MySQL  8.0.16
Source Code Documentation
auth_common.h
Go to the documentation of this file.
1 /* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef AUTH_COMMON_INCLUDED
24 #define AUTH_COMMON_INCLUDED
25 
26 #include <stddef.h>
27 #include <sys/types.h>
28 #include <functional>
29 #include <memory>
30 #include <set>
31 #include <utility>
32 #include <vector>
33 
34 #include "lex_string.h"
35 #include "my_command.h"
36 #include "my_dbug.h"
37 #include "my_inttypes.h"
38 #include "template_utils.h"
39 
40 /* Forward Declarations */
41 class Alter_info;
43 class Item;
44 class LEX_COLUMN;
45 class String;
46 class THD;
47 struct CHARSET_INFO;
48 struct GRANT_INFO;
49 struct GRANT_INTERNAL_INFO;
50 struct HA_CREATE_INFO;
51 struct LEX_USER;
52 template <class T>
53 class List;
54 typedef struct user_conn USER_CONN;
55 class Security_context;
56 class ACL_USER;
57 struct TABLE;
58 struct MEM_ROOT;
59 struct TABLE_LIST;
60 enum class role_enum;
61 enum class Consumer_type;
62 class LEX_GRANT_AS;
63 
64 namespace consts {
65 extern const std::string mysql;
66 extern const std::string system_user;
67 } // namespace consts
68 
69 /** user, host tuple which reference either acl_cache or g_default_roles */
70 typedef std::pair<LEX_CSTRING, LEX_CSTRING> Auth_id_ref;
71 typedef std::vector<Auth_id_ref> List_of_auth_id_refs;
72 
73 bool operator<(const Auth_id_ref &a, const Auth_id_ref &b);
74 
76  /**
77  Access granted for all the requested privileges,
78  do not use the grant tables.
79  This flag is used only for the INFORMATION_SCHEMA privileges,
80  for compatibility reasons.
81  */
83  /** Access denied, do not use the grant tables. */
85  /** No decision yet, use the grant tables. */
87 };
88 
89 /* Classes */
90 
91 /**
92  Per internal table ACL access rules.
93  This class is an interface.
94  Per table(s) specific access rule should be implemented in a subclass.
95  @sa ACL_internal_schema_access
96 */
98  public:
100 
102 
103  /**
104  Check access to an internal table.
105  When a privilege is granted, this method add the requested privilege
106  to save_priv.
107  @param want_access the privileges requested
108  @param [in, out] save_priv the privileges granted
109  @return
110  @retval ACL_INTERNAL_ACCESS_GRANTED All the requested privileges
111  are granted, and saved in save_priv.
112  @retval ACL_INTERNAL_ACCESS_DENIED At least one of the requested
113  privileges was denied.
114  @retval ACL_INTERNAL_ACCESS_CHECK_GRANT No requested privilege
115  was denied, and grant should be checked for at least one
116  privilege. Requested privileges that are granted, if any, are saved
117  in save_priv.
118  */
119  virtual ACL_internal_access_result check(ulong want_access,
120  ulong *save_priv) const = 0;
121 };
122 
123 /**
124  Per internal schema ACL access rules.
125  This class is an interface.
126  Each per schema specific access rule should be implemented
127  in a different subclass, and registered.
128  Per schema access rules can control:
129  - every schema privileges on schema.*
130  - every table privileges on schema.table
131  @sa ACL_internal_schema_registry
132 */
134  public:
136 
138 
139  /**
140  Check access to an internal schema.
141  @param want_access the privileges requested
142  @param [in, out] save_priv the privileges granted
143  @return
144  @retval ACL_INTERNAL_ACCESS_GRANTED All the requested privileges
145  are granted, and saved in save_priv.
146  @retval ACL_INTERNAL_ACCESS_DENIED At least one of the requested
147  privileges was denied.
148  @retval ACL_INTERNAL_ACCESS_CHECK_GRANT No requested privilege
149  was denied, and grant should be checked for at least one
150  privilege. Requested privileges that are granted, if any, are saved
151  in save_priv.
152  */
153  virtual ACL_internal_access_result check(ulong want_access,
154  ulong *save_priv) const = 0;
155 
156  /**
157  Search for per table ACL access rules by table name.
158  @param name the table name
159  @return per table access rules, or NULL
160  */
161  virtual const ACL_internal_table_access *lookup(const char *name) const = 0;
162 };
163 
164 /**
165  A registry for per internal schema ACL.
166  An 'internal schema' is a database schema maintained by the
167  server implementation, such as 'performance_schema' and 'INFORMATION_SCHEMA'.
168 */
170  public:
171  static void register_schema(const LEX_STRING &name,
172  const ACL_internal_schema_access *access);
173  static const ACL_internal_schema_access *lookup(const char *name);
174 };
175 
176 /**
177  Extension of ACL_internal_schema_access for Information Schema
178 */
180  public:
182 
184 
185  ACL_internal_access_result check(ulong want_access, ulong *save_priv) const;
186 
187  const ACL_internal_table_access *lookup(const char *name) const;
188 };
189 
190 /* Data Structures */
191 
192 extern const std::vector<std::string> global_acls_vector;
193 
218 };
219 
273 };
274 
284 };
285 
296 };
297 
307 };
308 
319 };
320 
328 };
329 
336 };
337 
344 };
345 
352 };
353 
354 /* When we run mysql_upgrade we must make sure that the server can be run
355  using previous mysql.user table schema during acl_load.
356 
357  User_table_schema is a common interface for the current and the
358  previous mysql.user table schema.
359  */
361  public:
362  virtual uint host_idx() = 0;
363  virtual uint user_idx() = 0;
364  virtual uint password_idx() = 0;
365  virtual uint select_priv_idx() = 0;
366  virtual uint insert_priv_idx() = 0;
367  virtual uint update_priv_idx() = 0;
368  virtual uint delete_priv_idx() = 0;
369  virtual uint create_priv_idx() = 0;
370  virtual uint drop_priv_idx() = 0;
371  virtual uint reload_priv_idx() = 0;
372  virtual uint shutdown_priv_idx() = 0;
373  virtual uint process_priv_idx() = 0;
374  virtual uint file_priv_idx() = 0;
375  virtual uint grant_priv_idx() = 0;
376  virtual uint references_priv_idx() = 0;
377  virtual uint index_priv_idx() = 0;
378  virtual uint alter_priv_idx() = 0;
379  virtual uint show_db_priv_idx() = 0;
380  virtual uint super_priv_idx() = 0;
381  virtual uint create_tmp_table_priv_idx() = 0;
382  virtual uint lock_tables_priv_idx() = 0;
383  virtual uint execute_priv_idx() = 0;
384  virtual uint repl_slave_priv_idx() = 0;
385  virtual uint repl_client_priv_idx() = 0;
386  virtual uint create_view_priv_idx() = 0;
387  virtual uint show_view_priv_idx() = 0;
388  virtual uint create_routine_priv_idx() = 0;
389  virtual uint alter_routine_priv_idx() = 0;
390  virtual uint create_user_priv_idx() = 0;
391  virtual uint event_priv_idx() = 0;
392  virtual uint trigger_priv_idx() = 0;
393  virtual uint create_tablespace_priv_idx() = 0;
394  virtual uint create_role_priv_idx() = 0;
395  virtual uint drop_role_priv_idx() = 0;
396  virtual uint ssl_type_idx() = 0;
397  virtual uint ssl_cipher_idx() = 0;
398  virtual uint x509_issuer_idx() = 0;
399  virtual uint x509_subject_idx() = 0;
400  virtual uint max_questions_idx() = 0;
401  virtual uint max_updates_idx() = 0;
402  virtual uint max_connections_idx() = 0;
403  virtual uint max_user_connections_idx() = 0;
404  virtual uint plugin_idx() = 0;
405  virtual uint authentication_string_idx() = 0;
406  virtual uint password_expired_idx() = 0;
407  virtual uint password_last_changed_idx() = 0;
408  virtual uint password_lifetime_idx() = 0;
409  virtual uint account_locked_idx() = 0;
410  virtual uint password_reuse_history_idx() = 0;
411  virtual uint password_reuse_time_idx() = 0;
412  // Added in 8.0.13
413  virtual uint password_require_current_idx() = 0;
414  // Added in 8.0.14
415  virtual uint user_attributes_idx() = 0;
416 
417  virtual ~User_table_schema() {}
418 };
419 
420 /*
421  This class describes indices for the current mysql.user table schema.
422  */
424  public:
427  // not available
429  DBUG_ASSERT(0);
430  return MYSQL_USER_FIELD_COUNT;
431  }
452  }
461  }
468  }
478  }
482  }
486  }
491  }
494  }
497  }
499 };
500 
501 /*
502  This class describes indices for the old mysql.user table schema.
503  */
505  public:
551  };
552 
574  }
583  }
586  }
592  }
602  }
606  }
608 
609  // those fields are not available in 5.6 db schema
619 };
620 
622  public:
624  return is_old_user_table_schema(table)
626  : implicit_cast<User_table_schema *>(
628  }
629 
630  virtual bool is_old_user_table_schema(TABLE *table);
632 };
633 
636 extern const char *any_db; // Special symbol for check_access
637 /** controls the extra checks on plugin availability for mysql.user records */
638 
639 extern bool validate_user_plugins;
640 
641 /* Function Declarations */
642 
643 /* sql_authentication */
644 
645 int set_default_auth_plugin(char *plugin_name, size_t plugin_name_length);
647 
648 void acl_log_connect(const char *user, const char *host, const char *auth_as,
649  const char *db, THD *thd,
652 bool acl_check_host(THD *thd, const char *host, const char *ip);
653 
654 /*
655  User Attributes are the once which are defined during CREATE/ALTER/GRANT
656  statement. These attributes are divided into following catagories.
657 */
658 
659 #define NONE_ATTR 0L
660 #define DEFAULT_AUTH_ATTR (1L << 0) /* update defaults auth */
661 #define PLUGIN_ATTR (1L << 1) /* update plugin */
662  /* authentication_string */
663 #define SSL_ATTR (1L << 2) /* ex: SUBJECT,CIPHER.. */
664 #define RESOURCE_ATTR (1L << 3) /* ex: MAX_QUERIES_PER_HOUR.. */
665 #define PASSWORD_EXPIRE_ATTR (1L << 4) /* update password expire col */
666 #define ACCESS_RIGHTS_ATTR (1L << 5) /* update privileges */
667 #define ACCOUNT_LOCK_ATTR (1L << 6) /* update account lock status */
668 #define DIFFERENT_PLUGIN_ATTR \
669  (1L << 7) /* updated plugin with a different value */
670 #define USER_ATTRIBUTES (1L << 8) /* Request to update user attributes */
671 
672 /* sql_user */
673 void log_user(THD *thd, String *str, LEX_USER *user, bool comma);
674 bool check_change_password(THD *thd, const char *host, const char *user,
675  bool retain_current_password);
676 bool change_password(THD *thd, LEX_USER *user, char *password,
677  const char *current_password,
678  bool retain_current_password);
679 bool mysql_create_user(THD *thd, List<LEX_USER> &list, bool if_not_exists,
680  bool is_role);
681 bool mysql_alter_user(THD *thd, List<LEX_USER> &list, bool if_exists);
682 bool mysql_drop_user(THD *thd, List<LEX_USER> &list, bool if_exists,
683  bool drop_role);
685 
686 /* sql_auth_cache */
687 void init_acl_memory();
688 int wild_case_compare(CHARSET_INFO *cs, const char *str, const char *wildstr);
689 int wild_case_compare(CHARSET_INFO *cs, const char *str, size_t str_len,
690  const char *wildstr, size_t wildstr_len);
691 bool hostname_requires_resolving(const char *hostname);
692 bool acl_init(bool dont_read_acl_tables);
693 void acl_free(bool end = false);
695 bool grant_init(bool skip_grant_tables);
696 void grant_free(void);
697 bool reload_acl_caches(THD *thd);
698 ulong acl_get(THD *thd, const char *host, const char *ip, const char *user,
699  const char *db, bool db_is_pattern);
700 bool is_acl_user(THD *thd, const char *host, const char *user);
701 bool acl_getroot(THD *thd, Security_context *sctx, char *user, char *host,
702  char *ip, const char *db);
703 bool check_acl_tables_intact(THD *thd);
704 bool check_acl_tables_intact(THD *thd, TABLE_LIST *tables);
705 void notify_flush_event(THD *thd);
707 
708 /* sql_authorization */
709 bool skip_grant_tables();
711 bool mysql_set_role_default(THD *thd);
712 bool mysql_set_active_role_all(THD *thd, const List<LEX_USER> *except_users);
713 bool mysql_set_active_role(THD *thd, const List<LEX_USER> *role_list);
714 bool mysql_grant(THD *thd, const char *db, List<LEX_USER> &list, ulong rights,
715  bool revoke_grant, bool is_proxy,
716  const List<LEX_CSTRING> &dynamic_privilege,
717  bool grant_all_current_privileges, LEX_GRANT_AS *grant_as);
718 bool mysql_routine_grant(THD *thd, TABLE_LIST *table, bool is_proc,
719  List<LEX_USER> &user_list, ulong rights, bool revoke,
720  bool write_to_binlog);
721 int mysql_table_grant(THD *thd, TABLE_LIST *table, List<LEX_USER> &user_list,
722  List<LEX_COLUMN> &column_list, ulong rights, bool revoke);
723 bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
724  bool any_combination_will_do, uint number, bool no_errors);
725 bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name,
726  const char *table_name, const char *name, size_t length,
727  Security_context *sctx, ulong want_privilege);
728 bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST *table_ref,
729  const char *name, size_t length,
730  ulong want_privilege);
731 bool check_grant_all_columns(THD *thd, ulong want_access,
732  Field_iterator_table_ref *fields);
733 bool check_grant_routine(THD *thd, ulong want_access, TABLE_LIST *procs,
734  bool is_proc, bool no_error);
735 bool check_grant_db(THD *thd, const char *db);
736 bool acl_check_proxy_grant_access(THD *thd, const char *host, const char *user,
737  bool with_grant);
738 void get_privilege_desc(char *to, uint max_length, ulong access);
739 void get_mqh(THD *thd, const char *user, const char *host, USER_CONN *uc);
740 ulong get_table_grant(THD *thd, TABLE_LIST *table);
741 ulong get_column_grant(THD *thd, GRANT_INFO *grant, const char *db_name,
742  const char *table_name, const char *field_name);
743 bool mysql_show_grants(THD *, LEX_USER *, const List_of_auth_id_refs &, bool);
744 bool mysql_show_create_user(THD *thd, LEX_USER *user, bool are_both_users_same);
746 bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name,
747  bool is_proc);
748 bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
749  bool is_proc);
751  const char *db, const char *table);
752 int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, Item *cond);
753 int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, Item *cond);
754 int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, Item *cond);
755 int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, Item *cond);
757  GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name);
758 
759 bool lock_tables_precheck(THD *thd, TABLE_LIST *tables);
760 bool create_table_precheck(THD *thd, TABLE_LIST *tables,
762 bool check_fk_parent_table_access(THD *thd, HA_CREATE_INFO *create_info,
763  Alter_info *alter_info);
764 bool check_readonly(THD *thd, bool err_if_readonly);
765 void err_readonly(THD *thd);
766 
767 bool is_secure_transport(int vio_type);
768 
769 bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *tables);
770 bool check_single_table_access(THD *thd, ulong privilege, TABLE_LIST *tables,
771  bool no_errors);
772 bool check_routine_access(THD *thd, ulong want_access, const char *db,
773  char *name, bool is_proc, bool no_errors);
774 bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table);
775 bool check_some_routine_access(THD *thd, const char *db, const char *name,
776  bool is_proc);
777 bool check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
778  GRANT_INTERNAL_INFO *grant_internal_info,
779  bool dont_check_global_grants, bool no_errors);
780 bool check_table_access(THD *thd, ulong requirements, TABLE_LIST *tables,
781  bool any_combination_of_privileges_will_do, uint number,
782  bool no_errors);
784 bool mysql_grant_role(THD *thd, const List<LEX_USER> *users,
785  const List<LEX_USER> *roles, bool with_admin_opt);
786 bool mysql_revoke_role(THD *thd, const List<LEX_USER> *users,
787  const List<LEX_USER> *roles);
789 
790 bool is_granted_table_access(THD *thd, ulong required_acl, TABLE_LIST *table);
791 
793  const List<LEX_USER> *users,
794  const List<LEX_USER> *roles);
795 void roles_graphml(THD *thd, String *);
796 bool has_grant_role_privilege(THD *thd, const LEX_CSTRING &role_name,
797  const LEX_CSTRING &role_host);
799 std::string create_authid_str_from(const LEX_USER *user);
800 void append_identifier(String *packet, const char *name, size_t length);
801 bool is_role_id(LEX_USER *authid);
802 void shutdown_acl_cache();
804  LEX_CSTRING role_host);
805 bool check_show_access(THD *thd, TABLE_LIST *table);
806 bool check_global_access(THD *thd, ulong want_access);
807 
808 /* sql_user_table */
810 
811 typedef enum ssl_artifacts_status {
817 
819 #if defined(HAVE_OPENSSL) && !defined(HAVE_WOLFSSL)
820 extern bool opt_auto_generate_certs;
821 bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status,
822  char **ssl_ca, char **ssl_key, char **ssl_cert);
823 #endif /* HAVE_OPENSSL && !HAVE_WOLFSSL */
824 
825 #define DEFAULT_SSL_CA_CERT "ca.pem"
826 #define DEFAULT_SSL_CA_KEY "ca-key.pem"
827 #define DEFAULT_SSL_SERVER_CERT "server-cert.pem"
828 #define DEFAULT_SSL_SERVER_KEY "server-key.pem"
829 
830 void update_mandatory_roles(void);
831 bool check_authorization_id_string(THD *thd, const char *buffer, size_t length);
832 void func_current_role(const THD *thd, String *active_role);
833 
835 
838  Security_context_policy() = default;
839  virtual ~Security_context_policy() = default;
841  virtual bool operator()(Security_context *, Operation) = 0;
842 };
843 
844 typedef std::function<bool(Security_context *,
847 
848 template <class Derived>
850  public:
852  if (op == Precheck && static_cast<Derived *>(this)->precheck(sctx))
853  return true;
854  if (op == Execute && static_cast<Derived *>(this)->create(sctx))
855  return true;
856  return false;
857  }
858 };
859 
860 template <class Derived>
862  public:
864  if (op == Precheck && static_cast<Derived *>(this)->precheck(sctx))
865  return true;
866  if (op == Execute && static_cast<Derived *>(this)->grant_privileges(sctx))
867  return true;
868  return false;
869  }
870 };
871 
872 template <typename T>
873 using Sctx_ptr = std::unique_ptr<T, std::function<void(T *)>>;
874 
875 /**
876  Factory for creating any Security_context given a pre-constructed policy.
877 */
879  public:
880  /**
881  Default Security_context factory implementation. Given two policies and
882  a authid this class returns a Security_context.
883  @param thd The thread handle
884  @param user User name associated with auth id
885  @param host Host name associated with auth id
886  @param extend_user_profile The policy for creating the user profile
887  @param priv The policy for authorizing the authid to
888  use the server.
889  @param static_priv Static privileges for authid.
890  @param drop_policy The policy for deleting the authid and
891  revoke privileges
892  */
894  THD *thd, const std::string &user, const std::string &host,
895  const Security_context_functor &extend_user_profile,
896  const Security_context_functor &priv,
897  const Security_context_functor &static_priv,
898  const std::function<void(Security_context *)> &drop_policy)
899  : m_thd(thd),
900  m_user(user),
901  m_host(host),
902  m_user_profile(extend_user_profile),
903  m_privileges(priv),
904  m_static_privileges(static_priv),
905  m_drop_policy(drop_policy) {}
906 
909 
910  private:
912 
914  std::string m_user;
915  std::string m_host;
919  const std::function<void(Security_context *)> m_drop_policy;
920 };
921 
922 class Default_local_authid : public Create_authid<Default_local_authid> {
923  public:
924  Default_local_authid(const THD *thd);
925  bool precheck(Security_context *sctx);
926  bool create(Security_context *sctx);
927 
928  private:
929  const THD *m_thd;
930 };
931 
932 /**
933  Grant the privilege temporarily to the in-memory global privleges map.
934  This class is not thread safe.
935  */
937  : public Grant_privileges<Grant_temporary_dynamic_privileges> {
938  public:
940  const std::vector<std::string> privs);
941  bool precheck(Security_context *sctx);
943 
944  private:
945  const THD *m_thd;
946  const std::vector<std::string> m_privs;
947 };
948 
950  public:
951  Drop_temporary_dynamic_privileges(const std::vector<std::string> privs)
952  : m_privs(privs) {}
953  void operator()(Security_context *sctx);
954 
955  private:
956  std::vector<std::string> m_privs;
957 };
958 
960  : public Grant_privileges<Grant_temporary_static_privileges> {
961  public:
962  Grant_temporary_static_privileges(const THD *thd, const ulong privs);
963  bool precheck(Security_context *sctx);
965 
966  private:
967  /** THD handle */
968  const THD *m_thd;
969 
970  /** Privileges */
971  const ulong m_privs;
972 };
973 
974 bool operator==(const LEX_CSTRING &a, const LEX_CSTRING &b);
975 bool is_partial_revoke_exists(THD *thd);
976 void set_system_user_flag(THD *thd, bool check_for_main_security_ctx = false);
977 
978 /**
979  Storage container for default auth ids. Default roles are only weakly
980  depending on ACL_USERs. You can retain a default role even if the
981  corresponding ACL_USER is missing in the acl_cache.
982 */
983 class Auth_id {
984  public:
985  Auth_id();
986  Auth_id(const char *user, size_t user_len, const char *host, size_t host_len);
987  Auth_id(const Auth_id_ref &id);
988  Auth_id(const LEX_CSTRING &user, const LEX_CSTRING &host);
989  Auth_id(const std::string &user, const std::string &host);
990  Auth_id(const LEX_USER *lex_user);
991  Auth_id(const ACL_USER *acl_user);
992 
993  ~Auth_id();
994  Auth_id(const Auth_id &id);
995  Auth_id &operator=(const Auth_id &) = default;
996 
997  bool operator<(const Auth_id &id) const;
998  void auth_str(std::string *out) const;
999  std::string auth_str() const;
1000  const std::string &user() const;
1001  const std::string &host() const;
1002 
1003  private:
1004  /** User part */
1005  std::string m_user;
1006  /** Host part */
1007  std::string m_host;
1008 };
1009 
1010 /*
1011  As of now Role_id is an alias of Auth_id.
1012  We may extend the Auth_id as Role_id once
1013  more substances are added to latter.
1014 */
1016 
1017 #endif /* AUTH_COMMON_INCLUDED */
Definition: auth_common.h:621
uint create_role_priv_idx()
Definition: auth_common.h:613
virtual uint max_user_connections_idx()=0
Definition: auth_common.h:813
Definition: auth_common.h:271
void update_mandatory_roles(void)
Definition: sql_authorization.cc:7072
uint password_require_current_idx()
Definition: auth_common.h:617
virtual bool is_old_user_table_schema(TABLE *table)
Definition: auth_common.cc:71
virtual uint password_expired_idx()=0
std::vector< std::string > m_privs
Definition: auth_common.h:956
Operation
Definition: auth_common.h:837
uint account_locked_idx()
Definition: auth_common.h:612
Definition: auth_common.h:217
uint user_idx()
Definition: auth_common.h:554
void init_acl_memory()
Allocates the memory in the the global_acl_memory MEM_ROOT.
Definition: sql_auth_cache.cc:172
Grant_temporary_dynamic_privileges(const THD *thd, const std::vector< std::string > privs)
Definition: sql_authorization.cc:7104
LEX_STRING * plugin_name(st_plugin_int **ref)
Definition: sql_plugin_ref.h:94
Definition: auth_common.h:316
bool acl_check_host(THD *thd, const char *host, const char *ip)
Definition: sql_authentication.cc:1619
Definition: auth_common.h:212
Definition: auth_common.h:327
Security_context_factory(THD *thd, const std::string &user, const std::string &host, const Security_context_functor &extend_user_profile, const Security_context_functor &priv, const Security_context_functor &static_priv, const std::function< void(Security_context *)> &drop_policy)
Default Security_context factory implementation.
Definition: auth_common.h:893
Definition: auth_common.h:293
uint drop_priv_idx()
Definition: auth_common.h:561
virtual ~ACL_internal_table_access()
Definition: auth_common.h:101
void get_default_roles(const Auth_id_ref &user, List_of_auth_id_refs &list)
Shallow copy a list of default role authorization IDs from an Role_id storage.
Definition: sql_authorization.cc:6102
virtual uint account_locked_idx()=0
void shutdown_acl_cache()
Shutdown the global Acl_cache system which was only initialized if the rwlocks were initialized...
Definition: sql_auth_cache.cc:3195
virtual uint show_db_priv_idx()=0
virtual uint delete_priv_idx()=0
void append_identifier(String *packet, const char *name, size_t length)
Convert and quote the given identifier if needed and append it to the target string.
Definition: sql_show.cc:777
To implicit_cast(To x)
Sometimes the compiler insists that types be the same and does not do any implicit conversion...
Definition: template_utils.h:130
uint password_idx()
Definition: auth_common.h:428
Definition: auth_common.h:266
Definition: auth_common.h:837
uint trigger_priv_idx()
Definition: auth_common.h:465
const char * db_name
Definition: rules_table_service.cc:54
virtual ~User_table_schema_factory()
Definition: auth_common.h:631
uint delete_priv_idx()
Definition: auth_common.h:435
uint password_reuse_history_idx()
Definition: auth_common.h:489
uint delete_priv_idx()
Definition: auth_common.h:559
Definition: auth_common.h:216
Definition: auth_common.h:259
Definition: mysql_lex_string.h:34
bool mysql_revoke_all(THD *thd, List< LEX_USER > &list)
Definition: sql_authorization.cc:4954
Storage container for default auth ids.
Definition: auth_common.h:983
Definition: auth_common.h:837
uint alter_routine_priv_idx()
Definition: auth_common.h:584
std::function< bool(Security_context *, Security_context_policy::Operation)> Security_context_functor
Definition: auth_common.h:846
Definition: auth_common.h:325
Definition: auth_common.h:248
Definition: auth_common.h:240
ACL_internal_schema_access()
Definition: auth_common.h:135
Security_context_policy()=default
virtual uint drop_role_priv_idx()=0
virtual uint lock_tables_priv_idx()=0
Definition: auth_common.h:314
std::string m_host
Definition: auth_common.h:915
Grant_temporary_static_privileges(const THD *thd, const ulong privs)
Definition: sql_authorization.cc:7131
const string name("\ame\)
Definition: auth_common.h:263
char buffer[STRING_BUFFER]
Definition: test_sql_9_sessions.cc:57
~Auth_id()
Definition: auth_common.cc:105
Definition: auth_common.h:238
uint password_require_current_idx()
Definition: auth_common.h:495
mysql_dynamic_priv_table_field
Definition: auth_common.h:346
bool is_acl_user(THD *thd, const char *host, const char *user)
Definition: sql_auth_cache.cc:1004
Extension of ACL_internal_schema_access for Information Schema.
Definition: auth_common.h:179
uint event_priv_idx()
Definition: auth_common.h:588
uint user_idx()
Definition: auth_common.h:426
uint max_questions_idx()
Definition: auth_common.h:473
bool validate_user_plugins
controls the extra checks on plugin availability for mysql.user records
Definition: sql_auth_cache.cc:164
Definition: auth_common.h:291
bool acl_getroot(THD *thd, Security_context *sctx, char *user, char *host, char *ip, const char *db)
Definition: sql_auth_cache.cc:1289
virtual uint file_priv_idx()=0
Some integer typedefs for easier portability.
Definition: auth_common.h:312
Definition: auth_common.h:236
Definition: auth_common.h:922
Definition: auth_common.h:288
#define bool
Definition: config_static.h:42
bool operator()(Security_context *sctx, Operation op)
Definition: auth_common.h:863
ACL_internal_table_access()
Definition: auth_common.h:99
Definition: auth_common.h:303
bool reload_acl_caches(THD *thd)
Reload all ACL caches.
Definition: sql_auth_cache.cc:3399
Definition: auth_common.h:342
Definition: auth_common.h:280
uint show_view_priv_idx()
Definition: auth_common.h:580
Definition: auth_common.h:201
Definition: auth_common.h:222
virtual uint password_idx()=0
Definition: auth_common.h:295
Definition: auth_common.h:349
No decision yet, use the grant tables.
Definition: auth_common.h:86
Definition: auth_common.h:269
Definition: auth_common.h:252
Definition: auth_common.h:262
Definition: auth_common.h:272
Definition: auth_common.h:331
Definition: auth_common.h:270
Definition: auth_common.h:306
Definition: auth_common.h:322
bool lock_tables_precheck(THD *thd, TABLE_LIST *tables)
Check privileges for LOCK TABLES statement.
Definition: sql_authorization.cc:1776
int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, Item *cond)
Definition: sql_authorization.cc:5545
int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, Item *cond)
Definition: sql_authorization.cc:5610
uint create_user_priv_idx()
Definition: auth_common.h:463
Definition: auth_common.h:332
Definition: auth_common.h:226
bool mysql_create_user(THD *thd, List< LEX_USER > &list, bool if_not_exists, bool is_role)
Definition: sql_user.cc:1892
bool check_routine_access(THD *thd, ulong want_access, const char *db, char *name, bool is_proc, bool no_errors)
Definition: sql_authorization.cc:2041
virtual uint password_lifetime_idx()=0
bool mysql_alter_user(THD *thd, List< LEX_USER > &list, bool if_exists)
Definition: sql_user.cc:2414
virtual const ACL_internal_table_access * lookup(const char *name) const =0
Search for per table ACL access rules by table name.
void grant_free(void)
Definition: sql_auth_cache.cc:2097
Definition: mysql_lex_string.h:39
Definition: auth_common.h:282
uint insert_priv_idx()
Definition: auth_common.h:433
Definition: auth_common.h:317
Security_context_functor m_privileges
Definition: auth_common.h:917
IS_internal_schema_access()
Definition: auth_common.h:181
State information for internal tables grants.
Definition: table.h:310
Consumer_type
Target types where the rewritten query will be added.
Definition: sql_rewrite.h:37
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:51
bool is_secure_transport(int vio_type)
Definition: sql_authentication.cc:3498
bool precheck(Security_context *sctx)
Definition: sql_authorization.cc:7135
Definition: auth_common.h:264
Definition: auth_common.h:261
bool acl_init(bool dont_read_acl_tables)
Definition: sql_auth_cache.cc:1540
Definition: auth_common.h:244
volatile uint32 global_password_history
Global sysvar: the number of old passwords to check in the history.
Definition: sql_auth_cache.cc:3386
const THD * m_thd
Definition: auth_common.h:945
bool grant_init(bool skip_grant_tables)
Initialize structures responsible for table/column-level privilege checking and load information for ...
Definition: sql_auth_cache.cc:2118
class udf_list * list
Definition: auth_common.h:245
std::string auth_str() const
Definition: auth_common.cc:122
Definition: auth_common.h:335
bool precheck(Security_context *sctx)
Check if the security context can be created as a local authid
Definition: sql_authorization.cc:7087
void apply_policies_to_security_ctx()
Definition: sql_authorization.cc:7199
const std::vector< std::string > m_privs
Definition: auth_common.h:946
Definition: auth_common.h:260
bool check_grant_routine(THD *thd, ulong want_access, TABLE_LIST *procs, bool is_proc, bool no_error)
Definition: sql_authorization.cc:4161
Definition: auth_common.h:232
const string comma(" , ")
virtual uint host_idx()=0
const ACL_internal_schema_access * get_cached_schema_access(GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name)
Get a cached internal schema access.
Definition: sql_authorization.cc:1710
Definition: auth_common.h:310
virtual uint process_priv_idx()=0
Definition: auth_common.h:242
uint repl_client_priv_idx()
Definition: auth_common.h:456
uint insert_priv_idx()
Definition: auth_common.h:557
ulong get_column_grant(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *field_name)
Definition: sql_authorization.cc:4299
ACL_internal_access_result
Definition: auth_common.h:75
std::string m_host
Host part.
Definition: auth_common.h:1007
Definition: auth_common.h:255
int wild_case_compare(CHARSET_INFO *cs, const char *str, const char *wildstr)
Definition: sql_auth_cache.cc:586
bool operator==(const LEX_CSTRING &a, const LEX_CSTRING &b)
Definition: sql_authorization.cc:7260
bool mysql_show_grants(THD *, LEX_USER *, const List_of_auth_id_refs &, bool)
SHOW GRANTS FOR user USING [ALL | role [,role ...]].
Definition: sql_authorization.cc:4623
uint process_priv_idx()
Definition: auth_common.h:440
bool operator<(const Auth_id_ref &a, const Auth_id_ref &b)
Definition: sql_authorization.cc:7243
Definition: auth_common.h:276
Security_context_functor m_user_profile
Definition: auth_common.h:916
Definition: auth_common.h:265
Using this class is fraught with peril, and you need to be very careful when doing so...
Definition: sql_string.h:159
bool check_authorization_id_string(THD *thd, const char *buffer, size_t length)
Definition: sql_authorization.cc:6997
Definition: auth_common.h:254
bool check_grant_db(THD *thd, const char *db)
Check if a user has the right to access a database Access is accepted if he has a grant for any table...
Definition: sql_authorization.cc:4102
uint account_locked_idx()
Definition: auth_common.h:488
bool disconnect_on_expired_password
Definition: sql_authentication.cc:876
Auth_id & operator=(const Auth_id &)=default
uint shutdown_priv_idx()
Definition: auth_common.h:439
uint create_tmp_table_priv_idx()
Definition: auth_common.h:572
bool is_role_id(LEX_USER *authid)
Definition: sql_authorization.cc:780
Definition: auth_common.h:350
uint index_priv_idx()
Definition: auth_common.h:568
Definition: table.h:1294
uint alter_priv_idx()
Definition: auth_common.h:445
int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, Item *cond)
Definition: sql_authorization.cc:5485
bool mysql_show_create_user(THD *thd, LEX_USER *user, bool are_both_users_same)
Auxiliary function for constructing CREATE USER sql for a given user.
Definition: sql_user.cc:185
bool hostname_requires_resolving(const char *hostname)
Check if the given host name needs to be resolved or not.
Definition: sql_auth_cache.cc:665
Definition: auth_common.h:214
Definition: sql_auth_cache.h:141
bool grant_privileges(Security_context *sctx)
Grant dynamic privileges to an in-memory global authid
Definition: sql_authorization.cc:7120
Grant the privilege temporarily to the in-memory global privleges map.
Definition: auth_common.h:936
Definition: auth_common.h:287
int set_default_auth_plugin(char *plugin_name, size_t plugin_name_length)
Initialize default authentication plugin based on command line options or configuration file setting...
Definition: sql_authentication.cc:1119
virtual uint plugin_idx()=0
Security_context_functor m_static_privileges
Definition: auth_common.h:918
bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *tables)
Check grants for commands which work only with one table and all other tables belonging to subselects...
Definition: sql_authorization.cc:1963
Per internal schema ACL access rules.
Definition: auth_common.h:133
uint create_role_priv_idx()
Definition: auth_common.h:448
uint grant_priv_idx()
Definition: auth_common.h:442
uint max_updates_idx()
Definition: auth_common.h:474
uint max_questions_idx()
Definition: auth_common.h:597
uint password_reuse_time_idx()
Definition: auth_common.h:492
char * host
Definition: mysqladmin.cc:57
virtual uint max_questions_idx()=0
Definition: auth_common.h:235
Definition: table.h:2339
uint repl_slave_priv_idx()
Definition: auth_common.h:455
uint x509_subject_idx()
Definition: auth_common.h:596
#define DBUG_ASSERT(A)
Definition: my_dbug.h:128
uint password_lifetime_idx()
Definition: auth_common.h:487
Definition: auth_common.h:836
static const ACL_internal_schema_access * lookup(const char *name)
Search per internal schema ACL by name.
Definition: sql_auth_cache.cc:197
uint password_reuse_history_idx()
Definition: auth_common.h:615
uint create_routine_priv_idx()
Definition: auth_common.h:581
virtual uint create_role_priv_idx()=0
Definition: auth_common.h:206
Definition: auth_common.h:202
uint create_tablespace_priv_idx()
Definition: auth_common.h:466
~IS_internal_schema_access()
Definition: auth_common.h:183
uint password_lifetime_idx()
Definition: auth_common.h:611
Definition: auth_common.h:197
uint x509_issuer_idx()
Definition: auth_common.h:471
uint references_priv_idx()
Definition: auth_common.h:443
bool check_show_access(THD *thd, TABLE_LIST *table)
Check if user has enough privileges for execution of SHOW statement, which was converted to query to ...
Definition: sql_authorization.cc:5691
Definition: auth_common.h:315
uint lock_tables_priv_idx()
Definition: auth_common.h:453
bool change_password(THD *thd, LEX_USER *user, char *password, const char *current_password, bool retain_current_password)
Change a password hash for a user.
Definition: sql_user.cc:1305
bool check_readonly(THD *thd, bool err_if_readonly)
Performs standardized check whether to prohibit (true) or allow (false) operations based on read_onl...
Definition: sql_authorization.cc:1906
Definition: auth_common.h:258
mysql_proxies_priv_table_feild
Definition: auth_common.h:275
uint index_priv_idx()
Definition: auth_common.h:444
bool check_table_encryption_admin_access(THD *thd)
Check if a current user has the privilege TABLE_ENCRYPTION_ADMIN required to create encrypted table...
Definition: sql_authorization.cc:2460
Definition: auth_common.h:246
virtual ~ACL_internal_schema_access()
Definition: auth_common.h:137
uint execute_priv_idx()
Definition: auth_common.h:454
bool check_grant_all_columns(THD *thd, ulong want_access, Field_iterator_table_ref *fields)
check if a query can access a set of columns
Definition: sql_authorization.cc:3946
mysql_user_table_field_56
Definition: auth_common.h:506
virtual uint password_last_changed_idx()=0
Access granted for all the requested privileges, do not use the grant tables.
Definition: auth_common.h:82
virtual uint x509_subject_idx()=0
uint password_expired_idx()
Definition: auth_common.h:607
ulong acl_get(THD *thd, const char *host, const char *ip, const char *user, const char *db, bool db_is_pattern)
Get privilege for a host, user, and db combination.
Definition: sql_auth_cache.cc:1134
enum enum_vio_type vio_type(const MYSQL_VIO vio)
Definition: auth_common.h:311
uint show_db_priv_idx()
Definition: auth_common.h:570
Definition: auth_common.h:323
mysql_password_history_table_field
Definition: auth_common.h:338
void commit_and_close_mysql_tables(THD *thd)
A helper function to commit statement transaction and close ACL tables after reading some data from t...
Definition: sql_user_table.cc:495
virtual uint super_priv_idx()=0
bool mysql_set_active_role_all(THD *thd, const List< LEX_USER > *except_users)
Activates all granted role in the current security context
Definition: sql_authorization.cc:6538
Definition: auth_common.h:253
Definition: auth_common.h:224
const std::string & host() const
Definition: auth_common.cc:131
char * user
Definition: mysqladmin.cc:57
Definition: auth_common.h:234
Definition: aggregate_check.h:523
virtual uint select_priv_idx()=0
bool check_change_password(THD *thd, const char *host, const char *user, bool retain_current_password)
Definition: sql_user.cc:133
bool create_table_precheck(THD *thd, TABLE_LIST *tables, TABLE_LIST *create_table)
CREATE TABLE query pre-check.
Definition: sql_authorization.cc:1804
virtual ACL_internal_access_result check(ulong want_access, ulong *save_priv) const =0
Check access to an internal table.
Cursor end()
A past-the-end Cursor.
Definition: rules_table_service.cc:191
int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, Item *cond)
Definition: sql_authorization.cc:5410
Definition: auth_common.h:360
int mysql_table_grant(THD *thd, TABLE_LIST *table, List< LEX_USER > &user_list, List< LEX_COLUMN > &column_list, ulong rights, bool revoke)
Definition: sql_authorization.cc:2615
uint file_priv_idx()
Definition: auth_common.h:441
const std::string & user() const
Definition: auth_common.cc:130
uint create_tmp_table_priv_idx()
Definition: auth_common.h:450
Definition: auth_common.h:313
mysql_default_roles_table_field
Definition: auth_common.h:330
Definition: auth_common.h:849
virtual uint max_updates_idx()=0
uint max_connections_idx()
Definition: auth_common.h:599
void notify_flush_event(THD *thd)
Audit notification for flush.
Definition: sql_auth_cache.cc:1483
virtual uint show_view_priv_idx()=0
uint host_idx()
Definition: auth_common.h:425
bool check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, GRANT_INTERNAL_INFO *grant_internal_info, bool dont_check_global_grants, bool no_errors)
Compare requested privileges with the privileges acquired from the User- and Db-tables.
Definition: sql_authorization.cc:2172
virtual uint password_require_current_idx()=0
Definition: auth_common.h:230
const ulong m_privs
Privileges.
Definition: auth_common.h:971
Definition: auth_common.h:333
Definition: auth_common.h:340
Definition: auth_common.h:250
uint authentication_string_idx()
Definition: auth_common.h:604
Definition: auth_common.h:208
const std::string mysql
void acl_free(bool end=false)
Definition: sql_auth_cache.cc:1763
uint process_priv_idx()
Definition: auth_common.h:564
Definition: auth_common.h:281
Definition: item.h:666
unsigned int uint
Definition: uca-dump.cc:29
Definition: auth_common.h:237
virtual uint create_view_priv_idx()=0
PFS_table * create_table(PFS_table_share *share, PFS_thread *opening_thread, const void *identity)
Create instrumentation for a table instance.
Definition: pfs_instr.cc:1118
Definition: auth_common.h:301
uint ssl_type_idx()
Definition: auth_common.h:593
Default_local_authid(const THD *thd)
Definition: sql_authorization.cc:7078
ulong get_table_grant(THD *thd, TABLE_LIST *table)
Definition: sql_authorization.cc:4263
Definition: auth_common.h:351
std::string m_user
User part.
Definition: auth_common.h:1005
uint host_idx()
Definition: auth_common.h:553
uint user_attributes_idx()
Definition: auth_common.h:498
volatile uint32 global_password_reuse_interval
Global sysvar: the number of days before a password can be reused.
Definition: sql_auth_cache.cc:3388
Definition: auth_common.h:225
virtual uint create_user_priv_idx()=0
const std::vector< std::string > global_acls_vector
Consts for static privileges.
Definition: auth_acls.cc:61
Definition: auth_common.h:815
Definition: auth_common.h:195
uint user_attributes_idx()
Definition: auth_common.h:618
uint create_priv_idx()
Definition: auth_common.h:436
virtual uint update_priv_idx()=0
const THD * m_thd
Definition: auth_common.h:929
Definition: auth_common.h:207
const std::string system_user
Definition: auth_common.h:277
uint repl_client_priv_idx()
Definition: auth_common.h:578
Definition: m_ctype.h:358
uint shutdown_priv_idx()
Definition: auth_common.h:563
const char * any_db
Definition: sql_authorization.cc:497
Definition: auth_common.h:423
std::string m_user
Definition: auth_common.h:914
std::string create_authid_str_from(const LEX_USER *user)
Helper used for producing a key to a key-value-map.
Definition: sql_authorization.cc:6404
Definition: auth_common.h:299
mysql_columns_priv_table_field
Definition: auth_common.h:298
uint password_reuse_time_idx()
Definition: auth_common.h:616
virtual uint create_routine_priv_idx()=0
ulong get_global_acl_cache_size()
Definition: sql_auth_cache.cc:107
Definition: auth_common.h:279
bool create(Security_context *sctx)
Create a local authid without modifying any tables.
Definition: sql_authorization.cc:7099
enum_server_command
A list of all MySQL protocol commands.
Definition: my_command.h:47
virtual ~User_table_schema()
Definition: auth_common.h:417
Definition: auth_common.h:861
void roles_graphml(THD *thd, String *)
Definition: sql_authorization.cc:4716
Definition: auth_common.h:292
uint ssl_cipher_idx()
Definition: auth_common.h:470
virtual uint authentication_string_idx()=0
Definition: auth_common.h:959
virtual uint alter_priv_idx()=0
bool mysql_set_active_role_none(THD *thd)
Reset active roles.
Definition: sql_authorization.cc:6494
Definition: auth_common.h:210
uint password_last_changed_idx()
Definition: auth_common.h:610
bool wildcard_db_grant_exists()
void acl_log_connect(const char *user, const char *host, const char *auth_as, const char *db, THD *thd, enum enum_server_command command)
Logging connection for the general query log, extracted from acl_authenticate() as it&#39;s reused at di...
Definition: sql_authentication.cc:3003
Definition: auth_common.h:243
static MEM_ROOT mem_root
Definition: client_plugin.cc:107
virtual uint ssl_type_idx()=0
bool mysql_user_table_is_in_short_password_format
bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, bool any_combination_will_do, uint number, bool no_errors)
Check table level grants.
Definition: sql_authorization.cc:3602
Definition: auth_common.h:347
virtual uint reload_priv_idx()=0
Definition: auth_common.h:213
uint update_priv_idx()
Definition: auth_common.h:434
bool acl_check_proxy_grant_access(THD *thd, const char *host, const char *user, bool with_grant)
Definition: sql_authorization.cc:5356
virtual uint create_tmp_table_priv_idx()=0
virtual uint repl_slave_priv_idx()=0
static void register_schema(const LEX_STRING &name, const ACL_internal_schema_access *access)
Add an internal schema to the registry.
Definition: sql_auth_cache.cc:182
uint select_priv_idx()
Definition: auth_common.h:556
Definition: auth_common.h:200
const THD * m_thd
THD handle.
Definition: auth_common.h:968
Definition: auth_common.h:233
Sctx_ptr< Security_context > create(MEM_ROOT *mem_root)
Definition: sql_authorization.cc:7176
uint max_user_connections_idx()
Definition: auth_common.h:476
bool mysql_routine_grant(THD *thd, TABLE_LIST *table, bool is_proc, List< LEX_USER > &user_list, ulong rights, bool revoke, bool write_to_binlog)
Store routine level grants in the privilege tables.
Definition: sql_authorization.cc:2889
uint plugin_idx()
Definition: auth_common.h:603
mysql_procs_priv_table_field
Definition: auth_common.h:286
command
Definition: version_token.cc:278
bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table)
Check if the given table has any of the asked privileges.
Definition: sql_authorization.cc:2094
Definition: auth_common.h:268
Definition: sql_lex.h:3609
uint reload_priv_idx()
Definition: auth_common.h:438
bool mysql_grant_role(THD *thd, const List< LEX_USER > *users, const List< LEX_USER > *roles, bool with_admin_opt)
Grants a list of roles to a list of users.
Definition: sql_authorization.cc:3179
Definition: sql_connect.h:69
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:71
Definition: auth_common.h:229
uint repl_slave_priv_idx()
Definition: auth_common.h:577
void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant, const char *db, const char *table)
Definition: sql_authorization.cc:5288
void get_privilege_desc(char *to, uint max_length, ulong access)
Definition: sql_authorization.cc:4356
uint create_view_priv_idx()
Definition: auth_common.h:579
virtual ~Security_context_policy()=default
Definition: auth_common.h:326
virtual uint ssl_cipher_idx()=0
const std::function< void(Security_context *)> m_drop_policy
Definition: auth_common.h:919
virtual uint references_priv_idx()=0
virtual uint repl_client_priv_idx()=0
uint alter_routine_priv_idx()
Definition: auth_common.h:462
bool mysql_set_active_role(THD *thd, const List< LEX_USER > *role_list)
Definition: sql_authorization.cc:6548
uint super_priv_idx()
Definition: auth_common.h:447
mysql_db_table_field
Definition: auth_common.h:194
Definition: auth_common.h:334
bool check_fk_parent_table_access(THD *thd, HA_CREATE_INFO *create_info, Alter_info *alter_info)
Checks foreign key&#39;s parent table access.
Definition: sql_authorization.cc:5821
Definition: auth_common.h:302
void operator()(Security_context *sctx)
Definition: sql_authorization.cc:7126
Definition: auth_common.h:198
bool is_partial_revoke_exists(THD *thd)
Method to check if there exists at least one partial revokes in the cache.
Definition: sql_auth_cache.cc:3520
virtual uint user_idx()=0
bool check_table_access(THD *thd, ulong requirements, TABLE_LIST *tables, bool any_combination_of_privileges_will_do, uint number, bool no_errors)
Check if the requested privileges exists in either User-, Host- or Db-tables.
Definition: sql_authorization.cc:2390
bool check_engine_type_for_acl_table(THD *thd)
Definition: sql_auth_cache.cc:1789
Definition: auth_common.h:348
mysql_user_table_field
Definition: auth_common.h:220
virtual uint create_tablespace_priv_idx()=0
uint select_priv_idx()
Definition: auth_common.h:432
Definition: auth_common.h:251
uint lock_tables_priv_idx()
Definition: auth_common.h:575
std::pair< LEX_CSTRING, LEX_CSTRING > Auth_id_ref
user, host tuple which reference either acl_cache or g_default_roles
Definition: auth_common.h:70
Definition: auth_common.h:339
uint x509_subject_idx()
Definition: auth_common.h:472
virtual uint max_connections_idx()=0
uint x509_issuer_idx()
Definition: auth_common.h:595
Data describing the table being created by CREATE TABLE or altered by ALTER TABLE.
Definition: sql_alter.h:188
virtual User_table_schema * get_user_table_schema(TABLE *table)
Definition: auth_common.h:623
mysql_tables_priv_table_field
Definition: auth_common.h:309
uint references_priv_idx()
Definition: auth_common.h:567
bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, bool is_proc)
Grant EXECUTE,ALTER privilege for a stored procedure.
Definition: sql_authorization.cc:5199
Definition: auth_common.h:267
Drop_temporary_dynamic_privileges(const std::vector< std::string > privs)
Definition: auth_common.h:951
uint show_view_priv_idx()
Definition: auth_common.h:458
uint create_view_priv_idx()
Definition: auth_common.h:457
Definition: auth_common.h:343
uint trigger_priv_idx()
Definition: auth_common.h:589
uint grant_priv_idx()
Definition: auth_common.h:566
uint plugin_idx()
Definition: auth_common.h:479
bool check_acl_tables_intact(THD *thd)
Opens the ACL tables and checks their sanity.
Definition: sql_auth_cache.cc:1873
uint alter_priv_idx()
Definition: auth_common.h:569
The current state of the privilege checking process for the current user, SQL statement and SQL objec...
Definition: table.h:333
Definition: sql_lex.h:3621
void err_readonly(THD *thd)
Generates appropriate error messages for read-only state depending on whether user has SUPER privileg...
Definition: sql_authorization.cc:1942
role_enum
Definition: sql_admin.h:217
bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *name, size_t length, Security_context *sctx, ulong want_privilege)
Definition: sql_authorization.cc:3790
Per internal table ACL access rules.
Definition: auth_common.h:97
uint execute_priv_idx()
Definition: auth_common.h:576
Definition: auth_common.h:241
Definition: auth_common.h:304
virtual uint grant_priv_idx()=0
bool mysql_set_role_default(THD *thd)
Activates all the default roles in the current security context.
Definition: sql_authorization.cc:6515
std::unique_ptr< T, std::function< void(T *)> > Sctx_ptr
Definition: auth_common.h:873
Definition: auth_common.h:949
virtual bool operator()(Security_context *, Operation)=0
uint max_updates_idx()
Definition: auth_common.h:598
uint create_tablespace_priv_idx()
Definition: auth_common.h:590
uint ssl_cipher_idx()
Definition: auth_common.h:594
Definition: handler.h:2541
uint reload_priv_idx()
Definition: auth_common.h:562
bool is_granted_table_access(THD *thd, ulong required_acl, TABLE_LIST *table)
Given a TABLE_LIST object this function checks against.
Definition: sql_authorization.cc:2495
Definition: auth_common.h:209
uint show_db_priv_idx()
Definition: auth_common.h:446
Auth_id()
Definition: auth_common.cc:77
virtual uint alter_routine_priv_idx()=0
virtual uint password_reuse_time_idx()=0
uint event_priv_idx()
Definition: auth_common.h:464
uint max_connections_idx()
Definition: auth_common.h:475
Auth_id_ref create_authid_from(const LEX_USER *user)
Definition: sql_authorization.cc:6412
virtual uint insert_priv_idx()=0
bool apply_pre_constructed_policies(Security_context *sctx)
Definition: sql_authorization.cc:7146
virtual uint user_attributes_idx()=0
Definition: auth_common.h:196
Definition: auth_common.h:231
Factory for creating any Security_context given a pre-constructed policy.
Definition: auth_common.h:878
Definition: auth_common.h:278
Definition: auth_common.h:205
virtual uint password_reuse_history_idx()=0
static char * password
Definition: mysql_secure_installation.cc:55
Definition: auth_common.h:294
Definition: auth_common.h:249
bool grant_privileges(Security_context *sctx)
Definition: sql_authorization.cc:7140
Definition: auth_common.h:324
void get_mqh(THD *thd, const char *user, const char *host, USER_CONN *uc)
Definition: sql_auth_cache.cc:2833
Definition: auth_common.h:812
bool is_granted_role(LEX_CSTRING user, LEX_CSTRING host, LEX_CSTRING role, LEX_CSTRING role_host)
This function works just like check_if_granted_role, but also guarantees that the proper lock is take...
Definition: sql_authorization.cc:6571
Definition: auth_common.h:239
bool mysql_grant(THD *thd, const char *db, List< LEX_USER > &list, ulong rights, bool revoke_grant, bool is_proxy, const List< LEX_CSTRING > &dynamic_privilege, bool grant_all_current_privileges, LEX_GRANT_AS *grant_as)
Definition: sql_authorization.cc:3287
bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST *table_ref, const char *name, size_t length, ulong want_privilege)
Check the privileges for a column depending on the type of table.
Definition: sql_authorization.cc:3870
uint max_user_connections_idx()
Definition: auth_common.h:600
virtual uint trigger_priv_idx()=0
uint ssl_type_idx()
Definition: auth_common.h:469
The MEM_ROOT is a simple arena, where allocations are carved out of larger blocks.
Definition: my_alloc.h:77
Definition: auth_common.h:203
bool mysql_revoke_role(THD *thd, const List< LEX_USER > *users, const List< LEX_USER > *roles)
Definition: sql_authorization.cc:3042
Definition: auth_common.h:221
ACL_internal_access_result check(ulong want_access, ulong *save_priv) const
Check access to an internal schema.
Definition: sql_authorization.cc:1743
Definition: table.h:2439
Definition: auth_common.h:204
uint update_priv_idx()
Definition: auth_common.h:558
virtual uint execute_priv_idx()=0
virtual ACL_internal_access_result check(ulong want_access, ulong *save_priv) const =0
Check access to an internal schema.
Definition: auth_common.h:199
bool check_some_routine_access(THD *thd, const char *db, const char *name, bool is_proc)
Check if the routine has any of the routine privileges.
Definition: sql_authorization.cc:2124
void set_system_user_flag(THD *thd, bool check_for_main_security_ctx=false)
Set the system_user flag in the THD.
Definition: auth_common.cc:172
uint authentication_string_idx()
Definition: auth_common.h:480
bool check_global_access(THD *thd, ulong want_access)
check for global access and give descriptive error message if it fails.
Definition: sql_authorization.cc:5796
bool precheck(Security_context *sctx)
Definition: sql_authorization.cc:7108
uint super_priv_idx()
Definition: auth_common.h:571
uint create_user_priv_idx()
Definition: auth_common.h:587
Definition: acl_table_user.cc:43
bool mysql_drop_user(THD *thd, List< LEX_USER > &list, bool if_exists, bool drop_role)
Drop a list of users and all their privileges.
Definition: sql_user.cc:2100
std::string get_default_autnetication_plugin_name()
Return the default authentication plugin name.
Definition: sql_authentication.cc:1141
Definition: auth_common.h:814
Definition: auth_common.h:290
bool check_single_table_access(THD *thd, ulong privilege, TABLE_LIST *tables, bool no_errors)
Check grants for commands which work only with one table.
Definition: sql_authorization.cc:2002
bool skip_grant_tables()
Definition: sql_auth_cache.cc:160
virtual uint create_priv_idx()=0
Definition: auth_common.h:318
uint file_priv_idx()
Definition: auth_common.h:565
ssl_artifacts_status
Definition: auth_common.h:811
uint drop_role_priv_idx()
Definition: auth_common.h:614
const ACL_internal_table_access * lookup(const char *name) const
Search for per table ACL access rules by table name.
Definition: sql_authorization.cc:1760
Definition: auth_common.h:247
Definition: auth_common.h:300
unsigned long ulong
Definition: my_inttypes.h:46
virtual uint x509_issuer_idx()=0
mysql_role_edges_table_field
Definition: auth_common.h:321
uint drop_role_priv_idx()
Definition: auth_common.h:449
void log_user(THD *thd, String *str, LEX_USER *user, bool comma)
Auxiliary function for constructing a user list string.
Definition: sql_user.cc:106
Definition: auth_common.h:504
uint drop_priv_idx()
Definition: auth_common.h:437
Definition: auth_common.h:256
virtual uint event_priv_idx()=0
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:75
bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table, const Auth_id_ref &authid_user)
Definition: sql_authorization.cc:607
uint create_priv_idx()
Definition: auth_common.h:560
Definition: auth_common.h:289
bool has_grant_role_privilege(THD *thd, const LEX_CSTRING &role_name, const LEX_CSTRING &role_host)
Definition: sql_authorization.cc:2565
Definition: auth_common.h:283
Definition: sp_head.h:125
Generic iterator over the fields of an arbitrary table reference.
Definition: table.h:3514
Definition: auth_common.h:223
void func_current_role(const THD *thd, String *active_role)
Helper function for Item_func_current_role.
Definition: sql_authorization.cc:6071
A registry for per internal schema ACL.
Definition: auth_common.h:169
bool operator()(Security_context *sctx, Operation op)
Definition: auth_common.h:851
Definition: auth_common.h:211
virtual uint shutdown_priv_idx()=0
virtual uint index_priv_idx()=0
THD * m_thd
Definition: auth_common.h:913
uint password_expired_idx()
Definition: auth_common.h:483
bool mysql_alter_or_clear_default_roles(THD *thd, role_enum role_type, const List< LEX_USER > *users, const List< LEX_USER > *roles)
Set the default roles to NONE, ALL or list of authorization IDs as roles, depending upon the role_typ...
Definition: sql_authorization.cc:6196
bool mysql_rename_user(THD *thd, List< LEX_USER > &list)
Definition: sql_user.cc:2240
uint password_idx()
Definition: auth_common.h:555
bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name, bool is_proc)
Revoke privileges for all users on a stored procedure.
Definition: sql_authorization.cc:5109
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:776
Definition: auth_common.h:228
uint password_last_changed_idx()
Definition: auth_common.h:484
Definition: auth_common.h:227
Definition: auth_common.h:305
Access denied, do not use the grant tables.
Definition: auth_common.h:84
int acl_authenticate(THD *thd, enum_server_command command)
Perform the handshake, authorize the client and update thd sctx variables.
Definition: sql_authentication.cc:3090
uint create_routine_priv_idx()
Definition: auth_common.h:459
bool operator<(const Auth_id &id) const
Definition: auth_common.cc:109
virtual uint drop_priv_idx()=0
Definition: auth_common.h:215
const char * table_name
Definition: rules_table_service.cc:55
Definition: auth_common.h:257