25#ifndef MYSQL_HARNESS_ACCESS_RIGHTS_INCLUDED
26#define MYSQL_HARNESS_ACCESS_RIGHTS_INCLUDED
28#include "harness_export.h"
35#include <sys/unistd.h>
39#include <system_error>
49namespace posix::access_rights {
59 static constexpr const mode_t
kMask = Mask;
63 static_assert(!(
kMask & ~kFullAccessMask));
67 if ((perms &
kMask) != 0) {
82 static constexpr const mode_t
kMask = Mask;
100namespace win32::access_rights {
104 void operator()(
void *ptr) { LocalFree(ptr); }
108using LocalAllocated = std::unique_ptr<T, LocalDeleter>;
128 using allocated_type = LocalAllocated<T>;
129 using pointer =
typename allocated_type::pointer;
130 using element_type =
typename allocated_type::element_type;
137 explicit Allocated(
size_t size)
138 : allocated_{reinterpret_cast<pointer>(LocalAlloc(LPTR, size))} {}
145 Allocated(pointer
p) : allocated_{
p} {}
147 pointer
get() const noexcept {
return allocated_.get(); }
149 pointer operator->()
const {
return allocated_.get(); }
151 void reset(pointer ptr) { allocated_.reset(ptr); }
154 allocated_type allocated_;
161class SizedAllocated :
public Allocated<T> {
168 SizedAllocated(
size_t size) : Allocated<T>{size}, size_{size} {}
170 [[nodiscard]]
size_t size() const noexcept {
return size_; }
182create_well_known_sid(WELL_KNOWN_SID_TYPE well_known_sid);
193class HARNESS_EXPORT
Sid {
200 BYTE revision()
const {
return sid_->Revision; }
201 BYTE sub_authority_count()
const {
return sid_->SubAuthorityCount; }
202 SID_IDENTIFIER_AUTHORITY identifier_authority()
const {
203 return sid_->IdentifierAuthority;
208 SID *
native() {
return sid_; }
217 return EqualSid(a.sid_, b.sid_);
225class HARNESS_EXPORT Ace {
227 Ace(ACE_HEADER *ace) : ace_{
std::
move(ace)} {}
229 BYTE
type()
const {
return ace_->AceType; }
230 BYTE
flags()
const {
return ace_->AceFlags; }
231 WORD size()
const {
return ace_->AceSize; }
233 void *data()
const {
return ace_; }
244class HARNESS_EXPORT Acl {
246 explicit Acl(ACL *acl) : acl_{
std::
move(acl)} {}
248 class HARNESS_EXPORT iterator {
253 iterator(ACL *acl,
size_t ndx) : acl_{acl}, ndx_{ndx} {}
255 reference operator*();
266 iterator
begin()
const {
return {acl_, 0}; }
267 iterator
end()
const {
return {acl_, size()}; }
280class HARNESS_EXPORT AccessAllowedAce {
282 explicit AccessAllowedAce(ACCESS_ALLOWED_ACE *ace) : ace_{ace} {}
284 ACCESS_MASK
mask()
const {
return ace_->Mask; }
285 Sid sid()
const {
return reinterpret_cast<SID *
>(&ace_->SidStart); }
290 ACCESS_ALLOWED_ACE *ace_;
301using OptionalDacl = std::optional<ACL *>;
310class HARNESS_EXPORT SecurityDescriptor {
317 explicit SecurityDescriptor(SECURITY_DESCRIPTOR *desc) : desc_{desc} {}
331 DWORD revision = SECURITY_DESCRIPTOR_REVISION);
337 bool dacl_defaulted);
347 bool is_self_relative()
const {
348 return control().value_or(0) & SE_SELF_RELATIVE;
360 make_self_relative();
368 SECURITY_DESCRIPTOR *desc_;
371class HARNESS_EXPORT AclBuilder {
373 struct WellKnownSid {
374 WELL_KNOWN_SID_TYPE sid;
380 struct CurrentUser {};
391 static EXPLICIT_ACCESSW ace_grant_access(SID *sid, DWORD rights);
401 static EXPLICIT_ACCESSW ace_set_access(SID *sid, DWORD rights);
410 static EXPLICIT_ACCESSW ace_revoke_access(SID *sid);
425 AclBuilder &grant(CurrentUser, DWORD rights);
430 AclBuilder &grant(
const WellKnownSid &owner, DWORD rights);
432 AclBuilder &grant(Allocated<SID> sid, DWORD rights);
434 AclBuilder &
set(CurrentUser, DWORD rights);
436 AclBuilder &
set(
const WellKnownSid &owner, DWORD rights);
438 AclBuilder &
set(Allocated<SID> sid, DWORD rights);
440 AclBuilder &revoke(CurrentUser);
442 AclBuilder &revoke(
const WellKnownSid &owner);
444 AclBuilder &revoke(Allocated<SID> sid);
449 std::vector<Allocated<SID>> owned_sids_;
451 std::error_code ec_{};
452 std::vector<EXPLICIT_ACCESSW> perms_;
453 mysql_harness::win32::access_rights::OptionalDacl dacl_;
Sid class.
