MySQL  8.0.27
Source Code Documentation
auth_common.h
Go to the documentation of this file.
1 /* Copyright (c) 2000, 2021, Oracle and/or its affiliates.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef AUTH_COMMON_INCLUDED
24 #define AUTH_COMMON_INCLUDED
25 
26 #include <assert.h>
27 #include <stddef.h>
28 #include <stdint.h>
29 #include <sys/types.h>
30 #include <functional>
31 #include <list>
32 #include <memory>
33 #include <string>
34 #include <utility>
35 #include <vector>
36 
37 #include "lex_string.h"
38 #include "my_command.h"
39 
40 #include "my_hostname.h" // HOSTNAME_LENGTH
41 #include "my_inttypes.h"
42 #include "mysql_com.h" // USERNAME_LENGTH
43 #include "template_utils.h"
44 
45 /* Forward Declarations */
46 class Alter_info;
48 class Item;
49 class LEX_COLUMN;
50 class String;
51 class THD;
52 struct CHARSET_INFO;
53 struct GRANT_INFO;
54 struct GRANT_INTERNAL_INFO;
55 struct HA_CREATE_INFO;
56 struct LEX_USER;
57 template <class T>
58 class List;
59 typedef struct user_conn USER_CONN;
60 class Security_context;
61 class ACL_USER;
62 struct TABLE;
63 struct MEM_ROOT;
64 struct TABLE_LIST;
65 enum class role_enum;
66 enum class Consumer_type;
67 class LEX_GRANT_AS;
68 
69 namespace consts {
70 extern const std::string mysql;
71 extern const std::string system_user;
72 } // namespace consts
73 
74 /** user, host tuple which reference either acl_cache or g_default_roles */
75 typedef std::pair<LEX_CSTRING, LEX_CSTRING> Auth_id_ref;
76 typedef std::vector<Auth_id_ref> List_of_auth_id_refs;
77 
78 bool operator<(const Auth_id_ref &a, const Auth_id_ref &b);
79 
81  /**
82  Access granted for all the requested privileges,
83  do not use the grant tables.
84  This flag is used only for the INFORMATION_SCHEMA privileges,
85  for compatibility reasons.
86  */
88  /** Access denied, do not use the grant tables. */
90  /** No decision yet, use the grant tables. */
92 };
93 
94 /* Classes */
95 
96 /**
97  Per internal table ACL access rules.
98  This class is an interface.
99  Per table(s) specific access rule should be implemented in a subclass.
100  @sa ACL_internal_schema_access
101 */
103  public:
105 
106  virtual ~ACL_internal_table_access() = default;
107 
108  /**
109  Check access to an internal table.
110  When a privilege is granted, this method add the requested privilege
111  to save_priv.
112  @param want_access the privileges requested
113  @param [in, out] save_priv the privileges granted
114  @retval ACL_INTERNAL_ACCESS_GRANTED All the requested privileges
115  are granted, and saved in save_priv.
116  @retval ACL_INTERNAL_ACCESS_DENIED At least one of the requested
117  privileges was denied.
118  @retval ACL_INTERNAL_ACCESS_CHECK_GRANT No requested privilege
119  was denied, and grant should be checked for at least one
120  privilege. Requested privileges that are granted, if any, are saved
121  in save_priv.
122  */
123  virtual ACL_internal_access_result check(ulong want_access,
124  ulong *save_priv) const = 0;
125 };
126 
127 /**
128  Per internal schema ACL access rules.
129  This class is an interface.
130  Each per schema specific access rule should be implemented
131  in a different subclass, and registered.
132  Per schema access rules can control:
133  - every schema privileges on schema.*
134  - every table privileges on schema.table
135  @sa ACL_internal_schema_registry
136 */
138  public:
140 
141  virtual ~ACL_internal_schema_access() = default;
142 
143  /**
144  Check access to an internal schema.
145  @param want_access the privileges requested
146  @param [in, out] save_priv the privileges granted
147  @retval ACL_INTERNAL_ACCESS_GRANTED All the requested privileges
148  are granted, and saved in save_priv.
149  @retval ACL_INTERNAL_ACCESS_DENIED At least one of the requested
150  privileges was denied.
151  @retval ACL_INTERNAL_ACCESS_CHECK_GRANT No requested privilege
152  was denied, and grant should be checked for at least one
153  privilege. Requested privileges that are granted, if any, are saved
154  in save_priv.
155  */
156  virtual ACL_internal_access_result check(ulong want_access,
157  ulong *save_priv) const = 0;
158 
159  /**
160  Search for per table ACL access rules by table name.
161  @param name the table name
162  @return per table access rules, or NULL
163  */
164  virtual const ACL_internal_table_access *lookup(const char *name) const = 0;
165 };
166 
167 /**
168  A registry for per internal schema ACL.
169  An 'internal schema' is a database schema maintained by the
170  server implementation, such as 'performance_schema' and 'INFORMATION_SCHEMA'.
171 */
173  public:
174  static void register_schema(const LEX_CSTRING &name,
175  const ACL_internal_schema_access *access);
176  static const ACL_internal_schema_access *lookup(const char *name);
177 };
178 
179 /**
180  Extension of ACL_internal_schema_access for Information Schema
181 */
183  public:
185 
186  ~IS_internal_schema_access() override = default;
187 
188  ACL_internal_access_result check(ulong want_access,
189  ulong *save_priv) const override;
190 
191  const ACL_internal_table_access *lookup(const char *name) const override;
192 };
193 
194 /* Data Structures */
195 
196 extern const std::vector<std::string> global_acls_vector;
197 
222 };
223 
277 };
278 
288 };
289 
300 };
301 
311 };
312 
323 };
324 
332 };
333 
340 };
341 
348 };
349 
356 };
357 
358 /* When we run mysql_upgrade we must make sure that the server can be run
359  using previous mysql.user table schema during acl_load.
360 
361  User_table_schema is a common interface for the current and the
362  previous mysql.user table schema.
363  */
365  public:
366  virtual uint host_idx() = 0;
367  virtual uint user_idx() = 0;
368  virtual uint password_idx() = 0;
369  virtual uint select_priv_idx() = 0;
370  virtual uint insert_priv_idx() = 0;
371  virtual uint update_priv_idx() = 0;
372  virtual uint delete_priv_idx() = 0;
373  virtual uint create_priv_idx() = 0;
374  virtual uint drop_priv_idx() = 0;
375  virtual uint reload_priv_idx() = 0;
376  virtual uint shutdown_priv_idx() = 0;
377  virtual uint process_priv_idx() = 0;
378  virtual uint file_priv_idx() = 0;
379  virtual uint grant_priv_idx() = 0;
380  virtual uint references_priv_idx() = 0;
381  virtual uint index_priv_idx() = 0;
382  virtual uint alter_priv_idx() = 0;
383  virtual uint show_db_priv_idx() = 0;
384  virtual uint super_priv_idx() = 0;
386  virtual uint lock_tables_priv_idx() = 0;
387  virtual uint execute_priv_idx() = 0;
388  virtual uint repl_slave_priv_idx() = 0;
389  virtual uint repl_client_priv_idx() = 0;
390  virtual uint create_view_priv_idx() = 0;
391  virtual uint show_view_priv_idx() = 0;
394  virtual uint create_user_priv_idx() = 0;
395  virtual uint event_priv_idx() = 0;
396  virtual uint trigger_priv_idx() = 0;
398  virtual uint create_role_priv_idx() = 0;
399  virtual uint drop_role_priv_idx() = 0;
400  virtual uint ssl_type_idx() = 0;
401  virtual uint ssl_cipher_idx() = 0;
402  virtual uint x509_issuer_idx() = 0;
403  virtual uint x509_subject_idx() = 0;
404  virtual uint max_questions_idx() = 0;
405  virtual uint max_updates_idx() = 0;
406  virtual uint max_connections_idx() = 0;
408  virtual uint plugin_idx() = 0;
410  virtual uint password_expired_idx() = 0;
413  virtual uint account_locked_idx() = 0;
416  // Added in 8.0.13
418  // Added in 8.0.14
419  virtual uint user_attributes_idx() = 0;
420 
421  virtual ~User_table_schema() = default;
422 };
423 
424 /*
425  This class describes indices for the current mysql.user table schema.
426  */
428  public:
429  uint host_idx() override { return MYSQL_USER_FIELD_HOST; }
430  uint user_idx() override { return MYSQL_USER_FIELD_USER; }
431  // not available
432  uint password_idx() override {
433  assert(0);
434  return MYSQL_USER_FIELD_COUNT;
435  }
449  }
456  }
460  }
463  }
467  }
470  }
473  }
477  }
480  }
483  }
488  }
497  }
500  }
501  uint plugin_idx() override { return MYSQL_USER_FIELD_PLUGIN; }
504  }
507  }
510  }
513  }
517  }
520  }
523  }
526  }
527 };
528 
529 /*
530  This class describes indices for the old mysql.user table schema.
531  */
533  public:
579  };
580 
581  uint host_idx() override { return MYSQL_USER_FIELD_HOST_56; }
582  uint user_idx() override { return MYSQL_USER_FIELD_USER_56; }
591  uint shutdown_priv_idx() override {
593  }
599  }
606  }
609  }
613  }
616  }
619  }
622  }
625  }
628  }
631  }
636  }
641  uint max_questions_idx() override {
643  }
647  }
650  }
654  }
657  }
658 
659  // those fields are not available in 5.6 db schema
662  }
669  }
673  }
675 };
676 
678  public:
680  return is_old_user_table_schema(table)
681  ? implicit_cast<User_table_schema *>(new User_table_old_schema())
682  : implicit_cast<User_table_schema *>(
684  }
685 
686  virtual bool is_old_user_table_schema(TABLE *table);
687  virtual ~User_table_schema_factory() = default;
688 };
689 
692 extern const char *any_db; // Special symbol for check_access
693 /** controls the extra checks on plugin availability for mysql.user records */
694 
695 extern bool validate_user_plugins;
696 
697 /* Function Declarations */
698 
699 /* sql_authentication */
700 
701 int set_default_auth_plugin(char *plugin_name, size_t plugin_name_length);
703 
704 void acl_log_connect(const char *user, const char *host, const char *auth_as,
705  const char *db, THD *thd,
708 bool acl_check_host(THD *thd, const char *host, const char *ip);
709 
710 /*
711  User Attributes are the once which are defined during CREATE/ALTER/GRANT
712  statement. These attributes are divided into following catagories.
