MySQL 9.2.0
Source Code Documentation
auth_internal.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23/* Internals */
24
25#ifndef AUTH_INTERNAL_INCLUDED
26#define AUTH_INTERNAL_INCLUDED
27
28#include <map>
29#include <set>
30#include <string>
31#include <unordered_map>
32#include <unordered_set>
33
34#include "mysql_time.h" /* MYSQL_TIME */
38#include "sql/auth/sql_mfa.h" /* I_multi_factor_auth */
39#include "sql/auth/user_table.h"
40#include "sql/sql_audit.h"
41#include "sql/table.h"
42#include "violite.h" /* SSL_type */
43
44class ACL_USER;
45class ACL_PROXY_USER;
46class GRANT_NAME;
47class GRANT_TABLE;
48class GRANT_COLUMN;
49class Json_object;
50class Json_wrapper;
51class Restrictions;
52struct TABLE;
53class Rewrite_params;
54
56typedef std::map<std::string, Access_bitmask> Column_map;
62};
63typedef std::map<std::string, Access_bitmask> SP_access_map;
64typedef std::map<std::string, Access_bitmask> Db_access_map;
65typedef std::map<std::string, Grant_table_aggregate> Table_access_map_storage;
67 public:
69
70 typedef Table_access_map_storage::iterator iterator;
72 typedef Table_access_map_storage::mapped_type mapped_type;
74 return m_values[key];
75 }
76 iterator begin() { return m_values.begin(); }
77 iterator end() { return m_values.end(); }
79 return m_values.find(key);
80 }
81 void set_thd(THD *thd) { m_thd = thd; }
82 THD *get_thd() { return m_thd; }
83
84 private:
87};
88typedef std::unordered_set<std::string> Grant_acl_set;
89
90std::string create_authid_str_from(const LEX_USER *user);
91std::string create_authid_str_from(const ACL_USER *user);
92std::string create_authid_str_from(const Auth_id_ref &user);
95
96std::string get_one_priv(Access_bitmask &revoke_privs);
97/* sql_authentication */
104class Auth_id;
105template <typename K, typename V>
106class Map_with_rw_lock;
108
110bool auth_plugin_is_built_in(const char *plugin_name);
112
114 GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name,
115 const char *table_name);
116
117/* sql_auth_cache */
118ulong get_sort(uint count, ...);
121
122/*sql_authentication */
124
125/* sql_auth_cache */
126void rebuild_check_host(void);
127ACL_USER *find_acl_user(const char *host, const char *user, bool exact);
128ACL_PROXY_USER *acl_find_proxy_user(const char *user, const char *host,
129 const char *ip, char *authenticated_as,
130 bool *proxy_used);
132
133void acl_update_user(const char *user, const char *host, enum SSL_type ssl_type,
134 const char *ssl_cipher, const char *x509_issuer,
135 const char *x509_subject, USER_RESOURCES *mqh,
136 Access_bitmask privileges, const LEX_CSTRING &plugin,
137 const LEX_CSTRING &auth, const std::string &second_auth,
138 const MYSQL_TIME &password_change_time,
139 const LEX_ALTER &password_life, Restrictions &restrictions,
141 uint failed_login_attempts, int password_lock_time,
142 const I_multi_factor_auth *mfa);
143void acl_users_add_one(const char *user, const char *host,
144 enum SSL_type ssl_type, const char *ssl_cipher,
145 const char *x509_issuer, const char *x509_subject,
146 USER_RESOURCES *mqh, Access_bitmask privileges,
147 const LEX_CSTRING &plugin, const LEX_CSTRING &auth,
148 const LEX_CSTRING &second_auth,
149 const MYSQL_TIME &password_change_time,
150 const LEX_ALTER &password_life, bool add_role_vertex,
151 Restrictions &restrictions, uint failed_login_attempts,
152 int password_lock_time, const I_multi_factor_auth *mfa,
153 THD *thd [[maybe_unused]]);
154void acl_insert_user(THD *thd, const char *user, const char *host,
155 enum SSL_type ssl_type, const char *ssl_cipher,
156 const char *x509_issuer, const char *x509_subject,
157 USER_RESOURCES *mqh, Access_bitmask privileges,
158 const LEX_CSTRING &plugin, const LEX_CSTRING &auth,
159 const MYSQL_TIME &password_change_time,
160 const LEX_ALTER &password_life, Restrictions &restrictions,
