MySQL  8.0.18
Source Code Documentation
auth_internal.h
Go to the documentation of this file.
1 /* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 /* Internals */
23 
24 #ifndef AUTH_INTERNAL_INCLUDED
25 #define AUTH_INTERNAL_INCLUDED
26 
27 #include <map>
28 #include <string>
29 #include <unordered_map>
30 #include <unordered_set>
31 
32 #include "mysql_time.h" /* MYSQL_TIME */
33 #include "sql/auth/auth_common.h"
36 #include "sql/auth/user_table.h"
37 #include "sql/sql_audit.h"
38 #include "sql/table.h"
39 #include "violite.h" /* SSL_type */
40 
41 class ACL_USER;
42 class ACL_PROXY_USER;
43 class GRANT_NAME;
44 class GRANT_TABLE;
45 class GRANT_COLUMN;
46 class Json_object;
47 class Json_wrapper;
48 class Restrictions;
49 struct TABLE;
50 class Rewrite_params;
51 
53 void append_identifier(const THD *thd, String *packet, const char *name,
54  size_t length);
55 typedef std::map<std::string, unsigned long> Column_map;
61 };
62 typedef std::map<std::string, unsigned long> SP_access_map;
63 typedef std::map<std::string, unsigned long> Db_access_map;
64 typedef std::map<std::string, Grant_table_aggregate> Table_access_map_storage;
66  public:
68 
69  typedef Table_access_map_storage::iterator iterator;
71  typedef Table_access_map_storage::mapped_type mapped_type;
73  return m_values[key];
74  }
75  iterator begin() { return m_values.begin(); }
76  iterator end() { return m_values.end(); }
78  return m_values.find(key);
79  }
80  void set_thd(THD *thd) { m_thd = thd; }
81  THD *get_thd() { return m_thd; }
82 
83  private:
86 };
87 typedef std::unordered_set<std::string> Grant_acl_set;
88 
89 std::string create_authid_str_from(const LEX_USER *user);
90 std::string create_authid_str_from(const ACL_USER *user);
91 std::string create_authid_str_from(const LEX_CSTRING &user,
92  const LEX_CSTRING &host);
93 std::string create_authid_str_from(const Auth_id_ref &user);
96 
97 std::string get_one_priv(ulong &revoke_privs);
98 /* sql_authentication */
99 class Rsa_authentication_keys;
100 extern Rsa_authentication_keys *g_sha256_rsa_keys;
101 extern Rsa_authentication_keys *g_caching_sha2_rsa_keys;
105 class Auth_id;
106 template <typename K, typename V>
109 
111 bool auth_plugin_is_built_in(const char *plugin_name);
113 
115  GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name,
116  const char *table_name);
117 
118 /* sql_auth_cache */
119 ulong get_sort(uint count, ...);
122 
123 /*sql_authentication */
126 
127 /* sql_auth_cache */
128 void rebuild_check_host(void);
129 ACL_USER *find_acl_user(const char *host, const char *user, bool exact);
130 ACL_PROXY_USER *acl_find_proxy_user(const char *user, const char *host,
131  const char *ip, char *authenticated_as,
132  bool *proxy_used);
133 void acl_insert_proxy_user(ACL_PROXY_USER *new_value);
134 
135 void acl_update_user(const char *user, const char *host, enum SSL_type ssl_type,
136  const char *ssl_cipher, const char *x509_issuer,
137  const char *x509_subject, USER_RESOURCES *mqh,
138  ulong privileges, const LEX_CSTRING &plugin,
139  const LEX_CSTRING &auth, const std::string &second_auth,
140  const MYSQL_TIME &password_change_time,
141  const LEX_ALTER &password_life, Restrictions &restrictions,
142  acl_table::Pod_user_what_to_update &what_to_update);
143 void acl_users_add_one(THD *thd MY_ATTRIBUTE((unused)), const char *user,
144  const char *host, enum SSL_type ssl_type,
145  const char *ssl_cipher, const char *x509_issuer,
146  const char *x509_subject, USER_RESOURCES *mqh,
147  ulong privileges, const LEX_CSTRING &plugin,
148  const LEX_CSTRING &auth, const LEX_CSTRING &second_auth,
149  const MYSQL_TIME &password_change_time,
150  const LEX_ALTER &password_life, bool add_role_vertex,
151  Restrictions &restrictions);
