MySQL 8.3.0
Source Code Documentation
auth_common.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2023, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23#ifndef AUTH_COMMON_INCLUDED
24#define AUTH_COMMON_INCLUDED
25
26#include <assert.h>
27#include <stddef.h>
28#include <stdint.h>
29#include <sys/types.h>
30#include <functional>
31#include <list>
32#include <memory>
33#include <string>
34#include <utility>
35#include <vector>
36
37#include "lex_string.h"
38#include "my_command.h"
39
40#include "my_hostname.h" // HOSTNAME_LENGTH
41#include "my_inttypes.h"
42#include "mysql_com.h" // USERNAME_LENGTH
43#include "template_utils.h"
44
45#include <openssl/rsa.h>
46
47/* Forward Declarations */
48class Alter_info;
50class Item;
51class LEX_COLUMN;
52class String;
53class THD;
54struct CHARSET_INFO;
55struct GRANT_INFO;
57struct HA_CREATE_INFO;
58struct LEX_USER;
59template <class T>
60class List;
61typedef struct user_conn USER_CONN;
63class ACL_USER;
64struct TABLE;
65struct MEM_ROOT;
66class Table_ref;
67enum class role_enum;
68enum class Consumer_type;
69class LEX_GRANT_AS;
70
71namespace consts {
72extern const std::string mysql;
73extern const std::string system_user;
74extern const std::string connection_admin;
75} // namespace consts
76
77/** user, host tuple which reference either acl_cache or g_default_roles */
78typedef std::pair<LEX_CSTRING, LEX_CSTRING> Auth_id_ref;
79typedef std::vector<Auth_id_ref> List_of_auth_id_refs;
80
81bool operator<(const Auth_id_ref &a, const Auth_id_ref &b);
82
84 /**
85 Access granted for all the requested privileges,
86 do not use the grant tables.
87 This flag is used only for the INFORMATION_SCHEMA privileges,
88 for compatibility reasons.
89 */
91 /** Access denied, do not use the grant tables. */
93 /** No decision yet, use the grant tables. */
95};
96
97/* Classes */
98
99/**
100 Per internal table ACL access rules.
101 This class is an interface.
102 Per table(s) specific access rule should be implemented in a subclass.
103 @sa ACL_internal_schema_access
104*/
106 public:
108
109 virtual ~ACL_internal_table_access() = default;
110
111 /**
112 Check access to an internal table.
113 When a privilege is granted, this method add the requested privilege
114 to save_priv.
115 @param want_access the privileges requested
116 @param [in, out] save_priv the privileges granted
117 @param any_combination_will_do true if it's enough to have any privilege
118 for any combination of the table columns.
119 @retval ACL_INTERNAL_ACCESS_GRANTED All the requested privileges
120 are granted, and saved in save_priv.
121 @retval ACL_INTERNAL_ACCESS_DENIED At least one of the requested
122 privileges was denied.
123 @retval ACL_INTERNAL_ACCESS_CHECK_GRANT No requested privilege
124 was denied, and grant should be checked for at least one
125 privilege. Requested privileges that are granted, if any, are saved
126 in save_priv.
127 */
129 ulong want_access, ulong *save_priv,
130 bool any_combination_will_do) const = 0;
131};
132
133/**
134 Per internal schema ACL access rules.
135 This class is an interface.
136 Each per schema specific access rule should be implemented
137 in a different subclass, and registered.
138 Per schema access rules can control:
139 - every schema privileges on schema.*
140 - every table privileges on schema.table
141 @sa ACL_internal_schema_registry
142*/
144 public:
146
147 virtual ~ACL_internal_schema_access() = default;
148
149 /**
150 Check access to an internal schema.
151 @param want_access the privileges requested
152 @param [in, out] save_priv the privileges granted
153 @param any_combination_will_do true if it's enough to have any privilege
154 for any combination of the table columns.
155 @retval ACL_INTERNAL_ACCESS_GRANTED All the requested privileges
156 are granted, and saved in save_priv.
157 @retval ACL_INTERNAL_ACCESS_DENIED At least one of the requested
158 privileges was denied.
159 @retval ACL_INTERNAL_ACCESS_CHECK_GRANT No requested privilege
160 was denied, and grant should be checked for at least one
161 privilege. Requested privileges that are granted, if any, are saved
162 in save_priv.
163 */
165 ulong want_access, ulong *save_priv,
166 bool any_combination_will_do) const = 0;
167
168 /**
169 Search for per table ACL access rules by table name.
170 @param name the table name
171 @return per table access rules, or NULL
172 */
173 virtual const ACL_internal_table_access *lookup(const char *name) const = 0;
174};
175
176/**
177 A registry for per internal schema ACL.
178 An 'internal schema' is a database schema maintained by the
179 server implementation, such as 'performance_schema' and 'INFORMATION_SCHEMA'.
180*/
182 public:
183 static void register_schema(const LEX_CSTRING &name,
184 const ACL_internal_schema_access *access);
185 static const ACL_internal_schema_access *lookup(const char *name);
186};
187
188/**
189 Extension of ACL_internal_schema_access for Information Schema
190*/
192 public:
194
195 ~IS_internal_schema_access() override = default;
196
197 ACL_internal_access_result check(ulong want_access, ulong *save_priv,
198 bool any_combination_will_do) const override;
199
200 const ACL_internal_table_access *lookup(const char *name) const override;
201};
202
203/* Data Structures */
204
205extern const std::vector<std::string> global_acls_vector;
206
232
287
298
310
321
333
342
350
358
366
367/* When we run mysql_upgrade we must make sure that the server can be run
368 using previous mysql.user table schema during acl_load.
369
370 User_table_schema is a common interface for the current and the
371 previous mysql.user table schema.
372 */
374 public:
375 virtual uint host_idx() = 0;
376 virtual uint user_idx() = 0;
377 virtual uint password_idx() = 0;
378 virtual uint select_priv_idx() = 0;
379 virtual uint insert_priv_idx() = 0;
380 virtual uint update_priv_idx() = 0;
381 virtual uint delete_priv_idx() = 0;
382 virtual uint create_priv_idx() = 0;
383 virtual uint drop_priv_idx() = 0;
384 virtual uint reload_priv_idx() = 0;
385 virtual uint shutdown_priv_idx() = 0;
386 virtual uint process_priv_idx() = 0;
387 virtual uint file_priv_idx() = 0;
388 virtual uint grant_priv_idx() = 0;
389 virtual uint references_priv_idx() = 0;
390 virtual uint index_priv_idx() = 0;
391 virtual uint alter_priv_idx() = 0;
392 virtual uint show_db_priv_idx() = 0;
393 virtual uint super_priv_idx() = 0;
394 virtual uint create_tmp_table_priv_idx() = 0;
395 virtual uint lock_tables_priv_idx() = 0;
396 virtual uint execute_priv_idx() = 0;
397 virtual uint repl_slave_priv_idx() = 0;
398 virtual uint repl_client_priv_idx() = 0;
399 virtual uint create_view_priv_idx() = 0;
400 virtual uint show_view_priv_idx() = 0;
401 virtual uint create_routine_priv_idx() = 0;
402 virtual uint alter_routine_priv_idx() = 0;
403 virtual uint create_user_priv_idx() = 0;
404 virtual uint event_priv_idx() = 0;
405 virtual uint trigger_priv_idx() = 0;
406 virtual uint create_tablespace_priv_idx() = 0;
407 virtual uint create_role_priv_idx() = 0;
408 virtual uint drop_role_priv_idx() = 0;
409 virtual uint ssl_type_idx() = 0;
410 virtual uint ssl_cipher_idx() = 0;
411 virtual uint x509_issuer_idx() = 0;
412 virtual uint x509_subject_idx() = 0;
413 virtual uint max_questions_idx() = 0;
414 virtual uint max_updates_idx() = 0;
415 virtual uint max_connections_idx() = 0;
416 virtual uint max_user_connections_idx() = 0;
417 virtual uint plugin_idx() = 0;
418 virtual uint authentication_string_idx() = 0;
419 virtual uint password_expired_idx() = 0;
420 virtual uint password_last_changed_idx() = 0;
421 virtual uint password_lifetime_idx() = 0;
422 virtual uint account_locked_idx() = 0;
423 virtual uint password_reuse_history_idx() = 0;
424 virtual uint password_reuse_time_idx() = 0;
425 // Added in 8.0.13
427 // Added in 8.0.14
428 virtual uint user_attributes_idx() = 0;
429
430 virtual ~User_table_schema() = default;
431};
432
433/*
434 This class describes indices for the current mysql.user table schema.
435 */
437 public:
438 uint host_idx() override { return MYSQL_USER_FIELD_HOST; }
439 uint user_idx() override { return MYSQL_USER_FIELD_USER; }
440 // not available
441 uint password_idx() override {
442 assert(0);
444 }
450 uint drop_priv_idx() override { return MYSQL_USER_FIELD_DROP_PRIV; }
454 uint file_priv_idx() override { return MYSQL_USER_FIELD_FILE_PRIV; }
455 uint grant_priv_idx() override { return MYSQL_USER_FIELD_GRANT_PRIV; }
456 uint references_priv_idx() override {
458 }
459 uint index_priv_idx() override { return MYSQL_USER_FIELD_INDEX_PRIV; }
460 uint alter_priv_idx() override { return MYSQL_USER_FIELD_ALTER_PRIV; }
462 uint super_priv_idx() override { return MYSQL_USER_FIELD_SUPER_PRIV; }
463 uint create_role_priv_idx() override {
465 }
469 }
470 uint lock_tables_priv_idx() override {
472 }
474 uint repl_slave_priv_idx() override {
476 }
477 uint repl_client_priv_idx() override {
479 }
480 uint create_view_priv_idx() override {
482 }
484 uint create_routine_priv_idx() override {
486 }
487 uint alter_routine_priv_idx() override {
489 }
490 uint create_user_priv_idx() override {
492 }
493 uint event_priv_idx() override { return MYSQL_USER_FIELD_EVENT_PRIV; }
497 }
498 uint ssl_type_idx() override { return MYSQL_USER_FIELD_SSL_TYPE; }
499 uint ssl_cipher_idx() override { return MYSQL_USER_FIELD_SSL_CIPHER; }
504 uint max_connections_idx() override {
506 }
507 uint max_user_connections_idx() override {
509 }
510 uint plugin_idx() override { return MYSQL_USER_FIELD_PLUGIN; }
513 }
514 uint password_expired_idx() override {
516 }
519 }
520 uint password_lifetime_idx() override {
522 }
526 }
527 uint password_reuse_time_idx() override {
529 }
532 }
533 uint user_attributes_idx() override {
535 }
536};
537
538/*
539 This class describes indices for the old mysql.user table schema.
540 */
542 public:
588 };
589
590 uint host_idx() override { return MYSQL_USER_FIELD_HOST_56; }
591 uint user_idx() override { return MYSQL_USER_FIELD_USER_56; }
592 uint password_idx() override { return MYSQL_USER_FIELD_PASSWORD_56; }
600 uint shutdown_priv_idx() override {
602 }
606 uint references_priv_idx() override {
608 }
615 }
616 uint lock_tables_priv_idx() override {
618 }
620 uint repl_slave_priv_idx() override {
622 }
623 uint repl_client_priv_idx() override {
625 }
626 uint create_view_priv_idx() override {
628 }
629 uint show_view_priv_idx() override {
631 }
632 uint create_routine_priv_idx() override {
634 }
635 uint alter_routine_priv_idx() override {
637 }
638 uint create_user_priv_idx() override {
640 }
645 }
646 uint ssl_type_idx() override { return MYSQL_USER_FIELD_SSL_TYPE_56; }
650 uint max_questions_idx() override {
652 }
654 uint max_connections_idx() override {
656 }
657 uint max_user_connections_idx() override {
659 }
660 uint plugin_idx() override { return MYSQL_USER_FIELD_PLUGIN_56; }
663 }
664 uint password_expired_idx() override {
666 }
667
668 // those fields are not available in 5.6 db schema
671 }
678 }
682 }
684};
685
687 public:
690 ? implicit_cast<User_table_schema *>(new User_table_old_schema())
691 : implicit_cast<User_table_schema *>(
693 }
694
695 virtual bool is_old_user_table_schema(TABLE *table);
696 virtual ~User_table_schema_factory() = default;
697};
698
701extern const char *any_db; // Special symbol for check_access
702/** controls the extra checks on plugin availability for mysql.user records */
703
704extern bool validate_user_plugins;
705
706/* Function Declarations */
707
708/* sql_authentication */
709
710int set_default_auth_plugin(char *plugin_name, size_t plugin_name_length);
712
713void acl_log_connect(const char *user, const char *host, const char *auth_as,
714 const char *db, THD *thd,
717bool acl_check_host(THD *thd, const char *host, const char *ip);
718
719/*
720 User Attributes are the once which are defined during CREATE/ALTER/GRANT
721 statement. These attributes are divided into following categories.
722*/
723
724#define NONE_ATTR 0L
725#define DEFAULT_AUTH_ATTR (1L << 0) /* update defaults auth */
726#define PLUGIN_ATTR (1L << 1) /* update plugin */
727 /* authentication_string */
728#define SSL_ATTR (1L << 2) /* ex: SUBJECT,CIPHER.. */
729#define RESOURCE_ATTR (1L << 3) /* ex: MAX_QUERIES_PER_HOUR.. */
730#define PASSWORD_EXPIRE_ATTR (1L << 4) /* update password expire col */
731#define ACCESS_RIGHTS_ATTR (1L << 5) /* update privileges */
732#define ACCOUNT_LOCK_ATTR (1L << 6) /* update account lock status */
733#define DIFFERENT_PLUGIN_ATTR \
734 (1L << 7) /* updated plugin with a different value */
735#define USER_ATTRIBUTES (1L << 8) /* Request to update user attributes */
736
737/* sql_user */
738void log_user(THD *thd, String *str, LEX_USER *user, bool comma);
739bool check_change_password(THD *thd, const char *host, const char *user,
740 bool retain_current_password);
741bool change_password(THD *thd, LEX_USER *user, const char *password,
742 const char *current_password,
743 bool retain_current_password);
744bool mysql_create_user(THD *thd, List<LEX_USER> &list, bool if_not_exists,
745 bool is_role);
746bool mysql_alter_user(THD *thd, List<LEX_USER> &list, bool if_exists);
747bool mysql_drop_user(THD *thd, List<LEX_USER> &list, bool if_exists,
748 bool drop_role);
751
752/* sql_auth_cache */
753void init_acl_memory();
754int wild_case_compare(CHARSET_INFO *cs, const char *str, const char *wildstr);
755int wild_case_compare(CHARSET_INFO *cs, const char *str, size_t str_len,
756 const char *wildstr, size_t wildstr_len);
757bool hostname_requires_resolving(const char *hostname);
758bool acl_init(bool dont_read_acl_tables);
759bool is_acl_inited();
760void acl_free(bool end = false);
761bool check_engine_type_for_acl_table(THD *thd, bool mdl_locked);
763void grant_free(void);
764bool reload_acl_caches(THD *thd, bool mdl_locked);
765ulong acl_get(THD *thd, const char *host, const char *ip, const char *user,
766 const char *db, bool db_is_pattern);
767bool is_acl_user(THD *thd, const char *host, const char *user);
768bool acl_getroot(THD *thd, Security_context *sctx, const char *user,
769 const char *host, const char *ip, const char *db);
770bool check_acl_tables_intact(THD *thd, bool mdl_locked);
771bool check_acl_tables_intact(THD *thd, Table_ref *tables);
772void notify_flush_event(THD *thd);
774void append_auth_id_string(const THD *thd, const char *user, size_t user_len,
775 const char *host, size_t host_len, String *str);
776
777/* sql_authorization */
778bool skip_grant_tables();
780bool mysql_set_role_default(THD *thd);
781bool mysql_set_active_role_all(THD *thd, const List<LEX_USER> *except_users);
782bool mysql_set_active_role(THD *thd, const List<LEX_USER> *role_list);
783bool mysql_grant(THD *thd, const char *db, List<LEX_USER> &list, ulong rights,
784 bool revoke_grant, bool is_proxy,
785 const List<LEX_CSTRING> &dynamic_privilege,
786 bool grant_all_current_privileges, LEX_GRANT_AS *grant_as);
787bool mysql_routine_grant(THD *thd, Table_ref *table, bool is_proc,
788 List<LEX_USER> &user_list, ulong rights, bool revoke,
789 bool write_to_binlog, bool all_current_privileges);
790int mysql_table_grant(THD *thd, Table_ref *table, List<LEX_USER> &user_list,
791 List<LEX_COLUMN> &column_list, ulong rights, bool revoke,
792 bool all_current_privileges);
793bool check_grant(THD *thd, ulong want_access, Table_ref *tables,
794 bool any_combination_will_do, uint number, bool no_errors);
795bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name,
796 const char *table_name, const char *name, size_t length,
797 Security_context *sctx, ulong want_privilege);
798bool check_column_grant_in_table_ref(THD *thd, Table_ref *table_ref,
799 const char *name, size_t length,
800 ulong want_privilege);
801bool check_grant_all_columns(THD *thd, ulong want_access,
803bool check_grant_routine(THD *thd, ulong want_access, Table_ref *procs,
804 bool is_proc, bool no_error);
805bool check_grant_db(THD *thd, const char *db,
806 const bool check_table_grant = false);
807bool acl_check_proxy_grant_access(THD *thd, const char *host, const char *user,
808 bool with_grant);
809void get_privilege_desc(char *to, uint max_length, ulong access);
810void get_mqh(THD *thd, const char *user, const char *host, USER_CONN *uc);
811ulong get_table_grant(THD *thd, Table_ref *table);
812ulong get_column_grant(THD *thd, GRANT_INFO *grant, const char *db_name,
813 const char *table_name, const char *field_name);
814bool mysql_show_grants(THD *, LEX_USER *, const List_of_auth_id_refs &, bool,
815 bool);
816bool mysql_show_create_user(THD *thd, LEX_USER *user, bool are_both_users_same);
818bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name,
819 bool is_proc);
820bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
821 bool is_proc);
823 const char *db, const char *table);
824int fill_schema_user_privileges(THD *thd, Table_ref *tables, Item *cond);
825int fill_schema_schema_privileges(THD *thd, Table_ref *tables, Item *cond);
826int fill_schema_table_privileges(THD *thd, Table_ref *tables, Item *cond);
827int fill_schema_column_privileges(THD *thd, Table_ref *tables, Item *cond);
829 GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name);
830
831bool lock_tables_precheck(THD *thd, Table_ref *tables);
832bool create_table_precheck(THD *thd, Table_ref *tables,
834bool check_fk_parent_table_access(THD *thd, HA_CREATE_INFO *create_info,
835 Alter_info *alter_info);
837 bool *fake_lock_tables_acl);
838bool check_readonly(THD *thd, bool err_if_readonly);
839void err_readonly(THD *thd);
840
842
843bool check_one_table_access(THD *thd, ulong privilege, Table_ref *tables);
844bool check_single_table_access(THD *thd, ulong privilege, Table_ref *tables,
845 bool no_errors);
846bool check_routine_access(THD *thd, ulong want_access, const char *db,
847 char *name, bool is_proc, bool no_errors);
848bool check_some_access(THD *thd, ulong want_access, Table_ref *table);
849bool has_full_view_routine_access(THD *thd, const char *db,
850 const char *definer_user,
851 const char *definer_host);
852bool has_partial_view_routine_access(THD *thd, const char *db,
853 const char *routine_name, bool is_proc);
854bool check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
855 GRANT_INTERNAL_INFO *grant_internal_info,
856 bool dont_check_global_grants, bool no_errors);
857bool check_table_access(THD *thd, ulong requirements, Table_ref *tables,
858 bool any_combination_of_privileges_will_do, uint number,
859 bool no_errors);
861bool mysql_grant_role(THD *thd, const List<LEX_USER> *users,
862 const List<LEX_USER> *roles, bool with_admin_opt);
863bool mysql_revoke_role(THD *thd, const List<LEX_USER> *users,
864 const List<LEX_USER> *roles);
866
867bool is_granted_table_access(THD *thd, ulong required_acl, Table_ref *table);
868
870 const List<LEX_USER> *users,
871 const List<LEX_USER> *roles);
872void roles_graphml(THD *thd, String *);
873bool has_grant_role_privilege(THD *thd, const List<LEX_USER> *roles);
875std::string create_authid_str_from(const LEX_USER *user);
876std::pair<std::string, std::string> get_authid_from_quoted_string(
877 std::string str);
878void append_identifier(String *packet, const char *name, size_t length);
879bool is_role_id(LEX_USER *authid);
880void shutdown_acl_cache();
882 LEX_CSTRING role_host);
883bool is_mandatory_role(LEX_CSTRING role, LEX_CSTRING role_host,
884 bool *is_mandatory);
885bool check_global_access(THD *thd, ulong want_access);
886
887/* sql_user_table */
889bool is_acl_table_name(const char *name);
890#ifndef NDEBUG
891bool is_acl_table(const TABLE *table);
892#endif
893
900
902extern bool opt_auto_generate_certs;
903bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status,
904 const char **ssl_ca, const char **ssl_key,
905 const char **ssl_cert);
906
907#define DEFAULT_SSL_CA_CERT "ca.pem"
908#define DEFAULT_SSL_CA_KEY "ca-key.pem"
909#define DEFAULT_SSL_SERVER_CERT "server-cert.pem"
910#define DEFAULT_SSL_SERVER_KEY "server-key.pem"
911
912void update_mandatory_roles(void);
913bool check_authorization_id_string(THD *thd, LEX_STRING &mandatory_roles);
914void func_current_role(const THD *thd, String *active_role);
915
917
921 virtual ~Security_context_policy() = default;
924};
925
926typedef std::function<bool(Security_context *,
929
930template <class Derived>
932 public:
933 bool operator()(Security_context *sctx, Operation op) override {
934 if (op == Precheck && static_cast<Derived *>(this)->precheck(sctx))
935 return true;
936 if (op == Execute && static_cast<Derived *>(this)->create(sctx))
937 return true;
938 return false;
939 }
940};
941
942template <class Derived>
944 public:
945 bool operator()(Security_context *sctx, Operation op) override {
946 if (op == Precheck && static_cast<Derived *>(this)->precheck(sctx))
947 return true;
948 if (op == Execute && static_cast<Derived *>(this)->grant_privileges(sctx))
949 return true;
950 return false;
951 }
952};
953
954template <typename T>
955using Sctx_ptr = std::unique_ptr<T, std::function<void(T *)>>;
956
957/**
958 Factory for creating any Security_context given a pre-constructed policy.
959*/
961 public:
962 /**
963 Default Security_context factory implementation. Given two policies and
964 a authid this class returns a Security_context.
965 @param thd The thread handle
966 @param user User name associated with auth id
967 @param host Host name associated with auth id
968 @param extend_user_profile The policy for creating the user profile
969 @param priv The policy for authorizing the authid to
970 use the server.
971 @param static_priv Static privileges for authid.
972 @param drop_policy The policy for deleting the authid and
973 revoke privileges
974 */
975 Security_context_factory(THD *thd, std::string user, std::string host,
976 Security_context_functor extend_user_profile,
978 Security_context_functor static_priv,
979 std::function<void(Security_context *)> drop_policy)
980 : m_thd(thd),
981 m_user(std::move(user)),
982 m_host(std::move(host)),
983 m_user_profile(std::move(extend_user_profile)),
984 m_privileges(std::move(priv)),
985 m_static_privileges(std::move(static_priv)),
986 m_drop_policy(std::move(drop_policy)) {}
987
989
990 private:
992
994 std::string m_user;
995 std::string m_host;
999 const std::function<void(Security_context *)> m_drop_policy;
1000};
1001
1002class Default_local_authid : public Create_authid<Default_local_authid> {
1003 public:
1004 Default_local_authid(const THD *thd);
1005 bool precheck(Security_context *sctx);
1006 bool create(Security_context *sctx);
1007
1008 private:
1009 const THD *m_thd;
1010};
1011
1012/**
1013 Grant the privilege temporarily to the in-memory global privileges map.
1014 This class is not thread safe.
1015 */
1017 : public Grant_privileges<Grant_temporary_dynamic_privileges> {
1018 public:
1020 std::vector<std::string> privs);
1021 bool precheck(Security_context *sctx);
1023
1024 private:
1025 const THD *m_thd;
1026 const std::vector<std::string> m_privs;
1027};
1028
1030 public:
1031 explicit Drop_temporary_dynamic_privileges(std::vector<std::string> privs)
1032 : m_privs(std::move(privs)) {}
1033 void operator()(Security_context *sctx);
1034
1035 private:
1036 std::vector<std::string> m_privs;
1037};
1038
1040 : public Grant_privileges<Grant_temporary_static_privileges> {
1041 public:
1042 Grant_temporary_static_privileges(const THD *thd, const ulong privs);
1043 bool precheck(Security_context *sctx);
1045
1046 private:
1047 /** THD handle */
1048 const THD *m_thd;
1049
1050 /** Privileges */
1051 const ulong m_privs;
1052};
1053
1054bool operator==(const LEX_CSTRING &a, const LEX_CSTRING &b);
1055bool is_partial_revoke_exists(THD *thd);
1056void set_system_user_flag(THD *thd, bool check_for_main_security_ctx = false);
1058 bool check_for_main_security_ctx = false);
1059
1060/**
1061 Storage container for default auth ids. Default roles are only weakly
1062 depending on ACL_USERs. You can retain a default role even if the
1063 corresponding ACL_USER is missing in the acl_cache.
1064*/
1065class Auth_id {
1066 public:
1068 Auth_id(const char *user, size_t user_len, const char *host, size_t host_len);
1069 Auth_id(const Auth_id_ref &id);
1070 Auth_id(const LEX_CSTRING &user, const LEX_CSTRING &host);
1071 Auth_id(const std::string &user, const std::string &host);
1072 Auth_id(const LEX_USER *lex_user);
1073 Auth_id(const ACL_USER *acl_user);
1074
1076 Auth_id(const Auth_id &id);
1077 Auth_id &operator=(const Auth_id &) = default;
1078
1079 bool operator<(const Auth_id &id) const;
1080 void auth_str(std::string *out) const;
1081 std::string auth_str() const;
1082 const std::string &user() const;
1083 const std::string &host() const;
1084
1085 private:
1086 void create_key();
1087 /** User part */
1088 std::string m_user;
1089 /** Host part */
1090 std::string m_host;
1091 /**
1092 Key: Internal representation mainly to facilitate use of
1093 Auth_id class in standard container.
1094 Format: 'user\0host\0'
1095 */
1096 std::string m_key;
1097};
1098
1099/*
1100 As of now Role_id is an alias of Auth_id.
1101 We may extend the Auth_id as Role_id once
1102 more substances are added to latter.
1103*/
1105
1106/**
1107 Length of string buffer, that is enough to contain
1108 username and hostname parts of the user identifier with trailing zero in
1109 MySQL standard format:
1110 user_name_part\@host_name_part\\0
1111*/
1112static constexpr int USER_HOST_BUFF_SIZE =
1114
1116 std::string user;
1117 std::string host;
1118 std::string password;
1120};
1121
1122void generate_random_password(std::string *password, uint32_t);
1123typedef std::list<random_password_info> Userhostpassword_list;
1125 const Userhostpassword_list &generated_passwords);
1126bool lock_and_get_mandatory_roles(std::vector<Role_id> *mandatory_roles);
1128 const std::string &json_blob, bool expect_text);
1129
1130/* helper method to check if sandbox mode should be turned off or not */
1132
1133#if OPENSSL_VERSION_NUMBER >= 0x30000000L
1134bool decrypt_RSA_private_key(uchar *pkt, int cipher_length,
1135 unsigned char *plain_text, size_t plain_text_len,
1136 EVP_PKEY *private_key);
1137#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
1138bool decrypt_RSA_private_key(uchar *pkt, int cipher_length,
1139 unsigned char *plain_text, size_t plain_text_len,
1140 RSA *private_key);
1141#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
1142
1143#endif /* AUTH_COMMON_INCLUDED */
mysql_dynamic_priv_table_field
Definition: auth_common.h:359
@ MYSQL_DYNAMIC_PRIV_FIELD_PRIV
Definition: auth_common.h:362
@ MYSQL_DYNAMIC_PRIV_FIELD_HOST
Definition: auth_common.h:361
@ MYSQL_DYNAMIC_PRIV_FIELD_USER
Definition: auth_common.h:360
@ MYSQL_DYNAMIC_PRIV_FIELD_COUNT
Definition: auth_common.h:364
@ MYSQL_DYNAMIC_PRIV_FIELD_WITH_GRANT_OPTION
Definition: auth_common.h:363
mysql_columns_priv_table_field
Definition: auth_common.h:311
@ MYSQL_COLUMNS_PRIV_FIELD_COLUMN_NAME
Definition: auth_common.h:316
@ MYSQL_COLUMNS_PRIV_FIELD_HOST
Definition: auth_common.h:312
@ MYSQL_COLUMNS_PRIV_FIELD_COLUMN_PRIV
Definition: auth_common.h:318
@ MYSQL_COLUMNS_PRIV_FIELD_TABLE_NAME
Definition: auth_common.h:315
@ MYSQL_COLUMNS_PRIV_FIELD_COUNT
Definition: auth_common.h:319
@ MYSQL_COLUMNS_PRIV_FIELD_DB
Definition: auth_common.h:313
@ MYSQL_COLUMNS_PRIV_FIELD_USER
Definition: auth_common.h:314
@ MYSQL_COLUMNS_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:317
void roles_graphml(THD *thd, String *)
Definition: sql_authorization.cc:4892
bool mysql_routine_grant(THD *thd, Table_ref *table, bool is_proc, List< LEX_USER > &user_list, ulong rights, bool revoke, bool write_to_binlog, bool all_current_privileges)
Store routine level grants in the privilege tables.
Definition: sql_authorization.cc:2916
bool check_fk_parent_table_access(THD *thd, HA_CREATE_INFO *create_info, Alter_info *alter_info)
Checks foreign key's parent table access.
Definition: sql_authorization.cc:5925
mysql_procs_priv_table_field
Definition: auth_common.h:299
@ MYSQL_PROCS_PRIV_FIELD_PROC_PRIV
Definition: auth_common.h:306
@ MYSQL_PROCS_PRIV_FIELD_ROUTINE_NAME
Definition: auth_common.h:303
@ MYSQL_PROCS_PRIV_FIELD_COUNT
Definition: auth_common.h:308
@ MYSQL_PROCS_PRIV_FIELD_HOST
Definition: auth_common.h:300
@ MYSQL_PROCS_PRIV_FIELD_DB
Definition: auth_common.h:301
@ MYSQL_PROCS_PRIV_FIELD_ROUTINE_TYPE
Definition: auth_common.h:304
@ MYSQL_PROCS_PRIV_FIELD_GRANTOR
Definition: auth_common.h:305
@ MYSQL_PROCS_PRIV_FIELD_USER
Definition: auth_common.h:302
@ MYSQL_PROCS_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:307
bool acl_check_host(THD *thd, const char *host, const char *ip)
Definition: sql_authentication.cc:2352
bool lock_tables_precheck(THD *thd, Table_ref *tables)
Check privileges for LOCK TABLES statement.