161 uint failed_login_attempts, int password_lock_time,
162 const I_multi_factor_auth *mfa);
163void acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke);
164void acl_update_db(const char *user, const char *host, const char *db,
165 Access_bitmask privileges);
166void acl_insert_db(const char *user, const char *host, const char *db,
167 Access_bitmask privileges);
168bool update_sctx_cache(Security_context *sctx, ACL_USER *acl_user_ptr,
169 bool expired);
170
171bool do_update_sctx(Security_context *sctx, LEX_USER *from_user);
172void update_sctx(Security_context *sctx, LEX_USER *to_user);
173
175bool acl_reload(THD *thd, bool mdl_locked,
176 bool preserve_temporary_account_locking,
177 Lock_state_list *modified_user_lock_state_list);
178bool grant_reload(THD *thd, bool mdl_locked);
179void clean_user_cache();
180bool set_user_salt(ACL_USER *acl_user);
181void append_auth_id(const THD *thd, ACL_USER *acl_user, String *str);
182
183/* sql_user_table */
184Access_bitmask get_access(TABLE *form, uint fieldnr, uint *next_field);
185int replace_db_table(THD *thd, TABLE *table, const char *db,
186 const LEX_USER &combo, Access_bitmask rights,
187 bool revoke_grant, bool all_current_privileges);
189 const LEX_USER *proxied_user,
190 bool with_grant_arg, bool revoke_grant);
192 const LEX_USER &combo, List<LEX_COLUMN> &columns,
193 const char *db, const char *table_name,
194 Access_bitmask rights, bool revoke_grant);
195int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
197 *deleted_grant_table,
198 TABLE *table, const LEX_USER &combo, const char *db,
199 const char *table_name, Access_bitmask rights,
200 Access_bitmask col_rights, bool revoke_grant,
201 bool all_current_privileges);
202int replace_routine_table(THD *thd, GRANT_NAME *grant_name, TABLE *table,
203 const LEX_USER &combo, const char *db,
204 const char *routine_name, Acl_type routine_acl_type,
205 Access_bitmask rights, bool revoke_grant,
206 bool all_current_privileges);
207int open_grant_tables(THD *thd, Table_ref *tables, bool *transactional_tables);
209
210void acl_print_ha_error(int handler_error);
213 THD *thd, bool transactional_tables,
214 std::set<LEX_USER *> *extra_users = nullptr,
215 Rewrite_params *rewrite_params = nullptr, bool extra_error = false,
216 bool log_to_binlog = true,
217 Lock_state_list *modified_user_lock_state_list = nullptr);
218void acl_notify_htons(THD *thd, enum_sql_command operation,
219 const List<LEX_USER> *users,
220 std::set<LEX_USER *> *rewrite_users = nullptr,
221 const List<LEX_CSTRING> *dynamic_privs = nullptr);
222
223/* sql_authorization */
225void rebuild_vertex_index(THD *thd);
226void default_roles_init(void);
227void default_roles_delete(void);
228void roles_graph_init(void);
229void roles_graph_delete(void);
230void roles_init(void);
231void roles_delete(void);
232void dynamic_privileges_init(void);
234bool grant_dynamic_privilege(const LEX_CSTRING &str_priv,
235 const LEX_CSTRING &str_user,
236 const LEX_CSTRING &str_host,
237 bool with_grant_option,
239bool revoke_dynamic_privilege(const LEX_CSTRING &str_priv,
240 const LEX_CSTRING &str_user,
241 const LEX_CSTRING &str_host,
242 Update_dynamic_privilege_table &update_table);
244 const LEX_CSTRING &host,
246bool rename_dynamic_grant(const LEX_CSTRING &old_user,
247 const LEX_CSTRING &old_host,
248 const LEX_CSTRING &new_user,
249 const LEX_CSTRING &new_host,
250 Update_dynamic_privilege_table &update_table);
252 const LEX_CSTRING &str_user, const LEX_CSTRING &str_host,
255 const LEX_CSTRING &str_user, const LEX_CSTRING &str_host,
258 const Role_id &id, const std::vector<std::string> &priv_list);
260 const Role_id &id, const std::vector<std::string> &priv_list);
261bool operator==(const Role_id &a, const Auth_id_ref &b);
262bool operator==(const Auth_id_ref &a, const Role_id &b);
