#include "sql/auth/acl_table_user.h"
#include <stdlib.h>
#include <string.h>
#include <algorithm>
#include <map>
#include "field_types.h"
#include "lex_string.h"
#include "my_base.h"
#include "my_dbug.h"
#include "my_inttypes.h"
#include "my_sqlcommand.h"
#include "my_sys.h"
#include "mysql/components/services/bits/psi_bits.h"
#include "mysql/components/services/log_builtins.h"
#include "mysql/my_loglevel.h"
#include "mysql/plugin.h"
#include "mysql/plugin_auth.h"
#include "mysql/strings/m_ctype.h"
#include "mysql_time.h"
#include "mysqld_error.h"
#include "prealloced_array.h"
#include "sql/auth/auth_acls.h"
#include "sql/auth/auth_common.h"
#include "sql/auth/auth_internal.h"
#include "sql/auth/partial_revokes.h"
#include "sql/auth/sql_auth_cache.h"
#include "sql/auth/sql_authentication.h"
#include "sql/auth/sql_user_table.h"
#include "sql/auth/user_table.h"
#include "sql/field.h"
#include "sql/handler.h"
#include "sql/item_func.h"
#include "sql/iterators/row_iterator.h"
#include "sql/key.h"
#include "sql/mysqld.h"
#include "sql/sql_class.h"
#include "sql/sql_const.h"
#include "sql/sql_executor.h"
#include "sql/sql_lex.h"
#include "sql/sql_plugin.h"
#include "sql/sql_plugin_ref.h"
#include "sql/sql_time.h"
#include "sql/sql_update.h"
#include "sql/system_variables.h"
#include "sql/table.h"
#include "sql/tztime.h"
#include "sql_string.h"
#include "string_with_len.h"
#include "template_utils.h"
#include "typelib.h"
#include "violite.h"

Namespaces
namespace	consts

namespace	acl_table

namespace	acl_table::anonymous_namespace{acl_table_user.cc}

Macros
#define	INVALID_DATE "0000-00-00 00:00:00"

Functions
const std::string	consts::empty_string ("")
	Empty string. More...

const std::string	consts::additional_password ("additional_password")
	For secondary password. More...

const std::string	consts::Restrictions ("Restrictions")
	For partial revokes. More...

const std::string	consts::Password_locking ("Password_locking")
	for password locking More...

const std::string	consts::failed_login_attempts ("failed_login_attempts")
	underkeys of password locking More...

const std::string	consts::password_lock_time_days ("password_lock_time_days")
	underkeys of password locking More...

const std::string	consts::json_metadata_tag ("metadata")
	metadata tag More...

const std::string	consts::json_comment_tag ("comment")
	comment tag More...

const std::string	consts::json_multi_factor_authentication ("multi_factor_authentication")
	multi factor authentication methods More...

static bool	replace_user_metadata (const std::string &json_blob, bool expect_text, TABLE *user_table)
	Replace or merge the user attributes of a given user. More...

bool	acl_table::anonymous_namespace{acl_table_user.cc}::parse_user_attributes (TABLE table, User_table_schema table_schema, Acl_user_attributes &user_attributes)
	Helper function to parse mysql.user.user_attributes column. More...

int	replace_user_table (THD thd, TABLE table, LEX_USER combo, Access_bitmask rights, bool revoke_grant, bool can_create_user, acl_table::Pod_user_what_to_update &what_to_update, Restrictions restrictions, I_multi_factor_auth *mfa)
	Search and create/update a record for the user requested. More...

bool	read_user_table (THD thd, TABLE table)
	Read data from user table and fill in-memory caches. More...

void	double_the_backslash (String *str)
	Helper function which heals with how JSON quoting rules change depending on the NO_BACKSLAH_ESCAPES sql mode. More...

bool	read_user_application_user_metadata_from_table (const LEX_CSTRING user, const LEX_CSTRING host, String metadata_str, TABLE table, bool mode_no_backslash_escapes)
	Helper function for recreating the CREATE USER statement when an SHOW CREATE USER statement is issued. More...

