MySQL 9.2.0
Source Code Documentation
auth_common.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef AUTH_COMMON_INCLUDED
25#define AUTH_COMMON_INCLUDED
26
27#include <assert.h>
28#include <stddef.h>
29#include <stdint.h>
30#include <sys/types.h>
31#include <functional>
32#include <list>
33#include <memory>
34#include <string>
35#include <utility>
36#include <vector>
37
38#include "lex_string.h"
39#include "my_command.h"
40
41#include "my_hostname.h" // HOSTNAME_LENGTH
42#include "my_inttypes.h"
43#include "mysql_com.h" // USERNAME_LENGTH
44#include "sql/auth/auth_acls.h" // Access_bitmask
45#include "template_utils.h"
46
47#include <openssl/rsa.h>
48
49/* Forward Declarations */
50class Alter_info;
52class Item;
53class LEX_COLUMN;
54class String;
55class THD;
56struct CHARSET_INFO;
57struct GRANT_INFO;
59struct HA_CREATE_INFO;
60struct LEX_USER;
61template <class T>
62class List;
63typedef struct user_conn USER_CONN;
65class ACL_USER;
66struct TABLE;
67struct MEM_ROOT;
68class Table_ref;
69enum class role_enum;
70enum class Consumer_type;
71class LEX_GRANT_AS;
73typedef std::vector<ACL_temporary_lock_state> Lock_state_list;
74enum class Acl_type;
75
76namespace consts {
77extern const std::string mysql;
78extern const std::string system_user;
79extern const std::string connection_admin;
80} // namespace consts
81
82/** user, host tuple which reference either acl_cache or g_default_roles */
83typedef std::pair<LEX_CSTRING, LEX_CSTRING> Auth_id_ref;
84typedef std::vector<Auth_id_ref> List_of_auth_id_refs;
85
86bool operator<(const Auth_id_ref &a, const Auth_id_ref &b);
87
89 /**
90 Access granted for all the requested privileges,
91 do not use the grant tables.
92 This flag is used only for the INFORMATION_SCHEMA privileges,
93 for compatibility reasons.
94 */
96 /** Access denied, do not use the grant tables. */
98 /** No decision yet, use the grant tables. */
101
102/* Classes */
103
104/**
105 Per internal table ACL access rules.
106 This class is an interface.
107 Per table(s) specific access rule should be implemented in a subclass.
108 @sa ACL_internal_schema_access
109*/
111 public:
113
114 virtual ~ACL_internal_table_access() = default;
115
116 /**
117 Check access to an internal table.
118 When a privilege is granted, this method add the requested privilege
119 to save_priv.
120 @param want_access the privileges requested
121 @param [in, out] save_priv the privileges granted
122 @param any_combination_will_do true if it's enough to have any privilege
123 for any combination of the table columns.
124 @retval ACL_INTERNAL_ACCESS_GRANTED All the requested privileges
125 are granted, and saved in save_priv.
126 @retval ACL_INTERNAL_ACCESS_DENIED At least one of the requested
127 privileges was denied.
128 @retval ACL_INTERNAL_ACCESS_CHECK_GRANT No requested privilege
129 was denied, and grant should be checked for at least one
130 privilege. Requested privileges that are granted, if any, are saved
131 in save_priv.
132 */
134 Access_bitmask want_access, Access_bitmask *save_priv,
135 bool any_combination_will_do) const = 0;
136};
137
138/**
139 Per internal schema ACL access rules.
140 This class is an interface.
141 Each per schema specific access rule should be implemented
142 in a different subclass, and registered.
143 Per schema access rules can control:
144 - every schema privileges on schema.*
145 - every table privileges on schema.table
146 @sa ACL_internal_schema_registry
147*/
149 public:
151
152 virtual ~ACL_internal_schema_access() = default;
153
154 /**
155 Check access to an internal schema.
156 @param want_access the privileges requested
157 @param [in, out] save_priv the privileges granted
158 @param any_combination_will_do true if it's enough to have any privilege
159 for any combination of the table columns.
160 @retval ACL_INTERNAL_ACCESS_GRANTED All the requested privileges
161 are granted, and saved in save_priv.
162 @retval ACL_INTERNAL_ACCESS_DENIED At least one of the requested
163 privileges was denied.
164 @retval ACL_INTERNAL_ACCESS_CHECK_GRANT No requested privilege
165 was denied, and grant should be checked for at least one
166 privilege. Requested privileges that are granted, if any, are saved
167 in save_priv.
168 */
170 Access_bitmask want_access, Access_bitmask *save_priv,
171 bool any_combination_will_do) const = 0;
172
173 /**
174 Search for per table ACL access rules by table name.
175 @param name the table name
176 @return per table access rules, or NULL
177 */
178 virtual const ACL_internal_table_access *lookup(const char *name) const = 0;
179};
180
181/**
182 A registry for per internal schema ACL.
183 An 'internal schema' is a database schema maintained by the
184 server implementation, such as 'performance_schema' and 'INFORMATION_SCHEMA'.
185*/
187 public:
188 static void register_schema(const LEX_CSTRING &name,
189 const ACL_internal_schema_access *access);
190 static const ACL_internal_schema_access *lookup(const char *name);
191};
192
193/**
194 Extension of ACL_internal_schema_access for Information Schema
195*/
197 public:
199
200 ~IS_internal_schema_access() override = default;
201
203 Access_bitmask *save_priv,
204 bool any_combination_will_do) const override;
205
206 const ACL_internal_table_access *lookup(const char *name) const override;
207};
208
209/* Data Structures */
210
211extern const std::vector<std::string> global_acls_vector;
212
238
293
304
316
327
339
348
356
364
372
373/* When we run mysql_upgrade we must make sure that the server can be run
374 using previous mysql.user table schema during acl_load.
375
376 User_table_schema is a common interface for the current and the
377 previous mysql.user table schema.
378 */
380 public:
381 virtual uint host_idx() = 0;
382 virtual uint user_idx() = 0;
383 virtual uint password_idx() = 0;
384 virtual uint select_priv_idx() = 0;
385 virtual uint insert_priv_idx() = 0;
386 virtual uint update_priv_idx() = 0;
387 virtual uint delete_priv_idx() = 0;
388 virtual uint create_priv_idx() = 0;
389 virtual uint drop_priv_idx() = 0;
390 virtual uint reload_priv_idx() = 0;
391 virtual uint shutdown_priv_idx() = 0;
392 virtual uint process_priv_idx() = 0;
393 virtual uint file_priv_idx() = 0;
394 virtual uint grant_priv_idx() = 0;
395 virtual uint references_priv_idx() = 0;
396 virtual uint index_priv_idx() = 0;
397 virtual uint alter_priv_idx() = 0;
398 virtual uint show_db_priv_idx() = 0;
399 virtual uint super_priv_idx() = 0;
400 virtual uint create_tmp_table_priv_idx() = 0;
401 virtual uint lock_tables_priv_idx() = 0;
402 virtual uint execute_priv_idx() = 0;
403 virtual uint repl_slave_priv_idx() = 0;
404 virtual uint repl_client_priv_idx() = 0;
405 virtual uint create_view_priv_idx() = 0;
406 virtual uint show_view_priv_idx() = 0;
407 virtual uint create_routine_priv_idx() = 0;
408 virtual uint alter_routine_priv_idx() = 0;
409 virtual uint create_user_priv_idx() = 0;
410 virtual uint event_priv_idx() = 0;
411 virtual uint trigger_priv_idx() = 0;
412 virtual uint create_tablespace_priv_idx() = 0;
413 virtual uint create_role_priv_idx() = 0;
414 virtual uint drop_role_priv_idx() = 0;
415 virtual uint ssl_type_idx() = 0;
416 virtual uint ssl_cipher_idx() = 0;
417 virtual uint x509_issuer_idx() = 0;
418 virtual uint x509_subject_idx() = 0;
419 virtual uint max_questions_idx() = 0;
420 virtual uint max_updates_idx() = 0;
421 virtual uint max_connections_idx() = 0;
422 virtual uint max_user_connections_idx() = 0;
423 virtual uint plugin_idx() = 0;
424 virtual uint authentication_string_idx() = 0;
425 virtual uint password_expired_idx() = 0;
426 virtual uint password_last_changed_idx() = 0;
427 virtual uint password_lifetime_idx() = 0;
428 virtual uint account_locked_idx() = 0;
429 virtual uint password_reuse_history_idx() = 0;
430 virtual uint password_reuse_time_idx() = 0;
431 // Added in 8.0.13
433 // Added in 8.0.14
434 virtual uint user_attributes_idx() = 0;
435
436 virtual ~User_table_schema() = default;
437};
438
439/*
440 This class describes indices for the current mysql.user table schema.
441 */
443 public:
444 uint host_idx() override { return MYSQL_USER_FIELD_HOST; }
445 uint user_idx() override { return MYSQL_USER_FIELD_USER; }
446 // not available
447 uint password_idx() override {
448 assert(0);
450 }
456 uint drop_priv_idx() override { return MYSQL_USER_FIELD_DROP_PRIV; }
460 uint file_priv_idx() override { return MYSQL_USER_FIELD_FILE_PRIV; }
461 uint grant_priv_idx() override { return MYSQL_USER_FIELD_GRANT_PRIV; }
462 uint references_priv_idx() override {
464 }
465 uint index_priv_idx() override { return MYSQL_USER_FIELD_INDEX_PRIV; }
466 uint alter_priv_idx() override { return MYSQL_USER_FIELD_ALTER_PRIV; }
468 uint super_priv_idx() override { return MYSQL_USER_FIELD_SUPER_PRIV; }
469 uint create_role_priv_idx() override {
471 }
475 }
476 uint lock_tables_priv_idx() override {
478 }
480 uint repl_slave_priv_idx() override {
482 }
483 uint repl_client_priv_idx() override {
485 }
486 uint create_view_priv_idx() override {
488 }
490 uint create_routine_priv_idx() override {
492 }
493 uint alter_routine_priv_idx() override {
495 }
496 uint create_user_priv_idx() override {
498 }
499 uint event_priv_idx() override { return MYSQL_USER_FIELD_EVENT_PRIV; }
503 }
504 uint ssl_type_idx() override { return MYSQL_USER_FIELD_SSL_TYPE; }
505 uint ssl_cipher_idx() override { return MYSQL_USER_FIELD_SSL_CIPHER; }
510 uint max_connections_idx() override {
512 }
513 uint max_user_connections_idx() override {
515 }
516 uint plugin_idx() override { return MYSQL_USER_FIELD_PLUGIN; }
519 }
520 uint password_expired_idx() override {
522 }
525 }
526 uint password_lifetime_idx() override {
528 }
532 }
533 uint password_reuse_time_idx() override {
535 }
538 }
539 uint user_attributes_idx() override {
541 }
542};
