|  | MySQL 8.0.43
    Source Code Documentation | 
#include "sql/auth/sql_auth_cache.h"#include <stdarg.h>#include <boost/graph/properties.hpp>#include <new>#include "m_ctype.h"#include "m_string.h"#include "mutex_lock.h"#include "my_base.h"#include "my_compiler.h"#include "my_dbug.h"#include "my_loglevel.h"#include "my_macros.h"#include "mysql/components/services/bits/psi_bits.h"#include "mysql/components/services/bits/psi_mutex_bits.h"#include "mysql/components/services/log_builtins.h"#include "mysql/plugin.h"#include "mysql/plugin_audit.h"#include "mysql/plugin_auth.h"#include "mysql/psi/mysql_mutex.h"#include "mysql/service_mysql_alloc.h"#include "mysqld_error.h"#include "prealloced_array.h"#include "sql/auth/auth_acls.h"#include "sql/auth/auth_common.h"#include "sql/auth/auth_internal.h"#include "sql/auth/auth_utility.h"#include "sql/auth/dynamic_privilege_table.h"#include "sql/auth/sql_authentication.h"#include "sql/auth/sql_security_ctx.h"#include "sql/auth/sql_user_table.h"#include "sql/auth/user_table.h"#include "sql/current_thd.h"#include "sql/debug_sync.h"#include "sql/error_handler.h"#include "sql/field.h"#include "sql/handler.h"#include "sql/iterators/row_iterator.h"#include "sql/key.h"#include "sql/mdl.h"#include "sql/mysqld.h"#include "sql/psi_memory_key.h"#include "sql/set_var.h"#include "sql/sql_audit.h"#include "sql/sql_base.h"#include "sql/sql_class.h"#include "sql/sql_const.h"#include "sql/sql_error.h"#include "sql/sql_executor.h"#include "sql/sql_lex.h"#include "sql/sql_plugin.h"#include "sql/sql_plugin_ref.h"#include "sql/ssl_acceptor_context_operator.h"#include "sql/system_variables.h"#include "sql/table.h"#include "sql/thd_raii.h"#include "sql/thr_malloc.h"#include "sql/tztime.h"#include "sql/xa.h"#include "sql_string.h"#include "thr_lock.h"#include "thr_mutex.h"#include <algorithm>#include <functional>#include <unordered_map>#include <utility>#include <vector>#include <boost/property_map/property_map.hpp>| Classes | |
| struct | ACL_internal_schema_registry_entry | 
| class | Acl_ignore_error_handler | 
| struct | Free_grant_table | 
| struct | Acl_hash_entry | 
| class | Acl_cache_error_handler | 
| Internal_error_handler subclass to suppress ER_LOCK_DEADLOCK, ER_LOCK_WAIT_TIMEOUT, ER_QUERY_INTERRUPTED and ER_QUERY_TIMEOUT.  More... | |
| class | Release_acl_cache_locks | 
| Macros | |
| #define | INVALID_DATE "0000-00-00 00:00:00" | 
| #define | IP_ADDR_STRLEN (3 + 1 + 3 + 1 + 3 + 1 + 3) | 
| #define | ACL_KEY_LENGTH (IP_ADDR_STRLEN + 1 + NAME_LEN + 1 + USERNAME_LENGTH + 1) | 
| Typedefs | |
| typedef std::unordered_map< std::string, Acl_user_ptr_list, std::hash< std::string >, std::equal_to< std::string >, Acl_cache_allocator< std::pair< const std::string, Acl_user_ptr_list > > > | Name_to_userlist | 
| A hashmap on user part of account name for quick lookup.  More... | |
| Functions | |
| Acl_cache * | get_global_acl_cache () | 
| ulong | get_global_acl_cache_size () | 
| void | init_acl_cache () | 
| bool | skip_grant_tables (void) | 
| static void | set_username (char **user, const char *user_arg, MEM_ROOT *mem) | 
| Helper: Set user name.  More... | |
| static void | set_hostname (ACL_HOST_AND_IP *host, const char *host_arg, MEM_ROOT *mem) | 
| Helper: Set host name.  More... | |
| void | init_acl_memory () | 
| Allocates the memory in the the global_acl_memory MEM_ROOT.  More... | |
| void | append_auth_id (const THD *thd, ACL_USER *acl_user, String *str) | 
| Append the authorization id for the user.  More... | |
| void | append_auth_id_string (const THD *thd, const char *user, size_t user_len, const char *host, size_t host_len, String *str) | 
| Append the user@host to the str.  More... | |
| int | wild_case_compare (CHARSET_INFO *cs, const char *str, size_t str_len, const char *wildstr, size_t wildstr_len) | 
| Performs wildcard matching, aka globbing, on the input string with the given wildcard pattern, and the specified wildcard characters.  More... | |
| int | wild_case_compare (CHARSET_INFO *cs, const char *str, const char *wildstr) | 
| ulong | get_sort (uint count,...) | 
| bool | hostname_requires_resolving (const char *hostname) | 
| Check if the given host name needs to be resolved or not.  More... | |
| void | rebuild_cached_acl_users_for_name (void) | 
| Build the lists of ACL_USERs which share name or have no name.  More... | |
| Acl_user_ptr_list * | cached_acl_users_for_name (const char *name) | 
| Fetch the list of ACL_USERs which share name or have no name.  More... | |
| ACL_USER * | find_acl_user (const char *host, const char *user, bool exact) | 
| bool | is_acl_user (THD *thd, const char *host, const char *user) | 
| ACL_PROXY_USER * | acl_find_proxy_user (const char *user, const char *host, const char *ip, char *authenticated_as, bool *proxy_used) | 
| Validate if a user can proxy as another user.  More... | |
| void | clear_and_init_db_cache () | 
| static void | insert_entry_in_db_cache (THD *thd, acl_entry *entry) | 
| Insert a new entry in db_cache.  More... | |
| Access_bitmask | acl_get (THD *thd, const char *host, const char *ip, const char *user, const char *db, bool db_is_pattern) | 
| Get privilege for a host, user, and db combination.  More... | |
| static void | init_check_host (void) | 
| void | rebuild_check_host (void) | 
| bool | acl_getroot (THD *thd, Security_context *sctx, const char *user, const char *host, const char *ip, const char *db) | 
| bool | set_user_salt (ACL_USER *acl_user) | 
| Convert scrambled password to binary form, according to scramble type, Binary form is stored in user.salt.  More... | |
| static void | validate_user_plugin_records () | 
| Iterate over the user records and check for irregularities.  More... | |
| void | notify_flush_event (THD *thd) | 
| Audit notification for flush.  More... | |
| static bool | reload_roles_cache (THD *thd, Table_ref *tablelst) | 
| Initialize roles structures from role tables handle.  More... | |
| bool | acl_init (bool dont_read_acl_tables) | 
| void | clean_user_cache () | 
| static bool | acl_load (THD *thd, Table_ref *tables) | 
| void | free_name_to_userlist () | 
| Clear second level cache on account names.  More... | |
| void | acl_free (bool end) | 
| bool | check_engine_type_for_acl_table (THD *thd, bool mdl_locked) | 
| bool | check_acl_tables_intact (THD *thd, Table_ref *tables) | 
| Helper function that checks the sanity of tables object present in the Table_ref object.  More... | |
| bool | check_acl_tables_intact (THD *thd, bool mdl_locked) | 
| Opens the ACL tables and checks their sanity.  More... | |
| bool | is_expected_or_transient_error (THD *thd) | 
| Small helper function which allows to determine if error which caused failure to open and lock privilege tables should not be reported to error log (because this is expected or temporary condition).  More... | |
| bool | acl_reload (THD *thd, bool mdl_locked, bool preserve_temporary_account_locking, Lock_state_list *modified_user_lock_state_list) | 
| void | acl_insert_proxy_user (ACL_PROXY_USER *new_value) | 
| void | grant_free (void) | 
| bool | grant_init (bool skip_grant_tables) | 
| Initialize structures responsible for table/column-level privilege checking and load information for them from tables in the 'mysql' database.  More... | |
| static bool | grant_load_procs_priv (TABLE *p_table) | 
| Helper function to grant_reload_procs_priv.  More... | |
| static bool | grant_load (THD *thd, Table_ref *tables) | 
| Initialize structures responsible for table/column-level privilege checking and load information about grants from open privilege tables.  More... | |
| static bool | grant_reload_procs_priv (Table_ref *table) | 
| Helper function to grant_reload.  More... | |
| bool | grant_reload (THD *thd, bool mdl_locked) | 
| Reload information about table and column level privileges if possible.  More... | |
