MySQL 8.0.30
Source Code Documentation
auth_internal.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2022, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22/* Internals */
23
24#ifndef AUTH_INTERNAL_INCLUDED
25#define AUTH_INTERNAL_INCLUDED
26
27#include <map>
28#include <set>
29#include <string>
30#include <unordered_map>
31#include <unordered_set>
32
33#include "mysql_time.h" /* MYSQL_TIME */
37#include "sql/auth/sql_mfa.h" /* I_multi_factor_auth */
38#include "sql/auth/user_table.h"
39#include "sql/sql_audit.h"
40#include "sql/table.h"
41#include "violite.h" /* SSL_type */
42
43class ACL_USER;
44class ACL_PROXY_USER;
45class GRANT_NAME;
46class GRANT_TABLE;
47class GRANT_COLUMN;
48class Json_object;
49class Json_wrapper;
50class Restrictions;
51struct TABLE;
52class Rewrite_params;
53
55void append_identifier(const THD *thd, String *packet, const char *name,
56 size_t length);
57typedef std::map<std::string, unsigned long> Column_map;
61 ulong cols;
63};
64typedef std::map<std::string, unsigned long> SP_access_map;
65typedef std::map<std::string, unsigned long> Db_access_map;
66typedef std::map<std::string, Grant_table_aggregate> Table_access_map_storage;
68 public:
70
71 typedef Table_access_map_storage::iterator iterator;
73 typedef Table_access_map_storage::mapped_type mapped_type;
75 return m_values[key];
76 }
77 iterator begin() { return m_values.begin(); }
78 iterator end() { return m_values.end(); }
80 return m_values.find(key);
81 }
82 void set_thd(THD *thd) { m_thd = thd; }
83 THD *get_thd() { return m_thd; }
84
85 private:
88};
89typedef std::unordered_set<std::string> Grant_acl_set;
90
91std::string create_authid_str_from(const LEX_USER *user);
92std::string create_authid_str_from(const ACL_USER *user);
93std::string create_authid_str_from(const Auth_id_ref &user);
96
97std::string get_one_priv(ulong &revoke_privs);
98/* sql_authentication */
105class Auth_id;
106template <typename K, typename V>
107class Map_with_rw_lock;
109
111bool auth_plugin_is_built_in(const char *plugin_name);
113
115 GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name,
116 const char *table_name);
117
118/* sql_auth_cache */
119ulong get_sort(uint count, ...);
122
123/*sql_authentication */
125
126/* sql_auth_cache */
127void rebuild_check_host(void);
128ACL_USER *find_acl_user(const char *host, const char *user, bool exact);
129ACL_PROXY_USER *acl_find_proxy_user(const char *user, const char *host,
130 const char *ip, char *authenticated_as,
131 bool *proxy_used);
133
134void acl_update_user(const char *user, const char *host, enum SSL_type ssl_type,
135 const char *ssl_cipher, const char *x509_issuer,
136 const char *x509_subject, USER_RESOURCES *mqh,
137 ulong privileges, const LEX_CSTRING &plugin,
138 const LEX_CSTRING &auth, const std::string &second_auth,
139 const MYSQL_TIME &password_change_time,
140 const LEX_ALTER &password_life, Restrictions &restrictions,
142 uint failed_login_attempts, int password_lock_time,
143 const I_multi_factor_auth *mfa);
144void acl_users_add_one(const char *user, const char *host,
145 enum SSL_type ssl_type, const char *ssl_cipher,
146 const char *x509_issuer, const char *x509_subject,
147 USER_RESOURCES *mqh, ulong privileges,
148 const LEX_CSTRING &plugin, const LEX_CSTRING &auth,
149 const LEX_CSTRING &second_auth,
150 const MYSQL_TIME &password_change_time,
151 const LEX_ALTER &password_life, bool add_role_vertex,
153 int password_lock_time, const I_multi_factor_auth *mfa,
154 THD *thd [[maybe_unused]]);
155void acl_insert_user(THD *thd, const char *user, const char *host,
156 enum SSL_type ssl_type, const char *ssl_cipher,
157 const char *x509_issuer, const char *x509_subject,
158 USER_RESOURCES *mqh, ulong privileges,
159 const LEX_CSTRING &plugin, const LEX_CSTRING &auth,