152 void acl_insert_user(THD *thd, const char *user, const char *host,
153  enum SSL_type ssl_type, const char *ssl_cipher,
154  const char *x509_issuer, const char *x509_subject,
155  USER_RESOURCES *mqh, ulong privileges,
156  const LEX_CSTRING &plugin, const LEX_CSTRING &auth,
157  const MYSQL_TIME &password_change_time,
158  const LEX_ALTER &password_life,
159  Restrictions &restrictions);
160 void acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke);
161 void acl_update_db(const char *user, const char *host, const char *db,
162  ulong privileges);
163 void acl_insert_db(const char *user, const char *host, const char *db,
164  ulong privileges);
165 bool update_sctx_cache(Security_context *sctx, ACL_USER *acl_user_ptr,
166  bool expired);
167 
168 bool do_update_sctx(Security_context *sctx, LEX_USER *from_user);
169 void update_sctx(Security_context *sctx, LEX_USER *to_user);
170 
172 bool acl_reload(THD *thd, bool mdl_locked);
173 bool grant_reload(THD *thd, bool mdl_locked);
174 void clean_user_cache();
175 bool set_user_salt(ACL_USER *acl_user);
176 
177 /* sql_user_table */
178 Json_object *get_user_attributes(THD *thd, TABLE *user_table,
179  Json_wrapper &json_wrapper);
180 ulong get_access(TABLE *form, uint fieldnr, uint *next_field);
181 int replace_db_table(THD *thd, TABLE *table, const char *db,
182  const LEX_USER &combo, ulong rights, bool revoke_grant);
183 int replace_proxies_priv_table(THD *thd, TABLE *table, const LEX_USER *user,
184  const LEX_USER *proxied_user,
185  bool with_grant_arg, bool revoke_grant);
186 int replace_column_table(THD *thd, GRANT_TABLE *g_t, TABLE *table,
187  const LEX_USER &combo, List<LEX_COLUMN> &columns,
188  const char *db, const char *table_name, ulong rights,
189  bool revoke_grant);
190 int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
191  std::unique_ptr<GRANT_TABLE, Destroy_only<GRANT_TABLE>>
192  *deleted_grant_table,
193  TABLE *table, const LEX_USER &combo, const char *db,
194  const char *table_name, ulong rights, ulong col_rights,
195  bool revoke_grant);
196 int replace_routine_table(THD *thd, GRANT_NAME *grant_name, TABLE *table,
197  const LEX_USER &combo, const char *db,
198  const char *routine_name, bool is_proc, ulong rights,
199  bool revoke_grant);
200 int open_grant_tables(THD *thd, TABLE_LIST *tables, bool *transactional_tables);
202  TABLE_LIST *tables, thr_lock_type lock_type = TL_WRITE,
204 
205 int replace_roles_priv_table(THD *thd, TABLE *table, const LEX_USER *user,
206  const LEX_USER *role, bool with_grant_arg,
207  bool revoke_grant);
208 
209 void acl_print_ha_error(int handler_error);
211 bool log_and_commit_acl_ddl(THD *thd, bool transactional_tables,
212  std::set<LEX_USER *> *extra_users = NULL,
213  Rewrite_params *rewrite_params = NULL,
214  bool extra_error = false,
215  bool log_to_binlog = true);
216 void acl_notify_htons(THD *thd, enum_sql_command operation,
217  const List<LEX_USER> *users,
218  const List<LEX_CSTRING> *dynamic_privs = nullptr);
219 
220 /* sql_authorization */
222 void rebuild_vertex_index(THD *thd);
223 void default_roles_init(void);
224 void default_roles_delete(void);
225 void roles_graph_init(void);
226 void roles_graph_delete(void);
227 void roles_init(void);
228 void roles_delete(void);
229 void dynamic_privileges_init(void);
230 void dynamic_privileges_delete(void);
231 bool grant_dynamic_privilege(const LEX_CSTRING &str_priv,
232  const LEX_CSTRING &str_user,
233  const LEX_CSTRING &str_host,
234  bool with_grant_option,
236 bool revoke_dynamic_privilege(const LEX_CSTRING &str_priv,
237  const LEX_CSTRING &str_user,
238  const LEX_CSTRING &str_host,
239  Update_dynamic_privilege_table &update_table);
241  const LEX_CSTRING &host,