713 */
714 
715 #define NONE_ATTR 0L
716 #define DEFAULT_AUTH_ATTR (1L << 0) /* update defaults auth */
717 #define PLUGIN_ATTR (1L << 1) /* update plugin */
718  /* authentication_string */
719 #define SSL_ATTR (1L << 2) /* ex: SUBJECT,CIPHER.. */
720 #define RESOURCE_ATTR (1L << 3) /* ex: MAX_QUERIES_PER_HOUR.. */
721 #define PASSWORD_EXPIRE_ATTR (1L << 4) /* update password expire col */
722 #define ACCESS_RIGHTS_ATTR (1L << 5) /* update privileges */
723 #define ACCOUNT_LOCK_ATTR (1L << 6) /* update account lock status */
724 #define DIFFERENT_PLUGIN_ATTR \
725  (1L << 7) /* updated plugin with a different value */
726 #define USER_ATTRIBUTES (1L << 8) /* Request to update user attributes */
727 
728 /* sql_user */
729 void log_user(THD *thd, String *str, LEX_USER *user, bool comma);
730 bool check_change_password(THD *thd, const char *host, const char *user,
731  bool retain_current_password);
732 bool change_password(THD *thd, LEX_USER *user, const char *password,
733  const char *current_password,
734  bool retain_current_password);
735 bool mysql_create_user(THD *thd, List<LEX_USER> &list, bool if_not_exists,
736  bool is_role);
737 bool mysql_alter_user(THD *thd, List<LEX_USER> &list, bool if_exists);
738 bool mysql_drop_user(THD *thd, List<LEX_USER> &list, bool if_exists,
739  bool drop_role);
740 bool mysql_rename_user(THD *thd, List<LEX_USER> &list);
741 bool acl_can_access_user(THD *thd, LEX_USER *user);
742 
743 /* sql_auth_cache */
744 void init_acl_memory();
745 int wild_case_compare(CHARSET_INFO *cs, const char *str, const char *wildstr);
746 int wild_case_compare(CHARSET_INFO *cs, const char *str, size_t str_len,
747  const char *wildstr, size_t wildstr_len);
748 bool hostname_requires_resolving(const char *hostname);
749 bool acl_init(bool dont_read_acl_tables);
750 bool is_acl_inited();
751 void acl_free(bool end = false);
752 bool check_engine_type_for_acl_table(THD *thd, bool mdl_locked);
753 bool grant_init(bool skip_grant_tables);
754 void grant_free(void);
755 bool reload_acl_caches(THD *thd, bool mdl_locked);
756 ulong acl_get(THD *thd, const char *host, const char *ip, const char *user,
757  const char *db, bool db_is_pattern);
758 bool is_acl_user(THD *thd, const char *host, const char *user);
759 bool acl_getroot(THD *thd, Security_context *sctx, const char *user,
760  const char *host, const char *ip, const char *db);
761 bool check_acl_tables_intact(THD *thd, bool mdl_locked);
762 bool check_acl_tables_intact(THD *thd, TABLE_LIST *tables);
763 void notify_flush_event(THD *thd);
765 void append_auth_id_string(const THD *thd, const char *user, size_t user_len,
766  const char *host, size_t host_len, String *str);
767 
768 /* sql_authorization */
769 bool skip_grant_tables();
771 bool mysql_set_role_default(THD *thd);
772 bool mysql_set_active_role_all(THD *thd, const List<LEX_USER> *except_users);
773 bool mysql_set_active_role(THD *thd, const List<LEX_USER> *role_list);
774 bool mysql_grant(THD *thd, const char *db, List<LEX_USER> &list, ulong rights,
775  bool revoke_grant, bool is_proxy,
776  const List<LEX_CSTRING> &dynamic_privilege,
777  bool grant_all_current_privileges, LEX_GRANT_AS *grant_as);
778 bool mysql_routine_grant(THD *thd, TABLE_LIST *table, bool is_proc,
779  List<LEX_USER> &user_list, ulong rights, bool revoke,
780  bool write_to_binlog);
781 int mysql_table_grant(THD *thd, TABLE_LIST *table, List<LEX_USER> &user_list,
782  List<LEX_COLUMN> &column_list, ulong rights, bool revoke);
783 bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
784  bool any_combination_will_do, uint number, bool no_errors);
785 bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name,
786  const char *table_name, const char *name, size_t length,
787  Security_context *sctx, ulong want_privilege);
788 bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST *table_ref,
789  const char *name, size_t length,
790  ulong want_privilege);
791 bool check_grant_all_columns(THD *thd, ulong want_access,
792  Field_iterator_table_ref *fields);
793 bool check_grant_routine(THD *thd, ulong want_access, TABLE_LIST *procs,
794  bool is_proc, bool no_error);
795 bool check_grant_db(THD *thd, const char *db);
796 bool acl_check_proxy_grant_access(THD *thd, const char *host, const char *user,
797  bool with_grant);
798 void get_privilege_desc(char *to, uint max_length, ulong access);
799 void get_mqh(THD *thd, const char *user, const char *host, USER_CONN *uc);
800 ulong get_table_grant(THD *thd, TABLE_LIST *table);
801 ulong get_column_grant(THD *thd, GRANT_INFO *grant, const char *db_name,
802  const char *table_name, const char *field_name);
803 bool mysql_show_grants(THD *, LEX_USER *, const List_of_auth_id_refs &, bool,
804  bool);
805 bool mysql_show_create_user(THD *thd, LEX_USER *user, bool are_both_users_same);
806 bool mysql_revoke_all(THD *thd, List<LEX_USER> &list);
807 bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name,
808  bool is_proc);
809 bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
810  bool is_proc);
812  const char *db, const char *table);
813 int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, Item *cond);
814 int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, Item *cond);
815 int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, Item *cond);
816 int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, Item *cond);
818  GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name);
819 
820 bool lock_tables_precheck(THD *thd, TABLE_LIST *tables);
821 bool create_table_precheck(THD *thd, TABLE_LIST *tables,
823 bool check_fk_parent_table_access(THD *thd, HA_CREATE_INFO *create_info,
824  Alter_info *alter_info);
826  bool *fake_lock_tables_acl);
827 bool check_readonly(THD *thd, bool err_if_readonly);
828 void err_readonly(THD *thd);
829 
830 bool is_secure_transport(int vio_type);
831 
832 bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *tables);
833 bool check_single_table_access(THD *thd, ulong privilege, TABLE_LIST *tables,
834  bool no_errors);
835 bool check_routine_access(THD *thd, ulong want_access, const char *db,
836  char *name, bool is_proc, bool no_errors);
837 bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table);
838 bool has_full_view_routine_access(THD *thd, const char *db,
839  const char *definer_user,
840  const char *definer_host);
841 bool has_partial_view_routine_access(THD *thd, const char *db,
842  const char *routine_name, bool is_proc);
843 bool check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
844  GRANT_INTERNAL_INFO *grant_internal_info,
845  bool dont_check_global_grants, bool no_errors);
846 bool check_table_access(THD *thd, ulong requirements, TABLE_LIST *tables,
847  bool any_combination_of_privileges_will_do, uint number,
848  bool no_errors);
850 bool mysql_grant_role(THD *thd, const List<LEX_USER> *users,
851  const List<LEX_USER> *roles, bool with_admin_opt);
852 bool mysql_revoke_role(THD *thd, const List<LEX_USER> *users,
853  const List<LEX_USER> *roles);
855 
856 bool is_granted_table_access(THD *thd, ulong required_acl, TABLE_LIST *table);
857 
859  const List<LEX_USER> *users,
860  const List<LEX_USER> *roles);
861 void roles_graphml(THD *thd, String *);
862 bool has_grant_role_privilege(THD *thd, const List<LEX_USER> *roles);
864 std::string create_authid_str_from(const LEX_USER *user);
865 std::pair<std::string, std::string> get_authid_from_quoted_string(
866  std::string str);
867 void append_identifier(String *packet, const char *name, size_t length);
868 bool is_role_id(LEX_USER *authid);
869 void shutdown_acl_cache();
871  LEX_CSTRING role_host);
872 bool is_mandatory_role(LEX_CSTRING role, LEX_CSTRING role_host,
873  bool *is_mandatory);
874 bool check_global_access(THD *thd, ulong want_access);
875 
876 /* sql_user_table */
878 bool is_acl_table_name(const char *name);
879 #ifndef NDEBUG
880 bool is_acl_table(const TABLE *table);
881 #endif
882 
883 typedef enum ssl_artifacts_status {
889 
891 extern bool opt_auto_generate_certs;
892 bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status,
893  const char **ssl_ca, const char **ssl_key,
894  const char **ssl_cert);
895 
896 #define DEFAULT_SSL_CA_CERT "ca.pem"
897 #define DEFAULT_SSL_CA_KEY "ca-key.pem"
898 #define DEFAULT_SSL_SERVER_CERT "server-cert.pem"
899 #define DEFAULT_SSL_SERVER_KEY "server-key.pem"
900 
901 void update_mandatory_roles(void);
902 bool check_authorization_id_string(THD *thd, LEX_STRING &mandatory_roles);
903 void func_current_role(const THD *thd, String *active_role);
904 
906 
910  virtual ~Security_context_policy() = default;
912  virtual bool operator()(Security_context *, Operation) = 0;
913 };
914 
915 typedef std::function<bool(Security_context *,
918 
919 template <class Derived>
921  public:
922  bool operator()(Security_context *sctx, Operation op) override {
923  if (op == Precheck && static_cast<Derived *>(this)->precheck(sctx))
924  return true;
925  if (op == Execute && static_cast<Derived *>(this)->create(sctx))
926  return true;
927  return false;
928  }
929 };
930 
931 template <class Derived>
933  public:
934  bool operator()(Security_context *sctx, Operation op) override {
935  if (op == Precheck && static_cast<Derived *>(this)->precheck(sctx))
936  return true;
937  if (op == Execute && static_cast<Derived *>(this)->grant_privileges(sctx))
938  return true;
939  return false;
940  }
941 };
942 
943 template <typename T>
944 using Sctx_ptr = std::unique_ptr<T, std::function<void(T *)>>;
945 
946 /**
947  Factory for creating any Security_context given a pre-constructed policy.
948 */
950  public:
951  /**
952  Default Security_context factory implementation. Given two policies and
953  a authid this class returns a Security_context.