543
544/*
545 This class describes indices for the old mysql.user table schema.
546 */
548 public:
594 };
595
596 uint host_idx() override { return MYSQL_USER_FIELD_HOST_56; }
597 uint user_idx() override { return MYSQL_USER_FIELD_USER_56; }
598 uint password_idx() override { return MYSQL_USER_FIELD_PASSWORD_56; }
606 uint shutdown_priv_idx() override {
608 }
612 uint references_priv_idx() override {
614 }
621 }
622 uint lock_tables_priv_idx() override {
624 }
626 uint repl_slave_priv_idx() override {
628 }
629 uint repl_client_priv_idx() override {
631 }
632 uint create_view_priv_idx() override {
634 }
635 uint show_view_priv_idx() override {
637 }
638 uint create_routine_priv_idx() override {
640 }
641 uint alter_routine_priv_idx() override {
643 }
644 uint create_user_priv_idx() override {
646 }
651 }
652 uint ssl_type_idx() override { return MYSQL_USER_FIELD_SSL_TYPE_56; }
656 uint max_questions_idx() override {
658 }
660 uint max_connections_idx() override {
662 }
663 uint max_user_connections_idx() override {
665 }
666 uint plugin_idx() override { return MYSQL_USER_FIELD_PLUGIN_56; }
669 }
670 uint password_expired_idx() override {
672 }
673
674 // those fields are not available in 5.6 db schema
677 }
684 }
688 }
690};
691
693 public:
696 ? implicit_cast<User_table_schema *>(new User_table_old_schema())
697 : implicit_cast<User_table_schema *>(
699 }
700
701 virtual bool is_old_user_table_schema(TABLE *table);
702 virtual ~User_table_schema_factory() = default;
703};
704
707extern const char *any_db; // Special symbol for check_access
708/** controls the extra checks on plugin availability for mysql.user records */
709
710extern bool validate_user_plugins;
711
712/* Function Declarations */
713
714/* sql_authentication */
715void acl_log_connect(const char *user, const char *host, const char *auth_as,
716 const char *db, THD *thd,
719bool acl_check_host(THD *thd, const char *host, const char *ip);
720
721/*
722 User Attributes are the once which are defined during CREATE/ALTER/GRANT
723 statement. These attributes are divided into following categories.
724*/
725
726#define NONE_ATTR 0L
727#define DEFAULT_AUTH_ATTR (1L << 0) /* update defaults auth */
728#define PLUGIN_ATTR (1L << 1) /* update plugin */
729 /* authentication_string */
730#define SSL_ATTR (1L << 2) /* ex: SUBJECT,CIPHER.. */
731#define RESOURCE_ATTR (1L << 3) /* ex: MAX_QUERIES_PER_HOUR.. */
732#define PASSWORD_EXPIRE_ATTR (1L << 4) /* update password expire col */
733#define ACCESS_RIGHTS_ATTR (1L << 5) /* update privileges */
734#define ACCOUNT_LOCK_ATTR (1L << 6) /* update account lock status */
735#define DIFFERENT_PLUGIN_ATTR \
736 (1L << 7) /* updated plugin with a different value */
737#define USER_ATTRIBUTES (1L << 8) /* Request to update user attributes */
738
739/* sql_user */
740void log_user(THD *thd, String *str, LEX_USER *user, bool comma);
741bool check_change_password(THD *thd, const char *host, const char *user,
742 bool retain_current_password);
743bool change_password(THD *thd, LEX_USER *user, const char *password,
744 const char *current_password,
745 bool retain_current_password);
746bool mysql_create_user(THD *thd, List<LEX_USER> &list, bool if_not_exists,
747 bool is_role);
748bool mysql_alter_user(THD *thd, List<LEX_USER> &list, bool if_exists);
749bool mysql_drop_user(THD *thd, List<LEX_USER> &list, bool if_exists,
750 bool drop_role);
753
754/* sql_auth_cache */
755void init_acl_memory();
756int wild_case_compare(CHARSET_INFO *cs, const char *str, const char *wildstr);
757int wild_case_compare(CHARSET_INFO *cs, const char *str, size_t str_len,
758 const char *wildstr, size_t wildstr_len);
759bool hostname_requires_resolving(const char *hostname);
760bool acl_init(bool dont_read_acl_tables);
761bool is_acl_inited();
762void acl_free(bool end = false);
763bool check_engine_type_for_acl_table(THD *thd, bool mdl_locked);
765void grant_free(void);
766bool reload_acl_caches(THD *thd, bool mdl_locked,
767 bool preserve_temporary_account_locking,
768 Lock_state_list *modified_user_lock_state_list);
769Access_bitmask acl_get(THD *thd, const char *host, const char *ip,
770 const char *user, const char *db, bool db_is_pattern);
771bool is_acl_user(THD *thd, const char *host, const char *user);
772bool acl_getroot(THD *thd, Security_context *sctx, const char *user,
773 const char *host, const char *ip, const char *db);
774bool check_acl_tables_intact(THD *thd, bool mdl_locked);
775bool check_acl_tables_intact(THD *thd, Table_ref *tables);
776void notify_flush_event(THD *thd);
778void append_auth_id_string(const THD *thd, const char *user, size_t user_len,
779 const char *host, size_t host_len, String *str);
780
781/* sql_authorization */
782bool skip_grant_tables();
784bool mysql_set_role_default(THD *thd);
785bool mysql_set_active_role_all(THD *thd, const List<LEX_USER> *except_users);
786bool mysql_set_active_role(THD *thd, const List<LEX_USER> *role_list);
787bool mysql_grant(THD *thd, const char *db, List<LEX_USER> &list,
788 Access_bitmask rights, bool revoke_grant, bool is_proxy,
789 const List<LEX_CSTRING> &dynamic_privilege,
790 bool grant_all_current_privileges, LEX_GRANT_AS *grant_as);
791bool mysql_routine_grant(THD *thd, Table_ref *table, Acl_type routine_acl_type,
792 List<LEX_USER> &user_list, Access_bitmask rights,
793 bool revoke, bool write_to_binlog,
794 bool all_current_privileges);
795int mysql_table_grant(THD *thd, Table_ref *table, List<LEX_USER> &user_list,
796 List<LEX_COLUMN> &column_list, Access_bitmask rights,
797 bool revoke, bool all_current_privileges);
798bool check_grant(THD *thd, Access_bitmask want_access, Table_ref *tables,
799 bool any_combination_will_do, uint number, bool no_errors);
800bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name,
801 const char *table_name, const char *name, size_t length,
802 Security_context *sctx, Access_bitmask want_privilege);
803bool check_column_grant_in_table_ref(THD *thd, Table_ref *table_ref,
804 const char *name, size_t length,
805 Access_bitmask want_privilege);
806bool check_grant_all_columns(THD *thd, Access_bitmask want_access,
808bool check_grant_routine(THD *thd, Access_bitmask want_access, Table_ref *procs,
809 Acl_type routine_acl_type, bool no_error);
810bool check_grant_db(THD *thd, const char *db,
811 const bool check_table_grant = false);
812bool acl_check_proxy_grant_access(THD *thd, const char *host, const char *user,
813 bool with_grant);
814void get_privilege_desc(char *to, uint max_length, Access_bitmask access);
815void get_mqh(THD *thd, const char *user, const char *host, USER_CONN *uc);
818 const char *db_name, const char *table_name,
819 const char *field_name);
820bool mysql_show_grants(THD *, LEX_USER *, const List_of_auth_id_refs &, bool,
821 bool);
822bool mysql_show_create_user(THD *thd, LEX_USER *user, bool are_both_users_same);
824bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name,
825 Acl_type routine_acl_type);
826bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
827 Acl_type routine_acl_type);
829 const char *db, const char *table);
830int fill_schema_user_privileges(THD *thd, Table_ref *tables, Item *cond);
831int fill_schema_schema_privileges(THD *thd, Table_ref *tables, Item *cond);
832int fill_schema_table_privileges(THD *thd, Table_ref *tables, Item *cond);
833int fill_schema_column_privileges(THD *thd, Table_ref *tables, Item *cond);
835 GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name);
836
837bool lock_tables_precheck(THD *thd, Table_ref *tables);
838bool create_table_precheck(THD *thd, Table_ref *tables,
840bool check_fk_parent_table_access(THD *thd, HA_CREATE_INFO *create_info,
841 Alter_info *alter_info);
843 bool *fake_lock_tables_acl);
844bool check_readonly(THD *thd, bool err_if_readonly);
845void err_readonly(THD *thd);
846
848
849bool check_one_table_access(THD *thd, Access_bitmask privilege,
850 Table_ref *tables);
851bool check_single_table_access(THD *thd, Access_bitmask privilege,
852 Table_ref *tables, bool no_errors);
853bool check_routine_access(THD *thd, Access_bitmask want_access, const char *db,
854 const char *name, Acl_type routine_acl_type,
855 bool no_errors);
856bool check_some_access(THD *thd, Access_bitmask want_access, Table_ref *table);
857bool has_full_view_routine_access(THD *thd, const char *db,
858 const char *definer_user,
859 const char *definer_host);
860bool has_partial_view_routine_access(THD *thd, const char *db,
861 const char *routine_name,
862 Acl_type routine_acl_type);
863bool check_access(THD *thd, Access_bitmask want_access, const char *db,
864 Access_bitmask *save_priv,
865 GRANT_INTERNAL_INFO *grant_internal_info,
866 bool dont_check_global_grants, bool no_errors);
867bool check_table_access(THD *thd, Access_bitmask requirements,
868 Table_ref *tables,
869 bool any_combination_of_privileges_will_do, uint number,
870 bool no_errors);
872bool mysql_grant_role(THD *thd, const List<LEX_USER> *users,
873 const List<LEX_USER> *roles, bool with_admin_opt);
874bool mysql_revoke_role(THD *thd, const List<LEX_USER> *users,
875 const List<LEX_USER> *roles);
877
878bool is_granted_table_access(THD *thd, Access_bitmask required_acl,
880
882 const List<LEX_USER> *users,
883 const List<LEX_USER> *roles);
884void roles_graphml(THD *thd, String *);
885bool has_grant_role_privilege(THD *thd, const List<LEX_USER> *roles);
887std::string create_authid_str_from(const LEX_USER *user);
888std::pair<std::string, std::string> get_authid_from_quoted_string(
889 std::string str);
890void append_identifier_with_backtick(String *packet, const char *name,
891 size_t length);
892bool is_role_id(LEX_USER *authid);
893void shutdown_acl_cache();
895 LEX_CSTRING role_host);
896bool is_mandatory_role(LEX_CSTRING role, LEX_CSTRING role_host,
897 bool *is_mandatory);
898bool check_global_access(THD *thd, Access_bitmask want_access);
899
900/* sql_user_table */
902bool is_acl_table_name(const char *name);
903#ifndef NDEBUG
904bool is_acl_table(const TABLE *table);
905#endif
906
913
915extern bool opt_auto_generate_certs;
916bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status,
917 const char **ssl_ca, const char **ssl_key,
918 const char **ssl_cert);
919
920#define DEFAULT_SSL_CA_CERT "ca.pem"
921#define DEFAULT_SSL_CA_KEY "ca-key.pem"
922#define DEFAULT_SSL_SERVER_CERT "server-cert.pem"
923#define DEFAULT_SSL_SERVER_KEY "server-key.pem"
924
925void update_mandatory_roles(void);
926bool check_authorization_id_string(THD *thd, LEX_STRING &mandatory_roles);
927void func_current_role(const THD *thd, String *active_role);
928
930
934 virtual ~Security_context_policy() = default;
937};
938
939typedef std::function<bool(Security_context *,
942
943template <class Derived>
945 public:
946 bool operator()(Security_context *sctx, Operation op) override {
947 if (op == Precheck && static_cast<Derived *>(this)->precheck(sctx))
948 return true;
949 if (op == Execute && static_cast<Derived *>(this)->create(sctx))
950 return true;
951 return false;
952 }
953};
954
955template <class Derived>
957 public:
958 bool operator()(Security_context *sctx, Operation op) override {
959 if (op == Precheck && static_cast<Derived *>(this)->precheck(sctx))
960 return true;
961 if (op == Execute && static_cast<Derived *>(this)->grant_privileges(sctx))
962 return true;
963 return false;
964 }
965};
966
967template <typename T>
968using Sctx_ptr = std::unique_ptr<T, std::function<void(T *)>>;
969
970/**
971 Factory for creating any Security_context given a pre-constructed policy.
972*/
974 public:
975 /**
976 Default Security_context factory implementation. Given two policies and
977 a authid this class returns a Security_context.
978 @param thd The thread handle
979 @param user User name associated with auth id
980 @param host Host name associated with auth id
981 @param extend_user_profile The policy for creating the user profile
982 @param priv The policy for authorizing the authid to
983 use the server.
984 @param static_priv Static privileges for authid.
985 @param drop_policy The policy for deleting the authid and
986 revoke privileges
987 */
988 Security_context_factory(THD *thd, std::string user, std::string host,
989 Security_context_functor extend_user_profile,
991 Security_context_functor static_priv,
992 std::function<void(Security_context *)> drop_policy)
993 : m_thd(thd),
994 m_user(std::move(user)),
995 m_host(std::move(host)),
996 m_user_profile(std::move(extend_user_profile)),
997 m_privileges(std::move(priv)),
998 m_static_privileges(std::move(static_priv)),
999 m_drop_policy(std::move(drop_policy)) {}
1000
1002
1003 private:
1005
1007 std::string m_user;
1008 std::string m_host;
1012 const std::function<void(Security_context *)> m_drop_policy;
1013};
1014
1015class Default_local_authid : public Create_authid<Default_local_authid> {
1016 public:
1017 Default_local_authid(const THD *thd);
1018 bool precheck(Security_context *sctx);
1019 bool create(Security_context *sctx);
1020
1021 private:
1022 const THD *m_thd;
1023};
1024
1025/**
1026 Grant the privilege temporarily to the in-memory global privileges map.
1027 This class is not thread safe.
1028 */
1030 : public Grant_privileges<Grant_temporary_dynamic_privileges> {
1031 public:
1033 std::vector<std::string> privs);
1034 bool precheck(Security_context *sctx);
1036
1037 private:
1038 const THD *m_thd;
1039 const std::vector<std::string> m_privs;
1040};
1041
1043 public:
1044 explicit Drop_temporary_dynamic_privileges(std::vector<std::string> privs)
1045 : m_privs(std::move(privs)) {}
1046 void operator()(Security_context *sctx);
1047
1048 private:
1049 std::vector<std::string> m_privs;
1050};
1051
1053 : public Grant_privileges<Grant_temporary_static_privileges> {
1054 public:
1055 Grant_temporary_static_privileges(const THD *thd, const Access_bitmask privs);
1056 bool precheck(Security_context *sctx);
1058
1059 private:
1060 /** THD handle */
1061 const THD *m_thd;
1062
1063 /** Privileges */
1065};
1066
1067bool operator==(const LEX_CSTRING &a, const LEX_CSTRING &b);
1068bool is_partial_revoke_exists(THD *thd);
1069void set_system_user_flag(THD *thd, bool check_for_main_security_ctx = false);
1071 bool check_for_main_security_ctx = false);
1072
1073/**
1074 Storage container for default auth ids. Default roles are only weakly
1075 depending on ACL_USERs. You can retain a default role even if the
1076 corresponding ACL_USER is missing in the acl_cache.
1077*/
1078class Auth_id {
1079 public:
1081 Auth_id(const char *user, size_t user_len, const char *host, size_t host_len);
1082 Auth_id(const Auth_id_ref &id);
1083 Auth_id(const LEX_CSTRING &user, const LEX_CSTRING &host);
1084 Auth_id(const std::string &user, const std::string &host);
1085 Auth_id(const LEX_USER *lex_user);
1086 Auth_id(const ACL_USER *acl_user);
1087
1089 Auth_id(const Auth_id &id);
1090 Auth_id &operator=(const Auth_id &) = default;
1091
1092 bool operator<(const Auth_id &id) const;
1093 void auth_str(std::string *out) const;
1094 std::string auth_str() const;
1095 const std::string &user() const;
1096 const std::string &host() const;
1097
1098 private:
1099 void create_key();
1100 /** User part */
1101 std::string m_user;
1102 /** Host part */
1103 std::string m_host;
1104 /**
1105 Key: Internal representation mainly to facilitate use of
1106 Auth_id class in standard container.
1107 Format: 'user\0host\0'
1108 */
1109 std::string m_key;
1110};
1111
1112/*
1113 As of now Role_id is an alias of Auth_id.
1114 We may extend the Auth_id as Role_id once
1115 more substances are added to latter.
1116*/
1118
1119/**
1120 Length of string buffer, that is enough to contain
1121 username and hostname parts of the user identifier with trailing zero in
1122 MySQL standard format:
1123 user_name_part\@host_name_part\\0
1124*/
1125static constexpr int USER_HOST_BUFF_SIZE =
1127
1129 std::string user;
1130 std::string host;
1131 std::string password;
1133};
1134
1135void generate_random_password(std::string *password, uint32_t);
1136typedef std::list<random_password_info> Userhostpassword_list;
1138 const Userhostpassword_list &generated_passwords);
1139bool lock_and_get_mandatory_roles(std::vector<Role_id> *mandatory_roles);
1141 const std::string &json_blob, bool expect_text);
1142
1143/* helper method to check if sandbox mode should be turned off or not */
1145
1146#if OPENSSL_VERSION_NUMBER >= 0x30000000L
1147bool decrypt_RSA_private_key(uchar *pkt, int cipher_length,
1148 unsigned char *plain_text, size_t plain_text_len,
1149 EVP_PKEY *private_key);
1150#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
1151bool decrypt_RSA_private_key(uchar *pkt, int cipher_length,
1152 unsigned char *plain_text, size_t plain_text_len,
1153 RSA *private_key);
1154#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
1155
1156#endif /* AUTH_COMMON_INCLUDED */
uint32_t Access_bitmask
Definition: auth_acls.h:34
mysql_dynamic_priv_table_field
Definition: auth_common.h:365
@ MYSQL_DYNAMIC_PRIV_FIELD_PRIV
Definition: auth_common.h:368
@ MYSQL_DYNAMIC_PRIV_FIELD_HOST
Definition: auth_common.h:367
@ MYSQL_DYNAMIC_PRIV_FIELD_USER
Definition: auth_common.h:366
@ MYSQL_DYNAMIC_PRIV_FIELD_COUNT
Definition: auth_common.h:370
@ MYSQL_DYNAMIC_PRIV_FIELD_WITH_GRANT_OPTION
Definition: auth_common.h:369
mysql_columns_priv_table_field
Definition: auth_common.h:317
@ MYSQL_COLUMNS_PRIV_FIELD_COLUMN_NAME
Definition: auth_common.h:322
@ MYSQL_COLUMNS_PRIV_FIELD_HOST
Definition: auth_common.h:318
@ MYSQL_COLUMNS_PRIV_FIELD_COLUMN_PRIV
Definition: auth_common.h:324
@ MYSQL_COLUMNS_PRIV_FIELD_TABLE_NAME
Definition: auth_common.h:321
@ MYSQL_COLUMNS_PRIV_FIELD_COUNT
Definition: auth_common.h:325
@ MYSQL_COLUMNS_PRIV_FIELD_DB
Definition: auth_common.h:319
@ MYSQL_COLUMNS_PRIV_FIELD_USER
Definition: auth_common.h:320
@ MYSQL_COLUMNS_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:323
void roles_graphml(THD *thd, String *)
Definition: sql_authorization.cc:4965
bool check_fk_parent_table_access(THD *thd, HA_CREATE_INFO *create_info, Alter_info *alter_info)
Checks foreign key's parent table access.
Definition: sql_authorization.cc:6010
bool check_grant(THD *thd, Access_bitmask want_access, Table_ref *tables, bool any_combination_will_do, uint number, bool no_errors)
Check table level grants.
Definition: sql_authorization.cc:3813
mysql_procs_priv_table_field
Definition: auth_common.h:305
@ MYSQL_PROCS_PRIV_FIELD_PROC_PRIV
Definition: auth_common.h:312
@ MYSQL_PROCS_PRIV_FIELD_ROUTINE_NAME
Definition: auth_common.h:309
@ MYSQL_PROCS_PRIV_FIELD_COUNT
Definition: auth_common.h:314
@ MYSQL_PROCS_PRIV_FIELD_HOST
Definition: auth_common.h:306
@ MYSQL_PROCS_PRIV_FIELD_DB
Definition: auth_common.h:307
@ MYSQL_PROCS_PRIV_FIELD_ROUTINE_TYPE
Definition: auth_common.h:310
@ MYSQL_PROCS_PRIV_FIELD_GRANTOR
Definition: auth_common.h:311
@ MYSQL_PROCS_PRIV_FIELD_USER
Definition: auth_common.h:308
@ MYSQL_PROCS_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:313
bool mysql_routine_grant(THD *thd, Table_ref *table, Acl_type routine_acl_type, List< LEX_USER > &user_list, Access_bitmask rights, bool revoke, bool write_to_binlog, bool all_current_privileges)
Store routine level grants in the privilege tables.
Definition: sql_authorization.cc:2950
bool has_partial_view_routine_access(THD *thd, const char *db, const char *routine_name, Acl_type routine_acl_type)
Check if user has partial access to view routine's properties (i.e.
Definition: sql_authorization.cc:2108
bool acl_check_host(THD *thd, const char *host, const char *ip)
Definition: sql_authentication.cc:2175
void get_privilege_desc(char *to, uint max_length, Access_bitmask access)
Definition: sql_authorization.cc:4581
bool lock_tables_precheck(THD *thd, Table_ref *tables)
Check privileges for LOCK TABLES statement.
Definition: sql_authorization.cc:1732
bool skip_grant_tables()
Definition: sql_auth_cache.cc:166
bool acl_check_proxy_grant_access(THD *thd, const char *host, const char *user, bool with_grant)
Definition: sql_authorization.cc:5630
bool check_global_access(THD *thd, Access_bitmask want_access)
check for global access and give descriptive error message if it fails.
Definition: sql_authorization.cc:5985
int mysql_table_grant(THD *thd, Table_ref *table, List< LEX_USER > &user_list, List< LEX_COLUMN > &column_list, Access_bitmask rights, bool revoke, bool all_current_privileges)
Definition: sql_authorization.cc:2657
void func_current_role(const THD *thd, String *active_role)
Helper function for Item_func_current_role.
Definition: sql_authorization.cc:6346
uint32 global_password_history
Global sysvar: the number of old passwords to check in the history.
Definition: sql_auth_cache.cc:3871
bool mysql_alter_or_clear_default_roles(THD *thd, role_enum role_type, const List< LEX_USER > *users, const List< LEX_USER > *roles)
Set the default roles to NONE, ALL or list of authorization IDs as roles, depending upon the role_typ...
Definition: sql_authorization.cc:6487
int fill_schema_table_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5832
void append_auth_id_string(const THD *thd, const char *user, size_t user_len, const char *host, size_t host_len, String *str)
Append the user@host to the str.
Definition: sql_auth_cache.cc:746
std::pair< LEX_CSTRING, LEX_CSTRING > Auth_id_ref
user, host tuple which reference either acl_cache or g_default_roles
Definition: auth_common.h:83
std::unique_ptr< T, std::function< void(T *)> > Sctx_ptr
Definition: auth_common.h:968
mysql_role_edges_table_field
Definition: auth_common.h:340
@ MYSQL_ROLE_EDGES_FIELD_TO_USER
Definition: auth_common.h:344
@ MYSQL_ROLE_EDGES_FIELD_WITH_ADMIN_OPTION
Definition: auth_common.h:345
@ MYSQL_ROLE_EDGES_FIELD_FROM_USER
Definition: auth_common.h:342
@ MYSQL_ROLE_EDGES_FIELD_TO_HOST
Definition: auth_common.h:343
@ MYSQL_ROLE_EDGES_FIELD_FROM_HOST
Definition: auth_common.h:341
@ MYSQL_ROLE_EDGES_FIELD_COUNT
Definition: auth_common.h:346
void acl_log_connect(const char *user, const char *host, const char *auth_as, const char *db, THD *thd, enum enum_server_command command)
Logging connection for the general query log, extracted from acl_authenticate() as it's reused at dif...
Definition: sql_authentication.cc:3851
bool is_acl_table_name(const char *name)
Check if given table name is a ACL table name.
Definition: sql_user_table.cc:2647
int fill_schema_schema_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5770
std::function< bool(Security_context *, Security_context_policy::Operation)> Security_context_functor
Definition: auth_common.h:941
bool validate_user_plugins
controls the extra checks on plugin availability for mysql.user records
Definition: sql_auth_cache.cc:170
bool mysql_user_table_is_in_short_password_format
void acl_free(bool end=false)
Definition: sql_auth_cache.cc:2016
bool mysql_revoke_role(THD *thd, const List< LEX_USER > *users, const List< LEX_USER > *roles)
Definition: sql_authorization.cc:3126
bool check_acl_tables_intact(THD *thd, bool mdl_locked)
Opens the ACL tables and checks their sanity.
Definition: sql_auth_cache.cc:2140
bool mysql_show_grants(THD *, LEX_USER *, const List_of_auth_id_refs &, bool, bool)
SHOW GRANTS FOR user USING [ALL | role [,role ...]].
Definition: sql_authorization.cc:4854
void init_acl_memory()
Allocates the memory in the the global_acl_memory MEM_ROOT.
Definition: sql_auth_cache.cc:214
mysql_db_table_field
Definition: auth_common.h:213
@ MYSQL_DB_FIELD_GRANT_PRIV
Definition: auth_common.h:223
@ MYSQL_DB_FIELD_DELETE_PRIV
Definition: auth_common.h:220
@ MYSQL_DB_FIELD_INDEX_PRIV
Definition: auth_common.h:225
@ MYSQL_DB_FIELD_UPDATE_PRIV
Definition: auth_common.h:219
@ MYSQL_DB_FIELD_CREATE_VIEW_PRIV
Definition: auth_common.h:229
@ MYSQL_DB_FIELD_ALTER_PRIV
Definition: auth_common.h:226
@ MYSQL_DB_FIELD_LOCK_TABLES_PRIV
Definition: auth_common.h:228
@ MYSQL_DB_FIELD_COUNT
Definition: auth_common.h:236
@ MYSQL_DB_FIELD_TRIGGER_PRIV
Definition: auth_common.h:235
@ MYSQL_DB_FIELD_CREATE_PRIV
Definition: auth_common.h:221
@ MYSQL_DB_FIELD_CREATE_ROUTINE_PRIV
Definition: auth_common.h:231
@ MYSQL_DB_FIELD_SELECT_PRIV
Definition: auth_common.h:217
@ MYSQL_DB_FIELD_EXECUTE_PRIV
Definition: auth_common.h:233
@ MYSQL_DB_FIELD_INSERT_PRIV
Definition: auth_common.h:218
@ MYSQL_DB_FIELD_EVENT_PRIV
Definition: auth_common.h:234
@ MYSQL_DB_FIELD_ALTER_ROUTINE_PRIV
Definition: auth_common.h:232
@ MYSQL_DB_FIELD_CREATE_TMP_TABLE_PRIV
Definition: auth_common.h:227
@ MYSQL_DB_FIELD_USER
Definition: auth_common.h:216
@ MYSQL_DB_FIELD_HOST
Definition: auth_common.h:214
@ MYSQL_DB_FIELD_DROP_PRIV
Definition: auth_common.h:222
@ MYSQL_DB_FIELD_DB
Definition: auth_common.h:215
@ MYSQL_DB_FIELD_SHOW_VIEW_PRIV
Definition: auth_common.h:230
@ MYSQL_DB_FIELD_REFERENCES_PRIV
Definition: auth_common.h:224
bool is_mandatory_role(LEX_CSTRING role, LEX_CSTRING role_host, bool *is_mandatory)
Determine if a role@role_host authid is a mandatory role.
Definition: sql_authorization.cc:6888
void append_identifier_with_backtick(String *packet, const char *name, size_t length)
Convert and quote the given identifier if needed and append it to the target string.
Definition: sql_show.cc:1469
bool check_grant_routine(THD *thd, Access_bitmask want_access, Table_ref *procs, Acl_type routine_acl_type, bool no_error)
Definition: sql_authorization.cc:4368
int acl_authenticate(THD *thd, enum_server_command command)
Perform the handshake, authorize the client and update thd sctx variables.
Definition: sql_authentication.cc:4034
const std::vector< std::string > global_acls_vector
Consts for static privileges.
Definition: auth_acls.cc:62
bool lock_and_get_mandatory_roles(std::vector< Role_id > *mandatory_roles)
Copy a list of mandatory role authorization IDs.
Definition: sql_authorization.cc:6399
Auth_id_ref create_authid_from(const LEX_USER *user)
Definition: sql_authorization.cc:6725
bool mysql_grant_role(THD *thd, const List< LEX_USER > *users, const List< LEX_USER > *roles, bool with_admin_opt)
Grants a list of roles to a list of users.
Definition: sql_authorization.cc:3355
bool check_change_password(THD *thd, const char *host, const char *user, bool retain_current_password)
Definition: sql_user.cc:158
int wild_case_compare(CHARSET_INFO *cs, const char *str, const char *wildstr)
Definition: sql_auth_cache.cc:831
bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, Acl_type routine_acl_type)
Grant EXECUTE,ALTER privilege for a stored procedure.
Definition: sql_authorization.cc:5469
bool mysql_alter_user_comment(THD *thd, const List< LEX_USER > *users, const std::string &json_blob, bool expect_text)
void get_mqh(THD *thd, const char *user, const char *host, USER_CONN *uc)
Definition: sql_auth_cache.cc:3270
bool is_acl_table(const TABLE *table)
Check if given TABLE* is a ACL table name.
Definition: sql_user_table.cc:2665
bool mysql_show_create_user(THD *thd, LEX_USER *user, bool are_both_users_same)
Auxiliary function for constructing CREATE USER sql for a given user.
Definition: sql_user.cc:261
bool is_granted_table_access(THD *thd, Access_bitmask required_acl, Table_ref *table)
Given a Table_ref object this function checks against.
Definition: sql_authorization.cc:2472
bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status, const char **ssl_ca, const char **ssl_key, const char **ssl_cert)
Check auto_generate_certs option and generate SSL certificates if required.
Definition: sql_authentication.cc:5767
const char * any_db
Definition: sql_authorization.cc:523
bool check_lock_view_underlying_table_access(THD *thd, Table_ref *tbl, bool *fake_lock_tables_acl)
For LOCK TABLES on a view checks if user in which context view is executed or user that has initiated...
Definition: sql_authorization.cc:6074
void set_connection_admin_flag(THD *thd, bool check_for_main_security_ctx=false)
Set the connection_admin flag in the THD.
Definition: auth_common.cc:189
bool mysql_rename_user(THD *thd, List< LEX_USER > &list)
Definition: sql_user.cc:3260
bool grant_init(bool skip_grant_tables)
Initialize structures responsible for table/column-level privilege checking and load information for ...