243 bool rename_dynamic_grant(const LEX_CSTRING &old_user,
244  const LEX_CSTRING &old_host,
245  const LEX_CSTRING &new_user,
246  const LEX_CSTRING &new_host,
247  Update_dynamic_privilege_table &update_table);
249  const LEX_CSTRING &str_user, const LEX_CSTRING &str_host,
252  const LEX_CSTRING &str_user, const LEX_CSTRING &str_host,
255  const Role_id &id, const std::vector<std::string> &priv_list);
257  const Role_id &id, const std::vector<std::string> &priv_list);
258 bool operator==(const Role_id &a, const Auth_id_ref &b);
259 bool operator==(const Auth_id_ref &a, const Role_id &b);
260 bool operator==(const std::pair<const Role_id, const Role_id> &a,
261  const Auth_id_ref &b);
262 bool operator==(const Role_id &a, const Role_id &b);
263 bool operator==(std::pair<const Role_id, std::pair<std::string, bool>> &a,
264  const std::string &b);
265 typedef std::vector<std::pair<Role_id, bool>> List_of_granted_roles;
266 
267 struct role_id_hash {
268  std::size_t operator()(const Role_id &k) const {
269  using std::hash;
270  using std::size_t;
271  using std::string;
272  return ((hash<string>()(k.user()) ^ (hash<string>()(k.host()) << 1)) >> 1);
273  }
274 };
275 
276 typedef std::unordered_multimap<const Role_id, const Role_id, role_id_hash>
278 typedef std::map<std::string, bool> Dynamic_privileges;
279 
281  ACL_USER *acl_user, const List_of_auth_id_refs *using_roles, ulong *access,
282  Db_access_map *db_map, Db_access_map *db_wild_map,
284  List_of_granted_roles *granted_roles, Grant_acl_set *with_admin_acl,
285  Dynamic_privileges *dynamic_acl, Restrictions &restrictions);
286 bool clear_default_roles(THD *thd, TABLE *table,
287  const Auth_id_ref &user_auth_id,
288  std::vector<Role_id> *default_roles);
290 bool drop_default_role_policy(THD *thd, TABLE *table,
291  const Auth_id_ref &default_role_policy,
292  const Auth_id_ref &user);
294  Auth_id_ref &authid,
295  std::function<bool(const std::pair<const Auth_id_ref &, bool> &p)> f);
296 void revoke_role(THD *thd, ACL_USER *role, ACL_USER *user);
297 bool revoke_all_roles_from_user(THD *thd, TABLE *edge_table,
298  TABLE *defaults_table, LEX_USER *user);
299 bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table,
300  const Auth_id_ref &authid_user);
301 bool modify_role_edges_in_table(THD *thd, TABLE *table,
302  const Auth_id_ref &from_user,
303  const Auth_id_ref &to_user,
304  bool with_admin_option, bool delete_option);
307  const LEX_CSTRING &host);
308 bool roles_rename_authid(THD *thd, TABLE *edge_table, TABLE *defaults_table,
309  LEX_USER *user_from, LEX_USER *user_to);
311  THD *thd, LEX_USER *Str, acl_table::Pod_user_what_to_update &what_to_set,
312  bool is_privileged_user, bool is_role, TABLE_LIST *history_table,
313  bool *history_check_done, const char *cmd, Userhostpassword_list &);
314 typedef std::pair<std::string, bool> Grant_privilege;
315 typedef std::unordered_multimap<const Role_id, Grant_privilege, role_id_hash>
320 bool populate_roles_caches(THD *thd, TABLE_LIST *tablelst);
321 void grant_role(ACL_USER *role, const ACL_USER *user, bool with_admin_opt);
322 void get_mandatory_roles(std::vector<Role_id> *mandatory_roles);
323 extern std::vector<Role_id> *g_mandatory_roles;
324 void create_role_vertex(ACL_USER *role_acl_user);
325 void activate_all_granted_roles(const ACL_USER *acl_user,
326  Security_context *sctx);
328  Security_context *sctx);
329 extern std::vector<std::string> builtin_auth_plugins;
330 
332  const List_of_auth_id_refs &new_auth_ids);
333 
334 bool alter_user_set_default_roles_all(THD *thd, TABLE *def_role_table,
335  LEX_USER *user);
336 /*
337  Checks if any of the users has SYSTEM_USER privilege then current user
338  must also have SYSTEM_USER privilege.