160 const MYSQL_TIME &password_change_time,
161 const LEX_ALTER &password_life, Restrictions &restrictions,
162 uint failed_login_attempts, int password_lock_time,
163 const I_multi_factor_auth *mfa);
164void acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke);
165void acl_update_db(const char *user, const char *host, const char *db,
166 ulong privileges);
167void acl_insert_db(const char *user, const char *host, const char *db,
168 ulong privileges);
169bool update_sctx_cache(Security_context *sctx, ACL_USER *acl_user_ptr,
170 bool expired);
171
172bool do_update_sctx(Security_context *sctx, LEX_USER *from_user);
173void update_sctx(Security_context *sctx, LEX_USER *to_user);
174
176bool acl_reload(THD *thd, bool mdl_locked);
177bool grant_reload(THD *thd, bool mdl_locked);
178void clean_user_cache();
179bool set_user_salt(ACL_USER *acl_user);
180void append_auth_id(const THD *thd, ACL_USER *acl_user, String *str);
181
182/* sql_user_table */
183ulong get_access(TABLE *form, uint fieldnr, uint *next_field);
184int replace_db_table(THD *thd, TABLE *table, const char *db,
185 const LEX_USER &combo, ulong rights, bool revoke_grant);
186int replace_proxies_priv_table(THD *thd, TABLE *table, const LEX_USER *user,
187 const LEX_USER *proxied_user,
188 bool with_grant_arg, bool revoke_grant);
189int replace_column_table(THD *thd, GRANT_TABLE *g_t, TABLE *table,
190 const LEX_USER &combo, List<LEX_COLUMN> &columns,
191 const char *db, const char *table_name, ulong rights,
192 bool revoke_grant);
193int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
195 *deleted_grant_table,
196 TABLE *table, const LEX_USER &combo, const char *db,
197 const char *table_name, ulong rights, ulong col_rights,
198 bool revoke_grant);
199int replace_routine_table(THD *thd, GRANT_NAME *grant_name, TABLE *table,
200 const LEX_USER &combo, const char *db,
201 const char *routine_name, bool is_proc, ulong rights,
202 bool revoke_grant);
203int open_grant_tables(THD *thd, TABLE_LIST *tables, bool *transactional_tables);
205
206void acl_print_ha_error(int handler_error);
208bool log_and_commit_acl_ddl(THD *thd, bool transactional_tables,
209 std::set<LEX_USER *> *extra_users = nullptr,
210 Rewrite_params *rewrite_params = nullptr,
211 bool extra_error = false,
212 bool log_to_binlog = true);
213void acl_notify_htons(THD *thd, enum_sql_command operation,
214 const List<LEX_USER> *users,
215 std::set<LEX_USER *> *rewrite_users = nullptr,
216 const List<LEX_CSTRING> *dynamic_privs = nullptr);
217
218/* sql_authorization */
220void rebuild_vertex_index(THD *thd);
221void default_roles_init(void);
222void default_roles_delete(void);
223void roles_graph_init(void);
224void roles_graph_delete(void);
225void roles_init(void);
226void roles_delete(void);
227void dynamic_privileges_init(void);
229bool grant_dynamic_privilege(const LEX_CSTRING &str_priv,
230 const LEX_CSTRING &str_user,
231 const LEX_CSTRING &str_host,
232 bool with_grant_option,
234bool revoke_dynamic_privilege(const LEX_CSTRING &str_priv,
235 const LEX_CSTRING &str_user,
236 const LEX_CSTRING &str_host,
237 Update_dynamic_privilege_table &update_table);
239 const LEX_CSTRING &host,
241bool rename_dynamic_grant(const LEX_CSTRING &old_user,
242 const LEX_CSTRING &old_host,
243 const LEX_CSTRING &new_user,
244 const LEX_CSTRING &new_host,
245 Update_dynamic_privilege_table &update_table);
247 const LEX_CSTRING &str_user, const LEX_CSTRING &str_host,
250 const LEX_CSTRING &str_user, const LEX_CSTRING &str_host,
253 const Role_id &id, const std::vector<std::string> &priv_list);
255 const Role_id &id, const std::vector<std::string> &priv_list);
256bool operator==(const Role_id &a, const Auth_id_ref &b);
257bool operator==(const Auth_id_ref &a, const Role_id &b);