263bool operator==(const std::pair<const Role_id, Role_id> &a,
264 const Auth_id_ref &b);
265bool operator==(const Role_id &a, const Role_id &b);
266bool operator==(std::pair<const Role_id, std::pair<std::string, bool>> &a,
267 const std::string &b);
268typedef std::vector<std::pair<Role_id, bool>> List_of_granted_roles;
269
271 std::size_t operator()(const Role_id &k) const {
272 using std::hash;
273 using std::size_t;
274 using std::string;
275 return ((hash<string>()(k.user()) ^ (hash<string>()(k.host()) << 1)) >> 1);
276 }
277};
278
279typedef std::unordered_multimap<Role_id, Role_id, role_id_hash> Default_roles;
280typedef std::map<std::string, bool> Dynamic_privileges;
281
283 ACL_USER *acl_user, const List_of_auth_id_refs *using_roles,
284 Access_bitmask *access, Db_access_map *db_map, Db_access_map *db_wild_map,
286 SP_access_map *lib_map, List_of_granted_roles *granted_roles,
287 Grant_acl_set *with_admin_acl, Dynamic_privileges *dynamic_acl,
288 Restrictions &restrictions);
290 const Auth_id_ref &user_auth_id,
291 std::vector<Role_id> *default_roles);
294 const Auth_id_ref &default_role_policy,
295 const Auth_id_ref &user);
296void revoke_role(THD *thd, ACL_USER *role, ACL_USER *user);
297bool revoke_all_roles_from_user(THD *thd, TABLE *edge_table,
298 TABLE *defaults_table, LEX_USER *user);
299bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table,
300 const Auth_id_ref &authid_user);
302 const Auth_id_ref &from_user,
303 const Auth_id_ref &to_user,
304 bool with_admin_option, bool delete_option);
307 const LEX_CSTRING &host);
308bool roles_rename_authid(THD *thd, TABLE *edge_table, TABLE *defaults_table,
309 LEX_USER *user_from, LEX_USER *user_to);
311 THD *thd, LEX_USER *Str, acl_table::Pod_user_what_to_update &what_to_set,
312 bool is_privileged_user, bool is_role, Table_ref *history_table,
313 bool *history_check_done, const char *cmd, Userhostpassword_list &,
314 I_multi_factor_auth **mfa = nullptr, bool if_not_exists = false);
315typedef std::pair<std::string, bool> Grant_privilege;
316typedef std::unordered_multimap<Role_id, Grant_privilege, role_id_hash>
321bool populate_roles_caches(THD *thd, Table_ref *tablelst);
322void grant_role(ACL_USER *role, const ACL_USER *user, bool with_admin_opt);
323void get_mandatory_roles(std::vector<Role_id> *mandatory_roles);
324extern std::vector<Role_id> *g_mandatory_roles;
325void create_role_vertex(ACL_USER *role_acl_user);
326void activate_all_granted_roles(const ACL_USER *acl_user,
327 Security_context *sctx);
329 Security_context *sctx);
330
332 const List_of_auth_id_refs &new_auth_ids);
333
334bool alter_user_set_default_roles_all(THD *thd, TABLE *def_role_table,
335 LEX_USER *user);
336/*
337 Checks if any of the users has SYSTEM_USER privilege then current user
338 must also have SYSTEM_USER privilege.
339 It is a wrapper over the Privilege_checker class that does
340 privilege checks for one user at a time.
341*/
343
346 String *metadata_str,
347 TABLE *table,
348 bool mode_no_backslash);
350bool report_missing_user_grant_message(THD *thd, bool user_exists,
351 const char *user, const char *host,
352 const char *object_name, int err_code);
353#endif /* AUTH_INTERNAL_INCLUDED */
uint32_t Access_bitmask
Definition: auth_acls.h:34
std::pair< LEX_CSTRING, LEX_CSTRING > Auth_id_ref
user, host tuple which reference either acl_cache or g_default_roles
Definition: auth_common.h:83
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:84
std::list< random_password_info > Userhostpassword_list
Definition: auth_common.h:1136
std::vector< ACL_temporary_lock_state > Lock_state_list
Definition: auth_common.h:72
bool revoke_dynamic_privilege(const LEX_CSTRING &str_priv, const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &update_table)
Revoke one privilege from one user.
