MySQL 8.4.2
Source Code Documentation
|
#include "sql/auth/sql_user_table.h"
#include "my_config.h"
#include <stddef.h>
#include <string.h>
#include <sys/time.h>
#include <sys/types.h>
#include <memory>
#include <set>
#include <unordered_map>
#include <utility>
#include "lex_string.h"
#include "map_helpers.h"
#include "my_alloc.h"
#include "my_base.h"
#include "my_dbug.h"
#include "my_sqlcommand.h"
#include "my_sys.h"
#include "mysql/components/services/log_builtins.h"
#include "mysql/components/services/log_shared.h"
#include "mysql/psi/mysql_statement.h"
#include "mysql/strings/m_ctype.h"
#include "mysql_com.h"
#include "mysql_time.h"
#include "mysqld_error.h"
#include "nulls.h"
#include "sql/auth/acl_change_notification.h"
#include "sql/auth/auth_acls.h"
#include "sql/auth/auth_common.h"
#include "sql/auth/auth_internal.h"
#include "sql/auth/sql_auth_cache.h"
#include "sql/auth/sql_authentication.h"
#include "sql/auth/sql_security_ctx.h"
#include "sql/binlog.h"
#include "sql/debug_sync.h"
#include "sql/error_handler.h"
#include "sql/field.h"
#include "sql/handler.h"
#include "sql/item_func.h"
#include "sql/key.h"
#include "sql/log.h"
#include "sql/mdl.h"
#include "sql/mysqld.h"
#include "sql/rpl_filter.h"
#include "sql/rpl_rli.h"
#include "sql/sql_base.h"
#include "sql/sql_class.h"
#include "sql/sql_connect.h"
#include "sql/sql_const.h"
#include "sql/sql_error.h"
#include "sql/sql_lex.h"
#include "sql/sql_list.h"
#include "sql/sql_parse.h"
#include "sql/sql_rewrite.h"
#include "sql/sql_table.h"
#include "sql/sql_update.h"
#include "sql/system_variables.h"
#include "sql/table.h"
#include "sql/transaction.h"
#include "sql/tztime.h"
#include "sql_string.h"
#include "string_with_len.h"
#include "strxmov.h"
#include "thr_lock.h"
#include "typelib.h"
#include "violite.h"
Classes | |
class | acl_tables_setup_for_write_and_acquire_mdl_error_handler |
Internal_error_handler subclass to suppress ER_LOCK_DEADLOCK error. More... | |
Functions | |
static bool | acl_tables_setup_for_write_and_acquire_mdl (THD *thd, Table_ref *tables) |
Setup ACL tables to be opened in write mode. More... | |
void | commit_and_close_mysql_tables (THD *thd) |
A helper function to commit statement transaction and close ACL tables after reading some data from them as part of FLUSH PRIVILEGES statement or during server initialization. More... | |
Access_bitmask | get_access (TABLE *form, uint fieldnr, uint *next_field) |
void | acl_notify_htons (THD *thd, enum_sql_command operation, const List< LEX_USER > *users, std::set< LEX_USER * > *rewrite_users, const List< LEX_CSTRING > *dynamic_privs) |
static bool | acl_end_trans_and_close_tables (THD *thd, bool rollback_transaction) |
Commit or rollback ACL statement (and transaction), close tables which it has opened and release metadata locks. More... | |
bool | log_and_commit_acl_ddl (THD *thd, bool transactional_tables, std::set< LEX_USER * > *extra_users, Rewrite_params *rewrite_params, bool extra_error, bool write_to_binlog) |
static void | get_grantor (THD *thd, char *grantor) |
void | acl_print_ha_error (int handler_error) |
Take a handler error and generate the mysql error ER_ACL_OPERATION_FAILED containing original text of HA error. More... | |
static int | compatibility_replace_db_table (THD *thd, TABLE *table, const char *db, const LEX_USER &combo, Access_bitmask rights, bool revoke_grant) |
change grants in the mysql.db table. More... | |
bool | compatibility_mode (const THD *thd, uint32_t fix_version) |
Check if value of the original_server_version variable is lower than the version that supports the feature, so the following code should be run in a backward compatibility mode. More... | |
int | replace_db_table (THD *thd, TABLE *table, const char *db, const LEX_USER &combo, Access_bitmask rights, bool revoke_grant, bool all_current_privileges) |
change grants in the mysql.db table. More... | |
int | replace_proxies_priv_table (THD *thd, TABLE *table, const LEX_USER *user, const LEX_USER *proxied_user, bool with_grant_arg, bool revoke_grant) |