Definition: sql_auth_cache.cc:2501
uint32 global_password_reuse_interval
Definition: auth_common.h:929
void commit_and_close_mysql_tables(THD *thd)
A helper function to commit statement transaction and close ACL tables after reading some data from t...
Definition: sql_user_table.cc:509
bool check_column_grant_in_table_ref(THD *thd, Table_ref *table_ref, const char *name, size_t length, Access_bitmask want_privilege)
Check the privileges for a column depending on the type of table.
Definition: sql_authorization.cc:4078
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:84
void set_system_user_flag(THD *thd, bool check_for_main_security_ctx=false)
Set the system_user flag in the THD.
Definition: auth_common.cc:166
bool acl_getroot(THD *thd, Security_context *sctx, const char *user, const char *host, const char *ip, const char *db)
Definition: sql_auth_cache.cc:1538
Access_bitmask get_table_grant(THD *thd, Table_ref *table)
Definition: sql_authorization.cc:4480
ulong get_global_acl_cache_size()
Definition: sql_auth_cache.cc:112
bool create_table_precheck(THD *thd, Table_ref *tables, Table_ref *create_table)
CREATE TABLE query pre-check.
Definition: sql_authorization.cc:1760
bool mysql_set_active_role_none(THD *thd)
Reset active roles.
Definition: sql_authorization.cc:6790
Access_bitmask acl_get(THD *thd, const char *host, const char *ip, const char *user, const char *db, bool db_is_pattern)
Get privilege for a host, user, and db combination.
Definition: sql_auth_cache.cc:1383
bool check_readonly(THD *thd, bool err_if_readonly)
Performs standardized check whether to prohibit (true) or allow (false) operations based on read_only...
Definition: sql_authorization.cc:1862
bool acl_init(bool dont_read_acl_tables)
Definition: sql_auth_cache.cc:1782
bool acl_can_access_user(THD *thd, LEX_USER *user)
Auxiliary function for the CAN_ACCESS_USER internal function used to check if a row from mysql....
Definition: sql_user.cc:210
bool change_password(THD *thd, LEX_USER *user, const char *password, const char *current_password, bool retain_current_password)
Change a password hash for a user.
Definition: sql_user.cc:2068
std::list< random_password_info > Userhostpassword_list
Definition: auth_common.h:1136
const ACL_internal_schema_access * get_cached_schema_access(GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name)
Get a cached internal schema access.
Definition: sql_authorization.cc:1666
bool send_password_result_set(THD *thd, const Userhostpassword_list &generated_passwords)
Sends the result set of generated passwords to the client.
Definition: sql_user.cc:980
bool operator<(const Auth_id_ref &a, const Auth_id_ref &b)
Definition: sql_authorization.cc:7559
std::string create_authid_str_from(const LEX_USER *user)
Helper used for producing a key to a key-value-map.
Definition: sql_authorization.cc:6717
bool check_grant_all_columns(THD *thd, Access_bitmask want_access, Field_iterator_table_ref *fields)
check if a query can access a set of columns
Definition: sql_authorization.cc:4156
bool mysql_set_active_role_all(THD *thd, const List< LEX_USER > *except_users)
Activates all granted role in the current security context.
Definition: sql_authorization.cc:6834
bool mysql_revoke_all(THD *thd, List< LEX_USER > &list)
Definition: sql_authorization.cc:5207
ACL_internal_access_result
Definition: auth_common.h:88
@ ACL_INTERNAL_ACCESS_GRANTED
Access granted for all the requested privileges, do not use the grant tables.
Definition: auth_common.h:95
@ ACL_INTERNAL_ACCESS_CHECK_GRANT
No decision yet, use the grant tables.
Definition: auth_common.h:99
@ ACL_INTERNAL_ACCESS_DENIED
Access denied, do not use the grant tables.
Definition: auth_common.h:97
bool turn_off_sandbox_mode(THD *thd, LEX_USER *user)
Helper method to turn off sandbox mode once registration step is complete.
Definition: sql_user.cc:1024
mysql_password_history_table_field
Definition: auth_common.h:357
@ MYSQL_PASSWORD_HISTORY_FIELD_COUNT
Definition: auth_common.h:362
@ MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD_TIMESTAMP
Definition: auth_common.h:360
@ MYSQL_PASSWORD_HISTORY_FIELD_HOST
Definition: auth_common.h:358
@ MYSQL_PASSWORD_HISTORY_FIELD_USER
Definition: auth_common.h:359
@ MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD
Definition: auth_common.h:361
bool mysql_create_user(THD *thd, List< LEX_USER > &list, bool if_not_exists, bool is_role)
Definition: sql_user.cc:2809
bool check_table_access(THD *thd, Access_bitmask requirements, Table_ref *tables, bool any_combination_of_privileges_will_do, uint number, bool no_errors)
Check if the requested privileges exists in either User-, DB- or, tables- tables.
Definition: sql_authorization.cc:2367
void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant, const char *db, const char *table)
Definition: sql_authorization.cc:5562
bool operator==(const LEX_CSTRING &a, const LEX_CSTRING &b)
Definition: sql_authorization.cc:7576
void get_default_roles(const Auth_id_ref &user, List_of_auth_id_refs &list)
Shallow copy a list of default role authorization IDs from an Role_id storage.
Definition: sql_authorization.cc:6377
int fill_schema_column_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5897
bool check_table_encryption_admin_access(THD *thd)
Check if a current user has the privilege TABLE_ENCRYPTION_ADMIN required to create encrypted table.
Definition: sql_authorization.cc:2438
bool is_role_id(LEX_USER *authid)
Definition: sql_authorization.cc:805
bool is_granted_role(LEX_CSTRING user, LEX_CSTRING host, LEX_CSTRING role, LEX_CSTRING role_host)
This function works just like check_if_granted_role, but also guarantees that the proper lock is take...
Definition: sql_authorization.cc:6867
mysql_default_roles_table_field
Definition: auth_common.h:349
@ MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_USER
Definition: auth_common.h:353
@ MYSQL_DEFAULT_ROLES_FIELD_COUNT
Definition: auth_common.h:354
@ MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_HOST
Definition: auth_common.h:352
@ MYSQL_DEFAULT_ROLES_FIELD_HOST
Definition: auth_common.h:350
@ MYSQL_DEFAULT_ROLES_FIELD_USER
Definition: auth_common.h:351
bool is_acl_user(THD *thd, const char *host, const char *user)
Definition: sql_auth_cache.cc:1251
void update_mandatory_roles(void)
Definition: sql_authorization.cc:7410
bool has_full_view_routine_access(THD *thd, const char *db, const char *definer_user, const char *definer_host)
Check if user has full access to view routine's properties (i.e including stored routine code).
Definition: sql_authorization.cc:2080
void notify_flush_event(THD *thd)
Audit notification for flush.
Definition: sql_auth_cache.cc:1724
bool is_secure_transport(int vio_type)
Definition: sql_authentication.cc:4469
bool disconnect_on_expired_password
Definition: sql_authentication.cc:1317
bool wildcard_db_grant_exists()
mysql_tables_priv_table_field
Definition: auth_common.h:328
@ MYSQL_TABLES_PRIV_FIELD_HOST
Definition: auth_common.h:329
@ MYSQL_TABLES_PRIV_FIELD_GRANTOR
Definition: auth_common.h:333
@ MYSQL_TABLES_PRIV_FIELD_COUNT
Definition: auth_common.h:337
@ MYSQL_TABLES_PRIV_FIELD_COLUMN_PRIV
Definition: auth_common.h:336
@ MYSQL_TABLES_PRIV_FIELD_TABLE_NAME
Definition: auth_common.h:332
@ MYSQL_TABLES_PRIV_FIELD_TABLE_PRIV
Definition: auth_common.h:335
@ MYSQL_TABLES_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:334
@ MYSQL_TABLES_PRIV_FIELD_USER
Definition: auth_common.h:331
@ MYSQL_TABLES_PRIV_FIELD_DB
Definition: auth_common.h:330
void shutdown_acl_cache()
Shutdown the global Acl_cache system which was only initialized if the rwlocks were initialized.
Definition: sql_auth_cache.cc:3680
void log_user(THD *thd, String *str, LEX_USER *user, bool comma)
Auxiliary function for constructing a user list string.
Definition: sql_user.cc:125
mysql_proxies_priv_table_feild
Definition: auth_common.h:294
@ MYSQL_PROXIES_PRIV_FIELD_HOST
Definition: auth_common.h:295
@ MYSQL_PROXIES_PRIV_FIELD_PROXIED_USER
Definition: auth_common.h:298
@ MYSQL_PROXIES_PRIV_FIELD_PROXIED_HOST
Definition: auth_common.h:297
@ MYSQL_PROXIES_PRIV_FIELD_COUNT
Definition: auth_common.h:302
@ MYSQL_PROXIES_PRIV_FIELD_WITH_GRANT
Definition: auth_common.h:299
@ MYSQL_PROXIES_PRIV_FIELD_USER
Definition: auth_common.h:296
@ MYSQL_PROXIES_PRIV_FIELD_GRANTOR
Definition: auth_common.h:300
@ MYSQL_PROXIES_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:301
void err_readonly(THD *thd)
Generates appropriate error messages for read-only state depending on whether user has SUPER privileg...
Definition: sql_authorization.cc:1898
void grant_free(void)
Definition: sql_auth_cache.cc:2480
bool check_some_access(THD *thd, Access_bitmask want_access, Table_ref *table)
Check if the given table has any of the asked privileges.
Definition: sql_authorization.cc:2050
bool check_grant_db(THD *thd, const char *db, const bool check_table_grant=false)
Check if a user has the right to access a database.
Definition: sql_authorization.cc:4305
bool check_single_table_access(THD *thd, Access_bitmask privilege, Table_ref *tables, bool no_errors)
Check grants for commands which work only with one table.
Definition: sql_authorization.cc:1959
void generate_random_password(std::string *password, uint32_t)
Generates a random password of the length decided by the system variable generated_random_password_le...
Definition: sql_user.cc:960
bool decrypt_RSA_private_key(uchar *pkt, int cipher_length, unsigned char *plain_text, size_t plain_text_len, RSA *private_key)
Decrypt pkt data using RSA private key.
Definition: auth_common.cc:229
bool is_acl_inited()
Definition: sql_auth_cache.cc:4131
std::pair< std::string, std::string > get_authid_from_quoted_string(std::string str)
Return the unquoted authorization id as a user,host-tuple.
