder &grant(Allocated<SID> sid, DWORD rights);
435 AclBuilder &
set(CurrentUser, DWORD rights);
437 AclBuilder &
set(
const WellKnownSid &owner, DWORD rights);
439 AclBuilder &
set(Allocated<SID> sid, DWORD rights);
441 AclBuilder &revoke(CurrentUser);
443 AclBuilder &revoke(
const WellKnownSid &owner);
445 AclBuilder &revoke(Allocated<SID> sid);
450 std::vector<Allocated<SID>> owned_sids_;
452 std::error_code ec_{};
453 std::vector<EXPLICIT_ACCESSW> perms_;
454 mysql_harness::win32::access_rights::OptionalDacl dacl_;
Sid class.
Definition: common.h:219
allows permissions.
Definition: access_rights.h:81
stdx::expected< void, std::error_code > operator()(const security_descriptor_type &perms)
Definition: access_rights.h:86
static constexpr const mode_t kFullAccessMask
Definition: access_rights.h:84
static constexpr const mode_t kMask
Definition: access_rights.h:83
denies permissions.
Definition: access_rights.h:58
static constexpr const mode_t kMask
Definition: access_rights.h:60
stdx::expected< void, std::error_code > operator()(const security_descriptor_type &perms)
Definition: access_rights.h:66
static constexpr const mode_t kFullAccessMask
Definition: access_rights.h:61
Definition: expected.h:944
const char * p
Definition: ctype-mb.cc:1237
static int flags[50]
Definition: hp_test1.cc:40
static mi_bit_type mask[]
Definition: mi_packrec.cc:141
bool operator!=(const my_thread_handle &a, const my_thread_handle &b)
Definition: my_thread.h:158
bool operator==(const my_thread_handle &a, const my_thread_handle &b)
Definition: my_thread.h:151
uint16_t value_type
Definition: vt100.h:184
std::string HARNESS_EXPORT reset()
get 'reset attributes' ESC sequence.
Definition: vt100.cc:37
bool initialize(THD *thd)
Initialize the dictionary while starting the server for the first time.
Definition: bootstrapper.cc:886
std::string file_name(Log_file_id file_id)
Provides name of the log file with the given file id, e.g.
Definition: log0pre_8_0_30.cc:94
mode_t security_descriptor_type
Definition: access_rights.h:52
std::string HARNESS_EXPORT to_string(const ShutdownPending::Reason &reason)
Definition: process_state_component.cc:60
std::error_code make_error_code(DynamicLoaderErrc ec)
make error_code from a DynamicLoaderErrc.
Definition: dynamic_loader.cc:79
HARNESS_EXPORT stdx::expected< void, std::error_code > access_rights_set(const std::string &file_name, const security_descriptor_type &sec_desc)
set access rights of a file.
Definition: access_rights.cc:759
posix::access_rights::DenyPermissionVerifier<(S_IRWXO)> DenyOtherReadWritableVerifier
fail access_rights_verify() if others can read or write or execute.
Definition: access_rights.h:487
posix::access_rights::security_descriptor_type security_descriptor_type
Definition: access_rights.h:477
posix::access_rights::AllowPermissionVerifier<(S_IRUSR|S_IWUSR)> AllowUserReadWritableVerifier
fail access_rights_verify() if someone else then the owner of the file can read or write.
Definition: access_rights.h:498
stdx::expected< void, std::error_code > access_rights_verify(const security_descriptor_type &rights, Func &&func)
check if a security descriptor satisfies a verifier.
Definition: access_rights.h:513
HARNESS_EXPORT stdx::expected< security_descriptor_type, std::error_code > access_rights_get(const std::string &file_name) noexcept
get a access rights of file.
Definition: access_rights.cc:743
void get(PSI_field *, PSI_longlong *) noexcept
Definition: pfs_plugin_column_bigint_v1_all_empty.cc:32
Cursor end()
A past-the-end Cursor.
Definition: rules_table_service.cc:192
Definition: gcs_xcom_synode.h:64
constexpr auto make_unexpected(E &&e) -> unexpected< std::decay_t< E > >
Definition: expected.h:125
std::set< Key, Compare, ut::allocator< Key > > set
Specialization of set which uses ut_allocator.
Definition: ut0new.h:2882
required string type
Definition: replication_group_member_actions.proto:34
Ssl_acceptor_context_property_type & operator++(Ssl_acceptor_context_property_type &property_type)
Increment operator for Ssl_acceptor_context_type Used by iterator.
Definition: ssl_acceptor_context_data.cc:114