MySQL 8.4.3
Source Code Documentation
sql_rewrite.cc File Reference
#include "sql/sql_rewrite.h"
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <algorithm>
#include <memory>
#include <set>
#include <string>
#include "lex_string.h"
#include "my_compiler.h"
#include "my_dbug.h"
#include "my_inttypes.h"
#include "mysql/strings/m_ctype.h"
#include "prealloced_array.h"
#include "sql/auth/auth_acls.h"
#include "sql/auth/auth_common.h"
#include "sql/auth/authentication_policy.h"
#include "sql/auth/sql_authentication.h"
#include "sql/handler.h"
#include "sql/log_event.h"
#include "sql/rpl_replica.h"
#include "sql/set_var.h"
#include "sql/sql_admin.h"
#include "sql/sql_class.h"
#include "sql/sql_connect.h"
#include "sql/sql_lex.h"
#include "sql/sql_list.h"
#include "sql/sql_parse.h"
#include "sql/sql_servers.h"
#include "sql/sql_show.h"
#include "sql/table.h"
#include "sql_string.h"
#include "string_with_len.h"
#include "violite.h"

Namespaces

namespace  anonymous_namespace{sql_rewrite.cc}
 

Macros

#define HASH_STRING_WITH_QUOTE    "$5$BVZy9O>'a+2MH]_?$fpWyabcdiHjfCVqId/quykZzjaA7adpkcen/uiQrtmOK4p4"
 In here, we rewrite queries. More...
 

Functions

void anonymous_namespace{sql_rewrite.cc}::comma_maybe (String *str, bool *comma)
 Append a comma to given string if item wasn't the first to be added. More...
 
bool anonymous_namespace{sql_rewrite.cc}::append_int (String *str, bool comma, const char *txt, size_t len, long val, int cond)
 Append a key/value pair to a string, with an optional preceding comma. More...
 
bool anonymous_namespace{sql_rewrite.cc}::append_str (String *str, bool comma, const char *key, const char *val)
 Append a key/value pair to a string if the value is non-NULL, with an optional preceding comma. More...
 
void anonymous_namespace{sql_rewrite.cc}::append_auth_id (const THD *thd, const LEX_USER *user, bool comma, String *str)
 Append the authorization id for the user. More...
 
void anonymous_namespace{sql_rewrite.cc}::append_auth_id_identifier (const THD *thd, const LEX_USER *user, bool comma, String *str)
 Append the authorization id for the user. More...
 
int anonymous_namespace{sql_rewrite.cc}::lex_user_comp (LEX_USER *l1, LEX_USER *l2)
 Used with List<>::sort for alphabetic sorting of LEX_USER records using user,host as keys. More...
 
bool anonymous_namespace{sql_rewrite.cc}::rewrite_query (THD *thd, Consumer_type type, const Rewrite_params *params, String &rlb)
 Util method which does the real rewrite of the SQL statement. More...
 
void mysql_rewrite_query (THD *thd, Consumer_type type, const Rewrite_params *params)
 Provides the default interface to rewrite the SQL statements to to obfuscate passwords. More...
 
void mysql_rewrite_acl_query (THD *thd, String &rlb, Consumer_type type, const Rewrite_params *params, bool do_ps_instrument)
 Provides the default interface to rewrite the ACL query. More...
 

Macro Definition Documentation

◆ HASH_STRING_WITH_QUOTE

#define HASH_STRING_WITH_QUOTE    "$5$BVZy9O>'a+2MH]_?$fpWyabcdiHjfCVqId/quykZzjaA7adpkcen/uiQrtmOK4p4"

In here, we rewrite queries.

For now, this is only used to obfuscate passwords before we log a statement. If we ever get other clients for rewriting, we should introduce a rewrite_flags to determine what kind of rewriting (password obfuscation etc.) is desired by the client.

Some items in the server can self-print anyway, but many can't.

For instance, you'll see a re-synthesized SELECT in EXPLAIN EXTENDED, but you won't get a resynthized query in EXPLAIN EXTENDED if you were explaining an UPDATE.

The following does not claim to be able to re-synthesize every statement, but attempts to ultimately be able to resynthesize all statements that have need of rewriting.

Stored procedures may also rewrite their statements (to show the actual values of their variables etc.). There is currently no scenario where a statement can be eligible for both rewrites (see sp_instr.cc). Special consideration will need to be taken if this is intenionally changed at a later date. (There is an ASSERT() in place that will hopefully catch unintentional changes.)

Finally, sp_* have code to print a stored program for use by SHOW PROCEDURE CODE / SHOW FUNCTION CODE.

Thus, regular query parsing comes through here for logging. So does prepared statement logging. Stored instructions of the sp_instr_stmt type (which should be the only ones to contain passwords, and therefore at this time be eligible for rewriting) go through the regular parsing facilities and therefore also come through here for logging (other sp_instr_* types don't).

Finally, as rewriting goes, by default we replace the password with a literal <secret>, with no quotation marks so the statement would fail if the user were to cut & paste it without filling in the real password. This default behavior is ON for rewriting to the textual logs. For instance : General, slow query and audit log. Rewriters also have a provision to replace the password with its hash where we have the latter. (so they could be replayed, IDENTIFIED WITH <plugin_name> AS <hash>); This hash is needed while writing the statements for binlog.

Function Documentation

◆ mysql_rewrite_acl_query()

void mysql_rewrite_acl_query ( THD thd,
String rlb,
Consumer_type  type,
const Rewrite_params params,
bool  do_ps_instrument 
)

Provides the default interface to rewrite the ACL query.

Parameters
thdThe THD to rewrite for.
rlbBuffer to return rewritten query in (if any) if do_ps_instrument is false.
typePurpose of rewriting the query Consumer_type::TEXTLOG To rewrite the query either for general, slow query and audit log. Consumer_type::BINLOG To rewrite the query for binlogs. Consumer_type::STDOUT To rewrite the query for standard output.
paramsWrapper object of parameters in case needed by a SQL rewriter.
do_ps_instrumentflag to indicate if the query has to be instrumented in the PSI. Default value is true. If instrumented, the previous

◆ mysql_rewrite_query()

void mysql_rewrite_query ( THD thd,
Consumer_type  type,
const Rewrite_params params 
)

Provides the default interface to rewrite the SQL statements to to obfuscate passwords.

The query aimed to be rewritten in the usual log files (i.e. General, slow query and audit log) uses default value of type which is Consumer_type::TEXTLOG

Side-effects:

  • thd->m_rewritten_query will contain a rewritten query, or be cleared if no rewriting took place. LOCK_thd_query will be temporarily acquired to make that change.
Note
Keep in mind that these side-effects will only happen when calling this top-level function, but not when calling individual sub-functions directly!
Parameters
thdThe THD to rewrite for.
typePurpose of rewriting the query Consumer_type::TEXTLOG To rewrite the query either for general, slow query and audit log. Consumer_type::BINLOG To rewrite the query for binlogs. Consumer_type::STDOUT To rewrite the query for standard output.
paramsWrapper object of parameters in case needed by a SQL rewriter.