258bool operator==(const std::pair<const Role_id, const Role_id> &a,
259 const Auth_id_ref &b);
260bool operator==(const Role_id &a, const Role_id &b);
261bool operator==(std::pair<const Role_id, std::pair<std::string, bool>> &a,
262 const std::string &b);
263typedef std::vector<std::pair<Role_id, bool>> List_of_granted_roles;
264
266 std::size_t operator()(const Role_id &k) const {
267 using std::hash;
268 using std::size_t;
269 using std::string;
270 return ((hash<string>()(k.user()) ^ (hash<string>()(k.host()) << 1)) >> 1);
271 }
272};
273
274typedef std::unordered_multimap<Role_id, Role_id, role_id_hash> Default_roles;
275typedef std::map<std::string, bool> Dynamic_privileges;
276
278 ACL_USER *acl_user, const List_of_auth_id_refs *using_roles, ulong *access,
279 Db_access_map *db_map, Db_access_map *db_wild_map,
281 List_of_granted_roles *granted_roles, Grant_acl_set *with_admin_acl,
282 Dynamic_privileges *dynamic_acl, Restrictions &restrictions);
283bool clear_default_roles(THD *thd, TABLE *table,
284 const Auth_id_ref &user_auth_id,
285 std::vector<Role_id> *default_roles);
287bool drop_default_role_policy(THD *thd, TABLE *table,
288 const Auth_id_ref &default_role_policy,
289 const Auth_id_ref &user);
290void revoke_role(THD *thd, ACL_USER *role, ACL_USER *user);
291bool revoke_all_roles_from_user(THD *thd, TABLE *edge_table,
292 TABLE *defaults_table, LEX_USER *user);
293bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table,
294 const Auth_id_ref &authid_user);
295bool modify_role_edges_in_table(THD *thd, TABLE *table,
296 const Auth_id_ref &from_user,
297 const Auth_id_ref &to_user,
298 bool with_admin_option, bool delete_option);
301 const LEX_CSTRING &host);
302bool roles_rename_authid(THD *thd, TABLE *edge_table, TABLE *defaults_table,
303 LEX_USER *user_from, LEX_USER *user_to);
305 THD *thd, LEX_USER *Str, acl_table::Pod_user_what_to_update &what_to_set,
306 bool is_privileged_user, bool is_role, TABLE_LIST *history_table,
307 bool *history_check_done, const char *cmd, Userhostpassword_list &,
308 I_multi_factor_auth **mfa = nullptr);
309typedef std::pair<std::string, bool> Grant_privilege;
310typedef std::unordered_multimap<Role_id, Grant_privilege, role_id_hash>
315bool populate_roles_caches(THD *thd, TABLE_LIST *tablelst);
316void grant_role(ACL_USER *role, const ACL_USER *user, bool with_admin_opt);
317void get_mandatory_roles(std::vector<Role_id> *mandatory_roles);
318extern std::vector<Role_id> *g_mandatory_roles;
319void create_role_vertex(ACL_USER *role_acl_user);
320void activate_all_granted_roles(const ACL_USER *acl_user,
321 Security_context *sctx);
323 Security_context *sctx);
324
326 const List_of_auth_id_refs &new_auth_ids);
327
328bool alter_user_set_default_roles_all(THD *thd, TABLE *def_role_table,
329 LEX_USER *user);
330/*
331 Checks if any of the users has SYSTEM_USER privilege then current user
332 must also have SYSTEM_USER privilege.
333 It is a wrapper over the Privilege_checker class that does
334 privilege checks for one user at a time.
335*/
337
340 String *metadata_str,
341 TABLE *table,
342 bool mode_no_backslash);
344bool report_missing_user_grant_message(THD *thd, bool user_exists,
345 const char *user, const char *host,
346 const char *object_name, int err_code);
347#endif /* AUTH_INTERNAL_INCLUDED */
std::pair< LEX_CSTRING, LEX_CSTRING > Auth_id_ref
user, host tuple which reference either acl_cache or g_default_roles
Definition: auth_common.h:78
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:79
std::list< random_password_info > Userhostpassword_list
Definition: auth_common.h:1121
bool revoke_dynamic_privilege(const LEX_CSTRING &str_priv, const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &update_table)
Revoke one privilege from one user.