Definition: sql_authorization.cc:7119
bool operator==(const Role_id &a, const Auth_id_ref &b)
Definition: sql_authorization.cc:7534
std::map< std::string, Access_bitmask > SP_access_map
Definition: auth_internal.h:63
void rebuild_check_host(void)
Definition: sql_auth_cache.cc:1511
bool assert_acl_cache_read_lock(THD *thd)
Assert that thread owns MDL_SHARED on partition specific to the thread.
Definition: sql_auth_cache.cc:3850
std::map< std::string, Access_bitmask > Db_access_map
Definition: auth_internal.h:64
void acl_update_user(const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, Access_bitmask privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const std::string &second_auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, Restrictions &restrictions, acl_table::Pod_user_what_to_update &what_to_update, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa)
Definition: sql_auth_cache.cc:2896
std::vector< Role_id > * g_mandatory_roles
Definition: sql_auth_cache.cc:141
std::map< std::string, bool > Dynamic_privileges
Definition: auth_internal.h:280
void revoke_role(THD *thd, ACL_USER *role, ACL_USER *user)
Used by mysql_revoke_role() for revoking a specified role from a specified user.
Definition: sql_authorization.cc:596
void clean_user_cache()
Definition: sql_auth_cache.cc:1849
void get_granted_roles(LEX_USER *user, List_of_granted_roles *granted_roles)
This is a convenience function.
Definition: sql_authorization.cc:6315
User_to_dynamic_privileges_map * get_dynamic_privileges_map()
Definition: sql_authorization.cc:7286
void acl_update_db(const char *user, const char *host, const char *db, Access_bitmask privileges)
Definition: sql_auth_cache.cc:3217
bool revoke_grant_option_for_all_dynamic_privileges(const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &func)
Revoke grant option to one user for all dynamic privileges.
Definition: sql_authorization.cc:7025
bool drop_default_role_policy(THD *thd, TABLE *table, const Auth_id_ref &default_role_policy, const Auth_id_ref &user)
Drop a specific default role policy given the role- and user names.
Definition: sql_authorization.cc:6459
void roles_graph_delete(void)
Delete the ACL role graph artifacts.
Definition: sql_authorization.cc:7254
void acl_print_ha_error(int handler_error)
Take a handler error and generate the mysql error ER_ACL_OPERATION_FAILED containing original text of...
Definition: sql_user_table.cc:805
bool update_sctx_cache(Security_context *sctx, ACL_USER *acl_user_ptr, bool expired)
Update the security context when updating the user.
Definition: sql_auth_cache.cc:3296
void roles_init(void)
Initialize the roles caches that consist of the role graphs related artifacts and default role map.
Definition: sql_authorization.cc:7264
Rsa_authentication_keys * g_sha256_rsa_keys
Definition: sql_authentication.cc:1341
int open_grant_tables(THD *thd, Table_ref *tables, bool *transactional_tables)
Open the grant tables.
Definition: sql_user_table.cc:2391
void grant_role(ACL_USER *role, const ACL_USER *user, bool with_admin_opt)
Grants a single role to a single user.
Definition: sql_authorization.cc:822
void acl_users_add_one(const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, Access_bitmask privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const LEX_CSTRING &second_auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, bool add_role_vertex, Restrictions &restrictions, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa, THD *thd)
Definition: sql_auth_cache.cc:3057
bool grant_reload(THD *thd, bool mdl_locked)
Reload information about table and column level privileges if possible.
Definition: sql_auth_cache.cc:2813
bool assert_acl_cache_write_lock(THD *thd)
Assert that thread owns MDL_EXCLUSIVE on all partitions.
Definition: sql_auth_cache.cc:3865
void rebuild_vertex_index(THD *thd)
Since the gap in the vertex vector was removed all the vertex descriptors has changed.