| void | acl_update_user (const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, Access_bitmask privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const std::string &second_auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, Restrictions &restrictions, acl_table::Pod_user_what_to_update &what_to_update, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa) | 
| void | acl_users_add_one (const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, Access_bitmask privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const LEX_CSTRING &second_auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, bool add_role_vertex, Restrictions &restrictions, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa, THD *thd) | 
| void | acl_insert_user (THD *thd, const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, Access_bitmask privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, Restrictions &restrictions, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa) | 
| void | acl_update_proxy_user (ACL_PROXY_USER *new_value, bool is_revoke) | 
| void | acl_update_db (const char *user, const char *host, const char *db, Access_bitmask privileges) | 
| void | acl_insert_db (const char *user, const char *host, const char *db, Access_bitmask privileges) | 
| void | get_mqh (THD *thd, const char *user, const char *host, USER_CONN *uc) | 
| bool | update_sctx_cache (Security_context *sctx, ACL_USER *acl_user_ptr, bool expired) | 
| Update the security context when updating the user.  More... | |
| const uchar * | hash_key (const uchar *el, size_t *length) | 
| bool | create_acl_cache_hash_key (uchar **out_key, unsigned *key_len, uint64 version, const Auth_id_ref &uid, const List_of_auth_id_refs &active_roles) | 
| Allocate a new cache key based on active roles, current user and global cache version.  More... | |
| static int | cache_flusher (const uchar *ptr, void *arg) | 
| Utility function for removing items from the hash.  More... | |
| int | match_all_entries (const uchar *, void *) | 
| Helper function for Acl_cache::clear_acl_cache.  More... | |
| void | shutdown_acl_cache () | 
| Shutdown the global Acl_cache system which was only initialized if the rwlocks were initialized.  More... | |
| bool | assert_acl_cache_read_lock (THD *thd) | 
| Assert that thread owns MDL_SHARED on partition specific to the thread.  More... | |
| bool | assert_acl_cache_write_lock (THD *thd) | 
| Assert that thread owns MDL_EXCLUSIVE on all partitions.  More... | |
| bool | reload_acl_caches (THD *thd, bool mdl_locked, bool preserve_temporary_account_locking, Lock_state_list *modified_user_lock_state_list) | 
| Reload all ACL caches.  More... | |
| bool | is_partial_revoke_exists (THD *thd) | 
| Method to check if there exists at least one partial revokes in the cache.  More... | |
| bool | is_acl_inited () | 
| #define ACL_KEY_LENGTH (IP_ADDR_STRLEN + 1 + NAME_LEN + 1 + USERNAME_LENGTH + 1) | 
| #define INVALID_DATE "0000-00-00 00:00:00" | 
| #define IP_ADDR_STRLEN (3 + 1 + 3 + 1 + 3 + 1 + 3) | 
| typedef std::unordered_map< std::string, Acl_user_ptr_list, std::hash<std::string>, std::equal_to<std::string>, Acl_cache_allocator<std::pair<const std::string, Acl_user_ptr_list> > > Name_to_userlist | 
A hashmap on user part of account name for quick lookup.
| ACL_PROXY_USER * acl_find_proxy_user | ( | const char * | user, | 
| const char * | host, | ||
| const char * | ip, | ||
| char * | authenticated_as, | ||
| bool * | proxy_used | ||
| ) | 
Validate if a user can proxy as another user.
| user | the logged in user (proxy user) | |
| host | the hostname part of the logged in userid | |
| ip | the ip of the logged in userid | |
| authenticated_as | the effective user a plugin is trying to impersonate as (proxied user) | |
| [out] | proxy_used | True if a proxy is found | 
| NULL | proxy user definition not found or not applicable | 
| non-null | the proxy user data | 
| void acl_free | ( | bool | end | ) | 
| Access_bitmask acl_get | ( | THD * | thd, | 
| const char * | host, | ||
| const char * | ip, | ||
| const char * | user, | ||
| const char * | db, | ||
| bool | db_is_pattern | ||
| ) | 
Get privilege for a host, user, and db combination.
