auth_acls.h File Reference

#include <string>
#include <unordered_map>
#include <vector>

Go to the source code of this file.

Macros
#define	NUM_ACLS   31
#define	SELECT_ACL   (1L << 0)
#define	INSERT_ACL   (1L << 1)
#define	UPDATE_ACL   (1L << 2)
#define	DELETE_ACL   (1L << 3)
#define	CREATE_ACL   (1L << 4)
#define	DROP_ACL   (1L << 5)
#define	RELOAD_ACL   (1L << 6)
#define	SHUTDOWN_ACL   (1L << 7)
#define	PROCESS_ACL   (1L << 8)
#define	FILE_ACL   (1L << 9)
#define	GRANT_ACL   (1L << 10)
#define	REFERENCES_ACL   (1L << 11)
#define	INDEX_ACL   (1L << 12)
#define	ALTER_ACL   (1L << 13)
#define	SHOW_DB_ACL   (1L << 14)
#define	SUPER_ACL   (1L << 15)
#define	CREATE_TMP_ACL   (1L << 16)
#define	LOCK_TABLES_ACL   (1L << 17)
#define	EXECUTE_ACL   (1L << 18)
#define	REPL_SLAVE_ACL   (1L << 19)
#define	REPL_CLIENT_ACL   (1L << 20)
#define	CREATE_VIEW_ACL   (1L << 21)
#define	SHOW_VIEW_ACL   (1L << 22)
#define	CREATE_PROC_ACL   (1L << 23)
#define	ALTER_PROC_ACL   (1L << 24)
#define	CREATE_USER_ACL   (1L << 25)
#define	EVENT_ACL   (1L << 26)
#define	TRIGGER_ACL   (1L << 27)
#define	CREATE_TABLESPACE_ACL   (1L << 28)
#define	CREATE_ROLE_ACL   (1L << 29)
#define	DROP_ROLE_ACL   (1L << 30)
#define	NO_ACCESS   (1L << 31)
#define	DB_OP_ACLS
	Privileges to perform database related operations. More...
#define	TABLE_OP_ACLS
	Privileges to perform table related operations. More...
#define	PROC_OP_ACLS   (ALTER_PROC_ACL | EXECUTE_ACL)
	Privileges to modify or execute stored procedures. More...
#define	DB_ACLS   (DB_OP_ACLS | GRANT_ACL)
	Represents all privileges which could be granted to users at DB-level. More...
#define	TABLE_ACLS   (TABLE_OP_ACLS | GRANT_ACL)
	Represents all privileges which could be granted to users at table-level. More...
#define	COL_ACLS   (SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)
	Represents all privileges which could be granted to users at column-level. More...
#define	PROC_ACLS   (PROC_OP_ACLS | GRANT_ACL)
	Represents all privileges which could be granted to users for stored procedures. More...
#define	SHOW_PROC_ACLS   (PROC_OP_ACLS | CREATE_PROC_ACL)
	Represents all privileges which are required to show the stored procedure. More...
#define	GLOBAL_ACLS
	Represents all privileges which could be granted to users globally. More...
#define	DEFAULT_CREATE_PROC_ACLS   (ALTER_PROC_ACL | EXECUTE_ACL)
#define	TMP_TABLE_ACLS
	Table-level privileges which are automatically "granted" to everyone on existing temporary tables (CREATE_ACL is necessary for ALTER ... More...
#define	DB_CHUNK0   (SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL)
#define	DB_CHUNK1   (GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL)
#define	DB_CHUNK2   (CREATE_TMP_ACL | LOCK_TABLES_ACL)
#define	DB_CHUNK3   (CREATE_VIEW_ACL | SHOW_VIEW_ACL | CREATE_PROC_ACL | ALTER_PROC_ACL)
#define	DB_CHUNK4   (EXECUTE_ACL)
#define	DB_CHUNK5   (EVENT_ACL | TRIGGER_ACL)
#define	fix_rights_for_db(A)
#define	get_rights_for_db(A)
#define	TBL_CHUNK0   DB_CHUNK0
#define	TBL_CHUNK1   DB_CHUNK1
#define	TBL_CHUNK2   (CREATE_VIEW_ACL | SHOW_VIEW_ACL)
#define	TBL_CHUNK3   TRIGGER_ACL
#define	fix_rights_for_table(A)
#define	get_rights_for_table(A)
#define	fix_rights_for_column(A)   (((A)&7) | (((A) & ~7) << 8))
#define	get_rights_for_column(A)   (((A)&7) | ((A) >> 8))
#define	fix_rights_for_procedure(A)
#define	get_rights_for_procedure(A)

Variables
const std::vector< std::string >	global_acls_vector
	Consts for static privileges. More...
const std::unordered_map< std::string, int >	global_acls_map
	Bitmap offsets for static privileges. More...

