MySQL 8.4.3
Source Code Documentation
|
#include "sql/sql_rewrite.h"
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <algorithm>
#include <memory>
#include <set>
#include <string>
#include "lex_string.h"
#include "my_compiler.h"
#include "my_dbug.h"
#include "my_inttypes.h"
#include "mysql/strings/m_ctype.h"
#include "prealloced_array.h"
#include "sql/auth/auth_acls.h"
#include "sql/auth/auth_common.h"
#include "sql/auth/authentication_policy.h"
#include "sql/auth/sql_authentication.h"
#include "sql/handler.h"
#include "sql/log_event.h"
#include "sql/rpl_replica.h"
#include "sql/set_var.h"
#include "sql/sql_admin.h"
#include "sql/sql_class.h"
#include "sql/sql_connect.h"
#include "sql/sql_lex.h"
#include "sql/sql_list.h"
#include "sql/sql_parse.h"
#include "sql/sql_servers.h"
#include "sql/sql_show.h"
#include "sql/table.h"
#include "sql_string.h"
#include "string_with_len.h"
#include "violite.h"
Namespaces | |
namespace | anonymous_namespace{sql_rewrite.cc} |
Macros | |
#define | HASH_STRING_WITH_QUOTE "$5$BVZy9O>'a+2MH]_?$fpWyabcdiHjfCVqId/quykZzjaA7adpkcen/uiQrtmOK4p4" |
In here, we rewrite queries. More... | |
Functions | |
void | anonymous_namespace{sql_rewrite.cc}::comma_maybe (String *str, bool *comma) |
Append a comma to given string if item wasn't the first to be added. More... | |
bool | anonymous_namespace{sql_rewrite.cc}::append_int (String *str, bool comma, const char *txt, size_t len, long val, int cond) |
Append a key/value pair to a string, with an optional preceding comma. More... | |
bool | anonymous_namespace{sql_rewrite.cc}::append_str (String *str, bool comma, const char *key, const char *val) |
Append a key/value pair to a string if the value is non-NULL, with an optional preceding comma. More... | |
void | anonymous_namespace{sql_rewrite.cc}::append_auth_id (const THD *thd, const LEX_USER *user, bool comma, String *str) |
Append the authorization id for the user. More... | |
void | anonymous_namespace{sql_rewrite.cc}::append_auth_id_identifier (const THD *thd, const LEX_USER *user, bool comma, String *str) |
Append the authorization id for the user. More... | |
int | anonymous_namespace{sql_rewrite.cc}::lex_user_comp (LEX_USER *l1, LEX_USER *l2) |
Used with List<>::sort for alphabetic sorting of LEX_USER records using user,host as keys. More... | |
bool | anonymous_namespace{sql_rewrite.cc}::rewrite_query (THD *thd, Consumer_type type, const Rewrite_params *params, String &rlb) |
Util method which does the real rewrite of the SQL statement. More... | |
void | mysql_rewrite_query (THD *thd, Consumer_type type, const Rewrite_params *params) |
Provides the default interface to rewrite the SQL statements to to obfuscate passwords. More... | |
void | mysql_rewrite_acl_query (THD *thd, String &rlb, Consumer_type type, const Rewrite_params *params, bool do_ps_instrument) |
Provides the default interface to rewrite the ACL query. More... | |
#define HASH_STRING_WITH_QUOTE "$5$BVZy9O>'a+2MH]_?$fpWyabcdiHjfCVqId/quykZzjaA7adpkcen/uiQrtmOK4p4" |
In here, we rewrite queries.
For now, this is only used to obfuscate passwords before we log a statement. If we ever get other clients for rewriting, we should introduce a rewrite_flags to determine what kind of rewriting (password obfuscation etc.) is desired by the client.
Some items in the server can self-print anyway, but many can't.
For instance, you'll see a re-synthesized SELECT in EXPLAIN EXTENDED, but you won't get a resynthized query in EXPLAIN EXTENDED if you were explaining an UPDATE.
The following does not claim to be able to re-synthesize every statement, but attempts to ultimately be able to resynthesize all statements that have need of rewriting.
Stored procedures may also rewrite their statements (to show the actual values of their variables etc.). There is currently no scenario where a statement can be eligible for both rewrites (see sp_instr.cc). Special consideration will need to be taken if this is intenionally changed at a later date. (There is an ASSERT() in place that will hopefully catch unintentional changes.)
Finally, sp_* have code to print a stored program for use by SHOW PROCEDURE CODE / SHOW FUNCTION CODE.
Thus, regular query parsing comes through here for logging. So does prepared statement logging. Stored instructions of the sp_instr_stmt type (which should be the only ones to contain passwords, and therefore at this time be eligible for rewriting) go through the regular parsing facilities and therefore also come through here for logging (other sp_instr_* types don't).
Finally, as rewriting goes, by default we replace the password with a literal <secret>, with no quotation marks so the statement would fail if the user were to cut & paste it without filling in the real password. This default behavior is ON for rewriting to the textual logs. For instance : General, slow query and audit log. Rewriters also have a provision to replace the password with its hash where we have the latter. (so they could be replayed, IDENTIFIED WITH <plugin_name> AS <hash>); This hash is needed while writing the statements for binlog.
void mysql_rewrite_acl_query | ( | THD * | thd, |
String & | rlb, | ||
Consumer_type | type, | ||
const Rewrite_params * | params, | ||
bool | do_ps_instrument | ||
) |
Provides the default interface to rewrite the ACL query.
thd | The THD to rewrite for. |
rlb | Buffer to return rewritten query in (if any) if do_ps_instrument is false. |
type | Purpose of rewriting the query Consumer_type::TEXTLOG To rewrite the query either for general, slow query and audit log. Consumer_type::BINLOG To rewrite the query for binlogs. Consumer_type::STDOUT To rewrite the query for standard output. |
params | Wrapper object of parameters in case needed by a SQL rewriter. |
do_ps_instrument | flag to indicate if the query has to be instrumented in the PSI. Default value is true. If instrumented, the previous |
void mysql_rewrite_query | ( | THD * | thd, |
Consumer_type | type, | ||
const Rewrite_params * | params | ||
) |
Provides the default interface to rewrite the SQL statements to to obfuscate passwords.
The query aimed to be rewritten in the usual log files (i.e. General, slow query and audit log) uses default value of type which is Consumer_type::TEXTLOG
Side-effects:
thd | The THD to rewrite for. |
type | Purpose of rewriting the query Consumer_type::TEXTLOG To rewrite the query either for general, slow query and audit log. Consumer_type::BINLOG To rewrite the query for binlogs. Consumer_type::STDOUT To rewrite the query for standard output. |
params | Wrapper object of parameters in case needed by a SQL rewriter. |