954  @param thd The thread handle
955  @param user User name associated with auth id
956  @param host Host name associated with auth id
957  @param extend_user_profile The policy for creating the user profile
958  @param priv The policy for authorizing the authid to
959  use the server.
960  @param static_priv Static privileges for authid.
961  @param drop_policy The policy for deleting the authid and
962  revoke privileges
963  */
964  Security_context_factory(THD *thd, std::string user, std::string host,
965  Security_context_functor extend_user_profile,
967  Security_context_functor static_priv,
968  std::function<void(Security_context *)> drop_policy)
969  : m_thd(thd),
970  m_user(std::move(user)),
971  m_host(std::move(host)),
972  m_user_profile(std::move(extend_user_profile)),
973  m_privileges(std::move(priv)),
974  m_static_privileges(std::move(static_priv)),
975  m_drop_policy(std::move(drop_policy)) {}
976 
978 
979  private:
981 
983  std::string m_user;
984  std::string m_host;
988  const std::function<void(Security_context *)> m_drop_policy;
989 };
990 
991 class Default_local_authid : public Create_authid<Default_local_authid> {
992  public:
993  Default_local_authid(const THD *thd);
994  bool precheck(Security_context *sctx);
995  bool create(Security_context *sctx);
996 
997  private:
998  const THD *m_thd;
999 };
1000 
1001 /**
1002  Grant the privilege temporarily to the in-memory global privleges map.
1003  This class is not thread safe.
1004  */
1006  : public Grant_privileges<Grant_temporary_dynamic_privileges> {
1007  public:
1009  std::vector<std::string> privs);
1010  bool precheck(Security_context *sctx);
1011  bool grant_privileges(Security_context *sctx);
1012 
1013  private:
1014  const THD *m_thd;
1015  const std::vector<std::string> m_privs;
1016 };
1017 
1019  public:
1020  explicit Drop_temporary_dynamic_privileges(std::vector<std::string> privs)
1021  : m_privs(std::move(privs)) {}
1022  void operator()(Security_context *sctx);
1023 
1024  private:
1025  std::vector<std::string> m_privs;
1026 };
1027 
1029  : public Grant_privileges<Grant_temporary_static_privileges> {
1030  public:
1031  Grant_temporary_static_privileges(const THD *thd, const ulong privs);
1032  bool precheck(Security_context *sctx);
1033  bool grant_privileges(Security_context *sctx);
1034 
1035  private:
1036  /** THD handle */
1037  const THD *m_thd;
1038 
1039  /** Privileges */
1040  const ulong m_privs;
1041 };
1042 
1043 bool operator==(const LEX_CSTRING &a, const LEX_CSTRING &b);
1044 bool is_partial_revoke_exists(THD *thd);
1045 void set_system_user_flag(THD *thd, bool check_for_main_security_ctx = false);
1046 
1047 /**
1048  Storage container for default auth ids. Default roles are only weakly
1049  depending on ACL_USERs. You can retain a default role even if the
1050  corresponding ACL_USER is missing in the acl_cache.
1051 */
1052 class Auth_id {
1053  public:
1055  Auth_id(const char *user, size_t user_len, const char *host, size_t host_len);
1056  Auth_id(const Auth_id_ref &id);
1057  Auth_id(const LEX_CSTRING &user, const LEX_CSTRING &host);
1058  Auth_id(const std::string &user, const std::string &host);
1059  Auth_id(const LEX_USER *lex_user);
1060  Auth_id(const ACL_USER *acl_user);
1061 
1063  Auth_id(const Auth_id &id);
1064  Auth_id &operator=(const Auth_id &) = default;
1065 
1066  bool operator<(const Auth_id &id) const;
1067  void auth_str(std::string *out) const;
1068  std::string auth_str() const;
1069  const std::string &user() const;
1070  const std::string &host() const;
1071 
1072  private:
1073  void create_key();
1074  /** User part */
1075  std::string m_user;
1076  /** Host part */
1077  std::string m_host;
1078  /**
1079  Key: Internal representation mainly to facilitate use of
1080  Auth_id class in standard container.
1081  Format: 'user\0host\0'
1082  */
1083  std::string m_key;
1084 };
1085 
1086 /*
1087  As of now Role_id is an alias of Auth_id.
1088  We may extend the Auth_id as Role_id once
1089  more substances are added to latter.
1090 */
1092 
1093 /**
1094  Length of string buffer, that is enough to contain
1095  username and hostname parts of the user identifier with trailing zero in
1096  MySQL standard format:
1097  user_name_part\@host_name_part\\0
1098 */
1099 static constexpr int USER_HOST_BUFF_SIZE =
1101 
1103  std::string user;
1104  std::string host;
1105  std::string password;
1107 };
1108 
1109 void generate_random_password(std::string *password, uint32_t);
1110 typedef std::list<random_password_info> Userhostpassword_list;
1111 bool send_password_result_set(THD *thd,
1112  const Userhostpassword_list &generated_passwords);
1113 bool lock_and_get_mandatory_roles(std::vector<Role_id> *mandatory_roles);
1115  const std::string &json_blob, bool expect_text);
1116 
1117 /* helper method to check if sandbox mode should be turned off or not */
1118 bool turn_off_sandbox_mode(THD *thd, LEX_USER *user);
1119 #endif /* AUTH_COMMON_INCLUDED */
mysql_dynamic_priv_table_field
Definition: auth_common.h:350
@ MYSQL_DYNAMIC_PRIV_FIELD_PRIV
Definition: auth_common.h:353
@ MYSQL_DYNAMIC_PRIV_FIELD_HOST
Definition: auth_common.h:352
@ MYSQL_DYNAMIC_PRIV_FIELD_USER
Definition: auth_common.h:351
@ MYSQL_DYNAMIC_PRIV_FIELD_COUNT
Definition: auth_common.h:355
@ MYSQL_DYNAMIC_PRIV_FIELD_WITH_GRANT_OPTION
Definition: auth_common.h:354
mysql_columns_priv_table_field
Definition: auth_common.h:302
@ MYSQL_COLUMNS_PRIV_FIELD_COLUMN_NAME
Definition: auth_common.h:307
@ MYSQL_COLUMNS_PRIV_FIELD_HOST
Definition: auth_common.h:303
@ MYSQL_COLUMNS_PRIV_FIELD_COLUMN_PRIV
Definition: auth_common.h:309
@ MYSQL_COLUMNS_PRIV_FIELD_TABLE_NAME
Definition: auth_common.h:306
@ MYSQL_COLUMNS_PRIV_FIELD_COUNT
Definition: auth_common.h:310
@ MYSQL_COLUMNS_PRIV_FIELD_DB
Definition: auth_common.h:304
@ MYSQL_COLUMNS_PRIV_FIELD_USER
Definition: auth_common.h:305
@ MYSQL_COLUMNS_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:308
void roles_graphml(THD *thd, String *)
Definition: sql_authorization.cc:4814
bool check_fk_parent_table_access(THD *thd, HA_CREATE_INFO *create_info, Alter_info *alter_info)
Checks foreign key's parent table access.
Definition: sql_authorization.cc:5839
bool lock_tables_precheck(THD *thd, TABLE_LIST *tables)
Check privileges for LOCK TABLES statement.
Definition: sql_authorization.cc:1705
mysql_procs_priv_table_field
Definition: auth_common.h:290
@ MYSQL_PROCS_PRIV_FIELD_PROC_PRIV
Definition: auth_common.h:297
@ MYSQL_PROCS_PRIV_FIELD_ROUTINE_NAME
Definition: auth_common.h:294
@ MYSQL_PROCS_PRIV_FIELD_COUNT
Definition: auth_common.h:299
@ MYSQL_PROCS_PRIV_FIELD_HOST
Definition: auth_common.h:291
@ MYSQL_PROCS_PRIV_FIELD_DB
Definition: auth_common.h:292
@ MYSQL_PROCS_PRIV_FIELD_ROUTINE_TYPE
Definition: auth_common.h:295
@ MYSQL_PROCS_PRIV_FIELD_GRANTOR
Definition: auth_common.h:296
@ MYSQL_PROCS_PRIV_FIELD_USER
Definition: auth_common.h:293
@ MYSQL_PROCS_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:298
bool acl_check_host(THD *thd, const char *host, const char *ip)
Definition: sql_authentication.cc:1942
bool skip_grant_tables()
Definition: sql_auth_cache.cc:159
bool acl_check_proxy_grant_access(THD *thd, const char *host, const char *user, bool with_grant)
bool check_single_table_access(THD *thd, ulong privilege, TABLE_LIST *tables, bool no_errors)
Check grants for commands which work only with one table.
Definition: sql_authorization.cc:1931
bool check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, GRANT_INTERNAL_INFO *grant_internal_info, bool dont_check_global_grants, bool no_errors)
Compare requested privileges with the privileges acquired from the User- and Db-tables.
Definition: sql_authorization.cc:2130
void func_current_role(const THD *thd, String *active_role)
Helper function for Item_func_current_role.
Definition: sql_authorization.cc:6175
uint32 global_password_history
Global sysvar: the number of old passwords to check in the history.
Definition: sql_auth_cache.cc:3627
bool mysql_alter_or_clear_default_roles(THD *thd, role_enum role_type, const List< LEX_USER > *users, const List< LEX_USER > *roles)
Set the default roles to NONE, ALL or list of authorization IDs as roles, depending upon the role_typ...
Definition: sql_authorization.cc:6316
void append_auth_id_string(const THD *thd, const char *user, size_t user_len, const char *host, size_t host_len, String *str)
Append the user@host to the str.
Definition: sql_auth_cache.cc:708
std::pair< LEX_CSTRING, LEX_CSTRING > Auth_id_ref
user, host tuple which reference either acl_cache or g_default_roles
Definition: auth_common.h:75
std::unique_ptr< T, std::function< void(T *)> > Sctx_ptr
Definition: auth_common.h:944
mysql_role_edges_table_field
Definition: auth_common.h:325
@ MYSQL_ROLE_EDGES_FIELD_TO_USER
Definition: auth_common.h:329
@ MYSQL_ROLE_EDGES_FIELD_WITH_ADMIN_OPTION
Definition: auth_common.h:330
@ MYSQL_ROLE_EDGES_FIELD_FROM_USER
Definition: auth_common.h:327
@ MYSQL_ROLE_EDGES_FIELD_TO_HOST
Definition: auth_common.h:328
@ MYSQL_ROLE_EDGES_FIELD_FROM_HOST
Definition: auth_common.h:326
@ MYSQL_ROLE_EDGES_FIELD_COUNT
Definition: auth_common.h:331
void acl_log_connect(const char *user, const char *host, const char *auth_as, const char *db, THD *thd, enum enum_server_command command)
Logging connection for the general query log, extracted from acl_authenticate() as it's reused at dif...
Definition: sql_authentication.cc:3610
bool reload_acl_caches(THD *thd, bool mdl_locked)
Reload all ACL caches.
Definition: sql_auth_cache.cc:3645
bool is_acl_table_name(const char *name)
Check if given table name is a ACL table name.
Definition: sql_user_table.cc:2241
std::function< bool(Security_context *, Security_context_policy::Operation)> Security_context_functor
Definition: auth_common.h:917
bool check_routine_access(THD *thd, ulong want_access, const char *db, char *name, bool is_proc, bool no_errors)
Definition: sql_authorization.cc:1968
bool validate_user_plugins
controls the extra checks on plugin availability for mysql.user records
Definition: sql_auth_cache.cc:163
bool mysql_user_table_is_in_short_password_format
void acl_free(bool end=false)
Definition: sql_auth_cache.cc:1971
bool mysql_revoke_role(THD *thd, const List< LEX_USER > *users, const List< LEX_USER > *roles)
Definition: sql_authorization.cc:3038
bool check_grant_routine(THD *thd, ulong want_access, TABLE_LIST *procs, bool is_proc, bool no_error)
Definition: sql_authorization.cc:4246
bool check_acl_tables_intact(THD *thd, bool mdl_locked)
Opens the ACL tables and checks their sanity.
Definition: sql_auth_cache.cc:2095
bool mysql_show_grants(THD *, LEX_USER *, const List_of_auth_id_refs &, bool, bool)
SHOW GRANTS FOR user USING [ALL | role [,role ...]].
Definition: sql_authorization.cc:4708
void init_acl_memory()
Allocates the memory in the the global_acl_memory MEM_ROOT.
Definition: sql_auth_cache.cc:185
bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, bool is_proc)
Grant EXECUTE,ALTER privilege for a stored procedure.
Definition: sql_authorization.cc:5304
bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST *table_ref, const char *name, size_t length, ulong want_privilege)
Check the privileges for a column depending on the type of table.
Definition: sql_authorization.cc:3962
mysql_db_table_field
Definition: auth_common.h:198
@ MYSQL_DB_FIELD_GRANT_PRIV
Definition: auth_common.h:208
@ MYSQL_DB_FIELD_DELETE_PRIV
Definition: auth_common.h:205
@ MYSQL_DB_FIELD_INDEX_PRIV
Definition: auth_common.h:210
@ MYSQL_DB_FIELD_UPDATE_PRIV
Definition: auth_common.h:204
@ MYSQL_DB_FIELD_CREATE_VIEW_PRIV
Definition: auth_common.h:214
@ MYSQL_DB_FIELD_ALTER_PRIV
Definition: auth_common.h:211
@ MYSQL_DB_FIELD_LOCK_TABLES_PRIV
Definition: auth_common.h:213
@ MYSQL_DB_FIELD_COUNT
Definition: auth_common.h:221
@ MYSQL_DB_FIELD_TRIGGER_PRIV
Definition: auth_common.h:220
@ MYSQL_DB_FIELD_CREATE_PRIV
Definition: auth_common.h:206
@ MYSQL_DB_FIELD_CREATE_ROUTINE_PRIV
Definition: auth_common.h:216
@ MYSQL_DB_FIELD_SELECT_PRIV
Definition: auth_common.h:202
@ MYSQL_DB_FIELD_EXECUTE_PRIV
Definition: auth_common.h:218
@ MYSQL_DB_FIELD_INSERT_PRIV
Definition: auth_common.h:203
@ MYSQL_DB_FIELD_EVENT_PRIV
Definition: auth_common.h:219
@ MYSQL_DB_FIELD_ALTER_ROUTINE_PRIV
Definition: auth_common.h:217
@ MYSQL_DB_FIELD_CREATE_TMP_TABLE_PRIV
Definition: auth_common.h:212
@ MYSQL_DB_FIELD_USER
Definition: auth_common.h:201
@ MYSQL_DB_FIELD_HOST
Definition: auth_common.h:199
@ MYSQL_DB_FIELD_DROP_PRIV
Definition: auth_common.h:207
@ MYSQL_DB_FIELD_DB
Definition: auth_common.h:200
@ MYSQL_DB_FIELD_SHOW_VIEW_PRIV
Definition: auth_common.h:215
@ MYSQL_DB_FIELD_REFERENCES_PRIV
Definition: auth_common.h:209
bool is_mandatory_role(LEX_CSTRING role, LEX_CSTRING role_host, bool *is_mandatory)
Determine if a role@role_host authid is a mandatory role.
Definition: sql_authorization.cc:6716
int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, Item *cond)
Definition: sql_authorization.cc:5726
int acl_authenticate(THD *thd, enum_server_command command)
Perform the handshake, authorize the client and update thd sctx variables.
Definition: sql_authentication.cc:3746
int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, Item *cond)
Definition: sql_authorization.cc:5525
const std::vector< std::string > global_acls_vector
Consts for static privileges.
Definition: auth_acls.cc:61
bool lock_and_get_mandatory_roles(std::vector< Role_id > *mandatory_roles)
Copy a list of mandatory role authorization IDs.
Definition: sql_authorization.cc:6228
Auth_id_ref create_authid_from(const LEX_USER *user)
Definition: sql_authorization.cc:6554
bool mysql_grant_role(THD *thd, const List< LEX_USER > *users, const List< LEX_USER > *roles, bool with_admin_opt)
Grants a list of roles to a list of users.
Definition: sql_authorization.cc:3253
bool check_change_password(THD *thd, const char *host, const char *user, bool retain_current_password)
Definition: sql_user.cc:148
void get_privilege_desc(char *to, uint max_length, ulong access)
Definition: sql_authorization.cc:4442
int wild_case_compare(CHARSET_INFO *cs, const char *str, const char *wildstr)
Definition: sql_auth_cache.cc:793
bool mysql_alter_user_comment(THD *thd, const List< LEX_USER > *users, const std::string &json_blob, bool expect_text)
void get_mqh(THD *thd, const char *user, const char *host, USER_CONN *uc)
Definition: sql_auth_cache.cc:3093
bool is_acl_table(const TABLE *table)
Check if given TABLE* is a ACL table name.
Definition: sql_user_table.cc:2259
bool mysql_show_create_user(THD *thd, LEX_USER *user, bool are_both_users_same)
Auxiliary function for constructing CREATE USER sql for a given user.
Definition: sql_user.cc:251
bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status, const char **ssl_ca, const char **ssl_key, const char **ssl_cert)
Check auto_generate_certs option and generate SSL certificates if required.
Definition: sql_authentication.cc:5609
const char * any_db
Definition: sql_authorization.cc:514
ulong get_table_grant(THD *thd, TABLE_LIST *table)
Definition: sql_authorization.cc:4348
bool mysql_rename_user(THD *thd, List< LEX_USER > &list)
Definition: sql_user.cc:3071
bool check_global_access(THD *thd, ulong want_access)
check for global access and give descriptive error message if it fails.
Definition: sql_authorization.cc:5814
bool grant_init(bool skip_grant_tables)
Initialize structures responsible for table/column-level privilege checking and load information for ...
Definition: sql_auth_cache.cc:2339
uint32 global_password_reuse_interval
Definition: auth_common.h:905
void commit_and_close_mysql_tables(THD *thd)
A helper function to commit statement transaction and close ACL tables after reading some data from t...
Definition: sql_user_table.cc:506
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:76
std::string get_default_autnetication_plugin_name()
Return the default authentication plugin name.
Definition: sql_authentication.cc:1340
void set_system_user_flag(THD *thd, bool check_for_main_security_ctx=false)
Set the system_user flag in the THD.
Definition: auth_common.cc:163
bool check_grant_column(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *name, size_t length, Security_context *sctx, ulong want_privilege)
Definition: sql_authorization.cc:3882
bool is_granted_table_access(THD *thd, ulong required_acl, TABLE_LIST *table)
Given a TABLE_LIST object this function checks against.
Definition: sql_authorization.cc:2447
bool acl_getroot(THD *thd, Security_context *sctx, const char *user, const char *host, const char *ip, const char *db)
Definition: sql_auth_cache.cc:1492
bool check_lock_view_underlying_table_access(THD *thd, TABLE_LIST *tbl, bool *fake_lock_tables_acl)
For LOCK TABLES on a view checks if user in which context view is executed or user that has initiated...
Definition: sql_authorization.cc:5903
ulong get_global_acl_cache_size()
Definition: sql_auth_cache.cc:106
bool mysql_set_active_role_none(THD *thd)
Reset active roles.
Definition: sql_authorization.cc:6618
bool check_readonly(THD *thd, bool err_if_readonly)
Performs standardized check whether to prohibit (true) or allow (false) operations based on read_only...