339  It is a wrapper over the Privilege_checker class that does
340  privilege checks for one user at a time.
341 */
343 bool has_wildcards_in_db_grant(const std::string &db_string);
344 
345 #endif /* AUTH_INTERNAL_INCLUDED */
bool caching_sha2_auto_generate_rsa_keys
Definition: sha2_password.cc:78
bool grant_reload(THD *thd, bool mdl_locked)
Reload information about table and column level privileges if possible.
Definition: sql_auth_cache.cc:2416
void acl_notify_htons(THD *thd, enum_sql_command operation, const List< LEX_USER > *users, const List< LEX_CSTRING > *dynamic_privs=nullptr)
Definition: sql_user_table.cc:561
Abstraction for accessing JSON values irrespective of whether they are (started out as) binary JSON v...
Definition: json_dom.h:1141
Definition: auth_internal.h:65
void roles_init(void)
Initialize the roles caches that consist of the role graphs related artifacts and default role map...
Definition: sql_authorization.cc:7012
void create_role_vertex(ACL_USER *role_acl_user)
Helper function for create_roles_vertices.
Definition: sql_authorization.cc:872
bool revoke_all_roles_from_user(THD *thd, TABLE *edge_table, TABLE *defaults_table, LEX_USER *user)
Used by mysql_drop_user.
Definition: sql_authorization.cc:737
ulonglong table_map
Definition: my_table_map.h:32
char * user
Definition: mysqladmin.cc:59
Storage container for default auth ids.
Definition: auth_common.h:987
Table_access_map()
Definition: auth_internal.h:67
void rebuild_check_host(void)
Definition: sql_auth_cache.cc:1256
void activate_all_granted_and_mandatory_roles(const ACL_USER *acl_user, Security_context *sctx)
Definition: sql_authorization.cc:6076
bool acl_reload(THD *thd, bool mdl_locked)
Definition: sql_auth_cache.cc:1931
void acl_insert_user(THD *thd, const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, ulong privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, Restrictions &restrictions)
Definition: sql_auth_cache.cc:2740
ssize_t count
Definition: memcached.c:386
std::map< std::string, Grant_table_aggregate > Table_access_map_storage
Definition: auth_internal.h:64
void grant_tables_setup_for_open(TABLE_LIST *tables, thr_lock_type lock_type=TL_WRITE, enum_mdl_type mdl_type=MDL_SHARED_NO_READ_WRITE)
Prepare an array of all of the grant tables for opening.
Definition: sql_user_table.cc:1657
Table_access_map_storage m_values
Definition: auth_internal.h:85
LEX_CSTRING * plugin_name(st_plugin_int **ref)
Definition: sql_plugin_ref.h:94
const string name("\ame\)
bool update_sctx_cache(Security_context *sctx, ACL_USER *acl_user_ptr, bool expired)
Update the security context when updating the user.
Definition: sql_auth_cache.cc:2858
void revoke_dynamic_privileges_from_auth_id(const Role_id &id, const std::vector< std::string > &priv_list)
Revoke dynamic privielges from in memory internal auth id.
Definition: sql_authorization.cc:6842
const ACL_internal_table_access * get_cached_table_access(GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name, const char *table_name)
Get a cached internal table access.
Definition: sql_authorization.cc:1746
Definition: thr_lock.h:91
THD * get_thd()
Definition: auth_internal.h:81
Definition: sql_auth_cache.h:284
std::vector< std::string > builtin_auth_plugins
void rebuild_vertex_index(THD *thd)
Since the gap in the vertex vector was removed all the vertex descriptors has changed.
Definition: sql_authorization.cc:604
bool assert_acl_cache_read_lock(THD *thd)
Assert that thread owns MDL_SHARED on partition specific to the thread.
Definition: sql_auth_cache.cc:3361
ulong get_access(TABLE *form, uint fieldnr, uint *next_field)
Definition: sql_user_table.cc:513
Map_with_rw_lock< Auth_id, uint > * unknown_accounts
Hash to map unknown accounts to an authentication plugin.
