26#ifndef MYSQL_HARNESS_ACCESS_RIGHTS_INCLUDED
27#define MYSQL_HARNESS_ACCESS_RIGHTS_INCLUDED
29#include "harness_export.h"
40#include <system_error>
50namespace posix::access_rights {
60 static constexpr const mode_t
kMask = Mask;
64 static_assert(!(
kMask & ~kFullAccessMask));
68 if ((perms &
kMask) != 0) {
82 static constexpr const mode_t
kMask = Mask;
99namespace win32::access_rights {
103 void operator()(
void *ptr) { LocalFree(ptr); }
107using LocalAllocated = std::unique_ptr<T, LocalDeleter>;
127 using allocated_type = LocalAllocated<T>;
128 using pointer =
typename allocated_type::pointer;
129 using element_type =
typename allocated_type::element_type;
136 explicit Allocated(
size_t size)
137 : allocated_{reinterpret_cast<pointer>(LocalAlloc(LPTR,
size))} {}
144 Allocated(pointer
p) : allocated_{
p} {}
146 pointer
get() const noexcept {
return allocated_.get(); }
148 pointer operator->()
const {
return allocated_.get(); }
150 void reset(pointer ptr) { allocated_.reset(ptr); }
153 allocated_type allocated_;
160class SizedAllocated :
public Allocated<T> {
167 SizedAllocated(
size_t size) : Allocated<T>{
size}, size_{
size} {}
169 [[nodiscard]]
size_t size() const noexcept {
return size_; }
181create_well_known_sid(WELL_KNOWN_SID_TYPE well_known_sid);
192class HARNESS_EXPORT
Sid {
197 Sid(SID *sid) : sid_{
std::move(sid)} {}
199 BYTE revision()
const {
return sid_->Revision; }
200 BYTE sub_authority_count()
const {
return sid_->SubAuthorityCount; }
201 SID_IDENTIFIER_AUTHORITY identifier_authority()
const {
202 return sid_->IdentifierAuthority;
207 SID *native() {
return sid_; }
216 return EqualSid(a.sid_, b.sid_);
224class HARNESS_EXPORT Ace {
226 Ace(ACE_HEADER *ace) : ace_{
std::move(ace)} {}
228 BYTE
type()
const {
return ace_->AceType; }
229 BYTE
flags()
const {
return ace_->AceFlags; }
230 WORD
size()
const {
return ace_->AceSize; }
232 void *data()
const {
return ace_; }
243class HARNESS_EXPORT Acl {
245 explicit Acl(ACL *acl) : acl_{
std::move(acl)} {}
247 class HARNESS_EXPORT iterator {
252 iterator(ACL *acl,
size_t ndx) : acl_{acl}, ndx_{ndx} {}
254 reference operator*();
265 iterator
begin()
const {
return {acl_, 0}; }
266 iterator
end()
const {
return {acl_,
size()}; }
279class HARNESS_EXPORT AccessAllowedAce {
281 explicit AccessAllowedAce(ACCESS_ALLOWED_ACE *ace) : ace_{ace} {}
283 ACCESS_MASK
mask()
const {
return ace_->Mask; }
284 Sid sid()
const {
return reinterpret_cast<SID *
>(&ace_->SidStart); }
289 ACCESS_ALLOWED_ACE *ace_;
300using OptionalDacl = std::optional<ACL *>;
309class HARNESS_EXPORT SecurityDescriptor {
316 explicit SecurityDescriptor(SECURITY_DESCRIPTOR *desc) : desc_{desc} {}
330 DWORD revision = SECURITY_DESCRIPTOR_REVISION);
336 bool dacl_defaulted);
346 bool is_self_relative()
const {
347 return control().value_or(0) & SE_SELF_RELATIVE;
359 make_self_relative();
367 SECURITY_DESCRIPTOR *desc_;
370class HARNESS_EXPORT AclBuilder {
372 struct WellKnownSid {
373 WELL_KNOWN_SID_TYPE sid;
379 struct CurrentUser {};
390 static EXPLICIT_ACCESSW ace_grant_access(SID *sid, DWORD rights);
400 static EXPLICIT_ACCESSW ace_set_access(SID *sid, DWORD rights);
409 static EXPLICIT_ACCESSW ace_revoke_access(SID *sid);
424 AclBuilder &grant(CurrentUser, DWORD rights);
429 AclBuilder &grant(
const WellKnownSid &owner, DWORD rights);
431 AclBuilder &grant(Allocated<SID> sid, DWORD rights);
433 AclBuilder &
set(CurrentUser, DWORD rights);
435 AclBuilder &
set(
const WellKnownSid &owner, DWORD rights);
437 AclBuilder &
set(Allocated<SID> sid, DWORD rights);
439 AclBuilder &revoke(CurrentUser);
441 AclBuilder &revoke(
const WellKnownSid &owner);
443 AclBuilder &revoke(Allocated<SID> sid);
448 std::vector<Allocated<SID>> owned_sids_;
450 std::error_code ec_{};
451 std::vector<EXPLICIT_ACCESSW> perms_;
452 mysql_harness::win32::access_rights::OptionalDacl dacl_;
Sid class.
