MySQL  8.0.21
Source Code Documentation
acl_table_user.h
Go to the documentation of this file.
1 /* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
2 
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6 
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13 
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18 
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef ACL_TABLE_USER_INCLUDED
24 #define ACL_TABLE_USER_INCLUDED
25 
26 #include "my_config.h"
27 
28 #ifdef HAVE_SYS_TIME_H
29 #include <sys/time.h>
30 #endif
31 
32 #include <sys/types.h>
33 #include <functional>
34 #include <memory>
35 #include <string>
36 #include <utility>
37 
38 #include "my_alloc.h"
41 #include "sql/auth/user_table.h"
42 
43 class ACL_USER;
44 class RowIterator;
45 class THD;
46 class User_table_schema;
47 struct LEX_USER;
48 struct TABLE;
49 
50 namespace acl_table {
51 enum class User_attribute_type {
55  METADATA,
56  COMMENT
57 };
58 
59 struct Password_lock {
60  /**
61  read from the user config. The number of days to keep the accont locked
62  */
64  /**
65  read from the user config. The number of failed login attemps before the
66  account is locked
67  */
69 
70  Password_lock();
71 
72  Password_lock &operator=(const Password_lock &other);
73 
74  Password_lock &operator=(Password_lock &&other);
75 
76  Password_lock(const Password_lock &other);
77 
79 };
80 
81 // Forward and alias declarations
83  std::pair<Table_op_error_code, struct timeval>;
84 
85 /**
86  mysql.user table writer. It updates or drop a one single row from the table.
87 */
88 
90  public:
93  struct timeval pwd_timestamp, std::string cred,
94  MEM_ROOT *mem_root, Password_lock &password_lock)
95  : skip_cache_update(skip),
96  updated_rights(rights),
97  error(err),
98  password_change_timestamp(pwd_timestamp),
99  second_cred(cred),
100  restrictions(mem_root),
101  password_lock(password_lock) {}
102 
106  struct timeval password_change_timestamp;
107  std::string second_cred;
110 };
111 
113  public:
114  Acl_table_user_writer(THD *thd, TABLE *table, LEX_USER *combo, ulong rights,
115  bool revoke_grant, bool can_create_user,
116  Pod_user_what_to_update what_to_update,
117  Restrictions *restrictions);
118  virtual ~Acl_table_user_writer();
119  virtual Acl_table_op_status finish_operation(Table_op_error_code &error);
121 
122  bool setup_table(int &error, bool &builtin_password);
123 
124  /* Set of functions to set user table data */
125  bool update_authentication_info(Acl_table_user_writer_status &return_value);
126  bool update_privileges(Acl_table_user_writer_status &return_value);
127  bool update_ssl_properties();
128  bool update_user_resources();
129  bool update_password_expiry();
130  bool update_account_locking();
131  bool update_password_history();
132  bool update_password_reuse();
133  bool update_password_require_current();
134  bool update_user_attributes(std::string &current_password,
135  Acl_table_user_writer_status &return_value);
136 
137  void replace_user_application_user_metadata(
138  std::function<bool(TABLE *table)> const &update);
139  ulong get_user_privileges();
140  std::string get_current_credentials();
141 
142  private:
143  bool update_user_application_user_metadata();
146  ulong m_rights;
152  std::function<bool(TABLE *table)> m_user_application_user_metadata;
153 };
154 
155 /**
156  mysql.user table reader. It reads all raws from table and create in-memory
157  cache.