Definition: sql_authorization.cc:612
Auth_id_ref create_authid_from(const LEX_USER *user)
Definition: sql_authorization.cc:6725
std::map< std::string, Access_bitmask > Column_map
Definition: auth_internal.h:56
User_to_dynamic_privileges_map * swap_dynamic_privileges_map(User_to_dynamic_privileges_map *map)
Definition: sql_authorization.cc:7294
void get_privilege_access_maps(ACL_USER *acl_user, const List_of_auth_id_refs *using_roles, Access_bitmask *access, Db_access_map *db_map, Db_access_map *db_wild_map, Table_access_map *table_map, SP_access_map *sp_map, SP_access_map *func_map, SP_access_map *lib_map, List_of_granted_roles *granted_roles, Grant_acl_set *with_admin_acl, Dynamic_privileges *dynamic_acl, Restrictions &restrictions)
Definition: sql_authorization.cc:4708
void get_mandatory_roles(std::vector< Role_id > *mandatory_roles)
Definition: sql_authorization.cc:7368
Map_with_rw_lock< Auth_id, uint > * unknown_accounts
Hash to map unknown accounts to an authentication plugin.
Definition: sql_authentication.cc:1194
void clear_and_init_db_cache()
Definition: sql_auth_cache.cc:1334
void acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke)
Definition: sql_auth_cache.cc:3199
const ACL_internal_table_access * get_cached_table_access(GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name, const char *table_name)
Get a cached internal table access.
Definition: sql_authorization.cc:1685
bool modify_role_edges_in_table(THD *thd, TABLE *table, const Auth_id_ref &from_user, const Auth_id_ref &to_user, bool with_admin_option, bool delete_option)
Definition: role_tables.cc:76
std::unordered_multimap< Role_id, Grant_privilege, role_id_hash > User_to_dynamic_privileges_map
Definition: auth_internal.h:317
int replace_proxies_priv_table(THD *thd, TABLE *table, const LEX_USER *user, const LEX_USER *proxied_user, bool with_grant_arg, bool revoke_grant)
Insert, update or remove a record in the mysql.proxies_priv table.
Definition: sql_user_table.cc:1159
void create_role_vertex(ACL_USER *role_acl_user)
Helper function for create_roles_vertices.
Definition: sql_authorization.cc:877
void roles_graph_init(void)
Initialize the roles graph artifacts.
Definition: sql_authorization.cc:7246
ACL_USER * find_acl_user(const char *host, const char *user, bool exact)
Definition: sql_auth_cache.cc:1205
std::vector< std::pair< Role_id, bool > > List_of_granted_roles
Definition: auth_internal.h:268
bool clear_default_roles(THD *thd, TABLE *table, const Auth_id_ref &user_auth_id, std::vector< Role_id > *default_roles)
Removes all default role policies assigned to user.
Definition: sql_authorization.cc:6423
bool set_and_validate_user_attributes(THD *thd, LEX_USER *Str, acl_table::Pod_user_what_to_update &what_to_set, bool is_privileged_user, bool is_role, Table_ref *history_table, bool *history_check_done, const char *cmd, Userhostpassword_list &, I_multi_factor_auth **mfa=nullptr, bool if_not_exists=false)
This function does following:
Definition: sql_user.cc:1341
bool alter_user_set_default_roles_all(THD *thd, TABLE *def_role_table, LEX_USER *user)
Set all granted role as default roles.
Definition: sql_authorization.cc:6628
int replace_routine_table(THD *thd, GRANT_NAME *grant_name, TABLE *table, const LEX_USER &combo, const char *db, const char *routine_name, Acl_type routine_acl_type, Access_bitmask rights, bool revoke_grant, bool all_current_privileges)
Search and create/update a record for the routine requested.
Definition: sql_user_table.cc:1960
int replace_column_table(THD *thd, GRANT_TABLE *g_t, TABLE *table, const LEX_USER &combo, List< LEX_COLUMN > &columns, const char *db, const char *table_name, Access_bitmask rights, bool revoke_grant)
Update record in the table mysql.columns_priv.
Definition: sql_user_table.cc:1315
char * caching_sha2_rsa_private_key_path
Definition: sha2_password.cc:77
void acl_insert_proxy_user(ACL_PROXY_USER *new_value)
Definition: sql_auth_cache.cc:2463
bool alter_user_set_default_roles(THD *thd, TABLE *table, LEX_USER *user, const List_of_auth_id_refs &new_auth_ids)
Set the default roles for a particular user.
Definition: sql_authorization.cc:6673
bool set_user_salt(ACL_USER *acl_user)
Convert scrambled password to binary form, according to scramble type, Binary form is stored in user....
Definition: sql_auth_cache.cc:1658
bool caching_sha2_auto_generate_rsa_keys
Definition: sha2_password.cc:83
std::string create_authid_str_from(const LEX_USER *user)
Helper used for producing a key to a key-value-map.
Definition: sql_authorization.cc:6717
bool rename_dynamic_grant(const LEX_CSTRING &old_user, const LEX_CSTRING &old_host, const LEX_CSTRING &new_user, const LEX_CSTRING &new_host, Update_dynamic_privilege_table &update_table)
Definition: sql_authorization.cc:7181
void acl_tables_setup_for_read(Table_ref *tables)
Setup ACL tables to be opened in read mode.
Definition: sql_user_table.cc:2171
void activate_all_granted_and_mandatory_roles(const ACL_USER *acl_user, Security_context *sctx)
Definition: sql_authorization.cc:6301
void default_roles_init(void)
Initialize the default role map that keeps the content from the default_roles table.
Definition: sql_authorization.cc:7236
void acl_insert_db(const char *user, const char *host, const char *db, Access_bitmask privileges)
Definition: sql_auth_cache.cc:3256
std::string get_one_priv(Access_bitmask &revoke_privs)
Converts privilege represented by LSB to string.
Definition: auth_common.cc:136
Access_bitmask get_access(TABLE *form, uint fieldnr, uint *next_field)
Definition: sql_user_table.cc:552
bool check_engine_type_for_acl_table(Table_ref *tables, bool report_error)
Check that every ACL table has a supported storage engine (InnoDB).
Definition: sql_user_table.cc:2614
void activate_all_granted_roles(const ACL_USER *acl_user, Security_context *sctx)
Activates all roles granted to the auth_id.
Definition: sql_authorization.cc:6272
bool report_missing_user_grant_message(THD *thd, bool user_exists, const char *user, const char *host, const char *object_name, int err_code)
Helper method to check if warning or error should be reported based on:
Definition: sql_authorization.cc:2618
ulong get_sort(uint count,...)
Definition: sql_auth_cache.cc:843
void optimize_plugin_compare_by_pointer(LEX_CSTRING *plugin_name)
Definition: sql_authentication.cc:1580
void update_sctx(Security_context *sctx, LEX_USER *to_user)
Definition: sql_authorization.cc:7611
bool auth_plugin_supports_expiration(const char *plugin_name)
Only the plugins that are known to use the mysql.user table to store their passwords support password...
Definition: sql_authentication.cc:1598
void append_auth_id(const THD *thd, ACL_USER *acl_user, String *str)
Append the authorization id for the user.
Definition: sql_auth_cache.cc:729
bool do_update_sctx(Security_context *sctx, LEX_USER *from_user)
Checks if current user needs to be changed in case it is same as the LEX_USER.
Definition: sql_authorization.cc:7592
void revoke_dynamic_privileges_from_auth_id(const Role_id &id, const std::vector< std::string > &priv_list)
Revoke dynamic privielges from in memory internal auth id.
Definition: sql_authorization.cc:7093
ACL_PROXY_USER * acl_find_proxy_user(const char *user, const char *host, const char *ip, char *authenticated_as, bool *proxy_used)
Validate if a user can proxy as another user.
Definition: sql_auth_cache.cc:1278
std::pair< std::string, bool > Grant_privilege
Definition: auth_internal.h:315
std::map< std::string, Grant_table_aggregate > Table_access_map_storage
Definition: auth_internal.h:65
bool log_and_commit_acl_ddl(THD *thd, bool transactional_tables, std::set< LEX_USER * > *extra_users=nullptr, Rewrite_params *rewrite_params=nullptr, bool extra_error=false, bool log_to_binlog=true, Lock_state_list *modified_user_lock_state_list=nullptr)
Definition: sql_user_table.cc:690
bool acl_reload(THD *thd, bool mdl_locked, bool preserve_temporary_account_locking, Lock_state_list *modified_user_lock_state_list)
Definition: sql_auth_cache.cc:2298
void dynamic_privileges_delete(void)
Definition: sql_authorization.cc:7281
bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table, const Auth_id_ref &authid_user)
Definition: sql_authorization.cc:633
bool revoke_all_roles_from_user(THD *thd, TABLE *edge_table, TABLE *defaults_table, LEX_USER *user)
Used by mysql_drop_user.
