MySQL  8.0.20
Source Code Documentation
acl_table_user.h
Go to the documentation of this file.
1 /* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
2 
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6 
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13 
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18 
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef ACL_TABLE_USER_INCLUDED
24 #define ACL_TABLE_USER_INCLUDED
25 
26 #include "my_config.h"
27 
28 #ifdef HAVE_SYS_TIME_H
29 #include <sys/time.h>
30 #endif
31 
32 #include <sys/types.h>
33 #include <memory>
34 #include <string>
35 #include <utility>
36 
37 #include "my_alloc.h"
40 #include "sql/auth/user_table.h"
41 
42 class ACL_USER;
43 class RowIterator;
44 class THD;
45 class User_table_schema;
46 struct LEX_USER;
47 struct TABLE;
48 
49 namespace acl_table {
50 enum class User_attribute_type {
54 };
55 
56 struct Password_lock {
57  /**
58  read from the user config. The number of days to keep the accont locked
59  */
61  /**
62  read from the user config. The number of failed login attemps before the
63  account is locked
64  */
66 
67  Password_lock();
68 
69  Password_lock &operator=(const Password_lock &other);
70 
71  Password_lock &operator=(Password_lock &&other);
72 
73  Password_lock(const Password_lock &other);
74 
76 };
77 
78 // Forward and alias declarations
80  std::pair<Table_op_error_code, struct timeval>;
81 
82 /**
83  mysql.user table writer. It updates or drop a one single row from the table.
84 */
85 
87  public:
90  struct timeval pwd_timestamp, std::string cred,
91  MEM_ROOT *mem_root, Password_lock &password_lock)
92  : skip_cache_update(skip),
93  updated_rights(rights),
94  error(err),
95  password_change_timestamp(pwd_timestamp),
96  second_cred(cred),
97  restrictions(mem_root),
98  password_lock(password_lock) {}
99 
103  struct timeval password_change_timestamp;
104  std::string second_cred;
107 };
108 
110  public:
111  Acl_table_user_writer(THD *thd, TABLE *table, LEX_USER *combo, ulong rights,
112  bool revoke_grant, bool can_create_user,
113  Pod_user_what_to_update what_to_update,
114  Restrictions *restrictions = nullptr);
115  virtual ~Acl_table_user_writer();
116  virtual Acl_table_op_status finish_operation(Table_op_error_code &error);
118 
119  bool setup_table(int &error, bool &builtin_password);
120 
121  /* Set of functions to set user table data */
122  bool update_authentication_info(Acl_table_user_writer_status &return_value);
123  bool update_privileges(Acl_table_user_writer_status &return_value);
124  bool update_ssl_properties();
125  bool update_user_resources();
126  bool update_password_expiry();
127  bool update_account_locking();
128  bool update_password_history();
129  bool update_password_reuse();
130  bool update_password_require_current();
131  bool update_user_attributes(std::string &current_password,
132  Acl_table_user_writer_status &return_value);
133 
134  ulong get_user_privileges();
135  std::string get_current_credentials();
136 
137  private:
139  ulong m_rights;
145 };
146 
147 /**
148  mysql.user table reader. It reads all raws from table and create in-memory
149  cache.