Definition: sql_authorization.cc:4655
ssl_artifacts_status
Definition: auth_common.h:907
@ SSL_ARTIFACTS_VIA_OPTIONS
Definition: auth_common.h:909
@ SSL_ARTIFACTS_AUTO_DETECTED
Definition: auth_common.h:911
@ SSL_ARTIFACT_TRACES_FOUND
Definition: auth_common.h:910
@ SSL_ARTIFACTS_NOT_FOUND
Definition: auth_common.h:908
Access_bitmask get_column_grant(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *field_name)
Definition: sql_authorization.cc:4520
bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name, Acl_type routine_acl_type)
Revoke privileges for all users on a stored procedure.
Definition: sql_authorization.cc:5376
bool mysql_drop_user(THD *thd, List< LEX_USER > &list, bool if_exists, bool drop_role)
Drop a list of users and all their privileges.
Definition: sql_user.cc:3095
bool reload_acl_caches(THD *thd, bool mdl_locked, bool preserve_temporary_account_locking, Lock_state_list *modified_user_lock_state_list)
Reload all ACL caches.
Definition: sql_auth_cache.cc:3896
bool is_partial_revoke_exists(THD *thd)
Method to check if there exists at least one partial revokes in the cache.
Definition: sql_auth_cache.cc:4115
bool mysql_set_active_role(THD *thd, const List< LEX_USER > *role_list)
Definition: sql_authorization.cc:6844
bool mysql_alter_user(THD *thd, List< LEX_USER > &list, bool if_exists)
Definition: sql_user.cc:3463
int fill_schema_user_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5694
bool mysql_grant(THD *thd, const char *db, List< LEX_USER > &list, Access_bitmask rights, bool revoke_grant, bool is_proxy, const List< LEX_CSTRING > &dynamic_privilege, bool grant_all_current_privileges, LEX_GRANT_AS *grant_as)
Definition: sql_authorization.cc:3478
mysql_user_table_field
Definition: auth_common.h:239
@ MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV
Definition: auth_common.h:270
@ MYSQL_USER_FIELD_SUPER_PRIV
Definition: auth_common.h:257
@ MYSQL_USER_FIELD_DROP_PRIV
Definition: auth_common.h:247
@ MYSQL_USER_FIELD_ACCOUNT_LOCKED
Definition: auth_common.h:284
@ MYSQL_USER_FIELD_SSL_TYPE
Definition: auth_common.h:271
@ MYSQL_USER_FIELD_SSL_CIPHER
Definition: auth_common.h:272
@ MYSQL_USER_FIELD_REPL_CLIENT_PRIV
Definition: auth_common.h:262
@ MYSQL_USER_FIELD_MAX_USER_CONNECTIONS
Definition: auth_common.h:278
@ MYSQL_USER_FIELD_COUNT
Definition: auth_common.h:291
@ MYSQL_USER_FIELD_PROCESS_PRIV
Definition: auth_common.h:250
@ MYSQL_USER_FIELD_SELECT_PRIV
Definition: auth_common.h:242
@ MYSQL_USER_FIELD_USER
Definition: auth_common.h:241
@ MYSQL_USER_FIELD_MAX_CONNECTIONS
Definition: auth_common.h:277
@ MYSQL_USER_FIELD_REFERENCES_PRIV
Definition: auth_common.h:253
@ MYSQL_USER_FIELD_PASSWORD_EXPIRED
Definition: auth_common.h:281
@ MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV
Definition: auth_common.h:265
@ MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV
Definition: auth_common.h:266
@ MYSQL_USER_FIELD_PLUGIN
Definition: auth_common.h:279
@ MYSQL_USER_FIELD_MAX_UPDATES
Definition: auth_common.h:276
@ MYSQL_USER_FIELD_EVENT_PRIV
Definition: auth_common.h:268
@ MYSQL_USER_FIELD_RELOAD_PRIV
Definition: auth_common.h:248
@ MYSQL_USER_FIELD_UPDATE_PRIV
Definition: auth_common.h:244
@ MYSQL_USER_FIELD_TRIGGER_PRIV
Definition: auth_common.h:269
@ MYSQL_USER_FIELD_X509_ISSUER
Definition: auth_common.h:273
@ MYSQL_USER_FIELD_LOCK_TABLES_PRIV
Definition: auth_common.h:259
@ MYSQL_USER_FIELD_CREATE_ROLE_PRIV
Definition: auth_common.h:285
@ MYSQL_USER_FIELD_PASSWORD_LAST_CHANGED
Definition: auth_common.h:282
@ MYSQL_USER_FIELD_INSERT_PRIV
Definition: auth_common.h:243
@ MYSQL_USER_FIELD_REPL_SLAVE_PRIV
Definition: auth_common.h:261
@ MYSQL_USER_FIELD_FILE_PRIV
Definition: auth_common.h:251
@ MYSQL_USER_FIELD_DROP_ROLE_PRIV
Definition: auth_common.h:286
@ MYSQL_USER_FIELD_INDEX_PRIV
Definition: auth_common.h:254
@ MYSQL_USER_FIELD_HOST
Definition: auth_common.h:240
@ MYSQL_USER_FIELD_PASSWORD_LIFETIME
Definition: auth_common.h:283
@ MYSQL_USER_FIELD_X509_SUBJECT
Definition: auth_common.h:274
@ MYSQL_USER_FIELD_AUTHENTICATION_STRING
Definition: auth_common.h:280
@ MYSQL_USER_FIELD_SHOW_DB_PRIV
Definition: auth_common.h:256
@ MYSQL_USER_FIELD_SHOW_VIEW_PRIV
Definition: auth_common.h:264
@ MYSQL_USER_FIELD_CREATE_USER_PRIV
Definition: auth_common.h:267
@ MYSQL_USER_FIELD_EXECUTE_PRIV
Definition: auth_common.h:260
@ MYSQL_USER_FIELD_MAX_QUESTIONS
Definition: auth_common.h:275
@ MYSQL_USER_FIELD_CREATE_VIEW_PRIV
Definition: auth_common.h:263
@ MYSQL_USER_FIELD_SHUTDOWN_PRIV
Definition: auth_common.h:249
@ MYSQL_USER_FIELD_CREATE_PRIV
Definition: auth_common.h:246
@ MYSQL_USER_FIELD_ALTER_PRIV
Definition: auth_common.h:255
@ MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV
Definition: auth_common.h:258
@ MYSQL_USER_FIELD_GRANT_PRIV
Definition: auth_common.h:252
@ MYSQL_USER_FIELD_PASSWORD_REQUIRE_CURRENT
Definition: auth_common.h:289
@ MYSQL_USER_FIELD_PASSWORD_REUSE_TIME
Definition: auth_common.h:288
@ MYSQL_USER_FIELD_USER_ATTRIBUTES
Definition: auth_common.h:290
@ MYSQL_USER_FIELD_DELETE_PRIV
Definition: auth_common.h:245
@ MYSQL_USER_FIELD_PASSWORD_REUSE_HISTORY
Definition: auth_common.h:287
bool hostname_requires_resolving(const char *hostname)
Check if the given host name needs to be resolved or not.
Definition: sql_auth_cache.cc:910
bool check_routine_access(THD *thd, Access_bitmask want_access, const char *db, const char *name, Acl_type routine_acl_type, bool no_errors)
Definition: sql_authorization.cc:1993
bool has_grant_role_privilege(THD *thd, const List< LEX_USER > *roles)
Definition: sql_authorization.cc:2544
bool mysql_set_role_default(THD *thd)
Activates all the default roles in the current security context.
Definition: sql_authorization.cc:6811
bool check_authorization_id_string(THD *thd, LEX_STRING &mandatory_roles)
Definition: sql_authorization.cc:7322
bool check_engine_type_for_acl_table(THD *thd, bool mdl_locked)
Definition: sql_auth_cache.cc:2044
bool check_access(THD *thd, Access_bitmask want_access, const char *db, Access_bitmask *save_priv, GRANT_INTERNAL_INFO *grant_internal_info, bool dont_check_global_grants, bool no_errors)
Compare requested privileges with the privileges acquired from the User- and Db-tables.
Definition: sql_authorization.cc:2164
bool check_one_table_access(THD *thd, Access_bitmask privilege, Table_ref *tables)
Check grants for commands which work only with one table and all other tables belonging to subselects...
Definition: sql_authorization.cc:1919
std::vector< ACL_temporary_lock_state > Lock_state_list
Definition: auth_common.h:72
bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *name, size_t length, Security_context *sctx, Access_bitmask want_privilege)
Definition: sql_authorization.cc:3998
static constexpr int USER_HOST_BUFF_SIZE
Length of string buffer, that is enough to contain username and hostname parts of the user identifier...
Definition: auth_common.h:1125
bool opt_auto_generate_certs
Definition: sql_authentication.cc:1333
bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table, const Auth_id_ref &authid_user)
Definition: sql_authorization.cc:633
Definition: sql_auth_cache.h:248
Per internal schema ACL access rules.
Definition: auth_common.h:148
virtual const ACL_internal_table_access * lookup(const char *name) const =0
Search for per table ACL access rules by table name.
virtual ACL_internal_access_result check(Access_bitmask want_access, Access_bitmask *save_priv, bool any_combination_will_do) const =0
Check access to an internal schema.
virtual ~ACL_internal_schema_access()=default
ACL_internal_schema_access()=default
A registry for per internal schema ACL.
Definition: auth_common.h:186
static const ACL_internal_schema_access * lookup(const char *name)
Search per internal schema ACL by name.
Definition: sql_auth_cache.cc:238
static void register_schema(const LEX_CSTRING &name, const ACL_internal_schema_access *access)
Add an internal schema to the registry.
Definition: sql_auth_cache.cc:223
Per internal table ACL access rules.
Definition: auth_common.h:110
virtual ACL_internal_access_result check(Access_bitmask want_access, Access_bitmask *save_priv, bool any_combination_will_do) const =0
Check access to an internal table.
virtual ~ACL_internal_table_access()=default
ACL_internal_table_access()=default
Enables preserving temporary account locking attributes during ACL DDL.
Definition: sql_auth_cache.h:868
Data describing the table being created by CREATE TABLE or altered by ALTER TABLE.
Definition: sql_alter.h:205
Storage container for default auth ids.
Definition: auth_common.h:1078
const std::string & host() const
Definition: auth_common.cc:125
std::string m_user
User part.
Definition: auth_common.h:1101
Auth_id & operator=(const Auth_id &)=default
void create_key()
Definition: auth_common.cc:57
const std::string & user() const
Definition: auth_common.cc:124
bool operator<(const Auth_id &id) const
Definition: auth_common.cc:101
std::string auth_str() const
Definition: auth_common.cc:116
std::string m_key
Key: Internal representation mainly to facilitate use of Auth_id class in standard container.
Definition: auth_common.h:1109
std::string m_host
Host part.
Definition: auth_common.h:1103
Definition: auth_common.h:944
bool operator()(Security_context *sctx, Operation op) override
Definition: auth_common.h:946
Definition: auth_common.h:1015
const THD * m_thd
Definition: auth_common.h:1022
bool create(Security_context *sctx)
Create a local authid without modifying any tables.
Definition: sql_authorization.cc:7436
Default_local_authid(const THD *thd)
Definition: sql_authorization.cc:7416
bool precheck(Security_context *sctx)
Check if the security context can be created as a local authid.
Definition: sql_authorization.cc:7425
Definition: auth_common.h:1042
Drop_temporary_dynamic_privileges(std::vector< std::string > privs)
Definition: auth_common.h:1044
void operator()(Security_context *sctx)
Definition: sql_authorization.cc:7462
std::vector< std::string > m_privs
Definition: auth_common.h:1049
Generic iterator over the fields of an arbitrary table reference.
Definition: table.h:4197
Definition: auth_common.h:956
bool operator()(Security_context *sctx, Operation op) override
Definition: auth_common.h:958
Grant the privilege temporarily to the in-memory global privileges map.
Definition: auth_common.h:1030
const std::vector< std::string > m_privs
Definition: auth_common.h:1039
Grant_temporary_dynamic_privileges(const THD *thd, std::vector< std::string > privs)
Definition: sql_authorization.cc:7440
bool grant_privileges(Security_context *sctx)
Grant dynamic privileges to an in-memory global authid.
Definition: sql_authorization.cc:7456
const THD * m_thd
Definition: auth_common.h:1038
bool precheck(Security_context *sctx)
Definition: sql_authorization.cc:7444
Definition: auth_common.h:1053
bool grant_privileges(Security_context *sctx)
Definition: sql_authorization.cc:7476
bool precheck(Security_context *sctx)
Definition: sql_authorization.cc:7471
Grant_temporary_static_privileges(const THD *thd, const Access_bitmask privs)
Definition: sql_authorization.cc:7467
const THD * m_thd
THD handle.
Definition: auth_common.h:1061
const Access_bitmask m_privs
Privileges.
Definition: auth_common.h:1064
Extension of ACL_internal_schema_access for Information Schema.
Definition: auth_common.h:196
~IS_internal_schema_access() override=default
IS_internal_schema_access()=default
const ACL_internal_table_access * lookup(const char *name) const override
Search for per table ACL access rules by table name.
Definition: sql_authorization.cc:1716
ACL_internal_access_result check(Access_bitmask want_access, Access_bitmask *save_priv, bool any_combination_will_do) const override
Check access to an internal schema.
Definition: sql_authorization.cc:1699
Base class that is used to represent any kind of expression in a relational query.
Definition: item.h:930
Definition: sql_lex.h:3861
Definition: sql_lex.h:3873
Definition: sql_list.h:494
Factory for creating any Security_context given a pre-constructed policy.
Definition: auth_common.h:973
Security_context_functor m_static_privileges
Definition: auth_common.h:1011
Security_context_functor m_privileges
Definition: auth_common.h:1010
Security_context_factory(THD *thd, std::string user, std::string host, Security_context_functor extend_user_profile, Security_context_functor priv, Security_context_functor static_priv, std::function< void(Security_context *)> drop_policy)
Default Security_context factory implementation.
Definition: auth_common.h:988
std::string m_user
Definition: auth_common.h:1007
Sctx_ptr< Security_context > create()
Definition: sql_authorization.cc:7512
std::string m_host
Definition: auth_common.h:1008
bool apply_pre_constructed_policies(Security_context *sctx)
Definition: sql_authorization.cc:7482
Security_context_functor m_user_profile
Definition: auth_common.h:1009
THD * m_thd
Definition: auth_common.h:1006
const std::function< void(Security_context *)> m_drop_policy
Definition: auth_common.h:1012
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:54
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:167
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:36
Definition: table.h:2900
Definition: auth_common.h:442
uint repl_client_priv_idx() override
Definition: auth_common.h:483
uint max_user_connections_idx() override
Definition: auth_common.h:513
uint plugin_idx() override
Definition: auth_common.h:516
uint create_tablespace_priv_idx() override
Definition: auth_common.h:501
uint account_locked_idx() override
Definition: auth_common.h:529
uint create_priv_idx() override
Definition: auth_common.h:455
uint create_tmp_table_priv_idx() override
Definition: auth_common.h:473
uint password_idx() override
Definition: auth_common.h:447
uint trigger_priv_idx() override
Definition: auth_common.h:500
uint max_questions_idx() override
Definition: auth_common.h:508
uint create_view_priv_idx() override
Definition: auth_common.h:486
uint index_priv_idx() override
Definition: auth_common.h:465
uint insert_priv_idx() override
Definition: auth_common.h:452
uint user_idx() override
Definition: auth_common.h:445
uint alter_routine_priv_idx() override
Definition: auth_common.h:493
uint create_user_priv_idx() override
Definition: auth_common.h:496
uint password_reuse_time_idx() override
Definition: auth_common.h:533
uint password_expired_idx() override
Definition: auth_common.h:520
uint password_require_current_idx() override
Definition: auth_common.h:536
uint shutdown_priv_idx() override
Definition: auth_common.h:458
uint drop_priv_idx() override
Definition: auth_common.h:456
uint host_idx() override
Definition: auth_common.h:444
uint file_priv_idx() override
Definition: auth_common.h:460
uint authentication_string_idx() override
Definition: auth_common.h:517
uint drop_role_priv_idx() override
Definition: auth_common.h:472
uint repl_slave_priv_idx() override
Definition: auth_common.h:480
uint x509_subject_idx() override
Definition: auth_common.h:507
uint references_priv_idx() override
Definition: auth_common.h:462
uint password_lifetime_idx() override
Definition: auth_common.h:526
uint event_priv_idx() override
Definition: auth_common.h:499
uint process_priv_idx() override
Definition: auth_common.h:459
uint max_connections_idx() override
Definition: auth_common.h:510
uint password_reuse_history_idx() override
Definition: auth_common.h:530
uint create_routine_priv_idx() override
Definition: auth_common.h:490
uint ssl_cipher_idx() override
Definition: auth_common.h:505
uint super_priv_idx() override
Definition: auth_common.h:468
uint update_priv_idx() override
Definition: auth_common.h:453
uint reload_priv_idx() override
Definition: auth_common.h:457
uint create_role_priv_idx() override
Definition: auth_common.h:469
uint password_last_changed_idx() override
Definition: auth_common.h:523
uint lock_tables_priv_idx() override
Definition: auth_common.h:476
uint show_db_priv_idx() override
Definition: auth_common.h:467
uint user_attributes_idx() override
Definition: auth_common.h:539
uint x509_issuer_idx() override
Definition: auth_common.h:506
uint grant_priv_idx() override
Definition: auth_common.h:461
uint ssl_type_idx() override
Definition: auth_common.h:504
uint alter_priv_idx() override
Definition: auth_common.h:466
uint max_updates_idx() override
Definition: auth_common.h:509
uint execute_priv_idx() override
Definition: auth_common.h:479
uint select_priv_idx() override
Definition: auth_common.h:451
uint show_view_priv_idx() override
Definition: auth_common.h:489
uint delete_priv_idx() override
Definition: auth_common.h:454
Definition: auth_common.h:547
uint file_priv_idx() override
Definition: auth_common.h:610
uint user_idx() override
Definition: auth_common.h:597
uint insert_priv_idx() override
Definition: auth_common.h:600
uint shutdown_priv_idx() override
Definition: auth_common.h:606
uint account_locked_idx() override
Definition: auth_common.h:679
uint x509_issuer_idx() override
Definition: auth_common.h:654
uint password_reuse_time_idx() override
Definition: auth_common.h:685
uint host_idx() override
Definition: auth_common.h:596
uint x509_subject_idx() override
Definition: auth_common.h:655
uint index_priv_idx() override
Definition: auth_common.h:615
mysql_user_table_field_56
Definition: auth_common.h:549
@ MYSQL_USER_FIELD_SUPER_PRIV_56
Definition: auth_common.h:568
@ MYSQL_USER_FIELD_SELECT_PRIV_56
Definition: auth_common.h:553
@ MYSQL_USER_FIELD_REFERENCES_PRIV_56
Definition: auth_common.h:564
@ MYSQL_USER_FIELD_SHOW_DB_PRIV_56
Definition: auth_common.h:567
@ MYSQL_USER_FIELD_UPDATE_PRIV_56
Definition: auth_common.h:555
@ MYSQL_USER_FIELD_DROP_PRIV_56
Definition: auth_common.h:558
@ MYSQL_USER_FIELD_PLUGIN_56
Definition: auth_common.h:590
@ MYSQL_USER_FIELD_FILE_PRIV_56
Definition: auth_common.h:562
@ MYSQL_USER_FIELD_X509_SUBJECT_56
Definition: auth_common.h:585
@ MYSQL_USER_FIELD_REPL_CLIENT_PRIV_56
Definition: auth_common.h:573
@ MYSQL_USER_FIELD_PASSWORD_56
Definition: auth_common.h:552
@ MYSQL_USER_FIELD_MAX_USER_CONNECTIONS_56
Definition: auth_common.h:589
@ MYSQL_USER_FIELD_X509_ISSUER_56
Definition: auth_common.h:584
@ MYSQL_USER_FIELD_PROCESS_PRIV_56
Definition: auth_common.h:561
@ MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV_56
Definition: auth_common.h:577
@ MYSQL_USER_FIELD_COUNT_56
Definition: auth_common.h:593
@ MYSQL_USER_FIELD_EVENT_PRIV_56
Definition: auth_common.h:579
@ MYSQL_USER_FIELD_SHUTDOWN_PRIV_56
Definition: auth_common.h:560
@ MYSQL_USER_FIELD_SSL_TYPE_56
Definition: auth_common.h:582
@ MYSQL_USER_FIELD_SSL_CIPHER_56
Definition: auth_common.h:583
@ MYSQL_USER_FIELD_CREATE_VIEW_PRIV_56
Definition: auth_common.h:574
@ MYSQL_USER_FIELD_DELETE_PRIV_56
Definition: auth_common.h:556
@ MYSQL_USER_FIELD_MAX_CONNECTIONS_56
Definition: auth_common.h:588
@ MYSQL_USER_FIELD_CREATE_USER_PRIV_56
Definition: auth_common.h:578
@ MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV_56
Definition: auth_common.h:576
@ MYSQL_USER_FIELD_CREATE_PRIV_56
Definition: auth_common.h:557
@ MYSQL_USER_FIELD_EXECUTE_PRIV_56
Definition: auth_common.h:571
@ MYSQL_USER_FIELD_MAX_QUESTIONS_56
Definition: auth_common.h:586
@ MYSQL_USER_FIELD_HOST_56
Definition: auth_common.h:550
@ MYSQL_USER_FIELD_GRANT_PRIV_56
Definition: auth_common.h:563
@ MYSQL_USER_FIELD_AUTHENTICATION_STRING_56
Definition: auth_common.h:591
@ MYSQL_USER_FIELD_RELOAD_PRIV_56
Definition: auth_common.h:559
@ MYSQL_USER_FIELD_SHOW_VIEW_PRIV_56
Definition: auth_common.h:575
@ MYSQL_USER_FIELD_LOCK_TABLES_PRIV_56
Definition: auth_common.h:570
@ MYSQL_USER_FIELD_TRIGGER_PRIV_56
Definition: auth_common.h:580
@ MYSQL_USER_FIELD_PASSWORD_EXPIRED_56
Definition: auth_common.h:592
@ MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV_56
Definition: auth_common.h:569
@ MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV_56
Definition: auth_common.h:581
@ MYSQL_USER_FIELD_USER_56
Definition: auth_common.h:551
@ MYSQL_USER_FIELD_INSERT_PRIV_56
Definition: auth_common.h:554
@ MYSQL_USER_FIELD_INDEX_PRIV_56
Definition: auth_common.h:565
@ MYSQL_USER_FIELD_ALTER_PRIV_56
Definition: auth_common.h:566
@ MYSQL_USER_FIELD_REPL_SLAVE_PRIV_56
Definition: auth_common.h:572
@ MYSQL_USER_FIELD_MAX_UPDATES_56
Definition: auth_common.h:587
uint drop_role_priv_idx() override
Definition: auth_common.h:681
uint user_attributes_idx() override
Definition: auth_common.h:689
uint lock_tables_priv_idx() override
Definition: auth_common.h:622
uint create_tmp_table_priv_idx() override
Definition: auth_common.h:619
uint password_lifetime_idx() override
Definition: auth_common.h:678
uint process_priv_idx() override
Definition: auth_common.h:609
uint create_view_priv_idx() override
Definition: auth_common.h:632
uint plugin_idx() override
Definition: auth_common.h:666
uint max_user_connections_idx() override
Definition: auth_common.h:663
uint select_priv_idx() override
Definition: auth_common.h:599
uint references_priv_idx() override
Definition: auth_common.h:612
uint grant_priv_idx() override
Definition: auth_common.h:611
uint repl_slave_priv_idx() override
Definition: auth_common.h:626
uint max_updates_idx() override
Definition: auth_common.h:659
uint delete_priv_idx() override
Definition: auth_common.h:602
uint create_user_priv_idx() override
Definition: auth_common.h:644
uint repl_client_priv_idx() override
Definition: auth_common.h:629
uint show_view_priv_idx() override
Definition: auth_common.h:635
uint password_reuse_history_idx() override
Definition: auth_common.h:682
uint update_priv_idx() override
Definition: auth_common.h:601
uint create_priv_idx() override
Definition: auth_common.h:603
uint max_questions_idx() override
Definition: auth_common.h:656
uint drop_priv_idx() override
Definition: auth_common.h:604
uint alter_priv_idx() override
Definition: auth_common.h:616
uint execute_priv_idx() override
Definition: auth_common.h:625
uint password_idx() override
Definition: auth_common.h:598
uint password_expired_idx() override
Definition: auth_common.h:670
uint password_last_changed_idx() override
Definition: auth_common.h:675
uint authentication_string_idx() override
Definition: auth_common.h:667
uint show_db_priv_idx() override
Definition: auth_common.h:617
uint create_tablespace_priv_idx() override
Definition: auth_common.h:649
uint password_require_current_idx() override
Definition: auth_common.h:686
uint ssl_type_idx() override
Definition: auth_common.h:652
uint max_connections_idx() override
Definition: auth_common.h:660
uint reload_priv_idx() override
Definition: auth_common.h:605
uint create_role_priv_idx() override
Definition: auth_common.h:680
uint alter_routine_priv_idx() override
Definition: auth_common.h:641
uint create_routine_priv_idx() override
Definition: auth_common.h:638
uint super_priv_idx() override
Definition: auth_common.h:618
uint ssl_cipher_idx() override
Definition: auth_common.h:653
uint trigger_priv_idx() override
Definition: auth_common.h:648
uint event_priv_idx() override
Definition: auth_common.h:647
Definition: auth_common.h:692
virtual ~User_table_schema_factory()=default
virtual User_table_schema * get_user_table_schema(TABLE *table)
Definition: auth_common.h:694
virtual bool is_old_user_table_schema(TABLE *table)
Definition: auth_common.cc:48
Definition: auth_common.h:379
virtual uint user_attributes_idx()=0
virtual uint event_priv_idx()=0
virtual uint update_priv_idx()=0
virtual uint max_connections_idx()=0
virtual uint user_idx()=0
virtual uint select_priv_idx()=0
virtual uint repl_client_priv_idx()=0
virtual uint x509_issuer_idx()=0
virtual uint references_priv_idx()=0
virtual uint alter_priv_idx()=0
virtual uint password_last_changed_idx()=0
virtual uint host_idx()=0
virtual uint trigger_priv_idx()=0
virtual uint show_view_priv_idx()=0
virtual uint process_priv_idx()=0
virtual uint create_tablespace_priv_idx()=0
virtual uint reload_priv_idx()=0
virtual uint drop_priv_idx()=0
virtual uint password_expired_idx()=0
virtual uint max_user_connections_idx()=0
virtual uint max_updates_idx()=0
virtual uint password_reuse_time_idx()=0
virtual uint create_view_priv_idx()=0
virtual uint create_tmp_table_priv_idx()=0
virtual uint ssl_type_idx()=0
virtual uint password_lifetime_idx()=0
virtual uint show_db_priv_idx()=0
virtual uint password_reuse_history_idx()=0
virtual uint create_role_priv_idx()=0
virtual uint create_priv_idx()=0
virtual uint account_locked_idx()=0
virtual uint x509_subject_idx()=0
virtual uint alter_routine_priv_idx()=0
virtual uint super_priv_idx()=0
virtual uint password_require_current_idx()=0
virtual uint repl_slave_priv_idx()=0
virtual uint shutdown_priv_idx()=0
virtual uint lock_tables_priv_idx()=0
virtual uint authentication_string_idx()=0
virtual uint drop_role_priv_idx()=0
virtual uint ssl_cipher_idx()=0
virtual uint create_user_priv_idx()=0
virtual uint password_idx()=0
virtual uint grant_priv_idx()=0
virtual uint plugin_idx()=0
virtual uint index_priv_idx()=0
virtual uint max_questions_idx()=0
virtual uint create_routine_priv_idx()=0
virtual uint execute_priv_idx()=0
virtual uint delete_priv_idx()=0
virtual uint file_priv_idx()=0
virtual uint insert_priv_idx()=0
virtual ~User_table_schema()=default
Definition: sp_head.h:124
Acl_type
Definition: sql_lex.h:267
PFS_table * create_table(PFS_table_share *share, PFS_thread *opening_thread, const void *identity)
Create instrumentation for a table instance.
Definition: pfs_instr.cc:1307
enum_server_command
A list of all MySQL protocol commands.
Definition: my_command.h:48
Common definition used by mysys, performance schema and server & client.
static constexpr int HOSTNAME_LENGTH
Definition: my_hostname.h:43
Some integer typedefs for easier portability.
unsigned char uchar
Definition: my_inttypes.h:52
uint32_t uint32
Definition: my_inttypes.h:67
Common definition between mysql server & client.
#define USERNAME_LENGTH
Definition: mysql_com.h:69
static char * password
Definition: mysql_secure_installation.cc:58
char * user
Definition: mysqladmin.cc:67
const char * host
Definition: mysqladmin.cc:66
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1117
static PFS_engine_table_share_proxy table
Definition: pfs.cc:61
Definition: acl_table_user.cc:80
const std::string mysql
const std::string system_user
const std::string connection_admin
Definition: commit_order_queue.h:34
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:76
static mysql_service_status_t create(my_h_string *) noexcept
Definition: mysql_string_all_empty.cc:43
const char * table_name
Definition: rules_table_service.cc:56
Cursor end()
A past-the-end Cursor.
Definition: rules_table_service.cc:192
const char * db_name
Definition: rules_table_service.cc:55
Definition: gcs_xcom_synode.h:64
std::conditional_t< !std::is_array< T >::value, std::unique_ptr< T, detail::Deleter< T > >, std::conditional_t< detail::is_unbounded_array_v< T >, std::unique_ptr< T, detail::Array_deleter< std::remove_extent_t< T > > >, void > > unique_ptr
The following is a common type that is returned by all the ut::make_unique (non-aligned) specializati...
Definition: ut0new.h:2440
std::list< T, ut::allocator< T > > list
Specialization of list which uses ut_allocator.
Definition: ut0new.h:2880
role_enum
Definition: sql_admin.h:255
struct rsa_st RSA
Definition: sql_authentication.h:103
Consumer_type
Target types where the rewritten query will be added.
Definition: sql_rewrite.h:38
case opt name
Definition: sslopt-case.h:29
Definition: m_ctype.h:421
The current state of the privilege checking process for the current user, SQL statement and SQL objec...
Definition: table.h:372
State information for internal tables grants.
Definition: table.h:349
Struct to hold information about the table that should be created.
Definition: handler.h:3253
Definition: table.h:2767
The MEM_ROOT is a simple arena, where allocations are carved out of larger blocks.
Definition: my_alloc.h:83
Definition: mysql_lex_string.h:40
Definition: mysql_lex_string.h:35
Definition: auth_common.h:931
virtual bool operator()(Security_context *, Operation)=0
Security_context_policy(const Security_context_policy &)=default
Operation
Definition: auth_common.h:932
@ Precheck
Definition: auth_common.h:932
@ Execute
Definition: auth_common.h:932
Security_context_policy()=default
virtual ~Security_context_policy()=default
Definition: table.h:1421
Definition: auth_common.h:1128
std::string host
Definition: auth_common.h:1130
std::string user
Definition: auth_common.h:1129
unsigned int authentication_factor
Definition: auth_common.h:1132
std::string password
Definition: auth_common.h:1131
Definition: sql_connect.h:70
command
Definition: version_token.cc:284
enum enum_vio_type vio_type(const MYSQL_VIO vio)