Definition: sql_authorization.cc:744
char * caching_sha2_rsa_public_key_path
Definition: sha2_password.cc:82
Rsa_authentication_keys * g_caching_sha2_rsa_keys
Definition: sha2_password.cc:84
bool revoke_all_dynamic_privileges(const LEX_CSTRING &user, const LEX_CSTRING &host, Update_dynamic_privilege_table &func)
Revoke all dynamic global privileges.
Definition: sql_authorization.cc:7160
std::unordered_set< std::string > Grant_acl_set
Definition: auth_internal.h:88
void roles_delete(void)
Delete the role caches.
Definition: sql_authorization.cc:7272
bool check_system_user_privilege(THD *thd, List< LEX_USER > list)
Checks if any of the users has SYSTEM_USER privilege then current user must also have SYSTEM_USER pri...
Definition: sql_authorization.cc:7651
bool grant_dynamic_privilege(const LEX_CSTRING &str_priv, const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, bool with_grant_option, Update_dynamic_privilege_table &func)
Grant one privilege to one user.
Definition: sql_authorization.cc:6919
std::unordered_multimap< Role_id, Role_id, role_id_hash > Default_roles
Definition: auth_internal.h:279
bool populate_roles_caches(THD *thd, Table_ref *tablelst)
Definition: role_tables.cc:200
bool is_privileged_user_for_credential_change(THD *thd)
Definition: sql_authorization.cc:5959
bool read_user_application_user_metadata_from_table(LEX_CSTRING user, LEX_CSTRING host, String *metadata_str, TABLE *table, bool mode_no_backslash)
Helper function for recreating the CREATE USER statement when an SHOW CREATE USER statement is issued...
Definition: acl_table_user.cc:2305
int replace_db_table(THD *thd, TABLE *table, const char *db, const LEX_USER &combo, Access_bitmask rights, bool revoke_grant, bool all_current_privileges)
change grants in the mysql.db table.
Definition: sql_user_table.cc:992
void acl_insert_user(THD *thd, const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, Access_bitmask privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, Restrictions &restrictions, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa)
Definition: sql_auth_cache.cc:3170
int replace_table_table(THD *thd, GRANT_TABLE *grant_table, std::unique_ptr< GRANT_TABLE, Destroy_only< GRANT_TABLE > > *deleted_grant_table, TABLE *table, const LEX_USER &combo, const char *db, const char *table_name, Access_bitmask rights, Access_bitmask col_rights, bool revoke_grant, bool all_current_privileges)
Search and create/update a record for requested table privileges.
Definition: sql_user_table.cc:1780
bool grant_dynamic_privileges_to_auth_id(const Role_id &id, const std::vector< std::string > &priv_list)
Grant needed dynamic privielges to in memory internal auth id.
Definition: sql_authorization.cc:7070
void dynamic_privileges_init(void)
Definition: sql_authorization.cc:7277
void default_roles_delete(void)
Delete the default role instance.
Definition: sql_authorization.cc:7241
bool roles_rename_authid(THD *thd, TABLE *edge_table, TABLE *defaults_table, LEX_USER *user_from, LEX_USER *user_to)
Renames a user in the mysql.role_edge and the mysql.default_roles tables.
Definition: sql_authorization.cc:912
bool is_expected_or_transient_error(THD *thd)
Small helper function which allows to determine if error which caused failure to open and lock privil...
Definition: sql_auth_cache.cc:2170
bool sha256_rsa_auth_status()
Check if server has valid public key/private key pair for RSA communication.
Definition: sql_authentication.cc:2544
bool auth_plugin_is_built_in(const char *plugin_name)
Definition: sql_authentication.cc:1585
bool grant_grant_option_for_all_dynamic_privileges(const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &func)
Grant grant option to one user for all dynamic privileges.
Definition: sql_authorization.cc:6975
void acl_notify_htons(THD *thd, enum_sql_command operation, const List< LEX_USER > *users, std::set< LEX_USER * > *rewrite_users=nullptr, const List< LEX_CSTRING > *dynamic_privs=nullptr)
Definition: sql_user_table.cc:587
Kerberos Client Authentication nullptr
Definition: auth_kerberos_client_plugin.cc:251
Definition: sql_auth_cache.h:366
Definition: sql_auth_cache.h:248
Per internal table ACL access rules.
Definition: auth_common.h:110
Storage container for default auth ids.