Definition: common.h:218
allows permissions.
Definition: access_rights.h:80
stdx::expected< void, std::error_code > operator()(const security_descriptor_type &perms)
Definition: access_rights.h:85
static constexpr const mode_t kFullAccessMask
Definition: access_rights.h:83
static constexpr const mode_t kMask
Definition: access_rights.h:82
denies permissions.
Definition: access_rights.h:57
static constexpr const mode_t kMask
Definition: access_rights.h:59
stdx::expected< void, std::error_code > operator()(const security_descriptor_type &perms)
Definition: access_rights.h:65
static constexpr const mode_t kFullAccessMask
Definition: access_rights.h:60
Definition: expected.h:943
const char * p
Definition: ctype-mb.cc:1234
static int flags[50]
Definition: hp_test1.cc:39
static mi_bit_type mask[]
Definition: mi_packrec.cc:140
bool operator!=(const my_thread_handle &a, const my_thread_handle &b)
Definition: my_thread.h:157
bool operator==(const my_thread_handle &a, const my_thread_handle &b)
Definition: my_thread.h:150
void * begin(THD *thd, const TABLE *table, size_t data_size, size_t memory, size_t num_threads) noexcept
Definition: bulk_data_service.cc:1533
uint16_t value_type
Definition: vt100.h:183
std::string HARNESS_EXPORT reset()
get 'reset attributes' ESC sequence.
Definition: vt100.cc:36
std::string file_name(Log_file_id file_id)
Provides name of the log file with the given file id, e.g.
Definition: log0pre_8_0_30.cc:93
MYSQL_STRINGS_EXPORT void initialize(const char *charset_dir=nullptr, MY_CHARSET_LOADER *loader=nullptr)
Initialize character set/collation library.
Definition: collations.cc:97
mode_t security_descriptor_type
Definition: access_rights.h:51
std::string HARNESS_EXPORT to_string(const ShutdownPending::Reason &reason)
Definition: process_state_component.cc:59
std::error_code make_error_code(DynamicLoaderErrc ec)
make error_code from a DynamicLoaderErrc.
Definition: dynamic_loader.cc:78
HARNESS_EXPORT stdx::expected< void, std::error_code > access_rights_set(const std::string &file_name, const security_descriptor_type &sec_desc)
set access rights of a file.
Definition: access_rights.cc:758
posix::access_rights::DenyPermissionVerifier<(S_IRWXO)> DenyOtherReadWritableVerifier
fail access_rights_verify() if others can read or write or execute.
Definition: access_rights.h:486
posix::access_rights::security_descriptor_type security_descriptor_type
Definition: access_rights.h:476
posix::access_rights::AllowPermissionVerifier<(S_IRUSR|S_IWUSR)> AllowUserReadWritableVerifier
fail access_rights_verify() if someone else then the owner of the file can read or write.
Definition: access_rights.h:497
stdx::expected< void, std::error_code > access_rights_verify(const security_descriptor_type &rights, Func &&func)
check if a security descriptor satisfies a verifier.
Definition: access_rights.h:512
HARNESS_EXPORT stdx::expected< security_descriptor_type, std::error_code > access_rights_get(const std::string &file_name) noexcept
get a access rights of file.
Definition: access_rights.cc:742
void get(PSI_field *, PSI_longlong *) noexcept
Definition: pfs_plugin_column_bigint_v1_all_empty.cc:31
Cursor end()
A past-the-end Cursor.
Definition: rules_table_service.cc:191
Definition: varlen_sort.h:183
constexpr auto make_unexpected(E &&e) -> unexpected< std::decay_t< E > >
Definition: expected.h:124
std::set< Key, Compare, ut::allocator< Key > > set
Specialization of set which uses ut_allocator.
Definition: ut0new.h:2881
required string type
Definition: replication_group_member_actions.proto:33
Ssl_acceptor_context_property_type & operator++(Ssl_acceptor_context_property_type &property_type)
Increment operator for Ssl_acceptor_context_type Used by iterator.
Definition: ssl_acceptor_context_data.cc:272