Insert, update or remove a record in the mysql.proxies_priv table. More... | |
int | replace_column_table (THD *thd, GRANT_TABLE *g_t, TABLE *table, const LEX_USER &combo, List< LEX_COLUMN > &columns, const char *db, const char *table_name, Access_bitmask rights, bool revoke_grant) |
Update record in the table mysql.columns_priv. More... | |
static int | compatibility_replace_table_table (THD *thd, GRANT_TABLE *grant_table, std::unique_ptr< GRANT_TABLE, Destroy_only< GRANT_TABLE > > *deleted_grant_table, TABLE *table, const LEX_USER &combo, const char *db, const char *table_name, Access_bitmask rights, Access_bitmask col_rights, bool revoke_grant) |
Search and create/update a record for requested table privileges. More... | |
int | replace_table_table (THD *thd, GRANT_TABLE *grant_table, std::unique_ptr< GRANT_TABLE, Destroy_only< GRANT_TABLE > > *deleted_grant_table, TABLE *table, const LEX_USER &combo, const char *db, const char *table_name, Access_bitmask rights, Access_bitmask col_rights, bool revoke_grant, bool all_current_privileges) |
Search and create/update a record for requested table privileges. More... | |
int | replace_routine_table (THD *thd, GRANT_NAME *grant_name, TABLE *table, const LEX_USER &combo, const char *db, const char *routine_name, bool is_proc, Access_bitmask rights, bool revoke_grant, bool all_current_privileges) |
Search and create/update a record for the routine requested. More... | |
static void | acl_tables_setup (Table_ref *tables, thr_lock_type lock_type, enum_mdl_type mdl_type) |
Construct Table_ref array for ACL tables. More... | |
void | acl_tables_setup_for_read (Table_ref *tables) |
Setup ACL tables to be opened in read mode. More... | |
int | open_grant_tables (THD *thd, Table_ref *tables, bool *transactional_tables) |
Open the grant tables. More... | |
static int | modify_grant_table (TABLE *table, Field *host_field, Field *user_field, LEX_USER *user_to) |
Modify a privilege table. More... | |
int | handle_grant_table (THD *, Table_ref *tables, ACL_TABLES table_no, bool drop, LEX_USER *user_from, LEX_USER *user_to) |
Handle a privilege table. More... | |
bool | check_engine_type_for_acl_table (Table_ref *tables, bool report_error) |
Check that every ACL table has a supported storage engine (InnoDB). More... | |
bool | is_acl_table_name (const char *name) |
Check if given table name is a ACL table name. More... | |
bool | is_acl_table (const TABLE *table) |
Check if given TABLE* is a ACL table name. More... | |
|
static |
Commit or rollback ACL statement (and transaction), close tables which it has opened and release metadata locks.
False | - Success. |
True | - Error. |
void acl_notify_htons | ( | THD * | thd, |
enum_sql_command | operation, | ||
const List< LEX_USER > * | users, | ||
std::set< LEX_USER * > * | rewrite_users, | ||
const List< LEX_CSTRING > * | dynamic_privs | ||
) |
void acl_print_ha_error | ( | int | handler_error | ) |
Take a handler error and generate the mysql error ER_ACL_OPERATION_FAILED containing original text of HA error.
handler_error | an error number resulted from storage engine |
|
static |
Construct Table_ref array for ACL tables.
[in,out] | tables | Table_ref array |
[in] | lock_type | Read or Write |
[in] | mdl_type | MDL to be used |
void acl_tables_setup_for_read | ( | Table_ref * | tables | ) |
Setup ACL tables to be opened in read mode.
Prepare references to all of the grant tables in the order of the ACL_TABLES enum.
[in,out] | tables | Table handles |
Setup ACL tables to be opened in write mode.
Prepare references to all of the grant tables in the order of the ACL_TABLES enum.
Obtain locks on required MDLs upfront.
[in] | thd | THD handle |
[in,out] | tables | Table handles |
false | OK |
true | Error |
bool check_engine_type_for_acl_table | ( | Table_ref * | tables, |
bool | report_error | ||
) |
Check that every ACL table has a supported storage engine (InnoDB).