Definition: auth_common.h:1078
const std::string & host() const
Definition: auth_common.cc:125
const std::string & user() const
Definition: auth_common.cc:124
Definition: my_alloc.h:473
Definition: sql_auth_cache.h:451
Definition: sql_auth_cache.h:458
Definition: sql_auth_cache.h:476
An interface to access information about Multi factor authentication methods.
Definition: sql_mfa.h:49
Represents a JSON container value of type "object" (ECMA), type J_OBJECT here.
Definition: json_dom.h:367
Abstraction for accessing JSON values irrespective of whether they are (started out as) binary JSON v...
Definition: json_dom.h:1150
Definition: sql_list.h:494
Map with RWLock protections.
Definition: auth_utility.h:37
Container of all restrictions for a given user.
Definition: partial_revokes.h:155
An interface to wrap the parameters required by specific Rewriter.
Definition: sql_rewrite.h:52
Definition: sql_authentication.h:104
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:54
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:167
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:36
Definition: auth_internal.h:66
Table_access_map_storage m_values
Definition: auth_internal.h:86
THD * m_thd
Definition: auth_internal.h:85
mapped_type & operator[](const Table_access_map_storage::key_type &key)
Definition: auth_internal.h:73
iterator find(const Table_access_map_storage::key_type &key)
Definition: auth_internal.h:78
Table_access_map_storage::iterator iterator
Definition: auth_internal.h:70
void set_thd(THD *thd)
Definition: auth_internal.h:81
THD * get_thd()
Definition: auth_internal.h:82
Table_access_map_storage::mapped_type mapped_type
Definition: auth_internal.h:72
iterator begin()
Definition: auth_internal.h:76
Table_access_map_storage::value_type value_type
Definition: auth_internal.h:71
iterator end()
Definition: auth_internal.h:77
Table_access_map()
Definition: auth_internal.h:68
Definition: table.h:2900
Definition: dynamic_privilege_table.h:45
Definition: user_table.h:47
static bool report_error(THD *thd, int error_code, Sql_condition::enum_severity_level level, Args... args)
Definition: error_handler.cc:290
Acl_type
Definition: sql_lex.h:267
enum_sql_command
Definition: my_sqlcommand.h:46
uint64_t table_map
Definition: my_table_map.h:30
static int count
Definition: myisam_ftdump.cc:45
Time declarations shared between the server and client API: you should not add anything to this heade...
char * user
Definition: mysqladmin.cc:67
const char * host
Definition: mysqladmin.cc:66
uint16_t value_type
Definition: vt100.h:184
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1117
static PFS_engine_table_share_proxy table
Definition: pfs.cc:61
const std::string failed_login_attempts("failed_login_attempts")
underkeys of password locking
int key_type
Definition: method.h:38
const char * table_name
Definition: rules_table_service.cc:56
std::map< Key, Value, Compare, ut::allocator< std::pair< const Key, Value > > > map
Specialization of map which uses ut_allocator.
Definition: ut0new.h:2894
std::conditional_t< !std::is_array< T >::value, std::unique_ptr< T, detail::Deleter< T > >, std::conditional_t< detail::is_unbounded_array_v< T >, std::unique_ptr< T, detail::Array_deleter< std::remove_extent_t< T > > >, void > > unique_ptr
The following is a common type that is returned by all the ut::make_unique (non-aligned) specializati...
Definition: ut0new.h:2440
std::list< T, ut::allocator< T > > list
Specialization of list which uses ut_allocator.
Definition: ut0new.h:2880
required string key
Definition: replication_asynchronous_connection_failover.proto:60
LEX_CSTRING * plugin_name(st_plugin_int **ref)
Definition: sql_plugin_ref.h:95
State information for internal tables grants.
Definition: table.h:349
Definition: auth_internal.h:57
Access_bitmask table_access
Definition: auth_internal.h:59
Grant_table_aggregate()
Definition: auth_internal.h:58
Column_map columns
Definition: auth_internal.h:61
Access_bitmask cols
Definition: auth_internal.h:60
Definition: table.h:2723
Definition: table.h:2767
Definition: mysql_lex_string.h:40
Definition: mysql_time.h:82
Definition: table.h:1421
Definition: auth_internal.h:270
std::size_t operator()(const Role_id &k) const
Definition: auth_internal.h:271
Definition: sql_connect.h:41
Vio Lite.
SSL_type
Definition: violite.h:307