Definition: sql_authentication.cc:809
Definition: my_alloc.h:401
iterator begin()
Definition: auth_internal.h:75
mapped_type & operator[](const Table_access_map_storage::key_type &key)
Definition: auth_internal.h:72
static int key_type
Definition: mi_test1.cc:38
User_to_dynamic_privileges_map * get_dynamic_privileges_map()
Definition: sql_authorization.cc:7034
User_to_dynamic_privileges_map * swap_dynamic_privileges_map(User_to_dynamic_privileges_map *map)
Definition: sql_authorization.cc:7042
enum_mdl_type
Type of metadata lock request.
Definition: mdl.h:179
bool grant_dynamic_privilege(const LEX_CSTRING &str_priv, const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, bool with_grant_option, Update_dynamic_privilege_table &func)
Grant one privilege to one user.
Definition: sql_authorization.cc:6665
const char * host
Definition: mysqladmin.cc:58
bool check_system_user_privilege(THD *thd, List< LEX_USER > list)
Checks if any of the users has SYSTEM_USER privilege then current user must also have SYSTEM_USER pri...
Definition: sql_authorization.cc:7405
bool modify_role_edges_in_table(THD *thd, TABLE *table, const Auth_id_ref &from_user, const Auth_id_ref &to_user, bool with_admin_option, bool delete_option)
Definition: role_tables.cc:72
enum_sql_command
Definition: my_sqlcommand.h:45
bool operator==(const Role_id &a, const Auth_id_ref &b)
Definition: sql_authorization.cc:7303
void dynamic_privileges_delete(void)
Definition: sql_authorization.cc:7029
Definition: mysql_lex_string.h:39
void roles_delete(void)
Delete the role caches.
Definition: sql_authorization.cc:7020
State information for internal tables grants.
Definition: table.h:317
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:53
bool alter_user_set_default_roles(THD *thd, TABLE *table, LEX_USER *user, const List_of_auth_id_refs &new_auth_ids)
Set the default roles for a particular user.
Definition: sql_authorization.cc:6430
bool check_engine_type_for_acl_table(TABLE_LIST *tables, bool report_error)
Check that every ACL table has a supported storage engine (InnoDB).
Definition: sql_user_table.cc:2002
void append_identifier(const THD *thd, String *packet, const char *name, size_t length)
Definition: sql_show.cc:917
Container of all restrictions for a given user.
Definition: partial_revokes.h:126
class udf_list * list
static struct st_mysql_daemon plugin
Definition: test_services_host_application_signal.cc:130
Rsa_authentication_keys * g_caching_sha2_rsa_keys
Definition: sha2_password.cc:79
ACL_USER * find_acl_user(const char *host, const char *user, bool exact)
Definition: sql_auth_cache.cc:954
iterator find(const Table_access_map_storage::key_type &key)
Definition: auth_internal.h:77
bool log_and_commit_acl_ddl(THD *thd, bool transactional_tables, std::set< LEX_USER *> *extra_users=NULL, Rewrite_params *rewrite_params=NULL, bool extra_error=false, bool log_to_binlog=true)
Definition: sql_user_table.cc:672
Column_map columns
Definition: auth_internal.h:60
static bool report_error(THD *thd, int error_code, Sql_condition::enum_severity_level level, Args... args)
Definition: error_handler.cc:281
bool is_privileged_user_for_credential_change(THD *thd)
Definition: sql_authorization.cc:5725
void acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke)
Definition: sql_auth_cache.cc:2761
Using this class is fraught with peril, and you need to be very careful when doing so...
Definition: sql_string.h:161
bool do_update_sctx(Security_context *sctx, LEX_USER *from_user)
Checks if current user needs to be changed in case it is same as the LEX_USER.
Definition: sql_authorization.cc:7361
bool grant_dynamic_privileges_to_auth_id(const Role_id &id, const std::vector< std::string > &priv_list)
Grant needed dynamic privielges to in memory internal auth id.
Definition: sql_authorization.cc:6817
int replace_table_table(THD *thd, GRANT_TABLE *grant_table, std::unique_ptr< GRANT_TABLE, Destroy_only< GRANT_TABLE >> *deleted_grant_table, TABLE *table, const LEX_USER &combo, const char *db, const char *table_name, ulong rights, ulong col_rights, bool revoke_grant)
Search and create/update a record for requested table privileges.