| thd | Thread handler | 
| host | Host name | 
| ip | Ip | 
| user | user name | 
| db | We look for the ACL of this database | 
| db_is_pattern | true if dbcan be considered a pattern or false if not | 
| bool acl_getroot | ( | THD * | thd, | 
| Security_context * | sctx, | ||
| const char * | user, | ||
| const char * | host, | ||
| const char * | ip, | ||
| const char * | db | ||
| ) | 
| bool acl_init | ( | bool | dont_read_acl_tables | ) | 
| void acl_insert_db | ( | const char * | user, | 
| const char * | host, | ||
| const char * | db, | ||
| Access_bitmask | privileges | ||
| ) | 
| void acl_insert_proxy_user | ( | ACL_PROXY_USER * | new_value | ) | 
| void acl_insert_user | ( | THD * | thd, | 
| const char * | user, | ||
| const char * | host, | ||
| enum SSL_type | ssl_type, | ||
| const char * | ssl_cipher, | ||
| const char * | x509_issuer, | ||
| const char * | x509_subject, | ||
| USER_RESOURCES * | mqh, | ||
| Access_bitmask | privileges, | ||
| const LEX_CSTRING & | plugin, | ||
| const LEX_CSTRING & | auth, | ||
| const MYSQL_TIME & | password_change_time, | ||
| const LEX_ALTER & | password_life, | ||
| Restrictions & | restrictions, | ||
| uint | failed_login_attempts, | ||
| int | password_lock_time, | ||
| const I_multi_factor_auth * | mfa | ||
| ) | 
| bool acl_reload | ( | THD * | thd, | 
| bool | mdl_locked, | ||
| bool | preserve_temporary_account_locking, | ||
| Lock_state_list * | modified_user_lock_state_list | ||
| ) | 
| void acl_update_db | ( | const char * | user, | 
| const char * | host, | ||
| const char * | db, | ||
| Access_bitmask | privileges | ||
| ) | 
| void acl_update_proxy_user | ( | ACL_PROXY_USER * | new_value, | 
| bool | is_revoke | ||
| ) | 
| void acl_update_user | ( | const char * | user, | 
| const char * | host, | ||
| enum SSL_type | ssl_type, | ||
| const char * | ssl_cipher, | ||
| const char * | x509_issuer, | ||
| const char * | x509_subject, | ||
| USER_RESOURCES * | mqh, | ||
| Access_bitmask | privileges, | ||
| const LEX_CSTRING & | plugin, | ||
| const LEX_CSTRING & | auth, | ||
| const std::string & | second_auth, | ||
| const MYSQL_TIME & | password_change_time, | ||
| const LEX_ALTER & | password_life, | ||
| Restrictions & | restrictions, | ||
| acl_table::Pod_user_what_to_update & | what_to_update, | ||
| uint | failed_login_attempts, | ||
| int | password_lock_time, | ||
| const I_multi_factor_auth * | mfa | ||
| ) | 
| void acl_users_add_one | ( | const char * | user, | 
| const char * | host, | ||
| enum SSL_type | ssl_type, | ||
| const char * | ssl_cipher, | ||
| const char * | x509_issuer, | ||
| const char * | x509_subject, | ||
| USER_RESOURCES * | mqh, | ||
| Access_bitmask | privileges, | ||
| const LEX_CSTRING & | plugin, | ||
| const LEX_CSTRING & | auth, | ||
| const LEX_CSTRING & | second_auth, | ||
| const MYSQL_TIME & | password_change_time, | ||
| const LEX_ALTER & | password_life, | ||
| bool | add_role_vertex, | ||
| Restrictions & | restrictions, | ||
| uint | failed_login_attempts, | ||
| int | password_lock_time, | ||
| const I_multi_factor_auth * | mfa, | ||
| THD * | thd | ||
| ) | 
Append the authorization id for the user.
| [in] | thd | The THD to find the SQL mode | 
| [in] | acl_user | ACL User to retrieve the user information | 
| [in,out] | str | The string in which authID is suffixed | 
| void append_auth_id_string | ( | const THD * | thd, | 
| const char * | user, | ||
| size_t | user_len, | ||
| const char * | host, | ||
| size_t | host_len, | ||
| String * | str | ||
| ) | 
Append the user@host to the str.
| [in] | thd | The THD to find the SQL mode | 
| [in] | user | Username to append to authID | 
| [in] | user_len | Length of Username | 
| [in] | host | hostname to append to authID | 
| [in] | host_len | Length of hostname | 
| [in,out] | str | The string in which authID is suffixed | 
| bool assert_acl_cache_read_lock | ( | THD * | thd | ) | 
Assert that thread owns MDL_SHARED on partition specific to the thread.
| [in] | thd | Thread for which lock is to be checked | 
| true | Thread owns lock | 
| false | Thread does not own lock | 
| bool assert_acl_cache_write_lock | ( | THD * | thd | ) | 
Assert that thread owns MDL_EXCLUSIVE on all partitions.
| [in] | thd | Thread for which lock is to be checked | 
| true | Thread owns lock | 
| false | Thread does not own lock | 
| 
 | static | 
Utility function for removing items from the hash.
| ptr | A pointer to a Acl_hash_entry | 
| arg | not used | 
| Acl_user_ptr_list * cached_acl_users_for_name | ( | const char * | name | ) | 
Fetch the list of ACL_USERs which share name or have no name.
| [in] | name | User entry to be searched | 
| bool check_acl_tables_intact | ( | THD * | thd, | 
| bool | mdl_locked | ||
| ) | 
Opens the ACL tables and checks their sanity.
This method reports error only if it is unable to open or lock tables. It is called in situations when server has to continue even if a corrupt table was found - For example - acl_init()
| thd | Handle of current thread. | 
| mdl_locked | MDL is locked | 
| false | OK. true Unable to open the table(s). | 
Helper function that checks the sanity of tables object present in the Table_ref object.
it logs a warning message when a table is missing
| thd | Handle of current thread. | 
| tables | A valid table list pointer | 
| false | OK. true Error. | 
| bool check_engine_type_for_acl_table | ( | THD * | thd, | 
| bool | mdl_locked | ||
| ) | 
| void clean_user_cache | ( | ) | 
| void clear_and_init_db_cache | ( | ) | 
| bool create_acl_cache_hash_key | ( | uchar ** | out_key, | 
| unsigned * | key_len, | ||
| uint64 | version, | ||
| const Auth_id_ref & | uid, | ||
| const List_of_auth_id_refs & | active_roles | ||
| ) | 
Allocate a new cache key based on active roles, current user and global cache version.
| [out] | out_key | The resulting key | 
| [out] | key_len | Key length | 
| version | Global Acl_cache version | |
| uid | The authorization ID of the current user | |
| active_roles | The active roles of the current user | 
| true | OK | 
| false | Fatal error occurred. | 
| ACL_USER * find_acl_user | ( | const char * | host, | 
| const char * | user, | ||
| bool | exact | ||
| ) | 
| void free_name_to_userlist | ( | ) | 
Clear second level cache on account names.
| Acl_cache * get_global_acl_cache | ( | ) | 
| ulong get_global_acl_cache_size | ( | ) | 
| ulong get_sort | ( | uint | count, | 
| ... | |||
| ) | 
| void grant_free | ( | void | ) | 
| bool grant_init | ( | bool | skip_grant_tables | ) | 
Initialize structures responsible for table/column-level privilege checking and load information for them from tables in the 'mysql' database.
| skip_grant_tables | true if the command line option –skip-grant-tables is specified, else false. | 
| false | OK | 
| true | Could not initialize grant subsystem. | 
Initialize structures responsible for table/column-level privilege checking and load information about grants from open privilege tables.
| thd | Current thread | 
| tables | List containing open "mysql.tables_priv" and "mysql.columns_priv" tables. | 
| false | Success | 
| true | Error | 
| 
 | static | 
Helper function to grant_reload_procs_priv.
Reads the procs_priv table into memory hash.
| p_table | A pointer to the procs_priv table structure. | 
| true | An error occurred | 
| false | Success | 
| bool grant_reload | ( | THD * | thd, | 
| bool | mdl_locked | ||
| ) | 
Reload information about table and column level privileges if possible.
| thd | Current thread | 
| mdl_locked | MDL lock status - affects open/close table operations | 
Locked tables are checked by acl_reload() and doesn't have to be checked in this call. This function is also used for initialization of structures responsible for table/column-level privilege checking.
| false | Success | 
| true | Error | 
| 
 | static | 
Helper function to grant_reload.
Reloads procs_priv table is it exists.
| table | A pointer to the table list. | 
| false | Success | 
| true | An error has occurred. | 
| bool hostname_requires_resolving | ( | const char * | hostname | ) | 
Check if the given host name needs to be resolved or not.
Host name has to be resolved if it actually contains name.
For example: 192.168.1.1 --> false 192.168.1.0/255.255.255.0 --> false % --> false 192.168.1.% --> false AB% --> false
AAAAFFFF --> true (Hostname) AAAA:FFFF:1234:5678 --> false ::1 --> false
This function does not check if the given string is a valid host name or not. It assumes that the argument is a valid host name.
| hostname | the string to check. | 
| true | the argument is a host name and needs to be resolved. | 
| false | the argument is either an IP address, or a patter and should not be resolved. | 
| void init_acl_cache | ( | ) | 
| void init_acl_memory | ( | ) | 
Allocates the memory in the the global_acl_memory MEM_ROOT.
| 
 | static | 
Insert a new entry in db_cache.
| [in] | thd | Handle to THD object | 
| [in] | entry | Entry to be inserted in db_cache | 
| bool is_acl_inited | ( | ) | 
| bool is_acl_user | ( | THD * | thd, | 
| const char * | host, | ||
| const char * | user | ||
| ) | 
| bool is_expected_or_transient_error | ( | THD * | thd | ) | 
Small helper function which allows to determine if error which caused failure to open and lock privilege tables should not be reported to error log (because this is expected or temporary condition).
| bool is_partial_revoke_exists | ( | THD * | thd | ) | 
Method to check if there exists at least one partial revokes in the cache.
If the cache is not initialized at the time of the method call then it returns no partial revokes exists.
| [in] | thd | THD handle | 
| true | Partial revokes exists | 
| false | Otherwise | 
| int match_all_entries | ( | const uchar * | , | 
| void * | |||
| ) | 
Helper function for Acl_cache::clear_acl_cache.
| void notify_flush_event | ( | THD * | thd | ) | 
Audit notification for flush.
| [in] | thd | Handle to THD | 
| void rebuild_cached_acl_users_for_name | ( | void | ) | 
Build the lists of ACL_USERs which share name or have no name.
All accounts with same name will be chained so that they can be retrieved by a single lookup. These entries are sorted using ACL_compare to make sure that most specific account is picked up first. Anonymous user is added to each chain.
| void rebuild_check_host | ( | void | ) | 
| bool reload_acl_caches | ( | THD * | thd, | 
| bool | mdl_locked, | ||
| bool | preserve_temporary_account_locking, | ||
| Lock_state_list * | modified_user_lock_state_list | ||
| ) | 
Reload all ACL caches.
We call this in two cases:
| [in] | thd | THD handle | 
| [in] | mdl_locked | MDL locks are taken | 
| [in] | preserve_temporary_account_locking | Preserve temporary account locking attributes of all users. | 
| [in] | modified_user_lock_state_list | List of users whose temporary account locking attributes are likely modified. | 
| false | Success | 
| true | Error | 
Initialize roles structures from role tables handle.
This function is called by acl_reload and may fail to initialize role structures if handle to role_edges and/or default_roles are NUL
| [in] | thd | Handle to THD object | 
| [in] | tablelst | Handle to Roles tables | 
| false | Success | 
| true | failure | 
| 
 | static | 
Helper: Set host name.
| bool set_user_salt | ( | ACL_USER * | acl_user | ) | 
Convert scrambled password to binary form, according to scramble type, Binary form is stored in user.salt.
| acl_user | The object where to store the salt | 
Despite the name of the function it is used when loading ACLs from disk to store the password hash in the ACL_USER object. Note that it works only for native and "old" mysql authentication built-in plugins.