Definition: sql_authorization.cc:7008
bool operator==(const Role_id &a, const Auth_id_ref &b)
Definition: sql_authorization.cc:7433
void rebuild_check_host(void)
Definition: sql_auth_cache.cc:1468
bool assert_acl_cache_read_lock(THD *thd)
Assert that thread owns MDL_SHARED on partition specific to the thread.
Definition: sql_auth_cache.cc:3608
std::vector< Role_id > * g_mandatory_roles
Definition: sql_auth_cache.cc:136
std::map< std::string, bool > Dynamic_privileges
Definition: auth_internal.h:275
int replace_column_table(THD *thd, GRANT_TABLE *g_t, TABLE *table, const LEX_USER &combo, List< LEX_COLUMN > &columns, const char *db, const char *table_name, ulong rights, bool revoke_grant)
Update record in the table mysql.columns_priv.
Definition: sql_user_table.cc:1111
void revoke_role(THD *thd, ACL_USER *role, ACL_USER *user)
Used by mysql_revoke_role() for revoking a specified role from a specified user.
Definition: sql_authorization.cc:573
void clean_user_cache()
Definition: sql_auth_cache.cc:1805
void get_granted_roles(LEX_USER *user, List_of_granted_roles *granted_roles)
This is a convenience function.
Definition: sql_authorization.cc:6205
User_to_dynamic_privileges_map * get_dynamic_privileges_map()
Definition: sql_authorization.cc:7175
bool revoke_grant_option_for_all_dynamic_privileges(const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &func)
Revoke grant option to one user for all dynamic privileges.
Definition: sql_authorization.cc:6914
bool drop_default_role_policy(THD *thd, TABLE *table, const Auth_id_ref &default_role_policy, const Auth_id_ref &user)
Drop a specific default role policy given the role- and user names.
Definition: sql_authorization.cc:6349
void roles_graph_delete(void)
Delete the ACL role graph artifacts.
Definition: sql_authorization.cc:7143
void acl_print_ha_error(int handler_error)
Take a handler error and generate the mysql error ER_ACL_OPERATION_FAILED containing original text of...
Definition: sql_user_table.cc:789
std::string get_one_priv(ulong &revoke_privs)
Converts privilege represented by LSB to string.
Definition: auth_common.cc:135
bool update_sctx_cache(Security_context *sctx, ACL_USER *acl_user_ptr, bool expired)
Update the security context when updating the user.
Definition: sql_auth_cache.cc:3121
void roles_init(void)
Initialize the roles caches that consist of the role graphs related artifacts and default role map.
Definition: sql_authorization.cc:7153
void acl_insert_user(THD *thd, const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, ulong privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, Restrictions &restrictions, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa)
Definition: sql_auth_cache.cc:2995
Rsa_authentication_keys * g_sha256_rsa_keys
Definition: sql_authentication.cc:1109
bool acl_reload(THD *thd, bool mdl_locked)
Definition: sql_auth_cache.cc:2152
void acl_tables_setup_for_read(TABLE_LIST *tables)
Setup ACL tables to be opened in read mode.
Definition: sql_user_table.cc:1742
void grant_role(ACL_USER *role, const ACL_USER *user, bool with_admin_opt)
Grants a single role to a single user.
Definition: sql_authorization.cc:799
bool grant_reload(THD *thd, bool mdl_locked)
Reload information about table and column level privileges if possible.
Definition: sql_auth_cache.cc:2642
bool assert_acl_cache_write_lock(THD *thd)
Assert that thread owns MDL_EXCLUSIVE on all partitions.
Definition: sql_auth_cache.cc:3623
void acl_insert_db(const char *user, const char *host, const char *db, ulong privileges)
Definition: sql_auth_cache.cc:3081
void rebuild_vertex_index(THD *thd)
Since the gap in the vertex vector was removed all the vertex descriptors has changed.
Definition: sql_authorization.cc:589
Auth_id_ref create_authid_from(const LEX_USER *user)
Definition: sql_authorization.cc:6615
User_to_dynamic_privileges_map * swap_dynamic_privileges_map(User_to_dynamic_privileges_map *map)
Definition: sql_authorization.cc:7183
void get_mandatory_roles(std::vector< Role_id > *mandatory_roles)
Definition: sql_authorization.cc:7257
Map_with_rw_lock< Auth_id, uint > * unknown_accounts
Hash to map unknown accounts to an authentication plugin.
Definition: sql_authentication.cc:992
int replace_table_table(THD *thd, GRANT_TABLE *grant_table, std::unique_ptr< GRANT_TABLE, Destroy_only< GRANT_TABLE > > *deleted_grant_table, TABLE *table, const LEX_USER &combo, const char *db, const char *table_name, ulong rights, ulong col_rights, bool revoke_grant)
Search and create/update a record for requested table privileges.
Definition: sql_user_table.cc:1388
void clear_and_init_db_cache()
Definition: sql_auth_cache.cc:1296
void acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke)
Definition: sql_auth_cache.cc:3024
const ACL_internal_table_access * get_cached_table_access(GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name, const char *table_name)
Get a cached internal table access.
Definition: sql_authorization.cc:1644
bool modify_role_edges_in_table(THD *thd, TABLE *table, const Auth_id_ref &from_user, const Auth_id_ref &to_user, bool with_admin_option, bool delete_option)
Definition: role_tables.cc:75
std::unordered_multimap< Role_id, Grant_privilege, role_id_hash > User_to_dynamic_privileges_map
Definition: auth_internal.h:311
int replace_proxies_priv_table(THD *thd, TABLE *table, const LEX_USER *user, const LEX_USER *proxied_user, bool with_grant_arg, bool revoke_grant)
Insert, update or remove a record in the mysql.proxies_priv table.
Definition: sql_user_table.cc:955
void create_role_vertex(ACL_USER *role_acl_user)
Helper function for create_roles_vertices.
Definition: sql_authorization.cc:854
void roles_graph_init(void)
Initialize the roles graph artifacts.
Definition: sql_authorization.cc:7135
ACL_USER * find_acl_user(const char *host, const char *user, bool exact)
Definition: sql_auth_cache.cc:1167
std::vector< std::pair< Role_id, bool > > List_of_granted_roles
Definition: auth_internal.h:263
bool clear_default_roles(THD *thd, TABLE *table, const Auth_id_ref &user_auth_id, std::vector< Role_id > *default_roles)
Removes all default role policies assigned to user.
Definition: sql_authorization.cc:6313
bool alter_user_set_default_roles_all(THD *thd, TABLE *def_role_table, LEX_USER *user)
Set all granted role as default roles.
Definition: sql_authorization.cc:6518
char * caching_sha2_rsa_private_key_path
Definition: sha2_password.cc:73
void acl_insert_proxy_user(ACL_PROXY_USER *new_value)
Definition: sql_auth_cache.cc:2304
bool alter_user_set_default_roles(THD *thd, TABLE *table, LEX_USER *user, const List_of_auth_id_refs &new_auth_ids)
Set the default roles for a particular user.
Definition: sql_authorization.cc:6563
bool set_user_salt(ACL_USER *acl_user)
Convert scrambled password to binary form, according to scramble type, Binary form is stored in user....
Definition: sql_auth_cache.cc:1615
bool caching_sha2_auto_generate_rsa_keys
Definition: sha2_password.cc:79
std::string create_authid_str_from(const LEX_USER *user)
Helper used for producing a key to a key-value-map.
Definition: sql_authorization.cc:6607
bool rename_dynamic_grant(const LEX_CSTRING &old_user, const LEX_CSTRING &old_host, const LEX_CSTRING &new_user, const LEX_CSTRING &new_host, Update_dynamic_privilege_table &update_table)
Definition: sql_authorization.cc:7070
void activate_all_granted_and_mandatory_roles(const ACL_USER *acl_user, Security_context *sctx)
Definition: sql_authorization.cc:6191
bool populate_roles_caches(THD *thd, TABLE_LIST *tablelst)
Definition: role_tables.cc:199
void default_roles_init(void)
Initialize the default role map that keeps the content from the default_roles table.
Definition: sql_authorization.cc:7125
void acl_users_add_one(const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, ulong privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const LEX_CSTRING &second_auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, bool add_role_vertex, Restrictions &restrictions, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa, THD *thd)
Definition: sql_auth_cache.cc:2882
bool check_engine_type_for_acl_table(TABLE_LIST *tables, bool report_error)
Check that every ACL table has a supported storage engine (InnoDB).