Definition: sql_user_table.cc:1354
Definition: table.h:1301
void revoke_role(THD *thd, ACL_USER *role, ACL_USER *user)
Used by mysql_revoke_role() for revoking a specified role from a specified user. ...
Definition: sql_authorization.cc:588
std::pair< std::string, bool > Grant_privilege
Definition: auth_internal.h:314
Definition: sql_auth_cache.h:141
void acl_insert_db(const char *user, const char *host, const char *db, ulong privileges)
Definition: sql_auth_cache.cc:2818
int replace_db_table(THD *thd, TABLE *table, const char *db, const LEX_USER &combo, ulong rights, bool revoke_grant)
change grants in the mysql.db table.
Definition: sql_user_table.cc:794
Grant_table_aggregate()
Definition: auth_internal.h:57
Definition: sql_auth_cache.h:204
void get_privilege_access_maps(ACL_USER *acl_user, const List_of_auth_id_refs *using_roles, ulong *access, Db_access_map *db_map, Db_access_map *db_wild_map, Table_access_map *table_map, SP_access_map *sp_map, SP_access_map *func_map, List_of_granted_roles *granted_roles, Grant_acl_set *with_admin_acl, Dynamic_privileges *dynamic_acl, Restrictions &restrictions)
Definition: sql_authorization.cc:4522
bool auth_plugin_is_built_in(const char *plugin_name)
Definition: sql_authentication.cc:1166
Definition: auth_internal.h:56
Definition: table.h:2367
std::string get_one_priv(ulong &revoke_privs)
Converts privilege represented by LSB to string.
Definition: auth_common.cc:156
void update_sctx(Security_context *sctx, LEX_USER *to_user)
Definition: sql_authorization.cc:7380
void acl_print_ha_error(int handler_error)
Take a handler error and generate the mysql error ER_ACL_OPERATION_FAILED containing original text of...
Definition: sql_user_table.cc:768
uint16_t value_type
Definition: vt100.h:182
void get_granted_roles(LEX_USER *user, List_of_granted_roles *granted_roles)
This is a convenience function.
Definition: sql_authorization.cc:6090
ulong cols
Definition: auth_internal.h:59
Json_object * get_user_attributes(THD *thd, TABLE *user_table, Json_wrapper &json_wrapper)
bool roles_rename_authid(THD *thd, TABLE *edge_table, TABLE *defaults_table, LEX_USER *user_from, LEX_USER *user_to)
Renames a user in the mysql.role_edge and the mysql.default_roles tables.
Definition: sql_authorization.cc:908
thr_lock_type
Definition: thr_lock.h:50
iterator end()
Definition: auth_internal.h:76
void get_mandatory_roles(std::vector< Role_id > *mandatory_roles)
Definition: sql_authorization.cc:7115
const std::string & host() const
Definition: auth_common.cc:145
Map with RWLock protections.
Definition: auth_internal.h:107
char * caching_sha2_rsa_public_key_path
Definition: sha2_password.cc:77
void default_roles_init(void)
Initialize the default role map that keeps the content from the default_roles table.
Definition: sql_authorization.cc:6984
std::string create_authid_str_from(const LEX_USER *user)
Helper used for producing a key to a key-value-map.
Definition: sql_authorization.cc:6474
bool has_wildcards_in_db_grant(const std::string &db_string)
Definition: sql_authorization.cc:1548
const std::string & user() const
Definition: auth_common.cc:144
std::map< std::string, unsigned long > Db_access_map
Definition: auth_internal.h:63
Definition: mdl.h:301
Rsa_authentication_keys * g_sha256_rsa_keys
void activate_all_granted_roles(const ACL_USER *acl_user, Security_context *sctx)
Activates all roles granted to the auth_id.
Definition: sql_authorization.cc:6047
bool clear_default_roles(THD *thd, TABLE *table, const Auth_id_ref &user_auth_id, std::vector< Role_id > *default_roles)
Removes all default role policies assigned to user.