158 */
159 
161  public:
162  Acl_table_user_reader(THD *thd, TABLE *table);
164  bool driver();
165  bool setup_table(bool &is_old_db_layout);
166  bool read_row(bool &is_old_db_layout, bool &super_users_with_empty_plugin);
167  virtual Acl_table_op_status finish_operation(Table_op_error_code &error);
168 
169  /* Set of function to read user table data */
170  void reset_acl_user(ACL_USER &user);
171  void read_account_name(ACL_USER &user);
172  bool read_authentication_string(ACL_USER &user);
173  void read_privileges(ACL_USER &user);
174  void read_ssl_fields(ACL_USER &user);
175  void read_user_resources(ACL_USER &user);
176  bool read_plugin_info(ACL_USER &user, bool &super_users_with_empty_plugin,
177  bool &is_old_db_layout);
178  bool read_password_expiry(ACL_USER &user, bool &password_expired);
179  void read_password_locked(ACL_USER &user);
180  void read_password_last_changed(ACL_USER &user);
181  void read_password_lifetime(ACL_USER &user);
182  void read_password_history_fields(ACL_USER &user);
183  void read_password_reuse_time_fields(ACL_USER &user);
184  void read_password_require_current(ACL_USER &user);
185  bool read_user_attributes(ACL_USER &user);
186  void add_row_to_acl_users(ACL_USER &user);
187 
188  private:
194 };
195 
196 } // namespace acl_table
197 #endif /* ACL_TABLE_USER_INCLUDED */
Pod_user_what_to_update m_what_to_update
Definition: acl_table_user.h:149
Acl_table_user_writer_status(bool skip, ulong rights, Table_op_error_code err, struct timeval pwd_timestamp, std::string cred, MEM_ROOT *mem_root, Password_lock &password_lock)
Definition: acl_table_user.h:92
Password_lock password_lock
Definition: acl_table_user.h:109
char * user
Definition: mysqladmin.cc:59
MEM_ROOT m_mem_root
Definition: acl_table_user.h:191
Acl_table_op_status
Definition: acl_table_base.h:36
Include file for Sun RPC to compile out of the box.
A context for reading through a single table using a chosen access method: index read, scan, etc, use of cache, etc.
Definition: row_iterator.h:61
mysql.user table writer.
Definition: acl_table_user.h:89
Definition: acl_table_user.h:112
std::pair< Table_op_error_code, struct timeval > acl_table_user_writer_status
Definition: acl_table_user.h:83
User_table_schema * m_table_schema
Definition: acl_table_user.h:189
Container of all restrictions for a given user.
Definition: partial_revokes.h:123
Json_object * m_user_application_user_metadata_json
Definition: acl_table_user.h:193
User_attribute_type
Definition: acl_table_user.h:51
User_table_schema * m_table_schema
Definition: acl_table_user.h:150
Definition: table.h:1313
Definition: sql_auth_cache.h:146
int password_lock_time_days
read from the user config.
Definition: acl_table_user.h:63
Definition: table.h:2393
static size_t skip(size_t pos_start, size_t match_len)
Definition: uri.cc:83
bool m_revoke_grant
Definition: acl_table_user.h:147
LEX_USER * m_combo
Definition: acl_table_user.h:145
uint failed_login_attempts
read from the user config.
Definition: acl_table_user.h:68
Definition: acl_table_user.h:59
mysql.user table reader.
Definition: acl_table_user.h:160
Base class to handle ACL table manipulation.
Definition: acl_table_base.h:43
Definition: auth_common.h:362
ulong m_rights
Definition: acl_table_user.h:146
unsigned int uint
Definition: uca-dump.cc:29
static Value err()
Create a Value object that represents an error condition.
Definition: json_binary.cc:908
static uint update
Definition: myisamlog.cc:90
Definition: acl_table_base.h:32
Restrictions restrictions
Definition: acl_table_user.h:108
std::unique_ptr< T, Destroy_only< T > > unique_ptr_destroy_only
std::unique_ptr, but only destroying.
Definition: my_alloc.h:408
ulong updated_rights
Definition: acl_table_user.h:104
static MEM_ROOT mem_root
Definition: client_plugin.cc:109
bool skip_cache_update
Definition: acl_table_user.h:103
int Table_op_error_code
Definition: acl_table_base.h:34
bool m_has_user_application_user_metadata
Definition: acl_table_user.h:144
Represents a JSON container value of type "object" (ECMA), type J_OBJECT here.
Definition: json_dom.h:368
unique_ptr_destroy_only< RowIterator > m_iterator
Definition: acl_table_user.h:190
The MEM_ROOT is a simple arena, where allocations are carved out of larger blocks.
Definition: my_alloc.h:77
Restrictions * m_restrictions
Definition: acl_table_user.h:192
std::string second_cred
Definition: acl_table_user.h:107
bool m_can_create_user
Definition: acl_table_user.h:148
Restrictions * m_restrictions
Definition: acl_table_user.h:151
Table_op_error_code error
Definition: acl_table_user.h:105
This file follows Google coding style, except for the name MEM_ROOT (which is kept for historical rea...
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:799
Definition: user_table.h:43
Log error(cerr, "ERROR")
std::function< bool(TABLE *table)> m_user_application_user_metadata
Definition: acl_table_user.h:152