150 */
151 
153  public:
154  Acl_table_user_reader(THD *thd, TABLE *table);
156  bool driver();
157  bool setup_table(bool &is_old_db_layout);
158  bool read_row(bool &is_old_db_layout, bool &super_users_with_empty_plugin);
159  virtual Acl_table_op_status finish_operation(Table_op_error_code &error);
160 
161  /* Set of function to read user table data */
162  void reset_acl_user(ACL_USER &user);
163  void read_account_name(ACL_USER &user);
164  bool read_authentication_string(ACL_USER &user);
165  void read_privileges(ACL_USER &user);
166  void read_ssl_fields(ACL_USER &user);
167  void read_user_resources(ACL_USER &user);
168  bool read_plugin_info(ACL_USER &user, bool &super_users_with_empty_plugin,
169  bool &is_old_db_layout);
170  bool read_password_expiry(ACL_USER &user, bool &password_expired);
171  void read_password_locked(ACL_USER &user);
172  void read_password_last_changed(ACL_USER &user);
173  void read_password_lifetime(ACL_USER &user);
174  void read_password_history_fields(ACL_USER &user);
175  void read_password_reuse_time_fields(ACL_USER &user);
176  void read_password_require_current(ACL_USER &user);
177  bool read_user_attributes(ACL_USER &user);
178  void add_row_to_acl_users(ACL_USER &user);
179 
180  private:
185 };
186 
187 } // namespace acl_table
188 #endif /* ACL_TABLE_USER_INCLUDED */
Pod_user_what_to_update m_what_to_update
Definition: acl_table_user.h:142
Acl_table_user_writer_status(bool skip, ulong rights, Table_op_error_code err, struct timeval pwd_timestamp, std::string cred, MEM_ROOT *mem_root, Password_lock &password_lock)
Definition: acl_table_user.h:89
Password_lock password_lock
Definition: acl_table_user.h:106
char * user
Definition: mysqladmin.cc:59
MEM_ROOT m_mem_root
Definition: acl_table_user.h:183
Acl_table_op_status
Definition: acl_table_base.h:36
Include file for Sun RPC to compile out of the box.
A context for reading through a single table using a chosen access method: index read, scan, etc, use of cache, etc.
Definition: row_iterator.h:61
mysql.user table writer.
Definition: acl_table_user.h:86
Definition: acl_table_user.h:109
std::pair< Table_op_error_code, struct timeval > acl_table_user_writer_status
Definition: acl_table_user.h:80
User_table_schema * m_table_schema
Definition: acl_table_user.h:181
Container of all restrictions for a given user.
Definition: partial_revokes.h:123
User_attribute_type
Definition: acl_table_user.h:50
User_table_schema * m_table_schema
Definition: acl_table_user.h:143
Definition: table.h:1306
Definition: sql_auth_cache.h:146
int password_lock_time_days
read from the user config.
Definition: acl_table_user.h:60
Definition: table.h:2380
static size_t skip(size_t pos_start, size_t match_len)
Definition: uri.cc:83
bool m_revoke_grant
Definition: acl_table_user.h:140
LEX_USER * m_combo
Definition: acl_table_user.h:138
uint failed_login_attempts
read from the user config.
Definition: acl_table_user.h:65
Definition: acl_table_user.h:56
mysql.user table reader.
Definition: acl_table_user.h:152
Base class to handle ACL table manipulation.
Definition: acl_table_base.h:43
Definition: auth_common.h:362
ulong m_rights
Definition: acl_table_user.h:139
unsigned int uint
Definition: uca-dump.cc:29
static Value err()
Create a Value object that represents an error condition.
Definition: json_binary.cc:908
Definition: acl_table_base.h:32
Restrictions restrictions
Definition: acl_table_user.h:105
std::unique_ptr< T, Destroy_only< T > > unique_ptr_destroy_only
std::unique_ptr, but only destroying.
Definition: my_alloc.h:408
ulong updated_rights
Definition: acl_table_user.h:101
static MEM_ROOT mem_root
Definition: client_plugin.cc:109
bool skip_cache_update
Definition: acl_table_user.h:100
int Table_op_error_code
Definition: acl_table_base.h:34
unique_ptr_destroy_only< RowIterator > m_iterator
Definition: acl_table_user.h:182
The MEM_ROOT is a simple arena, where allocations are carved out of larger blocks.
Definition: my_alloc.h:77
Restrictions * m_restrictions
Definition: acl_table_user.h:184
std::string second_cred
Definition: acl_table_user.h:104
bool m_can_create_user
Definition: acl_table_user.h:141
Restrictions * m_restrictions
Definition: acl_table_user.h:144
Table_op_error_code error
Definition: acl_table_user.h:102
This file follows Google coding style, except for the name MEM_ROOT (which is kept for historical rea...
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:765
Definition: user_table.h:43
Log error(cerr, "ERROR")