Definition: sql_authorization.cc:6183
void clean_user_cache()
Definition: sql_auth_cache.cc:1585
unsigned int uint
Definition: uca-dump.cc:29
THD * m_thd
Definition: auth_internal.h:84
void dynamic_privileges_init(void)
Definition: sql_authorization.cc:7025
void clear_and_init_db_cache()
Definition: sql_auth_cache.cc:1083
void optimize_plugin_compare_by_pointer(LEX_CSTRING *plugin_name)
Definition: sql_authentication.cc:1124
std::vector< std::pair< Role_id, bool > > List_of_granted_roles
Definition: auth_internal.h:265
int iterate_granted_roles(Auth_id_ref &authid, std::function< bool(const std::pair< const Auth_id_ref &, bool > &p)> f)
Table_access_map_storage::iterator iterator
Definition: auth_internal.h:69
int open_grant_tables(THD *thd, TABLE_LIST *tables, bool *transactional_tables)
Open the grant tables.
Definition: sql_user_table.cc:1733
std::list< std::vector< std::string > > Userhostpassword_list
Definition: auth_common.h:1038
An interface to wrap the paramters required by specific Rewriter.
Definition: sql_rewrite.h:49
Definition: sql_connect.h:40
bool rename_dynamic_grant(const LEX_CSTRING &old_user, const LEX_CSTRING &old_host, const LEX_CSTRING &new_user, const LEX_CSTRING &new_host, Update_dynamic_privilege_table &update_table)
Definition: sql_authorization.cc:6929
uint32_t hash(const void *key, size_t length, const uint32_t initval)
Definition: hash.c:121
static const char * key
Definition: suite_stubs.c:14
ulong get_sort(uint count,...)
Definition: sql_auth_cache.cc:595
bool assert_acl_cache_write_lock(THD *thd)
Assert that thread owns MDL_EXCLUSIVE on all partitions.
Definition: sql_auth_cache.cc:3376
int replace_column_table(THD *thd, GRANT_TABLE *g_t, TABLE *table, const LEX_USER &combo, List< LEX_COLUMN > &columns, const char *db, const char *table_name, ulong rights, bool revoke_grant)
Update record in the table mysql.columns_priv.
Definition: sql_user_table.cc:1082
std::vector< Role_id > * g_mandatory_roles
Definition: sql_auth_cache.cc:136
void acl_update_db(const char *user, const char *host, const char *db, ulong privileges)
Definition: sql_auth_cache.cc:2779
Table_access_map_storage::value_type value_type
Definition: auth_internal.h:70
ACL_PROXY_USER * acl_find_proxy_user(const char *user, const char *host, const char *ip, char *authenticated_as, bool *proxy_used)
Validate if a user can proxy as another user.
Definition: sql_auth_cache.cc:1027
Definition: mysql_time.h:64
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:74
std::map< std::string, bool > Dynamic_privileges
Definition: auth_internal.h:278
bool set_user_salt(ACL_USER *acl_user)
Convert scrambled password to binary form, according to scramble type, Binary form is stored in user...
Definition: sql_auth_cache.cc:1403
bool revoke_dynamic_privilege(const LEX_CSTRING &str_priv, const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &update_table)
Revoke one privilege from one user.
Definition: sql_authorization.cc:6867
Definition: sql_auth_cache.h:309
bool set_and_validate_user_attributes(THD *thd, LEX_USER *Str, acl_table::Pod_user_what_to_update &what_to_set, bool is_privileged_user, bool is_role, TABLE_LIST *history_table, bool *history_check_done, const char *cmd, Userhostpassword_list &)
This function does following:
Definition: sql_user.cc:904
Definition: table.h:2331
void grant_role(ACL_USER *role, const ACL_USER *user, bool with_admin_opt)
Grants a single role to a single user.
Definition: sql_authorization.cc:817
std::pair< LEX_CSTRING, LEX_CSTRING > Auth_id_ref
user, host tuple which reference either acl_cache or g_default_roles
Definition: auth_common.h:73
Represents a JSON container value of type "object" (ECMA), type J_OBJECT here.
Definition: json_dom.h:367
Definition: auth_internal.h:267
void acl_users_add_one(THD *thd, const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, ulong privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const LEX_CSTRING &second_auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, bool add_role_vertex, Restrictions &restrictions)
Definition: sql_auth_cache.cc:2634
std::map< std::string, unsigned long > Column_map
Definition: auth_internal.h:55
SSL_type
Definition: violite.h:311
Vio Lite.
Time declarations shared between the server and client API: you should not add anything to this heade...
Per internal table ACL access rules.
Definition: auth_common.h:100
int replace_routine_table(THD *thd, GRANT_NAME *grant_name, TABLE *table, const LEX_USER &combo, const char *db, const char *routine_name, bool is_proc, ulong rights, bool revoke_grant)
Search and create/update a record for the routine requested.