Definition: sql_authorization.cc:1716
bool skip_grant_tables()
Definition: sql_auth_cache.cc:162
bool acl_check_proxy_grant_access(THD *thd, const char *host, const char *user, bool with_grant)
Definition: sql_authorization.cc:5545
bool check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, GRANT_INTERNAL_INFO *grant_internal_info, bool dont_check_global_grants, bool no_errors)
Compare requested privileges with the privileges acquired from the User- and Db-tables.
Definition: sql_authorization.cc:2138
void func_current_role(const THD *thd, String *active_role)
Helper function for Item_func_current_role.
Definition: sql_authorization.cc:6261
bool check_column_grant_in_table_ref(THD *thd, Table_ref *table_ref, const char *name, size_t length, ulong want_privilege)
Check the privileges for a column depending on the type of table.
Definition: sql_authorization.cc:4034
uint32 global_password_history
Global sysvar: the number of old passwords to check in the history.
Definition: sql_auth_cache.cc:3643
bool mysql_alter_or_clear_default_roles(THD *thd, role_enum role_type, const List< LEX_USER > *users, const List< LEX_USER > *roles)
Set the default roles to NONE, ALL or list of authorization IDs as roles, depending upon the role_typ...
Definition: sql_authorization.cc:6402
int fill_schema_table_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5747
bool is_granted_table_access(THD *thd, ulong required_acl, Table_ref *table)
Given a Table_ref object this function checks against.
Definition: sql_authorization.cc:2444
bool check_some_access(THD *thd, ulong want_access, Table_ref *table)
Check if the given table has any of the asked privileges.
Definition: sql_authorization.cc:2028
void append_auth_id_string(const THD *thd, const char *user, size_t user_len, const char *host, size_t host_len, String *str)
Append the user@host to the str.
Definition: sql_auth_cache.cc:713
std::pair< LEX_CSTRING, LEX_CSTRING > Auth_id_ref
user, host tuple which reference either acl_cache or g_default_roles
Definition: auth_common.h:78
std::unique_ptr< T, std::function< void(T *)> > Sctx_ptr
Definition: auth_common.h:955
bool check_one_table_access(THD *thd, ulong privilege, Table_ref *tables)
Check grants for commands which work only with one table and all other tables belonging to subselects...
Definition: sql_authorization.cc:1903
mysql_role_edges_table_field
Definition: auth_common.h:334
@ MYSQL_ROLE_EDGES_FIELD_TO_USER
Definition: auth_common.h:338
@ MYSQL_ROLE_EDGES_FIELD_WITH_ADMIN_OPTION
Definition: auth_common.h:339
@ MYSQL_ROLE_EDGES_FIELD_FROM_USER
Definition: auth_common.h:336
@ MYSQL_ROLE_EDGES_FIELD_TO_HOST
Definition: auth_common.h:337
@ MYSQL_ROLE_EDGES_FIELD_FROM_HOST
Definition: auth_common.h:335
@ MYSQL_ROLE_EDGES_FIELD_COUNT
Definition: auth_common.h:340
void acl_log_connect(const char *user, const char *host, const char *auth_as, const char *db, THD *thd, enum enum_server_command command)
Logging connection for the general query log, extracted from acl_authenticate() as it's reused at dif...
Definition: sql_authentication.cc:4020
bool reload_acl_caches(THD *thd, bool mdl_locked)
Reload all ACL caches.
Definition: sql_auth_cache.cc:3661
bool is_acl_table_name(const char *name)
Check if given table name is a ACL table name.
Definition: sql_user_table.cc:2617
int fill_schema_schema_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5685
std::function< bool(Security_context *, Security_context_policy::Operation)> Security_context_functor
Definition: auth_common.h:928
bool check_routine_access(THD *thd, ulong want_access, const char *db, char *name, bool is_proc, bool no_errors)
Definition: sql_authorization.cc:1976
bool validate_user_plugins
controls the extra checks on plugin availability for mysql.user records
Definition: sql_auth_cache.cc:166
bool mysql_user_table_is_in_short_password_format
void acl_free(bool end=false)
Definition: sql_auth_cache.cc:1981
bool mysql_revoke_role(THD *thd, const List< LEX_USER > *users, const List< LEX_USER > *roles)
Definition: sql_authorization.cc:3082
bool check_acl_tables_intact(THD *thd, bool mdl_locked)
Opens the ACL tables and checks their sanity.
Definition: sql_auth_cache.cc:2105
bool mysql_show_grants(THD *, LEX_USER *, const List_of_auth_id_refs &, bool, bool)
SHOW GRANTS FOR user USING [ALL | role [,role ...]].
Definition: sql_authorization.cc:4786
void init_acl_memory()
Allocates the memory in the the global_acl_memory MEM_ROOT.
Definition: sql_auth_cache.cc:188
bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, bool is_proc)
Grant EXECUTE,ALTER privilege for a stored procedure.
Definition: sql_authorization.cc:5388
mysql_db_table_field
Definition: auth_common.h:207
@ MYSQL_DB_FIELD_GRANT_PRIV
Definition: auth_common.h:217
@ MYSQL_DB_FIELD_DELETE_PRIV
Definition: auth_common.h:214
@ MYSQL_DB_FIELD_INDEX_PRIV
Definition: auth_common.h:219
@ MYSQL_DB_FIELD_UPDATE_PRIV
Definition: auth_common.h:213
@ MYSQL_DB_FIELD_CREATE_VIEW_PRIV
Definition: auth_common.h:223
@ MYSQL_DB_FIELD_ALTER_PRIV
Definition: auth_common.h:220
@ MYSQL_DB_FIELD_LOCK_TABLES_PRIV
Definition: auth_common.h:222
@ MYSQL_DB_FIELD_COUNT
Definition: auth_common.h:230
@ MYSQL_DB_FIELD_TRIGGER_PRIV
Definition: auth_common.h:229
@ MYSQL_DB_FIELD_CREATE_PRIV
Definition: auth_common.h:215
@ MYSQL_DB_FIELD_CREATE_ROUTINE_PRIV
Definition: auth_common.h:225
@ MYSQL_DB_FIELD_SELECT_PRIV
Definition: auth_common.h:211
@ MYSQL_DB_FIELD_EXECUTE_PRIV
Definition: auth_common.h:227
@ MYSQL_DB_FIELD_INSERT_PRIV
Definition: auth_common.h:212
@ MYSQL_DB_FIELD_EVENT_PRIV
Definition: auth_common.h:228
@ MYSQL_DB_FIELD_ALTER_ROUTINE_PRIV
Definition: auth_common.h:226
@ MYSQL_DB_FIELD_CREATE_TMP_TABLE_PRIV
Definition: auth_common.h:221
@ MYSQL_DB_FIELD_USER
Definition: auth_common.h:210
@ MYSQL_DB_FIELD_HOST
Definition: auth_common.h:208
@ MYSQL_DB_FIELD_DROP_PRIV
Definition: auth_common.h:216
@ MYSQL_DB_FIELD_DB
Definition: auth_common.h:209
@ MYSQL_DB_FIELD_SHOW_VIEW_PRIV
Definition: auth_common.h:224
@ MYSQL_DB_FIELD_REFERENCES_PRIV
Definition: auth_common.h:218
bool is_mandatory_role(LEX_CSTRING role, LEX_CSTRING role_host, bool *is_mandatory)
Determine if a role@role_host authid is a mandatory role.
Definition: sql_authorization.cc:6802
int mysql_table_grant(THD *thd, Table_ref *table, List< LEX_USER > &user_list, List< LEX_COLUMN > &column_list, ulong rights, bool revoke, bool all_current_privileges)
Definition: sql_authorization.cc:2626
int acl_authenticate(THD *thd, enum_server_command command)
Perform the handshake, authorize the client and update thd sctx variables.
Definition: sql_authentication.cc:4156
const std::vector< std::string > global_acls_vector
Consts for static privileges.
Definition: auth_acls.cc:61
bool lock_and_get_mandatory_roles(std::vector< Role_id > *mandatory_roles)
Copy a list of mandatory role authorization IDs.
Definition: sql_authorization.cc:6314
Auth_id_ref create_authid_from(const LEX_USER *user)
Definition: sql_authorization.cc:6640
bool mysql_grant_role(THD *thd, const List< LEX_USER > *users, const List< LEX_USER > *roles, bool with_admin_opt)
Grants a list of roles to a list of users.
Definition: sql_authorization.cc:3311
bool check_change_password(THD *thd, const char *host, const char *user, bool retain_current_password)
Definition: sql_user.cc:155
void get_privilege_desc(char *to, uint max_length, ulong access)
Definition: sql_authorization.cc:4519
int wild_case_compare(CHARSET_INFO *cs, const char *str, const char *wildstr)
Definition: sql_auth_cache.cc:798
bool mysql_alter_user_comment(THD *thd, const List< LEX_USER > *users, const std::string &json_blob, bool expect_text)
void get_mqh(THD *thd, const char *user, const char *host, USER_CONN *uc)
Definition: sql_auth_cache.cc:3108
bool is_acl_table(const TABLE *table)
Check if given TABLE* is a ACL table name.
Definition: sql_user_table.cc:2635
bool mysql_show_create_user(THD *thd, LEX_USER *user, bool are_both_users_same)
Auxiliary function for constructing CREATE USER sql for a given user.
Definition: sql_user.cc:258
ulong get_table_grant(THD *thd, Table_ref *table)
Definition: sql_authorization.cc:4425
bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status, const char **ssl_ca, const char **ssl_key, const char **ssl_cert)
Check auto_generate_certs option and generate SSL certificates if required.
Definition: sql_authentication.cc:5912
const char * any_db
Definition: sql_authorization.cc:523
bool check_lock_view_underlying_table_access(THD *thd, Table_ref *tbl, bool *fake_lock_tables_acl)
For LOCK TABLES on a view checks if user in which context view is executed or user that has initiated...
Definition: sql_authorization.cc:5989
void set_connection_admin_flag(THD *thd, bool check_for_main_security_ctx=false)
Set the connection_admin flag in the THD.
Definition: auth_common.cc:188
bool mysql_rename_user(THD *thd, List< LEX_USER > &list)
Definition: sql_user.cc:3136
bool check_global_access(THD *thd, ulong want_access)
check for global access and give descriptive error message if it fails.
Definition: sql_authorization.cc:5900
bool grant_init(bool skip_grant_tables)
Initialize structures responsible for table/column-level privilege checking and load information for ...
Definition: sql_auth_cache.cc:2349
uint32 global_password_reuse_interval
Definition: auth_common.h:916
void commit_and_close_mysql_tables(THD *thd)
A helper function to commit statement transaction and close ACL tables after reading some data from t...
Definition: sql_user_table.cc:508
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:79
std::string get_default_autnetication_plugin_name()
Return the default authentication plugin name.
Definition: sql_authentication.cc:1750
void set_system_user_flag(THD *thd, bool check_for_main_security_ctx=false)
Set the system_user flag in the THD.
Definition: auth_common.cc:165
bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *name, size_t length, Security_context *sctx, ulong want_privilege)
Definition: sql_authorization.cc:3954
bool acl_getroot(THD *thd, Security_context *sctx, const char *user, const char *host, const char *ip, const char *db)
Definition: sql_auth_cache.cc:1502
ulong get_global_acl_cache_size()
Definition: sql_auth_cache.cc:109
bool create_table_precheck(THD *thd, Table_ref *tables, Table_ref *create_table)
CREATE TABLE query pre-check.
Definition: sql_authorization.cc:1744
bool mysql_set_active_role_none(THD *thd)
Reset active roles.
Definition: sql_authorization.cc:6704
bool check_readonly(THD *thd, bool err_if_readonly)
Performs standardized check whether to prohibit (true) or allow (false) operations based on read_only...
Definition: sql_authorization.cc:1846
int set_default_auth_plugin(char *plugin_name, size_t plugin_name_length)
Initialize default authentication plugin based on command line options or configuration file settings...
Definition: sql_authentication.cc:1724
bool check_grant(THD *thd, ulong want_access, Table_ref *tables, bool any_combination_will_do, uint number, bool no_errors)
Check table level grants.
Definition: sql_authorization.cc:3770
bool acl_init(bool dont_read_acl_tables)
Definition: sql_auth_cache.cc:1746
bool acl_can_access_user(THD *thd, LEX_USER *user)
Auxiliary function for the CAN_ACCESS_USER internal function used to check if a row from mysql....
Definition: sql_user.cc:207
bool change_password(THD *thd, LEX_USER *user, const char *password, const char *current_password, bool retain_current_password)
Change a password hash for a user.
Definition: sql_user.cc:1957
std::list< random_password_info > Userhostpassword_list
Definition: auth_common.h:1123
const ACL_internal_schema_access * get_cached_schema_access(GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name)
Get a cached internal schema access.
Definition: sql_authorization.cc:1649
bool send_password_result_set(THD *thd, const Userhostpassword_list &generated_passwords)
Sends the result set of generated passwords to the client.
Definition: sql_user.cc:977
bool operator<(const Auth_id_ref &a, const Auth_id_ref &b)
Definition: sql_authorization.cc:7473
std::string create_authid_str_from(const LEX_USER *user)
Helper used for producing a key to a key-value-map.
Definition: sql_authorization.cc:6632
bool mysql_set_active_role_all(THD *thd, const List< LEX_USER > *except_users)
Activates all granted role in the current security context.
Definition: sql_authorization.cc:6748
bool mysql_revoke_all(THD *thd, List< LEX_USER > &list)
Definition: sql_authorization.cc:5130
ACL_internal_access_result
Definition: auth_common.h:83
@ ACL_INTERNAL_ACCESS_GRANTED
Access granted for all the requested privileges, do not use the grant tables.
Definition: auth_common.h:90
@ ACL_INTERNAL_ACCESS_CHECK_GRANT
No decision yet, use the grant tables.
Definition: auth_common.h:94
@ ACL_INTERNAL_ACCESS_DENIED
Access denied, do not use the grant tables.
Definition: auth_common.h:92
bool turn_off_sandbox_mode(THD *thd, LEX_USER *user)
Helper method to turn off sandbox mode once registration step is complete.
Definition: sql_user.cc:1021
mysql_password_history_table_field
Definition: auth_common.h:351
@ MYSQL_PASSWORD_HISTORY_FIELD_COUNT
Definition: auth_common.h:356
@ MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD_TIMESTAMP
Definition: auth_common.h:354
@ MYSQL_PASSWORD_HISTORY_FIELD_HOST
Definition: auth_common.h:352
@ MYSQL_PASSWORD_HISTORY_FIELD_USER
Definition: auth_common.h:353
@ MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD
Definition: auth_common.h:355
bool mysql_create_user(THD *thd, List< LEX_USER > &list, bool if_not_exists, bool is_role)
Definition: sql_user.cc:2698
bool check_grant_routine(THD *thd, ulong want_access, Table_ref *procs, bool is_proc, bool no_error)
Definition: sql_authorization.cc:4323
void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant, const char *db, const char *table)
Definition: sql_authorization.cc:5478
bool operator==(const LEX_CSTRING &a, const LEX_CSTRING &b)
Definition: sql_authorization.cc:7490
void get_default_roles(const Auth_id_ref &user, List_of_auth_id_refs &list)
Shallow copy a list of default role authorization IDs from an Role_id storage.
Definition: sql_authorization.cc:6292
int fill_schema_column_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5812
bool check_table_encryption_admin_access(THD *thd)
Check if a current user has the privilege TABLE_ENCRYPTION_ADMIN required to create encrypted table.
Definition: sql_authorization.cc:2410
bool is_role_id(LEX_USER *authid)
Definition: sql_authorization.cc:805
bool check_grant_all_columns(THD *thd, ulong want_access, Field_iterator_table_ref *fields)
check if a query can access a set of columns
Definition: sql_authorization.cc:4112
bool is_granted_role(LEX_CSTRING user, LEX_CSTRING host, LEX_CSTRING role, LEX_CSTRING role_host)
This function works just like check_if_granted_role, but also guarantees that the proper lock is take...
Definition: sql_authorization.cc:6781
mysql_default_roles_table_field
Definition: auth_common.h:343
@ MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_USER
Definition: auth_common.h:347
@ MYSQL_DEFAULT_ROLES_FIELD_COUNT
Definition: auth_common.h:348
@ MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_HOST
Definition: auth_common.h:346
@ MYSQL_DEFAULT_ROLES_FIELD_HOST
Definition: auth_common.h:344
@ MYSQL_DEFAULT_ROLES_FIELD_USER
Definition: auth_common.h:345
void append_identifier(String *packet, const char *name, size_t length)
Convert and quote the given identifier if needed and append it to the target string.
Definition: sql_show.cc:1414
bool mysql_grant(THD *thd, const char *db, List< LEX_USER > &list, ulong rights, bool revoke_grant, bool is_proxy, const List< LEX_CSTRING > &dynamic_privilege, bool grant_all_current_privileges, LEX_GRANT_AS *grant_as)
Definition: sql_authorization.cc:3434
bool is_acl_user(THD *thd, const char *host, const char *user)
Definition: sql_auth_cache.cc:1215
void update_mandatory_roles(void)
Definition: sql_authorization.cc:7324
bool has_full_view_routine_access(THD *thd, const char *db, const char *definer_user, const char *definer_host)
Check if user has full access to view routine's properties (i.e including stored routine code).
Definition: sql_authorization.cc:2058
void notify_flush_event(THD *thd)
Audit notification for flush.
Definition: sql_auth_cache.cc:1688
bool check_table_access(THD *thd, ulong requirements, Table_ref *tables, bool any_combination_of_privileges_will_do, uint number, bool no_errors)
Check if the requested privileges exists in either User-, DB- or, tables- tables.
Definition: sql_authorization.cc:2340
bool is_secure_transport(int vio_type)
Definition: sql_authentication.cc:4589
bool disconnect_on_expired_password
Definition: sql_authentication.cc:1448
bool wildcard_db_grant_exists()
mysql_tables_priv_table_field
Definition: auth_common.h:322
@ MYSQL_TABLES_PRIV_FIELD_HOST
Definition: auth_common.h:323
@ MYSQL_TABLES_PRIV_FIELD_GRANTOR
Definition: auth_common.h:327
@ MYSQL_TABLES_PRIV_FIELD_COUNT
Definition: auth_common.h:331
@ MYSQL_TABLES_PRIV_FIELD_COLUMN_PRIV
Definition: auth_common.h:330
@ MYSQL_TABLES_PRIV_FIELD_TABLE_NAME
Definition: auth_common.h:326
@ MYSQL_TABLES_PRIV_FIELD_TABLE_PRIV
Definition: auth_common.h:329
@ MYSQL_TABLES_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:328
@ MYSQL_TABLES_PRIV_FIELD_USER
Definition: auth_common.h:325
@ MYSQL_TABLES_PRIV_FIELD_DB
Definition: auth_common.h:324
void shutdown_acl_cache()
Shutdown the global Acl_cache system which was only initialized if the rwlocks were initialized.
Definition: sql_auth_cache.cc:3452
void log_user(THD *thd, String *str, LEX_USER *user, bool comma)
Auxiliary function for constructing a user list string.
Definition: sql_user.cc:123
bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name, bool is_proc)
Revoke privileges for all users on a stored procedure.
Definition: sql_authorization.cc:5299
mysql_proxies_priv_table_feild
Definition: auth_common.h:288
@ MYSQL_PROXIES_PRIV_FIELD_HOST
Definition: auth_common.h:289
@ MYSQL_PROXIES_PRIV_FIELD_PROXIED_USER
Definition: auth_common.h:292
@ MYSQL_PROXIES_PRIV_FIELD_PROXIED_HOST
Definition: auth_common.h:291
@ MYSQL_PROXIES_PRIV_FIELD_COUNT
Definition: auth_common.h:296
@ MYSQL_PROXIES_PRIV_FIELD_WITH_GRANT
Definition: auth_common.h:293
@ MYSQL_PROXIES_PRIV_FIELD_USER
Definition: auth_common.h:290
@ MYSQL_PROXIES_PRIV_FIELD_GRANTOR
Definition: auth_common.h:294
@ MYSQL_PROXIES_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:295
bool check_single_table_access(THD *thd, ulong privilege, Table_ref *tables, bool no_errors)
Check grants for commands which work only with one table.
Definition: sql_authorization.cc:1942
void err_readonly(THD *thd)
Generates appropriate error messages for read-only state depending on whether user has SUPER privileg...