Variables
const my_timeval	consts::BEGIN_TIMESTAMP = {0, 0}
	Initial timestamp. More...

const int	consts::CRITICAL_ERROR = -1
	Error indicating table operation error. More...

static std::map< const User_attribute_type, const std::string >	acl_table::attribute_type_to_str
	Keys used in mysql.user.user_attributes. More...

Macro Definition Documentation

◆ INVALID_DATE

#define INVALID_DATE "0000-00-00 00:00:00"

Function Documentation

◆ double_the_backslash()

void double_the_backslash ( String * str )

Helper function which heals with how JSON quoting rules change depending on the NO_BACKSLAH_ESCAPES sql mode.

Parameters

str	The string which needs quoting

See also: read_user_application_user_metadata_from_table

◆ read_user_application_user_metadata_from_table()

bool read_user_application_user_metadata_from_table	(	const LEX_CSTRING	user,
		const LEX_CSTRING	host,
		String *	metadata_str,
		TABLE *	table,
		bool	mode_no_backslash_escapes
	)

Helper function for recreating the CREATE USER statement when an SHOW CREATE USER statement is issued.

Parameters

	user	The user name from which to read the metadata
	host	The host name part of the user from which to read the metadata
[out]	metadata_str	A buffer of text which will contain the CREATE USER .. ATTRIBUTE data. If the JSON object is null the metadata_str will be empty.
	table	An open TABLE handle to the mysql.user table.
	mode_no_backslash_escapes	The SQL_MODE determines how JSON is quoted

See also: mysql_show_create_user

Returns: error state

Return values

false	Success
true	An error occurred and DA was set.

◆ read_user_table()

bool read_user_table	(	THD *	thd,
		TABLE *	table
	)

Read data from user table and fill in-memory caches.

Parameters

[in]	thd	THD handle
[in]	table	mysql.user table handle

Returns: status of reading data from table

Return values

true	Error reading data. Don't trust it.
false	All well.

◆ replace_user_metadata()

static bool replace_user_metadata	(	const std::string &	json_blob,
		bool	expect_text,
		TABLE *	user_table
	)

static

Replace or merge the user attributes of a given user.

This function is called from Acl_table_user_writer::driver() but initialized in replace_user_table through a lambda expression. It's assumed that the user table has been opened and the matching row for the target user is in record[0]

Parameters

json_blob	Either a plain text comment or a JSON object depending on
expect_text	if expect_text is true then json_blob is plain text
user_table	A cursor to the open mysql.user table.

Note: In case of failure this function sets the DA

Returns: false if the operation succeeded

Return values

false	success
true	failure

◆ replace_user_table()

int replace_user_table	(	THD *	thd,
		TABLE *	table,
		LEX_USER *	combo,
		Access_bitmask	rights,
		bool	revoke_grant,
		bool	can_create_user,
		acl_table::Pod_user_what_to_update &	what_to_update,
		Restrictions *	restrictions,
		I_multi_factor_auth *	mfa
	)

Search and create/update a record for the user requested.

Parameters

[in]	thd	The current thread.
[in]	table	Pointer to a TABLE object of mysql.user table
[in]	combo	User information
[in]	rights	Rights requested
[in]	revoke_grant	Set to true if a REVOKE command is executed
[in]	can_create_user	Set true if it's allowed to create user
[in]	what_to_update	Bitmap indicating which attributes need to be updated.
[in]	restrictions	Restrictions handle if there is any
[in]	mfa	Interface pointer to Multi factor authentication methods

Returns: Operation result

Return values

0	OK.
<	0 System error or storage engine error happen
>	0 Error in handling current user entry but still can continue processing subsequent user specified in the ACL statement.

Namespaces

Macros

Functions

Variables

Macro Definition Documentation

◆ INVALID_DATE

Function Documentation

◆ double_the_backslash()

◆ read_user_application_user_metadata_from_table()

◆ read_user_table()

◆ replace_user_metadata()

◆ replace_user_table()