Definition: sql_user_table.cc:1514
#define NULL
Definition: types.h:55
int replace_proxies_priv_table(THD *thd, TABLE *table, const LEX_USER *user, const LEX_USER *proxied_user, bool with_grant_arg, bool revoke_grant)
Insert, update or remove a record in the mysql.proxies_priv table.
Definition: sql_user_table.cc:930
void default_roles_delete(void)
Delete the default role instance.
Definition: sql_authorization.cc:6989
ulong table_access
Definition: auth_internal.h:58
COM_DATA cmd
Definition: test_session_info.cc:95
const char * p
Definition: ctype-mb.cc:1232
std::size_t operator()(const Role_id &k) const
Definition: auth_internal.h:268
int replace_roles_priv_table(THD *thd, TABLE *table, const LEX_USER *user, const LEX_USER *role, bool with_grant_arg, bool revoke_grant)
Auth_id_ref create_authid_from(const LEX_USER *user)
Definition: sql_authorization.cc:6482
std::unordered_multimap< const Role_id, const Role_id, role_id_hash > Default_roles
Definition: auth_internal.h:277
bool revoke_all_dynamic_privileges(const LEX_CSTRING &user, const LEX_CSTRING &host, Update_dynamic_privilege_table &func)
Revoke all dynamic global privileges.
Definition: sql_authorization.cc:6908
bool populate_roles_caches(THD *thd, TABLE_LIST *tablelst)
Definition: role_tables.cc:178
bool grant_grant_option_for_all_dynamic_privileges(const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &func)
Grant grant option to one user for all dynamic privileges.
Definition: sql_authorization.cc:6721
bool auth_plugin_supports_expiration(const char *plugin_name)
Only the plugins that are known to use the mysql.user table to store their passwords support password...
Definition: sql_authentication.cc:1180
bool caching_sha2_rsa_auth_status()
Check if server has valid public key/private key pair for RSA communication.
Definition: sha2_password.cc:751
bool drop_default_role_policy(THD *thd, TABLE *table, const Auth_id_ref &default_role_policy, const Auth_id_ref &user)
Drop a specific default role policy given the role- and user names.
Definition: sql_authorization.cc:6219
Definition: table.h:2468
void acl_insert_proxy_user(ACL_PROXY_USER *new_value)
Definition: sql_auth_cache.cc:2083
std::unordered_set< std::string > Grant_acl_set
Definition: auth_internal.h:87
void roles_graph_delete(void)
Delete the ACL role graph artifacts.
Definition: sql_authorization.cc:7002
char * caching_sha2_rsa_private_key_path
Definition: sha2_password.cc:72
bool sha256_rsa_auth_status()
Check if server has valid public key/private key pair for RSA communication.
Definition: sql_authentication.cc:2013
unsigned long ulong
Definition: my_inttypes.h:48
bool alter_user_set_default_roles_all(THD *thd, TABLE *def_role_table, LEX_USER *user)
Set all granted role as default roles.
Definition: sql_authorization.cc:6385
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:75
bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table, const Auth_id_ref &authid_user)
Definition: sql_authorization.cc:625
void set_thd(THD *thd)
Definition: auth_internal.h:80
void roles_graph_init(void)
Initialize the roles graph artifacts.
Definition: sql_authorization.cc:6994
bool revoke_grant_option_for_all_dynamic_privileges(const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &func)
Revoke grant option to one user for all dynamic privileges.
Definition: sql_authorization.cc:6771
std::unordered_multimap< const Role_id, Grant_privilege, role_id_hash > User_to_dynamic_privileges_map
Definition: auth_internal.h:316
std::map< std::string, unsigned long > SP_access_map
Definition: auth_internal.h:62
Table_access_map_storage::mapped_type mapped_type
Definition: auth_internal.h:71
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:778
Definition: dynamic_privilege_table.h:44
Definition: sql_auth_cache.h:291
Definition: user_table.h:40
const char * table_name
Definition: rules_table_service.cc:55
void acl_update_user(const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, ulong privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const std::string &second_auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, Restrictions &restrictions, acl_table::Pod_user_what_to_update &what_to_update)
Definition: sql_auth_cache.cc:2495