Definition: sql_authorization.cc:1882
void grant_free(void)
Definition: sql_auth_cache.cc:2329
bool check_grant_db(THD *thd, const char *db, const bool check_table_grant=false)
Check if a user has the right to access a database.
Definition: sql_authorization.cc:4261
void generate_random_password(std::string *password, uint32_t)
Generates a random password of the length decided by the system variable generated_random_password_le...
Definition: sql_user.cc:957
bool decrypt_RSA_private_key(uchar *pkt, int cipher_length, unsigned char *plain_text, size_t plain_text_len, RSA *private_key)
Decrypt pkt data using RSA private key.
Definition: auth_common.cc:228
bool is_acl_inited()
Definition: sql_auth_cache.cc:3892
std::pair< std::string, std::string > get_authid_from_quoted_string(std::string str)
Return the unquoted authorization id as a user,host-tuple.
Definition: sql_authorization.cc:4593
ssl_artifacts_status
Definition: auth_common.h:894
@ SSL_ARTIFACTS_VIA_OPTIONS
Definition: auth_common.h:896
@ SSL_ARTIFACTS_AUTO_DETECTED
Definition: auth_common.h:898
@ SSL_ARTIFACT_TRACES_FOUND
Definition: auth_common.h:897
@ SSL_ARTIFACTS_NOT_FOUND
Definition: auth_common.h:895
bool mysql_drop_user(THD *thd, List< LEX_USER > &list, bool if_exists, bool drop_role)
Drop a list of users and all their privileges.
Definition: sql_user.cc:2984
ulong acl_get(THD *thd, const char *host, const char *ip, const char *user, const char *db, bool db_is_pattern)
Get privilege for a host, user, and db combination.
Definition: sql_auth_cache.cc:1347
bool is_partial_revoke_exists(THD *thd)
Method to check if there exists at least one partial revokes in the cache.
Definition: sql_auth_cache.cc:3876
bool mysql_set_active_role(THD *thd, const List< LEX_USER > *role_list)
Definition: sql_authorization.cc:6758
bool mysql_alter_user(THD *thd, List< LEX_USER > &list, bool if_exists)
Definition: sql_user.cc:3331
int fill_schema_user_privileges(THD *thd, Table_ref *tables, Item *cond)
Definition: sql_authorization.cc:5609
mysql_user_table_field
Definition: auth_common.h:233
@ MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV
Definition: auth_common.h:264
@ MYSQL_USER_FIELD_SUPER_PRIV
Definition: auth_common.h:251
@ MYSQL_USER_FIELD_DROP_PRIV
Definition: auth_common.h:241
@ MYSQL_USER_FIELD_ACCOUNT_LOCKED
Definition: auth_common.h:278
@ MYSQL_USER_FIELD_SSL_TYPE
Definition: auth_common.h:265
@ MYSQL_USER_FIELD_SSL_CIPHER
Definition: auth_common.h:266
@ MYSQL_USER_FIELD_REPL_CLIENT_PRIV
Definition: auth_common.h:256
@ MYSQL_USER_FIELD_MAX_USER_CONNECTIONS
Definition: auth_common.h:272
@ MYSQL_USER_FIELD_COUNT
Definition: auth_common.h:285
@ MYSQL_USER_FIELD_PROCESS_PRIV
Definition: auth_common.h:244
@ MYSQL_USER_FIELD_SELECT_PRIV
Definition: auth_common.h:236
@ MYSQL_USER_FIELD_USER
Definition: auth_common.h:235
@ MYSQL_USER_FIELD_MAX_CONNECTIONS
Definition: auth_common.h:271
@ MYSQL_USER_FIELD_REFERENCES_PRIV
Definition: auth_common.h:247
@ MYSQL_USER_FIELD_PASSWORD_EXPIRED
Definition: auth_common.h:275
@ MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV
Definition: auth_common.h:259
@ MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV
Definition: auth_common.h:260
@ MYSQL_USER_FIELD_PLUGIN
Definition: auth_common.h:273
@ MYSQL_USER_FIELD_MAX_UPDATES
Definition: auth_common.h:270
@ MYSQL_USER_FIELD_EVENT_PRIV
Definition: auth_common.h:262
@ MYSQL_USER_FIELD_RELOAD_PRIV
Definition: auth_common.h:242
@ MYSQL_USER_FIELD_UPDATE_PRIV
Definition: auth_common.h:238
@ MYSQL_USER_FIELD_TRIGGER_PRIV
Definition: auth_common.h:263
@ MYSQL_USER_FIELD_X509_ISSUER
Definition: auth_common.h:267
@ MYSQL_USER_FIELD_LOCK_TABLES_PRIV
Definition: auth_common.h:253
@ MYSQL_USER_FIELD_CREATE_ROLE_PRIV
Definition: auth_common.h:279
@ MYSQL_USER_FIELD_PASSWORD_LAST_CHANGED
Definition: auth_common.h:276
@ MYSQL_USER_FIELD_INSERT_PRIV
Definition: auth_common.h:237
@ MYSQL_USER_FIELD_REPL_SLAVE_PRIV
Definition: auth_common.h:255
@ MYSQL_USER_FIELD_FILE_PRIV
Definition: auth_common.h:245
@ MYSQL_USER_FIELD_DROP_ROLE_PRIV
Definition: auth_common.h:280
@ MYSQL_USER_FIELD_INDEX_PRIV
Definition: auth_common.h:248
@ MYSQL_USER_FIELD_HOST
Definition: auth_common.h:234
@ MYSQL_USER_FIELD_PASSWORD_LIFETIME
Definition: auth_common.h:277
@ MYSQL_USER_FIELD_X509_SUBJECT
Definition: auth_common.h:268
@ MYSQL_USER_FIELD_AUTHENTICATION_STRING
Definition: auth_common.h:274
@ MYSQL_USER_FIELD_SHOW_DB_PRIV
Definition: auth_common.h:250
@ MYSQL_USER_FIELD_SHOW_VIEW_PRIV
Definition: auth_common.h:258
@ MYSQL_USER_FIELD_CREATE_USER_PRIV
Definition: auth_common.h:261
@ MYSQL_USER_FIELD_EXECUTE_PRIV
Definition: auth_common.h:254
@ MYSQL_USER_FIELD_MAX_QUESTIONS
Definition: auth_common.h:269
@ MYSQL_USER_FIELD_CREATE_VIEW_PRIV
Definition: auth_common.h:257
@ MYSQL_USER_FIELD_SHUTDOWN_PRIV
Definition: auth_common.h:243
@ MYSQL_USER_FIELD_CREATE_PRIV
Definition: auth_common.h:240
@ MYSQL_USER_FIELD_ALTER_PRIV
Definition: auth_common.h:249
@ MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV
Definition: auth_common.h:252
@ MYSQL_USER_FIELD_GRANT_PRIV
Definition: auth_common.h:246
@ MYSQL_USER_FIELD_PASSWORD_REQUIRE_CURRENT
Definition: auth_common.h:283
@ MYSQL_USER_FIELD_PASSWORD_REUSE_TIME
Definition: auth_common.h:282
@ MYSQL_USER_FIELD_USER_ATTRIBUTES
Definition: auth_common.h:284
@ MYSQL_USER_FIELD_DELETE_PRIV
Definition: auth_common.h:239
@ MYSQL_USER_FIELD_PASSWORD_REUSE_HISTORY
Definition: auth_common.h:281
bool hostname_requires_resolving(const char *hostname)
Check if the given host name needs to be resolved or not.
Definition: sql_auth_cache.cc:877
bool has_grant_role_privilege(THD *thd, const List< LEX_USER > *roles)
Definition: sql_authorization.cc:2513
bool mysql_set_role_default(THD *thd)
Activates all the default roles in the current security context.
Definition: sql_authorization.cc:6725
bool check_authorization_id_string(THD *thd, LEX_STRING &mandatory_roles)
Definition: sql_authorization.cc:7236
bool check_engine_type_for_acl_table(THD *thd, bool mdl_locked)
Definition: sql_auth_cache.cc:2009
bool has_partial_view_routine_access(THD *thd, const char *db, const char *routine_name, bool is_proc)
Check if user has partial access to view routine's properties (i.e.
Definition: sql_authorization.cc:2086
static constexpr int USER_HOST_BUFF_SIZE
Length of string buffer, that is enough to contain username and hostname parts of the user identifier...
Definition: auth_common.h:1112
bool opt_auto_generate_certs
Definition: sql_authentication.cc:1464
ulong get_column_grant(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *field_name)
Definition: sql_authorization.cc:4462
bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table, const Auth_id_ref &authid_user)
Definition: sql_authorization.cc:633
Definition: sql_auth_cache.h:245
Per internal schema ACL access rules.
Definition: auth_common.h:143
virtual const ACL_internal_table_access * lookup(const char *name) const =0
Search for per table ACL access rules by table name.
virtual ACL_internal_access_result check(ulong want_access, ulong *save_priv, bool any_combination_will_do) const =0
Check access to an internal schema.
virtual ~ACL_internal_schema_access()=default
ACL_internal_schema_access()=default
A registry for per internal schema ACL.
Definition: auth_common.h:181
static const ACL_internal_schema_access * lookup(const char *name)
Search per internal schema ACL by name.
Definition: sql_auth_cache.cc:212
static void register_schema(const LEX_CSTRING &name, const ACL_internal_schema_access *access)
Add an internal schema to the registry.
Definition: sql_auth_cache.cc:197
Per internal table ACL access rules.
Definition: auth_common.h:105
virtual ~ACL_internal_table_access()=default
ACL_internal_table_access()=default
virtual ACL_internal_access_result check(ulong want_access, ulong *save_priv, bool any_combination_will_do) const =0
Check access to an internal table.
Data describing the table being created by CREATE TABLE or altered by ALTER TABLE.
Definition: sql_alter.h:204
Storage container for default auth ids.
Definition: auth_common.h:1065
const std::string & host() const
Definition: auth_common.cc:124
std::string m_user
User part.
Definition: auth_common.h:1088
Auth_id & operator=(const Auth_id &)=default
void create_key()
Definition: auth_common.cc:56
const std::string & user() const
Definition: auth_common.cc:123
bool operator<(const Auth_id &id) const
Definition: auth_common.cc:100
std::string auth_str() const
Definition: auth_common.cc:115
std::string m_key
Key: Internal representation mainly to facilitate use of Auth_id class in standard container.
Definition: auth_common.h:1096
std::string m_host
Host part.