Definition: common.h:219
allows permissions.
Definition: access_rights.h:80
stdx::expected< void, std::error_code > operator()(const security_descriptor_type &perms)
Definition: access_rights.h:85
static constexpr const mode_t kFullAccessMask
Definition: access_rights.h:83
static constexpr const mode_t kMask
Definition: access_rights.h:82
denies permissions.
Definition: access_rights.h:58
static constexpr const mode_t kMask
Definition: access_rights.h:60
stdx::expected< void, std::error_code > operator()(const security_descriptor_type &perms)
Definition: access_rights.h:66
static constexpr const mode_t kFullAccessMask
Definition: access_rights.h:61
Definition: expected.h:286
const char * p
Definition: ctype-mb.cc:1235
static int flags[50]
Definition: hp_test1.cc:40
static mi_bit_type mask[]
Definition: mi_packrec.cc:141
bool operator!=(const my_thread_handle &a, const my_thread_handle &b)
Definition: my_thread.h:158
bool operator==(const my_thread_handle &a, const my_thread_handle &b)
Definition: my_thread.h:151
uint16_t value_type
Definition: vt100.h:184
std::string HARNESS_EXPORT reset()
get 'reset attributes' ESC sequence.
Definition: vt100.cc:37
std::string file_name(Log_file_id file_id)
Provides name of the log file with the given file id, e.g.
Definition: log0pre_8_0_30.cc:94
MYSQL_STRINGS_EXPORT void initialize(const char *charset_dir=nullptr, MY_CHARSET_LOADER *loader=nullptr)
Initialize character set/collation library.
Definition: collations.cc:98
mode_t security_descriptor_type
Definition: access_rights.h:52
std::string HARNESS_EXPORT to_string(const ShutdownPending::Reason &reason)
Definition: process_state_component.cc:60
std::error_code make_error_code(DynamicLoaderErrc ec)
make error_code from a DynamicLoaderErrc.
Definition: dynamic_loader.cc:79
HARNESS_EXPORT stdx::expected< void, std::error_code > access_rights_set(const std::string &file_name, const security_descriptor_type &sec_desc)
set access rights of a file.
Definition: access_rights.cc:762
posix::access_rights::DenyPermissionVerifier<(S_IRWXO)> DenyOtherReadWritableVerifier
fail access_rights_verify() if others can read or write or execute.
Definition: access_rights.h:485
posix::access_rights::security_descriptor_type security_descriptor_type
Definition: access_rights.h:475
posix::access_rights::AllowPermissionVerifier<(S_IRUSR|S_IWUSR)> AllowUserReadWritableVerifier
fail access_rights_verify() if someone else then the owner of the file can read or write.
Definition: access_rights.h:496
stdx::expected< void, std::error_code > access_rights_verify(const security_descriptor_type &rights, Func &&func)
check if a security descriptor satisfies a verifier.
Definition: access_rights.h:511
HARNESS_EXPORT stdx::expected< security_descriptor_type, std::error_code > access_rights_get(const std::string &file_name) noexcept
get a access rights of file.
Definition: access_rights.cc:747
const char * begin(const char *const c)
Definition: base64.h:44
size_t size(const char *const c)
Definition: base64.h:46
void get(PSI_field *, PSI_longlong *) noexcept
Definition: pfs_plugin_column_bigint_v1_all_empty.cc:32
Cursor end()
A past-the-end Cursor.
Definition: rules_table_service.cc:192
Definition: gcs_xcom_synode.h:64
unexpected(E) -> unexpected< E >
std::set< Key, Compare, ut::allocator< Key > > set
Specialization of set which uses ut_allocator.
Definition: ut0new.h:2883
required string type
Definition: replication_group_member_actions.proto:34
Ssl_acceptor_context_property_type & operator++(Ssl_acceptor_context_property_type &property_type)
Increment operator for Ssl_acceptor_context_type Used by iterator.
Definition: ssl_acceptor_context_data.cc:273