Assumption : user's authentication plugin information is available.
| false | Hash is of suitable length | 
| true | Hash is of wrong length or format | 
| 
 | static | 
Helper: Set user name.
| void shutdown_acl_cache | ( | ) | 
Shutdown the global Acl_cache system which was only initialized if the rwlocks were initialized.
| bool skip_grant_tables | ( | void | ) | 
| bool update_sctx_cache | ( | Security_context * | sctx, | 
| ACL_USER * | acl_user_ptr, | ||
| bool | expired | ||
| ) | 
Update the security context when updating the user.
Helper function. Update only if the security context is pointing to the same user and the user is not a proxied user for a different proxy user. And return true if the update happens (i.e. we're operating on the user account of the current user). Normalize the names for a safe compare.
| sctx | The security context to update | 
| acl_user_ptr | User account being updated | 
| expired | new value of the expiration flag | 
| 
 | static | 
Iterate over the user records and check for irregularities.
Currently this includes :
| int wild_case_compare | ( | CHARSET_INFO * | cs, | 
| const char * | str, | ||
| const char * | wildstr | ||
| ) | 
| int wild_case_compare | ( | CHARSET_INFO * | cs, | 
| const char * | str, | ||
| size_t | str_len, | ||
| const char * | wildstr, | ||
| size_t | wildstr_len | ||
| ) | 
Performs wildcard matching, aka globbing, on the input string with the given wildcard pattern, and the specified wildcard characters.
This method does case insensitive comparisons.
| [in] | cs | character set of the input string and wildcard pattern | 
| [in] | str | input which should be matched against pattern | 
| [in] | str_len | length of the input string | 
| [in] | wildstr | pattern with wildcards | 
| [in] | wildstr_len | length of the wildcards pattern | 
| bool acl_cache_initialized = false | 
| 
 | static | 
| 
 | static | 
| collation_unordered_map<std::string, ACL_USER *>* acl_check_hosts = nullptr | 
| Db_access_map acl_db_map | 
| Prealloced_array<ACL_DB, ACL_PREALLOC_SIZE>* acl_dbs = nullptr | 
| Prealloced_array<ACL_PROXY_USER, ACL_PREALLOC_SIZE>* acl_proxy_users = nullptr | 
| unique_ptr<Acl_restrictions> acl_restrictions = nullptr | 
| Prealloced_array<ACL_USER, ACL_PREALLOC_SIZE>* acl_users = nullptr | 
| Prealloced_array<ACL_HOST_AND_IP, ACL_PREALLOC_SIZE>* acl_wild_hosts = nullptr | 
| PSI_mutex_info all_acl_cache_mutexes[] | 
| bool allow_all_hosts = true | 
| unique_ptr< malloc_unordered_multimap<string, unique_ptr_destroy_only<GRANT_TABLE> > > column_priv_hash | 
| malloc_unordered_map<std::string, unique_ptr_my_free<acl_entry> > db_cache | 
| unique_ptr< malloc_unordered_multimap<string, unique_ptr_destroy_only<GRANT_NAME> > > func_priv_hash | 
| 
 | extern | 
| Default_roles* g_default_roles = nullptr | 
| 
 | extern | 
| MEM_ROOT global_acl_memory | 
| uint32 global_password_history = 0 | 
Global sysvar: the number of old passwords to check in the history.
| uint32 global_password_reuse_interval = 0 | 
Global sysvar: the number of days before a password can be reused.
| uint grant_version = 0 | 
| bool initialized = false | 
| PSI_mutex_key key_LOCK_acl_cache_flush | 
| uint64 l_cache_flusher_global_version | 
This global is protected by the Acl_cache::m_cache_flush_mutex and used when iterating the Acl_map hash in Acl_cache::flush_cache.
| 
 | static | 
| MEM_ROOT memex | 
| Name_to_userlist* name_to_userlist = nullptr | 
| unique_ptr< malloc_unordered_multimap<string, unique_ptr_destroy_only<GRANT_NAME> > > proc_priv_hash | 
| 
 | static | 
Internal schema registered.
Currently, this is only:
| bool validate_user_plugins = true | 
controls the extra checks on plugin availability for mysql.user records