Definition: auth_common.h:1090
Definition: auth_common.h:931
bool operator()(Security_context *sctx, Operation op) override
Definition: auth_common.h:933
Definition: auth_common.h:1002
const THD * m_thd
Definition: auth_common.h:1009
bool create(Security_context *sctx)
Create a local authid without modifying any tables.
Definition: sql_authorization.cc:7350
Default_local_authid(const THD *thd)
Definition: sql_authorization.cc:7330
bool precheck(Security_context *sctx)
Check if the security context can be created as a local authid.
Definition: sql_authorization.cc:7339
Definition: auth_common.h:1029
Drop_temporary_dynamic_privileges(std::vector< std::string > privs)
Definition: auth_common.h:1031
void operator()(Security_context *sctx)
Definition: sql_authorization.cc:7376
std::vector< std::string > m_privs
Definition: auth_common.h:1036
Generic iterator over the fields of an arbitrary table reference.
Definition: table.h:4105
Definition: auth_common.h:943
bool operator()(Security_context *sctx, Operation op) override
Definition: auth_common.h:945
Grant the privilege temporarily to the in-memory global privileges map.
Definition: auth_common.h:1017
const std::vector< std::string > m_privs
Definition: auth_common.h:1026
Grant_temporary_dynamic_privileges(const THD *thd, std::vector< std::string > privs)
Definition: sql_authorization.cc:7354
bool grant_privileges(Security_context *sctx)
Grant dynamic privileges to an in-memory global authid.
Definition: sql_authorization.cc:7370
const THD * m_thd
Definition: auth_common.h:1025
bool precheck(Security_context *sctx)
Definition: sql_authorization.cc:7358
Definition: auth_common.h:1040
const ulong m_privs
Privileges.
Definition: auth_common.h:1051
bool grant_privileges(Security_context *sctx)
Definition: sql_authorization.cc:7390
bool precheck(Security_context *sctx)
Definition: sql_authorization.cc:7385
const THD * m_thd
THD handle.
Definition: auth_common.h:1048
Grant_temporary_static_privileges(const THD *thd, const ulong privs)
Definition: sql_authorization.cc:7381
Extension of ACL_internal_schema_access for Information Schema.
Definition: auth_common.h:191
~IS_internal_schema_access() override=default
IS_internal_schema_access()=default
const ACL_internal_table_access * lookup(const char *name) const override
Search for per table ACL access rules by table name.
Definition: sql_authorization.cc:1700
ACL_internal_access_result check(ulong want_access, ulong *save_priv, bool any_combination_will_do) const override
Check access to an internal schema.
Definition: sql_authorization.cc:1682
Base class that is used to represent any kind of expression in a relational query.
Definition: item.h:933
Definition: sql_lex.h:3695
Definition: sql_lex.h:3707
Definition: sql_list.h:434
Factory for creating any Security_context given a pre-constructed policy.
Definition: auth_common.h:960
Security_context_functor m_static_privileges
Definition: auth_common.h:998
Security_context_functor m_privileges
Definition: auth_common.h:997
Security_context_factory(THD *thd, std::string user, std::string host, Security_context_functor extend_user_profile, Security_context_functor priv, Security_context_functor static_priv, std::function< void(Security_context *)> drop_policy)
Default Security_context factory implementation.
Definition: auth_common.h:975
std::string m_user
Definition: auth_common.h:994
Sctx_ptr< Security_context > create()
Definition: sql_authorization.cc:7426
std::string m_host
Definition: auth_common.h:995
bool apply_pre_constructed_policies(Security_context *sctx)
Definition: sql_authorization.cc:7396
Security_context_functor m_user_profile
Definition: auth_common.h:996
THD * m_thd
Definition: auth_common.h:993
const std::function< void(Security_context *)> m_drop_policy
Definition: auth_common.h:999
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:52
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:166
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:35
Definition: table.h:2853
Definition: auth_common.h:436
uint repl_client_priv_idx() override
Definition: auth_common.h:477
uint max_user_connections_idx() override
Definition: auth_common.h:507
uint plugin_idx() override
Definition: auth_common.h:510
uint create_tablespace_priv_idx() override
Definition: auth_common.h:495
uint account_locked_idx() override
Definition: auth_common.h:523
uint create_priv_idx() override
Definition: auth_common.h:449
uint create_tmp_table_priv_idx() override
Definition: auth_common.h:467
uint password_idx() override
Definition: auth_common.h:441
uint trigger_priv_idx() override
Definition: auth_common.h:494
uint max_questions_idx() override
Definition: auth_common.h:502
uint create_view_priv_idx() override
Definition: auth_common.h:480
uint index_priv_idx() override
Definition: auth_common.h:459
uint insert_priv_idx() override
Definition: auth_common.h:446
uint user_idx() override
Definition: auth_common.h:439
uint alter_routine_priv_idx() override
Definition: auth_common.h:487
uint create_user_priv_idx() override
Definition: auth_common.h:490
uint password_reuse_time_idx() override
Definition: auth_common.h:527
uint password_expired_idx() override
Definition: auth_common.h:514
uint password_require_current_idx() override
Definition: auth_common.h:530
uint shutdown_priv_idx() override
Definition: auth_common.h:452
uint drop_priv_idx() override
Definition: auth_common.h:450
uint host_idx() override
Definition: auth_common.h:438
uint file_priv_idx() override
Definition: auth_common.h:454
uint authentication_string_idx() override
Definition: auth_common.h:511
uint drop_role_priv_idx() override
Definition: auth_common.h:466
uint repl_slave_priv_idx() override
Definition: auth_common.h:474
uint x509_subject_idx() override
Definition: auth_common.h:501
uint references_priv_idx() override
Definition: auth_common.h:456
uint password_lifetime_idx() override
Definition: auth_common.h:520
uint event_priv_idx() override
Definition: auth_common.h:493
uint process_priv_idx() override
Definition: auth_common.h:453
uint max_connections_idx() override
Definition: auth_common.h:504
uint password_reuse_history_idx() override
Definition: auth_common.h:524
uint create_routine_priv_idx() override
Definition: auth_common.h:484
uint ssl_cipher_idx() override
Definition: auth_common.h:499
uint super_priv_idx() override
Definition: auth_common.h:462
uint update_priv_idx() override
Definition: auth_common.h:447
uint reload_priv_idx() override
Definition: auth_common.h:451
uint create_role_priv_idx() override
Definition: auth_common.h:463
uint password_last_changed_idx() override
Definition: auth_common.h:517
uint lock_tables_priv_idx() override
Definition: auth_common.h:470
uint show_db_priv_idx() override
Definition: auth_common.h:461
uint user_attributes_idx() override
Definition: auth_common.h:533
uint x509_issuer_idx() override
Definition: auth_common.h:500
uint grant_priv_idx() override
Definition: auth_common.h:455
uint ssl_type_idx() override
Definition: auth_common.h:498
uint alter_priv_idx() override
Definition: auth_common.h:460
uint max_updates_idx() override
Definition: auth_common.h:503
uint execute_priv_idx() override
Definition: auth_common.h:473
uint select_priv_idx() override
Definition: auth_common.h:445
uint show_view_priv_idx() override
Definition: auth_common.h:483
uint delete_priv_idx() override
Definition: auth_common.h:448
Definition: auth_common.h:541
uint file_priv_idx() override
Definition: auth_common.h:604
uint user_idx() override
Definition: auth_common.h:591
uint insert_priv_idx() override
Definition: auth_common.h:594
uint shutdown_priv_idx() override
Definition: auth_common.h:600
uint account_locked_idx() override
Definition: auth_common.h:673
uint x509_issuer_idx() override
Definition: auth_common.h:648
uint password_reuse_time_idx() override
Definition: auth_common.h:679
uint host_idx() override
Definition: auth_common.h:590
uint x509_subject_idx() override
Definition: auth_common.h:649
uint index_priv_idx() override
Definition: auth_common.h:609
mysql_user_table_field_56
Definition: auth_common.h:543
@ MYSQL_USER_FIELD_SUPER_PRIV_56
Definition: auth_common.h:562
@ MYSQL_USER_FIELD_SELECT_PRIV_56
Definition: auth_common.h:547
@ MYSQL_USER_FIELD_REFERENCES_PRIV_56
Definition: auth_common.h:558
@ MYSQL_USER_FIELD_SHOW_DB_PRIV_56
Definition: auth_common.h:561
@ MYSQL_USER_FIELD_UPDATE_PRIV_56
Definition: auth_common.h:549
@ MYSQL_USER_FIELD_DROP_PRIV_56
Definition: auth_common.h:552
@ MYSQL_USER_FIELD_PLUGIN_56
Definition: auth_common.h:584
@ MYSQL_USER_FIELD_FILE_PRIV_56
Definition: auth_common.h:556
@ MYSQL_USER_FIELD_X509_SUBJECT_56
Definition: auth_common.h:579
@ MYSQL_USER_FIELD_REPL_CLIENT_PRIV_56
Definition: auth_common.h:567
@ MYSQL_USER_FIELD_PASSWORD_56
Definition: auth_common.h:546
@ MYSQL_USER_FIELD_MAX_USER_CONNECTIONS_56
Definition: auth_common.h:583
@ MYSQL_USER_FIELD_X509_ISSUER_56
Definition: auth_common.h:578
@ MYSQL_USER_FIELD_PROCESS_PRIV_56
Definition: auth_common.h:555
@ MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV_56
Definition: auth_common.h:571
@ MYSQL_USER_FIELD_COUNT_56
Definition: auth_common.h:587
@ MYSQL_USER_FIELD_EVENT_PRIV_56
Definition: auth_common.h:573
@ MYSQL_USER_FIELD_SHUTDOWN_PRIV_56
Definition: auth_common.h:554
@ MYSQL_USER_FIELD_SSL_TYPE_56
Definition: auth_common.h:576
@ MYSQL_USER_FIELD_SSL_CIPHER_56
Definition: auth_common.h:577
@ MYSQL_USER_FIELD_CREATE_VIEW_PRIV_56
Definition: auth_common.h:568
@ MYSQL_USER_FIELD_DELETE_PRIV_56
Definition: auth_common.h:550
@ MYSQL_USER_FIELD_MAX_CONNECTIONS_56
Definition: auth_common.h:582
@ MYSQL_USER_FIELD_CREATE_USER_PRIV_56
Definition: auth_common.h:572
@ MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV_56
Definition: auth_common.h:570