Definition: sql_authorization.cc:1835
int set_default_auth_plugin(char *plugin_name, size_t plugin_name_length)
Initialize default authentication plugin based on command line options or configuration file settings...
Definition: sql_authentication.cc:1314
bool acl_init(bool dont_read_acl_tables)
Definition: sql_auth_cache.cc:1736
bool acl_can_access_user(THD *thd, LEX_USER *user)
Auxilary function for the CAN_ACCESS_USER internal function used to check if a row from mysql....
Definition: sql_user.cc:200
bool create_table_precheck(THD *thd, TABLE_LIST *tables, TABLE_LIST *create_table)
CREATE TABLE query pre-check.
Definition: sql_authorization.cc:1733
bool change_password(THD *thd, LEX_USER *user, const char *password, const char *current_password, bool retain_current_password)
Change a password hash for a user.
Definition: sql_user.cc:1902
std::list< random_password_info > Userhostpassword_list
Definition: auth_common.h:1110
bool check_table_access(THD *thd, ulong requirements, TABLE_LIST *tables, bool any_combination_of_privileges_will_do, uint number, bool no_errors)
Check if the requested privileges exists in either User-, DB- or, tables- tables.
Definition: sql_authorization.cc:2343
bool send_password_result_set(THD *thd, const Userhostpassword_list &generated_passwords)
Sends the result set of generated passwords to the client.
Definition: sql_user.cc:951
bool operator<(const Auth_id_ref &a, const Auth_id_ref &b)
Definition: sql_authorization.cc:7397
std::string create_authid_str_from(const LEX_USER *user)
Helper used for producing a key to a key-value-map.
Definition: sql_authorization.cc:6546
bool mysql_set_active_role_all(THD *thd, const List< LEX_USER > *except_users)
Activates all granted role in the current security context.
Definition: sql_authorization.cc:6662
bool mysql_revoke_all(THD *thd, List< LEX_USER > &list)
Definition: sql_authorization.cc:5052
ACL_internal_access_result
Definition: auth_common.h:80
@ ACL_INTERNAL_ACCESS_GRANTED
Access granted for all the requested privileges, do not use the grant tables.
Definition: auth_common.h:87
@ ACL_INTERNAL_ACCESS_CHECK_GRANT
No decision yet, use the grant tables.
Definition: auth_common.h:91
@ ACL_INTERNAL_ACCESS_DENIED
Access denied, do not use the grant tables.
Definition: auth_common.h:89
bool turn_off_sandbox_mode(THD *thd, LEX_USER *user)
Helper method to turn off sandbox mode once registration step is complete.
Definition: sql_user.cc:995
mysql_password_history_table_field
Definition: auth_common.h:342
@ MYSQL_PASSWORD_HISTORY_FIELD_COUNT
Definition: auth_common.h:347
@ MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD_TIMESTAMP
Definition: auth_common.h:345
@ MYSQL_PASSWORD_HISTORY_FIELD_HOST
Definition: auth_common.h:343
@ MYSQL_PASSWORD_HISTORY_FIELD_USER
Definition: auth_common.h:344
@ MYSQL_PASSWORD_HISTORY_FIELD_PASSWORD
Definition: auth_common.h:346
bool mysql_create_user(THD *thd, List< LEX_USER > &list, bool if_not_exists, bool is_role)
Definition: sql_user.cc:2633
std::pair< std::string, std::string > get_authid_from_quoted_string(std::string str)
Return the unquoted authorization id as a user,host-tuple.
Definition: sql_authorization.cc:4516
void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant, const char *db, const char *table)
Definition: sql_authorization.cc:5394
bool operator==(const LEX_CSTRING &a, const LEX_CSTRING &b)
Definition: sql_authorization.cc:7414
void get_default_roles(const Auth_id_ref &user, List_of_auth_id_refs &list)
Shallow copy a list of default role authorization IDs from an Role_id storage.
Definition: sql_authorization.cc:6206
bool check_table_encryption_admin_access(THD *thd)
Check if a current user has the privilege TABLE_ENCRYPTION_ADMIN required to create encrypted table.
Definition: sql_authorization.cc:2413
bool is_role_id(LEX_USER *authid)
Definition: sql_authorization.cc:796
bool check_grant_all_columns(THD *thd, ulong want_access, Field_iterator_table_ref *fields)
check if a query can access a set of columns
Definition: sql_authorization.cc:4039
bool is_granted_role(LEX_CSTRING user, LEX_CSTRING host, LEX_CSTRING role, LEX_CSTRING role_host)
This function works just like check_if_granted_role, but also guarantees that the proper lock is take...
Definition: sql_authorization.cc:6695
mysql_default_roles_table_field
Definition: auth_common.h:334
@ MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_USER
Definition: auth_common.h:338
@ MYSQL_DEFAULT_ROLES_FIELD_COUNT
Definition: auth_common.h:339
@ MYSQL_DEFAULT_ROLES_FIELD_DEFAULT_ROLE_HOST
Definition: auth_common.h:337
@ MYSQL_DEFAULT_ROLES_FIELD_HOST
Definition: auth_common.h:335
@ MYSQL_DEFAULT_ROLES_FIELD_USER
Definition: auth_common.h:336
void append_identifier(String *packet, const char *name, size_t length)
Convert and quote the given identifier if needed and append it to the target string.
Definition: sql_show.cc:1448
bool mysql_grant(THD *thd, const char *db, List< LEX_USER > &list, ulong rights, bool revoke_grant, bool is_proxy, const List< LEX_CSTRING > &dynamic_privilege, bool grant_all_current_privileges, LEX_GRANT_AS *grant_as)
Definition: sql_authorization.cc:3376
bool is_acl_user(THD *thd, const char *host, const char *user)
Definition: sql_auth_cache.cc:1210
void update_mandatory_roles(void)
Definition: sql_authorization.cc:7238
bool has_full_view_routine_access(THD *thd, const char *db, const char *definer_user, const char *definer_host)
Check if user has full access to view routine's properties (i.e including stored routine code).
Definition: sql_authorization.cc:2050
void notify_flush_event(THD *thd)
Audit notification for flush.
Definition: sql_auth_cache.cc:1679
bool is_secure_transport(int vio_type)
Definition: sql_authentication.cc:4160
bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables, bool any_combination_will_do, uint number, bool no_errors)
Check table level grants.
Definition: sql_authorization.cc:3699
bool disconnect_on_expired_password
Definition: sql_authentication.cc:1080
bool wildcard_db_grant_exists()
bool mysql_routine_grant(THD *thd, TABLE_LIST *table, bool is_proc, List< LEX_USER > &user_list, ulong rights, bool revoke, bool write_to_binlog)
Store routine level grants in the privilege tables.
Definition: sql_authorization.cc:2873
mysql_tables_priv_table_field
Definition: auth_common.h:313
@ MYSQL_TABLES_PRIV_FIELD_HOST
Definition: auth_common.h:314
@ MYSQL_TABLES_PRIV_FIELD_GRANTOR
Definition: auth_common.h:318
@ MYSQL_TABLES_PRIV_FIELD_COUNT
Definition: auth_common.h:322
@ MYSQL_TABLES_PRIV_FIELD_COLUMN_PRIV
Definition: auth_common.h:321
@ MYSQL_TABLES_PRIV_FIELD_TABLE_NAME
Definition: auth_common.h:317
@ MYSQL_TABLES_PRIV_FIELD_TABLE_PRIV
Definition: auth_common.h:320
@ MYSQL_TABLES_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:319
@ MYSQL_TABLES_PRIV_FIELD_USER
Definition: auth_common.h:316
@ MYSQL_TABLES_PRIV_FIELD_DB
Definition: auth_common.h:315
int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, Item *cond)
Definition: sql_authorization.cc:5600
void shutdown_acl_cache()
Shutdown the global Acl_cache system which was only initialized if the rwlocks were initialized.
Definition: sql_auth_cache.cc:3436
void log_user(THD *thd, String *str, LEX_USER *user, bool comma)
Auxiliary function for constructing a user list string.
Definition: sql_user.cc:118
bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name, bool is_proc)
Revoke privileges for all users on a stored procedure.
Definition: sql_authorization.cc:5215
mysql_proxies_priv_table_feild
Definition: auth_common.h:279
@ MYSQL_PROXIES_PRIV_FIELD_HOST
Definition: auth_common.h:280
@ MYSQL_PROXIES_PRIV_FIELD_PROXIED_USER
Definition: auth_common.h:283
@ MYSQL_PROXIES_PRIV_FIELD_PROXIED_HOST
Definition: auth_common.h:282
@ MYSQL_PROXIES_PRIV_FIELD_COUNT
Definition: auth_common.h:287
@ MYSQL_PROXIES_PRIV_FIELD_WITH_GRANT
Definition: auth_common.h:284
@ MYSQL_PROXIES_PRIV_FIELD_USER
Definition: auth_common.h:281
@ MYSQL_PROXIES_PRIV_FIELD_GRANTOR
Definition: auth_common.h:285
@ MYSQL_PROXIES_PRIV_FIELD_TIMESTAMP
Definition: auth_common.h:286
bool check_grant_db(THD *thd, const char *db)
Check if a user has the right to access a database.
Definition: sql_authorization.cc:4186
void err_readonly(THD *thd)
Generates appropriate error messages for read-only state depending on whether user has SUPER privileg...
Definition: sql_authorization.cc:1871
int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, Item *cond)
Definition: sql_authorization.cc:5661
void grant_free(void)
Definition: sql_auth_cache.cc:2319
void generate_random_password(std::string *password, uint32_t)
Generates a random password of the length decided by the system variable generated_random_password_le...
Definition: sql_user.cc:931
bool is_acl_inited()
Definition: sql_auth_cache.cc:3871
ssl_artifacts_status
Definition: auth_common.h:883
@ SSL_ARTIFACTS_VIA_OPTIONS
Definition: auth_common.h:885
@ SSL_ARTIFACTS_AUTO_DETECTED
Definition: auth_common.h:887
@ SSL_ARTIFACT_TRACES_FOUND
Definition: auth_common.h:886
@ SSL_ARTIFACTS_NOT_FOUND
Definition: auth_common.h:884
bool mysql_drop_user(THD *thd, List< LEX_USER > &list, bool if_exists, bool drop_role)
Drop a list of users and all their privileges.