Definition: sql_user_table.cc:2186
int open_grant_tables(THD *thd, TABLE_LIST *tables, bool *transactional_tables)
Open the grant tables.
Definition: sql_user_table.cc:1962
void activate_all_granted_roles(const ACL_USER *acl_user, Security_context *sctx)
Activates all roles granted to the auth_id.
Definition: sql_authorization.cc:6162
bool report_missing_user_grant_message(THD *thd, bool user_exists, const char *user, const char *host, const char *object_name, int err_code)
Helper method to check if warning or error should be reported based on:
Definition: sql_authorization.cc:2578
ulong get_sort(uint count,...)
Definition: sql_auth_cache.cc:808
void optimize_plugin_compare_by_pointer(LEX_CSTRING *plugin_name)
Definition: sql_authentication.cc:1348
void update_sctx(Security_context *sctx, LEX_USER *to_user)
Definition: sql_authorization.cc:7510
bool auth_plugin_supports_expiration(const char *plugin_name)
Only the plugins that are known to use the mysql.user table to store their passwords support password...
Definition: sql_authentication.cc:1408
void append_auth_id(const THD *thd, ACL_USER *acl_user, String *str)
Append the authorization id for the user.
Definition: sql_auth_cache.cc:694
int replace_db_table(THD *thd, TABLE *table, const char *db, const LEX_USER &combo, ulong rights, bool revoke_grant)
change grants in the mysql.db table.
Definition: sql_user_table.cc:815
bool do_update_sctx(Security_context *sctx, LEX_USER *from_user)
Checks if current user needs to be changed in case it is same as the LEX_USER.
Definition: sql_authorization.cc:7491
void revoke_dynamic_privileges_from_auth_id(const Role_id &id, const std::vector< std::string > &priv_list)
Revoke dynamic privielges from in memory internal auth id.
Definition: sql_authorization.cc:6982
ACL_PROXY_USER * acl_find_proxy_user(const char *user, const char *host, const char *ip, char *authenticated_as, bool *proxy_used)
Validate if a user can proxy as another user.
Definition: sql_auth_cache.cc:1240
std::pair< std::string, bool > Grant_privilege
Definition: auth_internal.h:309
std::map< std::string, Grant_table_aggregate > Table_access_map_storage
Definition: auth_internal.h:66
void dynamic_privileges_delete(void)
Definition: sql_authorization.cc:7170
bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table, const Auth_id_ref &authid_user)
Definition: sql_authorization.cc:610
bool revoke_all_roles_from_user(THD *thd, TABLE *edge_table, TABLE *defaults_table, LEX_USER *user)
Used by mysql_drop_user.
Definition: sql_authorization.cc:721
std::map< std::string, unsigned long > Column_map
Definition: auth_internal.h:57
ulong get_access(TABLE *form, uint fieldnr, uint *next_field)
Definition: sql_user_table.cc:549
char * caching_sha2_rsa_public_key_path
Definition: sha2_password.cc:78
Rsa_authentication_keys * g_caching_sha2_rsa_keys
Definition: sha2_password.cc:80
bool revoke_all_dynamic_privileges(const LEX_CSTRING &user, const LEX_CSTRING &host, Update_dynamic_privilege_table &func)
Revoke all dynamic global privileges.
Definition: sql_authorization.cc:7049
bool log_and_commit_acl_ddl(THD *thd, bool transactional_tables, std::set< LEX_USER * > *extra_users=nullptr, Rewrite_params *rewrite_params=nullptr, bool extra_error=false, bool log_to_binlog=true)
Definition: sql_user_table.cc:683
std::unordered_set< std::string > Grant_acl_set
Definition: auth_internal.h:89
void roles_delete(void)
Delete the role caches.
Definition: sql_authorization.cc:7161
bool check_system_user_privilege(THD *thd, List< LEX_USER > list)
Checks if any of the users has SYSTEM_USER privilege then current user must also have SYSTEM_USER pri...
Definition: sql_authorization.cc:7550
bool grant_dynamic_privilege(const LEX_CSTRING &str_priv, const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, bool with_grant_option, Update_dynamic_privilege_table &func)
Grant one privilege to one user.
