MySQL 8.4.3
Source Code Documentation
|
#include <assert.h>
#include <mysql/components/my_service.h>
#include <mysql/components/services/dynamic_privilege.h>
#include <mysql/plugin_audit.h>
#include <mysql/psi/mysql_memory.h>
#include <mysql/psi/mysql_rwlock.h>
#include <mysql/service_locking.h>
#include <sys/types.h>
#include <algorithm>
#include <atomic>
#include <sstream>
#include <string>
#include <utility>
#include <vector>
#include "errmsg.h"
#include "lex_string.h"
#include "m_string.h"
#include "map_helpers.h"
#include "my_compiler.h"
#include "my_inttypes.h"
#include "my_psi_config.h"
#include "my_systime.h"
#include "sql/auth/auth_acls.h"
#include "sql/current_thd.h"
#include "sql/derror.h"
#include "sql/locking_service.h"
#include "sql/sql_class.h"
#include "sql/sql_lex.h"
#include "string_with_len.h"
Classes | |
class | atomic_boolean |
Utility class implementing an atomic boolean on top of an int32. More... | |
class | vtoken_lock_cleanup |
Helper class to dispose of the rwlocks at DLL/so unload. More... | |
Macros | |
#define | PLUGIN_EXPORT extern "C" |
#define | VTOKEN_LOCKS_NAMESPACE "version_token_locks" |
#define | LONG_TIMEOUT ((ulong)3600L * 24L * 365L) |
Enumerations | |
enum | command { SET_VTOKEN = 0 , EDIT_VTOKEN , CHECK_VTOKEN } |
Functions | |
static | MYSQL_THDVAR_ULONG (session_number, PLUGIN_VAR_RQCMDARG|PLUGIN_VAR_READONLY|PLUGIN_VAR_NOPERSIST, "Version number to assist with session tokens check", nullptr, nullptr, 0L, 0,((ulong) -1), 0) |
static void | update_session_version_tokens (MYSQL_THD thd, SYS_VAR *, void *var_ptr, const void *save) |
static | MYSQL_THDVAR_STR (session, PLUGIN_VAR_RQCMDARG|PLUGIN_VAR_MEMALLOC, "Holds the session value for version tokens", nullptr, update_session_version_tokens, nullptr) |
static void | vtoken_init_psi_keys (void) |
static bool | is_blank_string (char *input) |
bool | has_required_privileges (THD *thd) |
Check if user either has SUPER or VERSION_TOKEN_ADMIN privileges. More... | |
static void | set_vtoken_string_length () |
PLUGIN_EXPORT bool | version_tokens_set_init (UDF_INIT *initid, UDF_ARGS *args, char *message) |
PLUGIN_EXPORT char * | version_tokens_set (UDF_INIT *initid, UDF_ARGS *args, char *result, unsigned long *length, unsigned char *null_value, unsigned char *error) |
PLUGIN_EXPORT bool | version_tokens_show_init (UDF_INIT *initid, UDF_ARGS *args, char *message) |
PLUGIN_EXPORT void | version_tokens_show_deinit (UDF_INIT *initid) |
PLUGIN_EXPORT char * | version_tokens_show (UDF_INIT *initid, UDF_ARGS *args, char *result, unsigned long *length, unsigned char *null_value, unsigned char *error) |
PLUGIN_EXPORT bool | version_tokens_edit_init (UDF_INIT *initid, UDF_ARGS *args, char *message) |
PLUGIN_EXPORT char * | version_tokens_edit (UDF_INIT *initid, UDF_ARGS *args, char *result, unsigned long *length, unsigned char *null_value, unsigned char *error) |
PLUGIN_EXPORT bool | version_tokens_delete_init (UDF_INIT *initid, UDF_ARGS *args, char *message) |
PLUGIN_EXPORT char * | version_tokens_delete (UDF_INIT *initid, UDF_ARGS *args, char *result, unsigned long *length, unsigned char *null_value, unsigned char *error) |
PLUGIN_EXPORT bool | version_tokens_lock_shared_init (UDF_INIT *initid, UDF_ARGS *args, char *message) |
PLUGIN_EXPORT long long | version_tokens_lock_shared (UDF_INIT *initid, UDF_ARGS *args, unsigned char *is_null, unsigned char *error) |
PLUGIN_EXPORT bool | version_tokens_lock_exclusive_init (UDF_INIT *initid, UDF_ARGS *args, char *message) |
PLUGIN_EXPORT long long | version_tokens_lock_exclusive (UDF_INIT *initid, UDF_ARGS *args, unsigned char *is_null, unsigned char *error) |
PLUGIN_EXPORT bool | version_tokens_unlock_init (UDF_INIT *initid, UDF_ARGS *args, char *message) |
PLUGIN_EXPORT long long | version_tokens_unlock (UDF_INIT *initid, UDF_ARGS *args, unsigned char *is_null, unsigned char *error) |
static int | parse_vtokens (char *input, enum command type) |
Parses the list of version tokens and either updates the global list with the input or checks the input against the global according to which function the caller is. More... | |
static int | version_token_check (MYSQL_THD thd, mysql_event_class_t event_class, const void *event) |
Audit API entry point for the version token plugin. More... | |
static int | version_tokens_init (void *arg) |
Plugin init. More... | |
static int | version_tokens_deinit (void *arg) |
Plugin deinit. More... | |
mysql_declare_plugin (version_tokens) | |
static bool | is_hash_inited (const char *function, unsigned char *error) |
A function to check if the hash is inited and generate an error. More... | |
static bool | init_acquire (UDF_INIT *initid, UDF_ARGS *args, char *message) |
Variables | |
static std::atomic< int64 > | session_number {1} |
static size_t | vtoken_string_length |
PSI_memory_key | key_memory_vtoken |
static malloc_unordered_map< string, string > * | version_tokens_hash |
static atomic_boolean | version_tokens_hash_inited |
State of the version tokens hash global structure. More... | |
mysql_rwlock_t | LOCK_vtoken_hash |
PSI_rwlock_key | key_LOCK_vtoken_hash |
static PSI_rwlock_info | all_vtoken_rwlocks [] |
static PSI_memory_info | all_vtoken_memory [] |
static vtoken_lock_cleanup | cleanup_lock |
A single global variable to invoke the destructor. More... | |
static struct st_mysql_audit | version_token_descriptor |
static SYS_VAR * | system_variables [] |
mysql_declare_plugin_end | |
#define PLUGIN_EXPORT extern "C" |
#define VTOKEN_LOCKS_NAMESPACE "version_token_locks" |
enum command |
bool has_required_privileges | ( | THD * | thd | ) |
Check if user either has SUPER or VERSION_TOKEN_ADMIN privileges.