Definition: sql_user.cc:2919
ulong acl_get(THD *thd, const char *host, const char *ip, const char *user, const char *db, bool db_is_pattern)
Get privilege for a host, user, and db combination.
Definition: sql_auth_cache.cc:1338
bool is_partial_revoke_exists(THD *thd)
Method to check if there exists at least one partial revokes in the cache.
Definition: sql_auth_cache.cc:3855
bool mysql_set_active_role(THD *thd, const List< LEX_USER > *role_list)
Definition: sql_authorization.cc:6672
bool mysql_alter_user(THD *thd, List< LEX_USER > &list, bool if_exists)
Definition: sql_user.cc:3266
const ACL_internal_schema_access * get_cached_schema_access(GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name)
Get a cached internal schema access.
Definition: sql_authorization.cc:1639
mysql_user_table_field
Definition: auth_common.h:224
@ MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV
Definition: auth_common.h:255
@ MYSQL_USER_FIELD_SUPER_PRIV
Definition: auth_common.h:242
@ MYSQL_USER_FIELD_DROP_PRIV
Definition: auth_common.h:232
@ MYSQL_USER_FIELD_ACCOUNT_LOCKED
Definition: auth_common.h:269
@ MYSQL_USER_FIELD_SSL_TYPE
Definition: auth_common.h:256
@ MYSQL_USER_FIELD_SSL_CIPHER
Definition: auth_common.h:257
@ MYSQL_USER_FIELD_REPL_CLIENT_PRIV
Definition: auth_common.h:247
@ MYSQL_USER_FIELD_MAX_USER_CONNECTIONS
Definition: auth_common.h:263
@ MYSQL_USER_FIELD_COUNT
Definition: auth_common.h:276
@ MYSQL_USER_FIELD_PROCESS_PRIV
Definition: auth_common.h:235
@ MYSQL_USER_FIELD_SELECT_PRIV
Definition: auth_common.h:227
@ MYSQL_USER_FIELD_USER
Definition: auth_common.h:226
@ MYSQL_USER_FIELD_MAX_CONNECTIONS
Definition: auth_common.h:262
@ MYSQL_USER_FIELD_REFERENCES_PRIV
Definition: auth_common.h:238
@ MYSQL_USER_FIELD_PASSWORD_EXPIRED
Definition: auth_common.h:266
@ MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV
Definition: auth_common.h:250
@ MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV
Definition: auth_common.h:251
@ MYSQL_USER_FIELD_PLUGIN
Definition: auth_common.h:264
@ MYSQL_USER_FIELD_MAX_UPDATES
Definition: auth_common.h:261
@ MYSQL_USER_FIELD_EVENT_PRIV
Definition: auth_common.h:253
@ MYSQL_USER_FIELD_RELOAD_PRIV
Definition: auth_common.h:233
@ MYSQL_USER_FIELD_UPDATE_PRIV
Definition: auth_common.h:229
@ MYSQL_USER_FIELD_TRIGGER_PRIV
Definition: auth_common.h:254
@ MYSQL_USER_FIELD_X509_ISSUER
Definition: auth_common.h:258
@ MYSQL_USER_FIELD_LOCK_TABLES_PRIV
Definition: auth_common.h:244
@ MYSQL_USER_FIELD_CREATE_ROLE_PRIV
Definition: auth_common.h:270
@ MYSQL_USER_FIELD_PASSWORD_LAST_CHANGED
Definition: auth_common.h:267
@ MYSQL_USER_FIELD_INSERT_PRIV
Definition: auth_common.h:228
@ MYSQL_USER_FIELD_REPL_SLAVE_PRIV
Definition: auth_common.h:246
@ MYSQL_USER_FIELD_FILE_PRIV
Definition: auth_common.h:236
@ MYSQL_USER_FIELD_DROP_ROLE_PRIV
Definition: auth_common.h:271
@ MYSQL_USER_FIELD_INDEX_PRIV
Definition: auth_common.h:239
@ MYSQL_USER_FIELD_HOST
Definition: auth_common.h:225
@ MYSQL_USER_FIELD_PASSWORD_LIFETIME
Definition: auth_common.h:268
@ MYSQL_USER_FIELD_X509_SUBJECT
Definition: auth_common.h:259
@ MYSQL_USER_FIELD_AUTHENTICATION_STRING
Definition: auth_common.h:265
@ MYSQL_USER_FIELD_SHOW_DB_PRIV
Definition: auth_common.h:241
@ MYSQL_USER_FIELD_SHOW_VIEW_PRIV
Definition: auth_common.h:249
@ MYSQL_USER_FIELD_CREATE_USER_PRIV
Definition: auth_common.h:252
@ MYSQL_USER_FIELD_EXECUTE_PRIV
Definition: auth_common.h:245
@ MYSQL_USER_FIELD_MAX_QUESTIONS
Definition: auth_common.h:260
@ MYSQL_USER_FIELD_CREATE_VIEW_PRIV
Definition: auth_common.h:248
@ MYSQL_USER_FIELD_SHUTDOWN_PRIV
Definition: auth_common.h:234
@ MYSQL_USER_FIELD_CREATE_PRIV
Definition: auth_common.h:231
@ MYSQL_USER_FIELD_ALTER_PRIV
Definition: auth_common.h:240
@ MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV
Definition: auth_common.h:243
@ MYSQL_USER_FIELD_GRANT_PRIV
Definition: auth_common.h:237
@ MYSQL_USER_FIELD_PASSWORD_REQUIRE_CURRENT
Definition: auth_common.h:274
@ MYSQL_USER_FIELD_PASSWORD_REUSE_TIME
Definition: auth_common.h:273
@ MYSQL_USER_FIELD_USER_ATTRIBUTES
Definition: auth_common.h:275
@ MYSQL_USER_FIELD_DELETE_PRIV
Definition: auth_common.h:230
@ MYSQL_USER_FIELD_PASSWORD_REUSE_HISTORY
Definition: auth_common.h:272
bool hostname_requires_resolving(const char *hostname)
Check if the given host name needs to be resolved or not.
Definition: sql_auth_cache.cc:872
bool has_grant_role_privilege(THD *thd, const List< LEX_USER > *roles)
Definition: sql_authorization.cc:2517
bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *tables)
Check grants for commands which work only with one table and all other tables belonging to subselects...
Definition: sql_authorization.cc:1892
bool mysql_set_role_default(THD *thd)
Activates all the default roles in the current security context.
Definition: sql_authorization.cc:6639
bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table)
Check if the given table has any of the asked privileges.
Definition: sql_authorization.cc:2020
bool check_authorization_id_string(THD *thd, LEX_STRING &mandatory_roles)
Definition: sql_authorization.cc:7150
bool check_engine_type_for_acl_table(THD *thd, bool mdl_locked)
Definition: sql_auth_cache.cc:1999
bool has_partial_view_routine_access(THD *thd, const char *db, const char *routine_name, bool is_proc)
Check if user has partial access to view routine's properties (i.e.
Definition: sql_authorization.cc:2078
int mysql_table_grant(THD *thd, TABLE_LIST *table, List< LEX_USER > &user_list, List< LEX_COLUMN > &column_list, ulong rights, bool revoke)
Definition: sql_authorization.cc:2586
static constexpr int USER_HOST_BUFF_SIZE
Length of string buffer, that is enough to contain username and hostname parts of the user identifier...
Definition: auth_common.h:1099
bool opt_auto_generate_certs
Definition: sql_authentication.cc:1096
ulong get_column_grant(THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *field_name)
Definition: sql_authorization.cc:4385
bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table, const Auth_id_ref &authid_user)
Definition: sql_authorization.cc:624
Definition: sql_auth_cache.h:248
Per internal schema ACL access rules.
Definition: auth_common.h:137
virtual const ACL_internal_table_access * lookup(const char *name) const =0
Search for per table ACL access rules by table name.
virtual ACL_internal_access_result check(ulong want_access, ulong *save_priv) const =0
Check access to an internal schema.
virtual ~ACL_internal_schema_access()=default
ACL_internal_schema_access()=default
A registry for per internal schema ACL.
Definition: auth_common.h:172
static const ACL_internal_schema_access * lookup(const char *name)
Search per internal schema ACL by name.
Definition: sql_auth_cache.cc:210
static void register_schema(const LEX_CSTRING &name, const ACL_internal_schema_access *access)
Add an internal schema to the registry.
Definition: sql_auth_cache.cc:195
Per internal table ACL access rules.
Definition: auth_common.h:102
virtual ~ACL_internal_table_access()=default
virtual ACL_internal_access_result check(ulong want_access, ulong *save_priv) const =0
Check access to an internal table.
ACL_internal_table_access()=default
Data describing the table being created by CREATE TABLE or altered by ALTER TABLE.
Definition: sql_alter.h:204
Storage container for default auth ids.
Definition: auth_common.h:1052
const std::string & host() const
Definition: auth_common.cc:122
Auth_id & operator=(const Auth_id &)=default
std::string m_user
User part.
Definition: auth_common.h:1075
void create_key()
Definition: auth_common.cc:54
const std::string & user() const
Definition: auth_common.cc:121
bool operator<(const Auth_id &id) const
Definition: auth_common.cc:98
std::string auth_str() const
Definition: auth_common.cc:113
std::string m_key
Key: Internal representation mainly to facilitate use of Auth_id class in standard container.
Definition: auth_common.h:1083
std::string m_host
Host part.
Definition: auth_common.h:1077
Definition: auth_common.h:920
bool operator()(Security_context *sctx, Operation op) override
Definition: auth_common.h:922
Definition: auth_common.h:991
const THD * m_thd
Definition: auth_common.h:998
bool create(Security_context *sctx)
Create a local authid without modifying any tables.
Definition: sql_authorization.cc:7264
Default_local_authid(const THD *thd)
Definition: sql_authorization.cc:7244
bool precheck(Security_context *sctx)
Check if the security context can be created as a local authid.