Definition: sql_authorization.cc:6808
std::unordered_multimap< Role_id, Role_id, role_id_hash > Default_roles
Definition: auth_internal.h:274
void acl_update_db(const char *user, const char *host, const char *db, ulong privileges)
Definition: sql_auth_cache.cc:3042
bool is_privileged_user_for_credential_change(THD *thd)
Definition: sql_authorization.cc:5849
void get_privilege_access_maps(ACL_USER *acl_user, const List_of_auth_id_refs *using_roles, ulong *access, Db_access_map *db_map, Db_access_map *db_wild_map, Table_access_map *table_map, SP_access_map *sp_map, SP_access_map *func_map, List_of_granted_roles *granted_roles, Grant_acl_set *with_admin_acl, Dynamic_privileges *dynamic_acl, Restrictions &restrictions)
Definition: sql_authorization.cc:4624
bool read_user_application_user_metadata_from_table(LEX_CSTRING user, LEX_CSTRING host, String *metadata_str, TABLE *table, bool mode_no_backslash)
Helper function for recreating the CREATE USER statement when an SHOW CREATE USER statement is issued...
Definition: acl_table_user.cc:2347
bool set_and_validate_user_attributes(THD *thd, LEX_USER *Str, acl_table::Pod_user_what_to_update &what_to_set, bool is_privileged_user, bool is_role, TABLE_LIST *history_table, bool *history_check_done, const char *cmd, Userhostpassword_list &, I_multi_factor_auth **mfa=nullptr)
This function does following:
Definition: sql_user.cc:1244
int replace_routine_table(THD *thd, GRANT_NAME *grant_name, TABLE *table, const LEX_USER &combo, const char *db, const char *routine_name, bool is_proc, ulong rights, bool revoke_grant)
Search and create/update a record for the routine requested.
Definition: sql_user_table.cc:1556
bool grant_dynamic_privileges_to_auth_id(const Role_id &id, const std::vector< std::string > &priv_list)
Grant needed dynamic privielges to in memory internal auth id.
Definition: sql_authorization.cc:6959
void dynamic_privileges_init(void)
Definition: sql_authorization.cc:7166
void default_roles_delete(void)
Delete the default role instance.
Definition: sql_authorization.cc:7130
bool roles_rename_authid(THD *thd, TABLE *edge_table, TABLE *defaults_table, LEX_USER *user_from, LEX_USER *user_to)
Renames a user in the mysql.role_edge and the mysql.default_roles tables.
Definition: sql_authorization.cc:889
std::map< std::string, unsigned long > SP_access_map
Definition: auth_internal.h:64
bool is_expected_or_transient_error(THD *thd)
Small helper function which allows to determine if error which caused failure to open and lock privil...
Definition: sql_auth_cache.cc:2127
bool sha256_rsa_auth_status()
Check if server has valid public key/private key pair for RSA communication.
Definition: sql_authentication.cc:2361
void acl_update_user(const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, ulong privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const std::string &second_auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, Restrictions &restrictions, acl_table::Pod_user_what_to_update &what_to_update, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa)
Definition: sql_auth_cache.cc:2721
void append_identifier(const THD *thd, String *packet, const char *name, size_t length)
Definition: sql_show.cc:1594
bool auth_plugin_is_built_in(const char *plugin_name)
Definition: sql_authentication.cc:1394
bool grant_grant_option_for_all_dynamic_privileges(const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &func)
Grant grant option to one user for all dynamic privileges.
Definition: sql_authorization.cc:6864
void acl_notify_htons(THD *thd, enum_sql_command operation, const List< LEX_USER > *users, std::set< LEX_USER * > *rewrite_users=nullptr, const List< LEX_CSTRING > *dynamic_privs=nullptr)
Definition: sql_user_table.cc:584
std::map< std::string, unsigned long > Db_access_map
Definition: auth_internal.h:65
Definition: sql_auth_cache.h:353
Definition: sql_auth_cache.h:245
Per internal table ACL access rules.
Definition: auth_common.h:105
Storage container for default auth ids.
Definition: auth_common.h:1063
const std::string & host() const
Definition: auth_common.cc:124
const std::string & user() const
Definition: auth_common.cc:123
Definition: my_alloc.h:478
Definition: sql_auth_cache.h:438
Definition: sql_auth_cache.h:445
Definition: sql_auth_cache.h:463
An interface to access information about Multi factor authentication methods.