Macro Definition Documentation

ALTER_ACL

#define ALTER_ACL   (1L << 13)

ALTER_PROC_ACL

#define ALTER_PROC_ACL   (1L << 24)

COL_ACLS

#define COL_ACLS   (SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)

Represents all privileges which could be granted to users at column-level.

It essentially represents all the privileges present in the columns_priv table.

CREATE_ACL

#define CREATE_ACL   (1L << 4)

CREATE_PROC_ACL

#define CREATE_PROC_ACL   (1L << 23)

CREATE_ROLE_ACL

#define CREATE_ROLE_ACL   (1L << 29)

CREATE_TABLESPACE_ACL

#define CREATE_TABLESPACE_ACL   (1L << 28)

CREATE_TMP_ACL

#define CREATE_TMP_ACL   (1L << 16)

CREATE_USER_ACL

#define CREATE_USER_ACL   (1L << 25)

CREATE_VIEW_ACL

#define CREATE_VIEW_ACL   (1L << 21)

DB_ACLS

#define DB_ACLS   (DB_OP_ACLS | GRANT_ACL)

Represents all privileges which could be granted to users at DB-level.

It essentially represents all the privileges present in the mysql.db table.

DB_CHUNK0

#define DB_CHUNK0   (SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL)

DB_CHUNK1

#define DB_CHUNK1   (GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL)

DB_CHUNK2

#define DB_CHUNK2   (CREATE_TMP_ACL | LOCK_TABLES_ACL)

DB_CHUNK3

#define DB_CHUNK3   (CREATE_VIEW_ACL | SHOW_VIEW_ACL | CREATE_PROC_ACL | ALTER_PROC_ACL)

DB_CHUNK4

#define DB_CHUNK4   (EXECUTE_ACL)

DB_CHUNK5

#define DB_CHUNK5   (EVENT_ACL | TRIGGER_ACL)

DB_OP_ACLS

#define DB_OP_ACLS

Value:

(UPDATE_ACL | SELECT_ACL | INSERT_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
   REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_TMP_ACL | LOCK_TABLES_ACL | \
   EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | CREATE_PROC_ACL |           \
   ALTER_PROC_ACL | EVENT_ACL | TRIGGER_ACL)

Privileges to perform database related operations.

Use this macro over DB_ACLS unless there is real need to use additional privileges present in the DB_ACLS

DEFAULT_CREATE_PROC_ACLS

#define DEFAULT_CREATE_PROC_ACLS   (ALTER_PROC_ACL | EXECUTE_ACL)

DELETE_ACL

#define DELETE_ACL   (1L << 3)

DROP_ACL

#define DROP_ACL   (1L << 5)

DROP_ROLE_ACL

#define DROP_ROLE_ACL   (1L << 30)

EVENT_ACL

#define EVENT_ACL   (1L << 26)

EXECUTE_ACL

#define EXECUTE_ACL   (1L << 18)

FILE_ACL

#define FILE_ACL   (1L << 9)

fix_rights_for_column

#define fix_rights_for_column

(

A

)

(((A)&7) | (((A) & ~7) << 8))

fix_rights_for_db

#define fix_rights_for_db

(

A

)

Value:

(((A)&DB_CHUNK0) | (((A) << 4) & DB_CHUNK1) | (((A) << 6) & DB_CHUNK2) | \
   (((A) << 9) & DB_CHUNK3) | (((A) << 2) & DB_CHUNK4)) |                  \
      (((A) << 9) & DB_CHUNK5)

fix_rights_for_procedure

#define fix_rights_for_procedure

(

A

)

Value:

((((A) << 18) & EXECUTE_ACL) | (((A) << 23) & ALTER_PROC_ACL) | \
   (((A) << 8) & GRANT_ACL))

fix_rights_for_table

#define fix_rights_for_table

(

A

)

Value:

(((A)&TBL_CHUNK0) | (((A) << 4) & TBL_CHUNK1) | (((A) << 11) & TBL_CHUNK2) | \
   (((A) << 15) & TBL_CHUNK3))

get_rights_for_column

#define get_rights_for_column

(

A

)

(((A)&7) | ((A) >> 8))

get_rights_for_db

#define get_rights_for_db

(

A

)

Value:

(((A)&DB_CHUNK0) | (((A)&DB_CHUNK1) >> 4) | (((A)&DB_CHUNK2) >> 6) | \
   (((A)&DB_CHUNK3) >> 9) | (((A)&DB_CHUNK4) >> 2)) |                  \
      (((A)&DB_CHUNK5) >> 9)

get_rights_for_procedure

#define get_rights_for_procedure

(

A

)

Value:

((((A)&EXECUTE_ACL) >> 18) | (((A)&ALTER_PROC_ACL) >> 23) | \
   (((A)&GRANT_ACL) >> 8))

get_rights_for_table

#define get_rights_for_table

(

A

)

Value:

(((A)&TBL_CHUNK0) | (((A)&TBL_CHUNK1) >> 4) | (((A)&TBL_CHUNK2) >> 11) | \
   (((A)&TBL_CHUNK3) >> 15))

GLOBAL_ACLS

#define GLOBAL_ACLS

Value:

(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
   RELOAD_ACL | SHUTDOWN_ACL | PROCESS_ACL | FILE_ACL | GRANT_ACL |            \
   REFERENCES_ACL | INDEX_ACL | ALTER_ACL | SHOW_DB_ACL | SUPER_ACL |          \
   CREATE_TMP_ACL | LOCK_TABLES_ACL | REPL_SLAVE_ACL | REPL_CLIENT_ACL |       \
   EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | CREATE_PROC_ACL |           \
   ALTER_PROC_ACL | CREATE_USER_ACL | EVENT_ACL | TRIGGER_ACL |                \
   CREATE_TABLESPACE_ACL | CREATE_ROLE_ACL | DROP_ROLE_ACL)

Represents all privileges which could be granted to users globally.

It essentially represents all the privileges present in the mysql.user table

GRANT_ACL

#define GRANT_ACL   (1L << 10)

INDEX_ACL

#define INDEX_ACL   (1L << 12)

INSERT_ACL

#define INSERT_ACL   (1L << 1)

LOCK_TABLES_ACL

#define LOCK_TABLES_ACL   (1L << 17)

NO_ACCESS

#define NO_ACCESS   (1L << 31)

NUM_ACLS

#define NUM_ACLS   31

PROC_ACLS

#define PROC_ACLS   (PROC_OP_ACLS | GRANT_ACL)

Represents all privileges which could be granted to users for stored procedures.

It essentially represents all the privileges present in the mysql.procs_priv table.

PROC_OP_ACLS

#define PROC_OP_ACLS   (ALTER_PROC_ACL | EXECUTE_ACL)

Privileges to modify or execute stored procedures.

Use this macro over PROC_ACLS unless there is real need to use additional privileges present in the PROC_ACLS

PROCESS_ACL

#define PROCESS_ACL   (1L << 8)

REFERENCES_ACL

#define REFERENCES_ACL   (1L << 11)

RELOAD_ACL

#define RELOAD_ACL   (1L << 6)

REPL_CLIENT_ACL

#define REPL_CLIENT_ACL   (1L << 20)

REPL_SLAVE_ACL

#define REPL_SLAVE_ACL   (1L << 19)

SELECT_ACL

#define SELECT_ACL   (1L << 0)

SHOW_DB_ACL

#define SHOW_DB_ACL   (1L << 14)

SHOW_PROC_ACLS

#define SHOW_PROC_ACLS   (PROC_OP_ACLS | CREATE_PROC_ACL)

Represents all privileges which are required to show the stored procedure.

SHOW_VIEW_ACL

#define SHOW_VIEW_ACL   (1L << 22)

SHUTDOWN_ACL

#define SHUTDOWN_ACL   (1L << 7)

SUPER_ACL

#define SUPER_ACL   (1L << 15)

TABLE_ACLS

#define TABLE_ACLS   (TABLE_OP_ACLS | GRANT_ACL)

Represents all privileges which could be granted to users at table-level.

It essentially represents all the privileges present in the mysql.tables_priv table.

TABLE_OP_ACLS

#define TABLE_OP_ACLS

Value:

(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
   REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL |  \
   TRIGGER_ACL)

Privileges to perform table related operations.

Use this macro over TABLE_ACLS unless there is real need to use additional privileges present in the DB_ACLS

TBL_CHUNK0

#define TBL_CHUNK0   DB_CHUNK0

TBL_CHUNK1

#define TBL_CHUNK1   DB_CHUNK1

TBL_CHUNK2

#define TBL_CHUNK2   (CREATE_VIEW_ACL | SHOW_VIEW_ACL)

TBL_CHUNK3

#define TBL_CHUNK3   TRIGGER_ACL

TMP_TABLE_ACLS

#define TMP_TABLE_ACLS

Value:

(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
   INDEX_ACL | ALTER_ACL)

Table-level privileges which are automatically "granted" to everyone on existing temporary tables (CREATE_ACL is necessary for ALTER ...

RENAME).

TRIGGER_ACL

#define TRIGGER_ACL   (1L << 27)

UPDATE_ACL

#define UPDATE_ACL   (1L << 2)

Variable Documentation

global_acls_map

const std::unordered_map<std::string, int> global_acls_map

Bitmap offsets for static privileges.

global_acls_vector

const std::vector<std::string> global_acls_vector

Consts for static privileges.