thd | Thread handle |
true | User has the required privileges |
false | User has not the required privileges |
|
static |
|
static |
A function to check if the hash is inited and generate an error.
To be called while holding LOCK_vtoken_hash
function | the UDF function name for the error message |
error | the UDF error pointer to set |
false | hash not initialized. Error set. Bail out. |
true | All good. Go on. |
mysql_declare_plugin | ( | version_tokens | ) |
|
static |
|
static |
|
static |
Parses the list of version tokens and either updates the global list with the input or checks the input against the global according to which function the caller is.
[in] | input | List of semicolon separated token name/value pairs |
[in] | type | Helps determining the caller function. |
TODO: Add calls to get_lock services in CHECK_VTOKEN.
|
static |
|
static |
|
static |
Audit API entry point for the version token plugin.
Plugin audit function to compare session version tokens with the global ones. At the start of each query (MYSQL_AUDIT_GENERAL_LOG currently) if there's a session version token vector it will acquire the GET_LOCK shared locks for the session version tokens and then will try to find them in the global version lock and compare their values with the ones found. Throws errors if not found or the version values do not match. See parse_vtokens(). At query end (MYSQL_AUDIT_GENERAL_STATUS currently) it releases the GET_LOCK shared locks it has acquired.
thd | The current thread |
event_class | audit API event class |
event | pointer to the audit API event data |
|
static |
Plugin deinit.
PLUGIN_EXPORT char * version_tokens_delete | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
char * | result, | ||
unsigned long * | length, | ||
unsigned char * | null_value, | ||
unsigned char * | error | ||
) |
PLUGIN_EXPORT bool version_tokens_delete_init | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
char * | message | ||
) |
PLUGIN_EXPORT char * version_tokens_edit | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
char * | result, | ||
unsigned long * | length, | ||
unsigned char * | null_value, | ||
unsigned char * | error | ||
) |
PLUGIN_EXPORT bool version_tokens_edit_init | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
char * | message | ||
) |
|
static |
Plugin init.
PLUGIN_EXPORT long long version_tokens_lock_exclusive | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
unsigned char * | is_null, | ||
unsigned char * | error | ||
) |
PLUGIN_EXPORT bool version_tokens_lock_exclusive_init | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
char * | message | ||
) |
PLUGIN_EXPORT long long version_tokens_lock_shared | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
unsigned char * | is_null, | ||
unsigned char * | error | ||
) |
PLUGIN_EXPORT bool version_tokens_lock_shared_init | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
char * | message | ||
) |
PLUGIN_EXPORT char * version_tokens_set | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
char * | result, | ||
unsigned long * | length, | ||
unsigned char * | null_value, | ||
unsigned char * | error | ||
) |
PLUGIN_EXPORT bool version_tokens_set_init | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
char * | message | ||
) |
PLUGIN_EXPORT char * version_tokens_show | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
char * | result, | ||
unsigned long * | length, | ||
unsigned char * | null_value, | ||
unsigned char * | error | ||
) |
PLUGIN_EXPORT void version_tokens_show_deinit | ( | UDF_INIT * | initid | ) |
PLUGIN_EXPORT bool version_tokens_show_init | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
char * | message | ||
) |
long long version_tokens_unlock | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
unsigned char * | is_null, | ||
unsigned char * | error | ||
) |
PLUGIN_EXPORT bool version_tokens_unlock_init | ( | UDF_INIT * | initid, |
UDF_ARGS * | args, | ||
char * | message | ||
) |
|
static |
|
static |
|
static |
|
static |
A single global variable to invoke the destructor.
See vtoken_lock_cleanup.
PSI_rwlock_key key_LOCK_vtoken_hash |
PSI_memory_key key_memory_vtoken |
mysql_rwlock_t LOCK_vtoken_hash |
mysql_declare_plugin_end |
|
static |
|
static |
|
static |
|
static |
|
static |
State of the version tokens hash global structure.
Needed since both the UDFs and the plugin are using the global and thus it can't be freed until the last UDF or plugin has been unloaded.
|
static |