Definition: sql_authorization.cc:7253
Definition: auth_common.h:1018
Drop_temporary_dynamic_privileges(std::vector< std::string > privs)
Definition: auth_common.h:1020
void operator()(Security_context *sctx)
Definition: sql_authorization.cc:7290
std::vector< std::string > m_privs
Definition: auth_common.h:1025
Generic iterator over the fields of an arbitrary table reference.
Definition: table.h:3958
Definition: auth_common.h:932
bool operator()(Security_context *sctx, Operation op) override
Definition: auth_common.h:934
Grant the privilege temporarily to the in-memory global privleges map.
Definition: auth_common.h:1006
const std::vector< std::string > m_privs
Definition: auth_common.h:1015
Grant_temporary_dynamic_privileges(const THD *thd, std::vector< std::string > privs)
Definition: sql_authorization.cc:7268
bool grant_privileges(Security_context *sctx)
Grant dynamic privileges to an in-memory global authid.
Definition: sql_authorization.cc:7284
const THD * m_thd
Definition: auth_common.h:1014
bool precheck(Security_context *sctx)
Definition: sql_authorization.cc:7272
Definition: auth_common.h:1029
const ulong m_privs
Privileges.
Definition: auth_common.h:1040
bool grant_privileges(Security_context *sctx)
Definition: sql_authorization.cc:7304
bool precheck(Security_context *sctx)
Definition: sql_authorization.cc:7299
const THD * m_thd
THD handle.
Definition: auth_common.h:1037
Grant_temporary_static_privileges(const THD *thd, const ulong privs)
Definition: sql_authorization.cc:7295
Extension of ACL_internal_schema_access for Information Schema.
Definition: auth_common.h:182
~IS_internal_schema_access() override=default
IS_internal_schema_access()=default
const ACL_internal_table_access * lookup(const char *name) const override
Search for per table ACL access rules by table name.
Definition: sql_authorization.cc:1689
ACL_internal_access_result check(ulong want_access, ulong *save_priv) const override
Check access to an internal schema.
Definition: sql_authorization.cc:1672
Base class that is used to represent any kind of expression in a relational query.
Definition: item.h:802
Definition: sql_lex.h:3578
Definition: sql_lex.h:3590
Definition: sql_list.h:431
Factory for creating any Security_context given a pre-constructed policy.
Definition: auth_common.h:949
Security_context_functor m_static_privileges
Definition: auth_common.h:987
Security_context_functor m_privileges
Definition: auth_common.h:986
Security_context_factory(THD *thd, std::string user, std::string host, Security_context_functor extend_user_profile, Security_context_functor priv, Security_context_functor static_priv, std::function< void(Security_context *)> drop_policy)
Default Security_context factory implementation.
Definition: auth_common.h:964
std::string m_user
Definition: auth_common.h:983
Sctx_ptr< Security_context > create()
Definition: sql_authorization.cc:7340
std::string m_host
Definition: auth_common.h:984
bool apply_pre_constructed_policies(Security_context *sctx)
Definition: sql_authorization.cc:7310
Security_context_functor m_user_profile
Definition: auth_common.h:985
THD * m_thd
Definition: auth_common.h:982
const std::function< void(Security_context *)> m_drop_policy
Definition: auth_common.h:988
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:53
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:165
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:821
Definition: auth_common.h:427
uint repl_client_priv_idx() override
Definition: auth_common.h:468
uint max_user_connections_idx() override
Definition: auth_common.h:498
uint plugin_idx() override
Definition: auth_common.h:501
uint create_tablespace_priv_idx() override
Definition: auth_common.h:486
uint account_locked_idx() override
Definition: auth_common.h:514
uint create_priv_idx() override
Definition: auth_common.h:440
uint create_tmp_table_priv_idx() override
Definition: auth_common.h:458
uint password_idx() override
Definition: auth_common.h:432
uint trigger_priv_idx() override
Definition: auth_common.h:485
uint max_questions_idx() override
Definition: auth_common.h:493
uint create_view_priv_idx() override
Definition: auth_common.h:471
uint index_priv_idx() override
Definition: auth_common.h:450
uint insert_priv_idx() override
Definition: auth_common.h:437
uint user_idx() override
Definition: auth_common.h:430
uint alter_routine_priv_idx() override
Definition: auth_common.h:478
uint create_user_priv_idx() override
Definition: auth_common.h:481
uint password_reuse_time_idx() override
Definition: auth_common.h:518
uint password_expired_idx() override
Definition: auth_common.h:505
uint password_require_current_idx() override
Definition: auth_common.h:521
uint shutdown_priv_idx() override
Definition: auth_common.h:443
uint drop_priv_idx() override
Definition: auth_common.h:441
uint host_idx() override
Definition: auth_common.h:429
uint file_priv_idx() override
Definition: auth_common.h:445
uint authentication_string_idx() override
Definition: auth_common.h:502
uint drop_role_priv_idx() override
Definition: auth_common.h:457
uint repl_slave_priv_idx() override
Definition: auth_common.h:465
uint x509_subject_idx() override
Definition: auth_common.h:492
uint references_priv_idx() override
Definition: auth_common.h:447
uint password_lifetime_idx() override
Definition: auth_common.h:511
uint event_priv_idx() override
Definition: auth_common.h:484
uint process_priv_idx() override
Definition: auth_common.h:444
uint max_connections_idx() override
Definition: auth_common.h:495
uint password_reuse_history_idx() override
Definition: auth_common.h:515
uint create_routine_priv_idx() override
Definition: auth_common.h:475
uint ssl_cipher_idx() override
Definition: auth_common.h:490
uint super_priv_idx() override
Definition: auth_common.h:453
uint update_priv_idx() override
Definition: auth_common.h:438
uint reload_priv_idx() override
Definition: auth_common.h:442
uint create_role_priv_idx() override
Definition: auth_common.h:454
uint password_last_changed_idx() override
Definition: auth_common.h:508
uint lock_tables_priv_idx() override
Definition: auth_common.h:461
uint show_db_priv_idx() override
Definition: auth_common.h:452
uint user_attributes_idx() override
Definition: auth_common.h:524
uint x509_issuer_idx() override
Definition: auth_common.h:491
uint grant_priv_idx() override
Definition: auth_common.h:446
uint ssl_type_idx() override
Definition: auth_common.h:489
uint alter_priv_idx() override
Definition: auth_common.h:451
uint max_updates_idx() override
Definition: auth_common.h:494
uint execute_priv_idx() override
Definition: auth_common.h:464
uint select_priv_idx() override
Definition: auth_common.h:436
uint show_view_priv_idx() override
Definition: auth_common.h:474
uint delete_priv_idx() override
Definition: auth_common.h:439
Definition: auth_common.h:532
uint file_priv_idx() override
Definition: auth_common.h:595
uint user_idx() override
Definition: auth_common.h:582
uint insert_priv_idx() override
Definition: auth_common.h:585
uint shutdown_priv_idx() override
Definition: auth_common.h:591
uint account_locked_idx() override
Definition: auth_common.h:664
uint x509_issuer_idx() override
Definition: auth_common.h:639
uint password_reuse_time_idx() override
Definition: auth_common.h:670
uint host_idx() override
Definition: auth_common.h:581
uint x509_subject_idx() override
Definition: auth_common.h:640
uint index_priv_idx() override
Definition: auth_common.h:600
mysql_user_table_field_56
Definition: auth_common.h:534
@ MYSQL_USER_FIELD_SUPER_PRIV_56
Definition: auth_common.h:553
@ MYSQL_USER_FIELD_SELECT_PRIV_56
Definition: auth_common.h:538
@ MYSQL_USER_FIELD_REFERENCES_PRIV_56
Definition: auth_common.h:549
@ MYSQL_USER_FIELD_SHOW_DB_PRIV_56
Definition: auth_common.h:552
@ MYSQL_USER_FIELD_UPDATE_PRIV_56
Definition: auth_common.h:540
@ MYSQL_USER_FIELD_DROP_PRIV_56
Definition: auth_common.h:543
@ MYSQL_USER_FIELD_PLUGIN_56
Definition: auth_common.h:575
@ MYSQL_USER_FIELD_FILE_PRIV_56
Definition: auth_common.h:547
@ MYSQL_USER_FIELD_X509_SUBJECT_56
Definition: auth_common.h:570
@ MYSQL_USER_FIELD_REPL_CLIENT_PRIV_56
Definition: auth_common.h:558
@ MYSQL_USER_FIELD_PASSWORD_56
Definition: auth_common.h:537
@ MYSQL_USER_FIELD_MAX_USER_CONNECTIONS_56
Definition: auth_common.h:574
@ MYSQL_USER_FIELD_X509_ISSUER_56
Definition: auth_common.h:569
@ MYSQL_USER_FIELD_PROCESS_PRIV_56
Definition: auth_common.h:546
@ MYSQL_USER_FIELD_ALTER_ROUTINE_PRIV_56
Definition: auth_common.h:562
@ MYSQL_USER_FIELD_COUNT_56
Definition: auth_common.h:578
@ MYSQL_USER_FIELD_EVENT_PRIV_56
Definition: auth_common.h:564
@ MYSQL_USER_FIELD_SHUTDOWN_PRIV_56
Definition: auth_common.h:545
@ MYSQL_USER_FIELD_SSL_TYPE_56
Definition: auth_common.h:567
@ MYSQL_USER_FIELD_SSL_CIPHER_56
Definition: auth_common.h:568
@ MYSQL_USER_FIELD_CREATE_VIEW_PRIV_56
Definition: auth_common.h:559
@ MYSQL_USER_FIELD_DELETE_PRIV_56
Definition: auth_common.h:541
@ MYSQL_USER_FIELD_MAX_CONNECTIONS_56
Definition: auth_common.h:573
@ MYSQL_USER_FIELD_CREATE_USER_PRIV_56
Definition: auth_common.h:563
@ MYSQL_USER_FIELD_CREATE_ROUTINE_PRIV_56