Definition: sql_mfa.h:44
Represents a JSON container value of type "object" (ECMA), type J_OBJECT here.
Definition: json_dom.h:372
Abstraction for accessing JSON values irrespective of whether they are (started out as) binary JSON v...
Definition: json_dom.h:1160
Definition: sql_list.h:433
Map with RWLock protections.
Definition: auth_utility.h:36
Container of all restrictions for a given user.
Definition: partial_revokes.h:117
An interface to wrap the parameters required by specific Rewriter.
Definition: sql_rewrite.h:51
Definition: sql_authentication.h:103
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:53
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:166
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:922
Definition: auth_internal.h:67
Table_access_map_storage m_values
Definition: auth_internal.h:87
THD * m_thd
Definition: auth_internal.h:86
mapped_type & operator[](const Table_access_map_storage::key_type &key)
Definition: auth_internal.h:74
iterator find(const Table_access_map_storage::key_type &key)
Definition: auth_internal.h:79
Table_access_map_storage::iterator iterator
Definition: auth_internal.h:71
void set_thd(THD *thd)
Definition: auth_internal.h:82
THD * get_thd()
Definition: auth_internal.h:83
Table_access_map_storage::mapped_type mapped_type
Definition: auth_internal.h:73
iterator begin()
Definition: auth_internal.h:77
Table_access_map_storage::value_type value_type
Definition: auth_internal.h:72
iterator end()
Definition: auth_internal.h:78
Table_access_map()
Definition: auth_internal.h:69
Definition: dynamic_privilege_table.h:44
Definition: user_table.h:46
static bool report_error(THD *thd, int error_code, Sql_condition::enum_severity_level level, Args... args)
Definition: error_handler.cc:290
Fido Client Authentication nullptr
Definition: fido_client_plugin.cc:221
static int key_type
Definition: mi_test1.cc:38
enum_sql_command
Definition: my_sqlcommand.h:45
uint64_t table_map
Definition: my_table_map.h:29
static int count
Definition: myisam_ftdump.cc:42
Time declarations shared between the server and client API: you should not add anything to this heade...
char * user
Definition: mysqladmin.cc:59
const char * host
Definition: mysqladmin.cc:58
uint16_t value_type
Definition: vt100.h:182
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1055
const std::string failed_login_attempts("failed_login_attempts")
underkeys of password locking
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:75
const char * table_name
Definition: rules_table_service.cc:55
std::map< Key, Value, Compare, ut::allocator< std::pair< const Key, Value > > > map
Specialization of map which uses ut_allocator.
Definition: ut0new.h:2873
std::conditional_t< !std::is_array< T >::value, std::unique_ptr< T, detail::Deleter< T > >, std::conditional_t< detail::is_unbounded_array_v< T >, std::unique_ptr< T, detail::Array_deleter< std::remove_extent_t< T > > >, void > > unique_ptr
The following is a common type that is returned by all the ut::make_unique (non-aligned) specializati...
Definition: ut0new.h:2436
std::list< T, ut::allocator< T > > list
Specialization of list which uses ut_allocator.
Definition: ut0new.h:2859
required string key
Definition: replication_asynchronous_connection_failover.proto:59
LEX_CSTRING * plugin_name(st_plugin_int **ref)
Definition: sql_plugin_ref.h:94
case opt name
Definition: sslopt-case.h:32
State information for internal tables grants.
Definition: table.h:333
Definition: auth_internal.h:58
Grant_table_aggregate()
Definition: auth_internal.h:59
Column_map columns
Definition: auth_internal.h:62
ulong cols
Definition: auth_internal.h:61
ulong table_access
Definition: auth_internal.h:60
Definition: table.h:2507
Definition: table.h:2551
Definition: mysql_lex_string.h:39
Definition: mysql_time.h:81
Definition: table.h:2684
Definition: table.h:1394
Definition: auth_internal.h:265
std::size_t operator()(const Role_id &k) const
Definition: auth_internal.h:266
Definition: sql_connect.h:40
unsigned int uint
Definition: uca-dump.cc:29
Vio Lite.
SSL_type
Definition: violite.h:303