Report error if table's engine type is not supported.
tables | Pointer to TABLES_LIST of ACL tables to check. |
report_error | If true report error to the client/diagnostic area, otherwise write a warning to the error log. |
false | OK |
true | some of ACL tables has an unsupported engine type. |
void commit_and_close_mysql_tables | ( | THD * | thd | ) |
A helper function to commit statement transaction and close ACL tables after reading some data from them as part of FLUSH PRIVILEGES statement or during server initialization.
|
inline |
Check if value of the original_server_version variable is lower than the version that supports the feature, so the following code should be run in a backward compatibility mode.
thd | Current thread execution context |
fix_version | Version in which fix/feature was implemented |
true | a compatibility mode is required |
false | a compatibility mode is not required |
|
static |
change grants in the mysql.db table.
Legacy version of the function to be removed in future.
thd | Current thread execution context. |
table | Pointer to a TABLE object for opened mysql.db table. |
db | Database name of table for which column privileges are modified. |
combo | Pointer to a LEX_USER object containing info about a user being processed. |
rights | Database level grant. |
revoke_grant | Set to true if this is a REVOKE command. |
0 | OK. |
1 | Error in handling current user entry but still can continue processing subsequent user specified in the ACL statement. |
< | 0 Error. |
|
static |
Search and create/update a record for requested table privileges.
thd | The current thread. |
grant_table | Cached info about table/columns privileges. |
deleted_grant_table | If non-nullptr and grant is removed from column cache, it is returned here instead of being destroyed. |
table | Pointer to a TABLE object for open mysql.tables_priv table. |
combo | User information. |
db | Database name of table to give grant. |
table_name | Name of table to give grant. |
rights | Table privileges to set/update. |
col_rights | Column privileges to set/update. |
revoke_grant | Set to true if a REVOKE command is executed. |
0 | OK. |
< | 0 System error or storage engine error happen. |
1 | No entry for request. |
Access_bitmask get_access | ( | TABLE * | form, |
uint | fieldnr, | ||
uint * | next_field | ||
) |
|
static |
int handle_grant_table | ( | THD * | , |
Table_ref * | tables, | ||
ACL_TABLES | table_no, | ||
bool | drop, | ||
LEX_USER * | user_from, | ||
LEX_USER * | user_to | ||
) |
Handle a privilege table.
tables | The array with the four open tables. |
table_no | The number of the table to handle (0..4). |
drop | If user_from is to be dropped. |
user_from | The the user to be searched/dropped/renamed. |
user_to | The new name for the user if to be renamed, NULL otherwise. |
This function scans through following tables: mysql.user, mysql.db, mysql.tables_priv, mysql.columns_priv, mysql.procs_priv, mysql.proxies_priv. For all above tables, we do an index scan and then iterate over the found records do following: Delete from grant table if drop is true. Update in grant table if drop is false and user_to is not NULL. Search in grant table if drop is false and user_to is NULL.
0 | OK, but no record matched. |
< | 0 Error. |
> | 0 At least one record matched. |
bool is_acl_table | ( | const TABLE * | table | ) |
Check if given TABLE* is a ACL table name.
table | TABLE object. |
true | If it is a ACL table, otherwise false. |
bool is_acl_table_name | ( | const char * | name | ) |
Check if given table name is a ACL table name.
name | Table name. |
true | If it is a ACL table, otherwise false. |
bool log_and_commit_acl_ddl | ( | THD * | thd, |
bool | transactional_tables, | ||
std::set< LEX_USER * > * | extra_users, | ||
Rewrite_params * | rewrite_params, | ||
bool | extra_error, | ||
bool | write_to_binlog | ||
) |
|
static |
Modify a privilege table.
table | The table to modify. |
host_field | The host name field. |
user_field | The user name field. |
user_to | The new name for the user if to be renamed, NULL otherwise. |
0 | OK. |
!= | 0 Error. |
Open the grant tables.
thd | The current thread. | |
[in,out] | tables | Array of ACL_TABLES::LAST_ENTRY table list elements which will be used for opening tables. |
[out] | transactional_tables | Set to true if one of grant tables is transactional, false otherwise. |
1 | Skip GRANT handling during replication. |
0 | OK. |
< | 0 Error. |
int replace_column_table | ( | THD * | thd, |
GRANT_TABLE * | g_t, | ||
TABLE * | table, | ||
const LEX_USER & | combo, | ||
List< LEX_COLUMN > & | columns, | ||
const char * | db, | ||
const char * | table_name, | ||
Access_bitmask | rights, | ||
bool | revoke_grant | ||
) |
Update record in the table mysql.columns_priv.