Definition: auth_common.h:561
@ MYSQL_USER_FIELD_CREATE_PRIV_56
Definition: auth_common.h:542
@ MYSQL_USER_FIELD_EXECUTE_PRIV_56
Definition: auth_common.h:556
@ MYSQL_USER_FIELD_MAX_QUESTIONS_56
Definition: auth_common.h:571
@ MYSQL_USER_FIELD_HOST_56
Definition: auth_common.h:535
@ MYSQL_USER_FIELD_GRANT_PRIV_56
Definition: auth_common.h:548
@ MYSQL_USER_FIELD_AUTHENTICATION_STRING_56
Definition: auth_common.h:576
@ MYSQL_USER_FIELD_RELOAD_PRIV_56
Definition: auth_common.h:544
@ MYSQL_USER_FIELD_SHOW_VIEW_PRIV_56
Definition: auth_common.h:560
@ MYSQL_USER_FIELD_LOCK_TABLES_PRIV_56
Definition: auth_common.h:555
@ MYSQL_USER_FIELD_TRIGGER_PRIV_56
Definition: auth_common.h:565
@ MYSQL_USER_FIELD_PASSWORD_EXPIRED_56
Definition: auth_common.h:577
@ MYSQL_USER_FIELD_CREATE_TMP_TABLE_PRIV_56
Definition: auth_common.h:554
@ MYSQL_USER_FIELD_CREATE_TABLESPACE_PRIV_56
Definition: auth_common.h:566
@ MYSQL_USER_FIELD_USER_56
Definition: auth_common.h:536
@ MYSQL_USER_FIELD_INSERT_PRIV_56
Definition: auth_common.h:539
@ MYSQL_USER_FIELD_INDEX_PRIV_56
Definition: auth_common.h:550
@ MYSQL_USER_FIELD_ALTER_PRIV_56
Definition: auth_common.h:551
@ MYSQL_USER_FIELD_REPL_SLAVE_PRIV_56
Definition: auth_common.h:557
@ MYSQL_USER_FIELD_MAX_UPDATES_56
Definition: auth_common.h:572
uint drop_role_priv_idx() override
Definition: auth_common.h:666
uint user_attributes_idx() override
Definition: auth_common.h:674
uint lock_tables_priv_idx() override
Definition: auth_common.h:607
uint create_tmp_table_priv_idx() override
Definition: auth_common.h:604
uint password_lifetime_idx() override
Definition: auth_common.h:663
uint process_priv_idx() override
Definition: auth_common.h:594
uint create_view_priv_idx() override
Definition: auth_common.h:617
uint plugin_idx() override
Definition: auth_common.h:651
uint max_user_connections_idx() override
Definition: auth_common.h:648
uint select_priv_idx() override
Definition: auth_common.h:584
uint references_priv_idx() override
Definition: auth_common.h:597
uint grant_priv_idx() override
Definition: auth_common.h:596
uint repl_slave_priv_idx() override
Definition: auth_common.h:611
uint max_updates_idx() override
Definition: auth_common.h:644
uint delete_priv_idx() override
Definition: auth_common.h:587
uint create_user_priv_idx() override
Definition: auth_common.h:629
uint repl_client_priv_idx() override
Definition: auth_common.h:614
uint show_view_priv_idx() override
Definition: auth_common.h:620
uint password_reuse_history_idx() override
Definition: auth_common.h:667
uint update_priv_idx() override
Definition: auth_common.h:586
uint create_priv_idx() override
Definition: auth_common.h:588
uint max_questions_idx() override
Definition: auth_common.h:641
uint drop_priv_idx() override
Definition: auth_common.h:589
uint alter_priv_idx() override
Definition: auth_common.h:601
uint execute_priv_idx() override
Definition: auth_common.h:610
uint password_idx() override
Definition: auth_common.h:583
uint password_expired_idx() override
Definition: auth_common.h:655
uint password_last_changed_idx() override
Definition: auth_common.h:660
uint authentication_string_idx() override
Definition: auth_common.h:652
uint show_db_priv_idx() override
Definition: auth_common.h:602
uint create_tablespace_priv_idx() override
Definition: auth_common.h:634
uint password_require_current_idx() override
Definition: auth_common.h:671
uint ssl_type_idx() override
Definition: auth_common.h:637
uint max_connections_idx() override
Definition: auth_common.h:645
uint reload_priv_idx() override
Definition: auth_common.h:590
uint create_role_priv_idx() override
Definition: auth_common.h:665
uint alter_routine_priv_idx() override
Definition: auth_common.h:626
uint create_routine_priv_idx() override
Definition: auth_common.h:623
uint super_priv_idx() override
Definition: auth_common.h:603
uint ssl_cipher_idx() override
Definition: auth_common.h:638
uint trigger_priv_idx() override
Definition: auth_common.h:633
uint event_priv_idx() override
Definition: auth_common.h:632
Definition: auth_common.h:677
virtual ~User_table_schema_factory()=default
virtual bool is_old_user_table_schema(TABLE *table)
Definition: auth_common.cc:45
virtual User_table_schema * get_user_table_schema(TABLE *table)
Definition: auth_common.h:679
Definition: auth_common.h:364
virtual uint user_attributes_idx()=0
virtual uint event_priv_idx()=0
virtual uint update_priv_idx()=0
virtual uint max_connections_idx()=0
virtual uint user_idx()=0
virtual uint select_priv_idx()=0
virtual uint repl_client_priv_idx()=0
virtual uint x509_issuer_idx()=0
virtual uint references_priv_idx()=0
virtual uint alter_priv_idx()=0
virtual uint password_last_changed_idx()=0
virtual uint host_idx()=0
virtual uint trigger_priv_idx()=0
virtual uint show_view_priv_idx()=0
virtual uint process_priv_idx()=0
virtual uint create_tablespace_priv_idx()=0
virtual uint reload_priv_idx()=0
virtual uint drop_priv_idx()=0
virtual uint password_expired_idx()=0
virtual uint max_user_connections_idx()=0
virtual uint max_updates_idx()=0
virtual uint password_reuse_time_idx()=0
virtual uint create_view_priv_idx()=0
virtual uint create_tmp_table_priv_idx()=0
virtual uint ssl_type_idx()=0
virtual uint password_lifetime_idx()=0
virtual uint show_db_priv_idx()=0
virtual uint password_reuse_history_idx()=0
virtual uint create_role_priv_idx()=0
virtual uint create_priv_idx()=0
virtual uint account_locked_idx()=0
virtual uint x509_subject_idx()=0
virtual uint alter_routine_priv_idx()=0
virtual uint super_priv_idx()=0
virtual uint password_require_current_idx()=0
virtual uint repl_slave_priv_idx()=0
virtual uint shutdown_priv_idx()=0
virtual uint lock_tables_priv_idx()=0
virtual uint authentication_string_idx()=0
virtual uint drop_role_priv_idx()=0
virtual uint ssl_cipher_idx()=0
virtual uint create_user_priv_idx()=0
virtual uint password_idx()=0
virtual uint grant_priv_idx()=0
virtual uint plugin_idx()=0
virtual uint index_priv_idx()=0
virtual uint max_questions_idx()=0
virtual uint create_routine_priv_idx()=0
virtual uint execute_priv_idx()=0
virtual uint delete_priv_idx()=0
virtual uint file_priv_idx()=0
virtual uint insert_priv_idx()=0
virtual ~User_table_schema()=default
Definition: sp_head.h:119
PFS_table * create_table(PFS_table_share *share, PFS_thread *opening_thread, const void *identity)
Create instrumentation for a table instance.
Definition: pfs_instr.cc:1247
enum_server_command
A list of all MySQL protocol commands.
Definition: my_command.h:47
Common definition used by mysys, performance schema and server & client.
static constexpr int HOSTNAME_LENGTH
Definition: my_hostname.h:42
Some integer typedefs for easier portability.
uint32_t uint32
Definition: my_inttypes.h:66
Common definition between mysql server & client.
#define USERNAME_LENGTH
Definition: mysql_com.h:68
static char * password
Definition: mysql_secure_installation.cc:55
char * user
Definition: mysqladmin.cc:59
const char * host
Definition: mysqladmin.cc:58
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1056
Definition: acl_table_user.cc:80
const std::string mysql
const std::string system_user
Definition: commit_order_queue.h:33
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:75
static mysql_service_status_t create(const char *service_names[], reference_caching_channel *out_channel) noexcept
Definition: component.cc:35
const char * table_name
Definition: rules_table_service.cc:55
Cursor end()
A past-the-end Cursor.
Definition: rules_table_service.cc:191
const char * db_name
Definition: rules_table_service.cc:54
Definition: varlen_sort.h:183
const string comma(" , ")
role_enum
Definition: sql_admin.h:218
LEX_CSTRING * plugin_name(st_plugin_int **ref)
Definition: sql_plugin_ref.h:94
Consumer_type
Target types where the rewritten query will be added.
Definition: sql_rewrite.h:37
case opt name
Definition: sslopt-case.h:32
Definition: m_ctype.h:354
The current state of the privilege checking process for the current user, SQL statement and SQL objec...
Definition: table.h:356
State information for internal tables grants.
Definition: table.h:333
Definition: handler.h:2764
Definition: table.h:2561
The MEM_ROOT is a simple arena, where allocations are carved out of larger blocks.
Definition: my_alloc.h:78
Definition: mysql_lex_string.h:39
Definition: mysql_lex_string.h:34
Definition: auth_common.h:907
virtual bool operator()(Security_context *, Operation)=0
Security_context_policy(const Security_context_policy &)=default
Operation
Definition: auth_common.h:908
@ Precheck
Definition: auth_common.h:908
@ Execute
Definition: auth_common.h:908
Security_context_policy()=default
virtual ~Security_context_policy()=default
Definition: table.h:2694
Definition: table.h:1394
Definition: auth_common.h:1102
std::string host
Definition: auth_common.h:1104
std::string user
Definition: auth_common.h:1103
unsigned int authentication_factor
Definition: auth_common.h:1106
std::string password
Definition: auth_common.h:1105
Definition: sql_connect.h:69
unsigned int uint
Definition: uca-dump.cc:29
command
Definition: version_token.cc:279
enum enum_vio_type vio_type(const MYSQL_VIO vio)