@ MYSQL_USER_FIELD_CREATE_PRIV_56
Definition: auth_common.h:551
@ MYSQL_USER_FIELD_EXECUTE_PRIV_56
Definition: auth_common.h:565
@ MYSQL_USER_FIELD_MAX_QUESTIONS_56
Definition: auth_common.h:580
@ MYSQL_USER_FIELD_HOST_56
Definition: auth_common.h:544
@ MYSQL_USER_FIELD_GRANT_PRIV_56
Definition: auth_common.h:557
@ MYSQL_USER_FIELD_AUTHENTICATION_STRING_56
Definition: auth_common.h:585
@ MYSQL_USER_FIELD_RELOAD_PRIV_56
Definition: auth_common.h:553
@ MYSQL_USER_FIELD_SHOW_VIEW_PRIV_56
Definition: auth_common.h:569
@ MYSQL_USER_FIELD_LOCK_TABLES_PRIV_56
Definition: auth_common.h:564
@ MYSQL_USER_FIELD_TRIGGER_PRIV_56
Definition: auth_common.h:574
@ MYSQL_USER_FIELD_PASSWORD_EXPIRED_56
Definition: auth_common.h:586
@ MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV_56
Definition: auth_common.h:563
@ MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV_56
Definition: auth_common.h:575
@ MYSQL_USER_FIELD_USER_56
Definition: auth_common.h:545
@ MYSQL_USER_FIELD_INSERT_PRIV_56
Definition: auth_common.h:548
@ MYSQL_USER_FIELD_INDEX_PRIV_56
Definition: auth_common.h:559
@ MYSQL_USER_FIELD_ALTER_PRIV_56
Definition: auth_common.h:560
@ MYSQL_USER_FIELD_REPL_SLAVE_PRIV_56
Definition: auth_common.h:566
@ MYSQL_USER_FIELD_MAX_UPDATES_56
Definition: auth_common.h:581
uint drop_role_priv_idx() override
Definition: auth_common.h:675
uint user_attributes_idx() override
Definition: auth_common.h:683
uint lock_tables_priv_idx() override
Definition: auth_common.h:616
uint create_tmp_table_priv_idx() override
Definition: auth_common.h:613
uint password_lifetime_idx() override
Definition: auth_common.h:672
uint process_priv_idx() override
Definition: auth_common.h:603
uint create_view_priv_idx() override
Definition: auth_common.h:626
uint plugin_idx() override
Definition: auth_common.h:660
uint max_user_connections_idx() override
Definition: auth_common.h:657
uint select_priv_idx() override
Definition: auth_common.h:593
uint references_priv_idx() override
Definition: auth_common.h:606
uint grant_priv_idx() override
Definition: auth_common.h:605
uint repl_slave_priv_idx() override
Definition: auth_common.h:620
uint max_updates_idx() override
Definition: auth_common.h:653
uint delete_priv_idx() override
Definition: auth_common.h:596
uint create_user_priv_idx() override
Definition: auth_common.h:638
uint repl_client_priv_idx() override
Definition: auth_common.h:623
uint show_view_priv_idx() override
Definition: auth_common.h:629
uint password_reuse_history_idx() override
Definition: auth_common.h:676
uint update_priv_idx() override
Definition: auth_common.h:595
uint create_priv_idx() override
Definition: auth_common.h:597
uint max_questions_idx() override
Definition: auth_common.h:650
uint drop_priv_idx() override
Definition: auth_common.h:598
uint alter_priv_idx() override
Definition: auth_common.h:610
uint execute_priv_idx() override
Definition: auth_common.h:619
uint password_idx() override
Definition: auth_common.h:592
uint password_expired_idx() override
Definition: auth_common.h:664
uint password_last_changed_idx() override
Definition: auth_common.h:669
uint authentication_string_idx() override
Definition: auth_common.h:661
uint show_db_priv_idx() override
Definition: auth_common.h:611
uint create_tablespace_priv_idx() override
Definition: auth_common.h:643
uint password_require_current_idx() override
Definition: auth_common.h:680
uint ssl_type_idx() override
Definition: auth_common.h:646
uint max_connections_idx() override
Definition: auth_common.h:654
uint reload_priv_idx() override
Definition: auth_common.h:599
uint create_role_priv_idx() override
Definition: auth_common.h:674
uint alter_routine_priv_idx() override
Definition: auth_common.h:635
uint create_routine_priv_idx() override
Definition: auth_common.h:632
uint super_priv_idx() override
Definition: auth_common.h:612
uint ssl_cipher_idx() override
Definition: auth_common.h:647
uint trigger_priv_idx() override
Definition: auth_common.h:642
uint event_priv_idx() override
Definition: auth_common.h:641
Definition: auth_common.h:686
virtual ~User_table_schema_factory()=default
virtual User_table_schema * get_user_table_schema(TABLE *table)
Definition: auth_common.h:688
virtual bool is_old_user_table_schema(TABLE *table)
Definition: auth_common.cc:47
Definition: auth_common.h:373
virtual uint user_attributes_idx()=0
virtual uint event_priv_idx()=0
virtual uint update_priv_idx()=0
virtual uint max_connections_idx()=0
virtual uint user_idx()=0
virtual uint select_priv_idx()=0
virtual uint repl_client_priv_idx()=0
virtual uint x509_issuer_idx()=0
virtual uint references_priv_idx()=0
virtual uint alter_priv_idx()=0
virtual uint password_last_changed_idx()=0
virtual uint host_idx()=0
virtual uint trigger_priv_idx()=0
virtual uint show_view_priv_idx()=0
virtual uint process_priv_idx()=0
virtual uint create_tablespace_priv_idx()=0
virtual uint reload_priv_idx()=0
virtual uint drop_priv_idx()=0
virtual uint password_expired_idx()=0
virtual uint max_user_connections_idx()=0
virtual uint max_updates_idx()=0
virtual uint password_reuse_time_idx()=0
virtual uint create_view_priv_idx()=0
virtual uint create_tmp_table_priv_idx()=0
virtual uint ssl_type_idx()=0
virtual uint password_lifetime_idx()=0
virtual uint show_db_priv_idx()=0
virtual uint password_reuse_history_idx()=0
virtual uint create_role_priv_idx()=0
virtual uint create_priv_idx()=0
virtual uint account_locked_idx()=0
virtual uint x509_subject_idx()=0
virtual uint alter_routine_priv_idx()=0
virtual uint super_priv_idx()=0
virtual uint password_require_current_idx()=0
virtual uint repl_slave_priv_idx()=0
virtual uint shutdown_priv_idx()=0
virtual uint lock_tables_priv_idx()=0
virtual uint authentication_string_idx()=0
virtual uint drop_role_priv_idx()=0
virtual uint ssl_cipher_idx()=0
virtual uint create_user_priv_idx()=0
virtual uint password_idx()=0
virtual uint grant_priv_idx()=0
virtual uint plugin_idx()=0
virtual uint index_priv_idx()=0
virtual uint max_questions_idx()=0
virtual uint create_routine_priv_idx()=0
virtual uint execute_priv_idx()=0
virtual uint delete_priv_idx()=0
virtual uint file_priv_idx()=0
virtual uint insert_priv_idx()=0
virtual ~User_table_schema()=default
Definition: sp_head.h:122
PFS_table * create_table(PFS_table_share *share, PFS_thread *opening_thread, const void *identity)
Create instrumentation for a table instance.
Definition: pfs_instr.cc:1307
enum_server_command
A list of all MySQL protocol commands.
Definition: my_command.h:47
Common definition used by mysys, performance schema and server & client.
static constexpr int HOSTNAME_LENGTH
Definition: my_hostname.h:42
Some integer typedefs for easier portability.
unsigned char uchar
Definition: my_inttypes.h:51
uint32_t uint32
Definition: my_inttypes.h:66
Common definition between mysql server & client.
#define USERNAME_LENGTH
Definition: mysql_com.h:68
static char * password
Definition: mysql_secure_installation.cc:57
char * user
Definition: mysqladmin.cc:64
const char * host
Definition: mysqladmin.cc:63
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1065
static PFS_engine_table_share_proxy table
Definition: pfs.cc:60
Definition: acl_table_user.cc:79
const std::string mysql
const std::string system_user
const std::string connection_admin
Definition: commit_order_queue.h:33
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:75
static mysql_service_status_t create(const char *service_names[], reference_caching_channel *out_channel) noexcept
Definition: component.cc:44
const char * table_name
Definition: rules_table_service.cc:55
Cursor end()
A past-the-end Cursor.
Definition: rules_table_service.cc:191
const char * db_name
Definition: rules_table_service.cc:54
Definition: varlen_sort.h:174
std::conditional_t< !std::is_array< T >::value, std::unique_ptr< T, detail::Deleter< T > >, std::conditional_t< detail::is_unbounded_array_v< T >, std::unique_ptr< T, detail::Array_deleter< std::remove_extent_t< T > > >, void > > unique_ptr
The following is a common type that is returned by all the ut::make_unique (non-aligned) specializati...
Definition: ut0new.h:2437
std::list< T, ut::allocator< T > > list
Specialization of list which uses ut_allocator.
Definition: ut0new.h:2877
role_enum
Definition: sql_admin.h:240
struct rsa_st RSA
Definition: sql_authentication.h:102
LEX_CSTRING * plugin_name(st_plugin_int **ref)
Definition: sql_plugin_ref.h:94
Consumer_type
Target types where the rewritten query will be added.
Definition: sql_rewrite.h:37
case opt name
Definition: sslopt-case.h:32
Definition: m_ctype.h:422
The current state of the privilege checking process for the current user, SQL statement and SQL objec...
Definition: table.h:366
State information for internal tables grants.
Definition: table.h:343
Struct to hold information about the table that should be created.
Definition: handler.h:3177
Definition: table.h:2720
The MEM_ROOT is a simple arena, where allocations are carved out of larger blocks.
Definition: my_alloc.h:82
Definition: mysql_lex_string.h:39
Definition: mysql_lex_string.h:34
Definition: auth_common.h:918
virtual bool operator()(Security_context *, Operation)=0
Security_context_policy(const Security_context_policy &)=default
Operation
Definition: auth_common.h:919
@ Precheck
Definition: auth_common.h:919
@ Execute
Definition: auth_common.h:919
Security_context_policy()=default
virtual ~Security_context_policy()=default
Definition: table.h:1403
Definition: auth_common.h:1115
std::string host
Definition: auth_common.h:1117
std::string user
Definition: auth_common.h:1116
unsigned int authentication_factor
Definition: auth_common.h:1119
std::string password
Definition: auth_common.h:1118
Definition: sql_connect.h:69
command
Definition: version_token.cc:279
enum enum_vio_type vio_type(const MYSQL_VIO vio)