thd | Current thread execution context. |
g_t | Pointer to a cached table grant object |
table | Pointer to a TABLE object for open mysql.columns_priv table |
combo | Pointer to a LEX_USER object containing info about a user being processed |
columns | List of columns to give/revoke grant |
db | Database name of table for which column privileges are modified |
table_name | Name of table for which column privileges are modified |
rights | Table level grant |
revoke_grant | Set to true if this is a REVOKE command |
0 | OK. |
< | 0 System error or storage engine error happen |
> | 0 Error in handling current user entry but still can continue processing subsequent user specified in the ACL statement. |
int replace_db_table | ( | THD * | thd, |
TABLE * | table, | ||
const char * | db, | ||
const LEX_USER & | combo, | ||
Access_bitmask | rights, | ||
bool | revoke_grant, | ||
bool | all_current_privileges | ||
) |
change grants in the mysql.db table.
thd | Current thread execution context. |
table | Pointer to a TABLE object for opened mysql.db table. |
db | Database name of table for which column privileges are modified. |
combo | Pointer to a LEX_USER object containing info about a user being processed. |
rights | Database level grant. |
revoke_grant | Set to true if this is a REVOKE command. |
all_current_privileges | Set to true if this is GRANT/REVOKE ALL |
0 | OK. |
1 | Error in handling current user entry but still can continue processing subsequent user specified in the ACL statement. |
< | 0 Error. |
int replace_proxies_priv_table | ( | THD * | thd, |
TABLE * | table, | ||
const LEX_USER * | user, | ||
const LEX_USER * | proxied_user, | ||
bool | with_grant_arg, | ||
bool | revoke_grant | ||
) |
Insert, update or remove a record in the mysql.proxies_priv table.
thd | The current thread. |
table | Pointer to a TABLE object for opened mysql.proxies_priv table. |
user | Information about user being handled. |
proxied_user | Information about proxied user being handled. |
with_grant_arg | True if a user is allowed to execute GRANT, else false. |
revoke_grant | Set to true if this is REVOKE command. |
0 | OK. |
1 | Error in handling current user entry but still can continue processing subsequent user specified in the ACL statement. |
< | 0 Error. |
int replace_routine_table | ( | THD * | thd, |
GRANT_NAME * | grant_name, | ||
TABLE * | table, | ||
const LEX_USER & | combo, | ||
const char * | db, | ||
const char * | routine_name, | ||
bool | is_proc, | ||
Access_bitmask | rights, | ||
bool | revoke_grant, | ||
bool | all_current_privileges | ||
) |
Search and create/update a record for the routine requested.
thd | The current thread. |
grant_name | Cached info about stored routine. |
table | Pointer to a TABLE object for open mysql.procs_priv table. |
combo | User information. |
db | Database name for stored routine. |
routine_name | Name for stored routine. |
is_proc | True for stored procedure, false for stored function. |
rights | Rights requested. |
revoke_grant | Set to true if a REVOKE command is executed. |
all_current_privileges | Set to true if this is GRANT/REVOKE ALL |
0 | OK. |
< | 0 System error or storage engine error happen |
> | 0 Error in handling current routine entry but still can continue processing subsequent user specified in the ACL statement. |
int replace_table_table | ( | THD * | thd, |
GRANT_TABLE * | grant_table, | ||
std::unique_ptr< GRANT_TABLE, Destroy_only< GRANT_TABLE > > * | deleted_grant_table, | ||
TABLE * | table, | ||
const LEX_USER & | combo, | ||
const char * | db, | ||
const char * | table_name, | ||
Access_bitmask | rights, | ||
Access_bitmask | col_rights, | ||
bool | revoke_grant, | ||
bool | all_current_privileges | ||
) |
Search and create/update a record for requested table privileges.
thd | The current thread. |
grant_table | Cached info about table/columns privileges. |
deleted_grant_table | If non-nullptr and grant is removed from column cache, it is returned here instead of being destroyed. |
table | Pointer to a TABLE object for open mysql.tables_priv table. |
combo | User information. |
db | Database name of table to give grant. |
table_name | Name of table to give grant. |
rights | Table privileges to set/update. |
col_rights | Column privileges to set/update. |
revoke_grant | Set to true if a REVOKE command is executed. |
all_current_privileges | Set to true if this is GRANT/REVOKE ALL |
0 | OK. |
< | 0 System error or storage engine error happen. |
1 | No entry for request. |
|
static |
|
extern |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |