MySQL 9.0.0
Source Code Documentation
auth_internal.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23/* Internals */
24
25#ifndef AUTH_INTERNAL_INCLUDED
26#define AUTH_INTERNAL_INCLUDED
27
28#include <map>
29#include <set>
30#include <string>
31#include <unordered_map>
32#include <unordered_set>
33
34#include "mysql_time.h" /* MYSQL_TIME */
38#include "sql/auth/sql_mfa.h" /* I_multi_factor_auth */
39#include "sql/auth/user_table.h"
40#include "sql/sql_audit.h"
41#include "sql/table.h"
42#include "violite.h" /* SSL_type */
43
44class ACL_USER;
45class ACL_PROXY_USER;
46class GRANT_NAME;
47class GRANT_TABLE;
48class GRANT_COLUMN;
49class Json_object;
50class Json_wrapper;
51class Restrictions;
52struct TABLE;
53class Rewrite_params;
54
56void append_identifier(const THD *thd, String *packet, const char *name,
57 size_t length);
58typedef std::map<std::string, Access_bitmask> Column_map;
64};
65typedef std::map<std::string, Access_bitmask> SP_access_map;
66typedef std::map<std::string, Access_bitmask> Db_access_map;
67typedef std::map<std::string, Grant_table_aggregate> Table_access_map_storage;
69 public:
71
72 typedef Table_access_map_storage::iterator iterator;
74 typedef Table_access_map_storage::mapped_type mapped_type;
76 return m_values[key];
77 }
78 iterator begin() { return m_values.begin(); }
79 iterator end() { return m_values.end(); }
81 return m_values.find(key);
82 }
83 void set_thd(THD *thd) { m_thd = thd; }
84 THD *get_thd() { return m_thd; }
85
86 private:
89};
90typedef std::unordered_set<std::string> Grant_acl_set;
91
92std::string create_authid_str_from(const LEX_USER *user);
93std::string create_authid_str_from(const ACL_USER *user);
94std::string create_authid_str_from(const Auth_id_ref &user);
97
98std::string get_one_priv(Access_bitmask &revoke_privs);
99/* sql_authentication */
106class Auth_id;
107template <typename K, typename V>
108class Map_with_rw_lock;
110
112bool auth_plugin_is_built_in(const char *plugin_name);
114
116 GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name,
117 const char *table_name);
118
119/* sql_auth_cache */
120ulong get_sort(uint count, ...);
123
124/*sql_authentication */
126
127/* sql_auth_cache */
128void rebuild_check_host(void);
129ACL_USER *find_acl_user(const char *host, const char *user, bool exact);
130ACL_PROXY_USER *acl_find_proxy_user(const char *user, const char *host,
131 const char *ip, char *authenticated_as,
132 bool *proxy_used);
134
135void acl_update_user(const char *user, const char *host, enum SSL_type ssl_type,
136 const char *ssl_cipher, const char *x509_issuer,
137 const char *x509_subject, USER_RESOURCES *mqh,
138 Access_bitmask privileges, const LEX_CSTRING &plugin,
139 const LEX_CSTRING &auth, const std::string &second_auth,
140 const MYSQL_TIME &password_change_time,
141 const LEX_ALTER &password_life, Restrictions &restrictions,
143 uint failed_login_attempts, int password_lock_time,
144 const I_multi_factor_auth *mfa);
145void acl_users_add_one(const char *user, const char *host,
146 enum SSL_type ssl_type, const char *ssl_cipher,
147 const char *x509_issuer, const char *x509_subject,
148 USER_RESOURCES *mqh, Access_bitmask privileges,
149 const LEX_CSTRING &plugin, const LEX_CSTRING &auth,
150 const LEX_CSTRING &second_auth,
151 const MYSQL_TIME &password_change_time,
152 const LEX_ALTER &password_life, bool add_role_vertex,
153 Restrictions &restrictions, uint failed_login_attempts,
154 int password_lock_time, const I_multi_factor_auth *mfa,
155 THD *thd [[maybe_unused]]);
156void acl_insert_user(THD *thd, const char *user, const char *host,
157 enum SSL_type ssl_type, const char *ssl_cipher,
158 const char *x509_issuer, const char *x509_subject,
159 USER_RESOURCES *mqh, Access_bitmask privileges,
160 const LEX_CSTRING &plugin, const LEX_CSTRING &auth,
161 const MYSQL_TIME &password_change_time,
162 const LEX_ALTER &password_life, Restrictions &restrictions,
163 uint failed_login_attempts, int password_lock_time,
164 const I_multi_factor_auth *mfa);
165void acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke);
166void acl_update_db(const char *user, const char *host, const char *db,
167 Access_bitmask privileges);
168void acl_insert_db(const char *user, const char *host, const char *db,
169 Access_bitmask privileges);
170bool update_sctx_cache(Security_context *sctx, ACL_USER *acl_user_ptr,
171 bool expired);
172
173bool do_update_sctx(Security_context *sctx, LEX_USER *from_user);
174void update_sctx(Security_context *sctx, LEX_USER *to_user);
175
177bool acl_reload(THD *thd, bool mdl_locked);
178bool grant_reload(THD *thd, bool mdl_locked);
179void clean_user_cache();
180bool set_user_salt(ACL_USER *acl_user);
181void append_auth_id(const THD *thd, ACL_USER *acl_user, String *str);
182
183/* sql_user_table */
184Access_bitmask get_access(TABLE *form, uint fieldnr, uint *next_field);
185int replace_db_table(THD *thd, TABLE *table, const char *db,
186 const LEX_USER &combo, Access_bitmask rights,
187 bool revoke_grant, bool all_current_privileges);
189 const LEX_USER *proxied_user,
190 bool with_grant_arg, bool revoke_grant);
192 const LEX_USER &combo, List<LEX_COLUMN> &columns,
193 const char *db, const char *table_name,
194 Access_bitmask rights, bool revoke_grant);
195int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
197 *deleted_grant_table,
198 TABLE *table, const LEX_USER &combo, const char *db,
199 const char *table_name, Access_bitmask rights,
200 Access_bitmask col_rights, bool revoke_grant,
201 bool all_current_privileges);
202int replace_routine_table(THD *thd, GRANT_NAME *grant_name, TABLE *table,
203 const LEX_USER &combo, const char *db,
204 const char *routine_name, bool is_proc,
205 Access_bitmask rights, bool revoke_grant,
206 bool all_current_privileges);
207int open_grant_tables(THD *thd, Table_ref *tables, bool *transactional_tables);
209
210void acl_print_ha_error(int handler_error);
212bool log_and_commit_acl_ddl(THD *thd, bool transactional_tables,
213 std::set<LEX_USER *> *extra_users = nullptr,
214 Rewrite_params *rewrite_params = nullptr,
215 bool extra_error = false,
216 bool log_to_binlog = true);
217void acl_notify_htons(THD *thd, enum_sql_command operation,
218 const List<LEX_USER> *users,
219 std::set<LEX_USER *> *rewrite_users = nullptr,
220 const List<LEX_CSTRING> *dynamic_privs = nullptr);
221
222/* sql_authorization */
224void rebuild_vertex_index(THD *thd);
225void default_roles_init(void);
226void default_roles_delete(void);
227void roles_graph_init(void);
228void roles_graph_delete(void);
229void roles_init(void);
230void roles_delete(void);
231void dynamic_privileges_init(void);
233bool grant_dynamic_privilege(const LEX_CSTRING &str_priv,
234 const LEX_CSTRING &str_user,
235 const LEX_CSTRING &str_host,
236 bool with_grant_option,
238bool revoke_dynamic_privilege(const LEX_CSTRING &str_priv,
239 const LEX_CSTRING &str_user,
240 const LEX_CSTRING &str_host,
241 Update_dynamic_privilege_table &update_table);
243 const LEX_CSTRING &host,
245bool rename_dynamic_grant(const LEX_CSTRING &old_user,
246 const LEX_CSTRING &old_host,
247 const LEX_CSTRING &new_user,
248 const LEX_CSTRING &new_host,
249 Update_dynamic_privilege_table &update_table);
251 const LEX_CSTRING &str_user, const LEX_CSTRING &str_host,
254 const LEX_CSTRING &str_user, const LEX_CSTRING &str_host,
257 const Role_id &id, const std::vector<std::string> &priv_list);
259 const Role_id &id, const std::vector<std::string> &priv_list);
260bool operator==(const Role_id &a, const Auth_id_ref &b);
261bool operator==(const Auth_id_ref &a, const Role_id &b);
262bool operator==(const std::pair<const Role_id, Role_id> &a,
263 const Auth_id_ref &b);
264bool operator==(const Role_id &a, const Role_id &b);
265bool operator==(std::pair<const Role_id, std::pair<std::string, bool>> &a,
266 const std::string &b);
267typedef std::vector<std::pair<Role_id, bool>> List_of_granted_roles;
268
270 std::size_t operator()(const Role_id &k) const {
271 using std::hash;
272 using std::size_t;
273 using std::string;
274 return ((hash<string>()(k.user()) ^ (hash<string>()(k.host()) << 1)) >> 1);
275 }
276};
277
278typedef std::unordered_multimap<Role_id, Role_id, role_id_hash> Default_roles;
279typedef std::map<std::string, bool> Dynamic_privileges;
280
282 ACL_USER *acl_user, const List_of_auth_id_refs *using_roles,
283 Access_bitmask *access, Db_access_map *db_map, Db_access_map *db_wild_map,
285 List_of_granted_roles *granted_roles, Grant_acl_set *with_admin_acl,
286 Dynamic_privileges *dynamic_acl, Restrictions &restrictions);
288 const Auth_id_ref &user_auth_id,
289 std::vector<Role_id> *default_roles);
292 const Auth_id_ref &default_role_policy,
293 const Auth_id_ref &user);
294void revoke_role(THD *thd, ACL_USER *role, ACL_USER *user);
295bool revoke_all_roles_from_user(THD *thd, TABLE *edge_table,
296 TABLE *defaults_table, LEX_USER *user);
297bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table,
298 const Auth_id_ref &authid_user);
300 const Auth_id_ref &from_user,
301 const Auth_id_ref &to_user,
302 bool with_admin_option, bool delete_option);
305 const LEX_CSTRING &host);
306bool roles_rename_authid(THD *thd, TABLE *edge_table, TABLE *defaults_table,
307 LEX_USER *user_from, LEX_USER *user_to);
309 THD *thd, LEX_USER *Str, acl_table::Pod_user_what_to_update &what_to_set,
310 bool is_privileged_user, bool is_role, Table_ref *history_table,
311 bool *history_check_done, const char *cmd, Userhostpassword_list &,
312 I_multi_factor_auth **mfa = nullptr, bool if_not_exists = false);
313typedef std::pair<std::string, bool> Grant_privilege;
314typedef std::unordered_multimap<Role_id, Grant_privilege, role_id_hash>
319bool populate_roles_caches(THD *thd, Table_ref *tablelst);
320void grant_role(ACL_USER *role, const ACL_USER *user, bool with_admin_opt);
321void get_mandatory_roles(std::vector<Role_id> *mandatory_roles);
322extern std::vector<Role_id> *g_mandatory_roles;
323void create_role_vertex(ACL_USER *role_acl_user);
324void activate_all_granted_roles(const ACL_USER *acl_user,
325 Security_context *sctx);
327 Security_context *sctx);
328
330 const List_of_auth_id_refs &new_auth_ids);
331
332bool alter_user_set_default_roles_all(THD *thd, TABLE *def_role_table,
333 LEX_USER *user);
334/*
335 Checks if any of the users has SYSTEM_USER privilege then current user
336 must also have SYSTEM_USER privilege.
337 It is a wrapper over the Privilege_checker class that does
338 privilege checks for one user at a time.
339*/
341
344 String *metadata_str,
345 TABLE *table,
346 bool mode_no_backslash);
348bool report_missing_user_grant_message(THD *thd, bool user_exists,
349 const char *user, const char *host,
350 const char *object_name, int err_code);
351#endif /* AUTH_INTERNAL_INCLUDED */
uint32_t Access_bitmask
Definition: auth_acls.h:34
std::pair< LEX_CSTRING, LEX_CSTRING > Auth_id_ref
user, host tuple which reference either acl_cache or g_default_roles
Definition: auth_common.h:80
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:81
std::list< random_password_info > Userhostpassword_list
Definition: auth_common.h:1128
bool revoke_dynamic_privilege(const LEX_CSTRING &str_priv, const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &update_table)
Revoke one privilege from one user.
Definition: sql_authorization.cc:7047
bool operator==(const Role_id &a, const Auth_id_ref &b)
Definition: sql_authorization.cc:7462
std::map< std::string, Access_bitmask > SP_access_map
Definition: auth_internal.h:65
void rebuild_check_host(void)
Definition: sql_auth_cache.cc:1479
bool assert_acl_cache_read_lock(THD *thd)
Assert that thread owns MDL_SHARED on partition specific to the thread.
Definition: sql_auth_cache.cc:3626
std::map< std::string, Access_bitmask > Db_access_map
Definition: auth_internal.h:66
void acl_update_user(const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, Access_bitmask privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const std::string &second_auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, Restrictions &restrictions, acl_table::Pod_user_what_to_update &what_to_update, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa)
Definition: sql_auth_cache.cc:2738
std::vector< Role_id > * g_mandatory_roles
Definition: sql_auth_cache.cc:139
std::map< std::string, bool > Dynamic_privileges
Definition: auth_internal.h:279
void revoke_role(THD *thd, ACL_USER *role, ACL_USER *user)
Used by mysql_revoke_role() for revoking a specified role from a specified user.
Definition: sql_authorization.cc:597
void clean_user_cache()
Definition: sql_auth_cache.cc:1817
void get_granted_roles(LEX_USER *user, List_of_granted_roles *granted_roles)
This is a convenience function.
Definition: sql_authorization.cc:6244
User_to_dynamic_privileges_map * get_dynamic_privileges_map()
Definition: sql_authorization.cc:7214
void acl_update_db(const char *user, const char *host, const char *db, Access_bitmask privileges)
Definition: sql_auth_cache.cc:3059
int replace_routine_table(THD *thd, GRANT_NAME *grant_name, TABLE *table, const LEX_USER &combo, const char *db, const char *routine_name, bool is_proc, Access_bitmask rights, bool revoke_grant, bool all_current_privileges)
Search and create/update a record for the routine requested.
Definition: sql_user_table.cc:1951
bool revoke_grant_option_for_all_dynamic_privileges(const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &func)
Revoke grant option to one user for all dynamic privileges.
Definition: sql_authorization.cc:6953
bool drop_default_role_policy(THD *thd, TABLE *table, const Auth_id_ref &default_role_policy, const Auth_id_ref &user)
Drop a specific default role policy given the role- and user names.
Definition: sql_authorization.cc:6388
void roles_graph_delete(void)
Delete the ACL role graph artifacts.
Definition: sql_authorization.cc:7182
void acl_print_ha_error(int handler_error)
Take a handler error and generate the mysql error ER_ACL_OPERATION_FAILED containing original text of...
Definition: sql_user_table.cc:796
bool update_sctx_cache(Security_context *sctx, ACL_USER *acl_user_ptr, bool expired)
Update the security context when updating the user.
Definition: sql_auth_cache.cc:3138
void roles_init(void)
Initialize the roles caches that consist of the role graphs related artifacts and default role map.
Definition: sql_authorization.cc:7192
Rsa_authentication_keys * g_sha256_rsa_keys
Definition: sql_authentication.cc:1341
bool acl_reload(THD *thd, bool mdl_locked)
Definition: sql_auth_cache.cc:2164
int open_grant_tables(THD *thd, Table_ref *tables, bool *transactional_tables)
Open the grant tables.
Definition: sql_user_table.cc:2370
void grant_role(ACL_USER *role, const ACL_USER *user, bool with_admin_opt)
Grants a single role to a single user.
Definition: sql_authorization.cc:823
void acl_users_add_one(const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, Access_bitmask privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const LEX_CSTRING &second_auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, bool add_role_vertex, Restrictions &restrictions, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa, THD *thd)
Definition: sql_auth_cache.cc:2899
bool grant_reload(THD *thd, bool mdl_locked)
Reload information about table and column level privileges if possible.
Definition: sql_auth_cache.cc:2654
bool assert_acl_cache_write_lock(THD *thd)
Assert that thread owns MDL_EXCLUSIVE on all partitions.
Definition: sql_auth_cache.cc:3641
void rebuild_vertex_index(THD *thd)
Since the gap in the vertex vector was removed all the vertex descriptors has changed.
Definition: sql_authorization.cc:613
Auth_id_ref create_authid_from(const LEX_USER *user)
Definition: sql_authorization.cc:6654
std::map< std::string, Access_bitmask > Column_map
Definition: auth_internal.h:58
User_to_dynamic_privileges_map * swap_dynamic_privileges_map(User_to_dynamic_privileges_map *map)
Definition: sql_authorization.cc:7222
void get_mandatory_roles(std::vector< Role_id > *mandatory_roles)
Definition: sql_authorization.cc:7296
Map_with_rw_lock< Auth_id, uint > * unknown_accounts
Hash to map unknown accounts to an authentication plugin.
Definition: sql_authentication.cc:1194
void clear_and_init_db_cache()
Definition: sql_auth_cache.cc:1302
void acl_update_proxy_user(ACL_PROXY_USER *new_value, bool is_revoke)
Definition: sql_auth_cache.cc:3041
const ACL_internal_table_access * get_cached_table_access(GRANT_INTERNAL_INFO *grant_internal_info, const char *schema_name, const char *table_name)
Get a cached internal table access.
Definition: sql_authorization.cc:1671
bool modify_role_edges_in_table(THD *thd, TABLE *table, const Auth_id_ref &from_user, const Auth_id_ref &to_user, bool with_admin_option, bool delete_option)
Definition: role_tables.cc:76
std::unordered_multimap< Role_id, Grant_privilege, role_id_hash > User_to_dynamic_privileges_map
Definition: auth_internal.h:315
int replace_proxies_priv_table(THD *thd, TABLE *table, const LEX_USER *user, const LEX_USER *proxied_user, bool with_grant_arg, bool revoke_grant)
Insert, update or remove a record in the mysql.proxies_priv table.
Definition: sql_user_table.cc:1150
void create_role_vertex(ACL_USER *role_acl_user)
Helper function for create_roles_vertices.
Definition: sql_authorization.cc:878
void roles_graph_init(void)
Initialize the roles graph artifacts.
Definition: sql_authorization.cc:7174
ACL_USER * find_acl_user(const char *host, const char *user, bool exact)
Definition: sql_auth_cache.cc:1173
std::vector< std::pair< Role_id, bool > > List_of_granted_roles
Definition: auth_internal.h:267
bool clear_default_roles(THD *thd, TABLE *table, const Auth_id_ref &user_auth_id, std::vector< Role_id > *default_roles)
Removes all default role policies assigned to user.
Definition: sql_authorization.cc:6352
bool set_and_validate_user_attributes(THD *thd, LEX_USER *Str, acl_table::Pod_user_what_to_update &what_to_set, bool is_privileged_user, bool is_role, Table_ref *history_table, bool *history_check_done, const char *cmd, Userhostpassword_list &, I_multi_factor_auth **mfa=nullptr, bool if_not_exists=false)
This function does following:
Definition: sql_user.cc:1274
bool alter_user_set_default_roles_all(THD *thd, TABLE *def_role_table, LEX_USER *user)
Set all granted role as default roles.
Definition: sql_authorization.cc:6557
int replace_column_table(THD *thd, GRANT_TABLE *g_t, TABLE *table, const LEX_USER &combo, List< LEX_COLUMN > &columns, const char *db, const char *table_name, Access_bitmask rights, bool revoke_grant)
Update record in the table mysql.columns_priv.
Definition: sql_user_table.cc:1306
char * caching_sha2_rsa_private_key_path
Definition: sha2_password.cc:75
void acl_insert_proxy_user(ACL_PROXY_USER *new_value)
Definition: sql_auth_cache.cc:2316
bool alter_user_set_default_roles(THD *thd, TABLE *table, LEX_USER *user, const List_of_auth_id_refs &new_auth_ids)
Set the default roles for a particular user.
Definition: sql_authorization.cc:6602
bool set_user_salt(ACL_USER *acl_user)
Convert scrambled password to binary form, according to scramble type, Binary form is stored in user....
Definition: sql_auth_cache.cc:1626
void get_privilege_access_maps(ACL_USER *acl_user, const List_of_auth_id_refs *using_roles, Access_bitmask *access, Db_access_map *db_map, Db_access_map *db_wild_map, Table_access_map *table_map, SP_access_map *sp_map, SP_access_map *func_map, List_of_granted_roles *granted_roles, Grant_acl_set *with_admin_acl, Dynamic_privileges *dynamic_acl, Restrictions &restrictions)
Definition: sql_authorization.cc:4657
bool caching_sha2_auto_generate_rsa_keys
Definition: sha2_password.cc:81
std::string create_authid_str_from(const LEX_USER *user)
Helper used for producing a key to a key-value-map.
Definition: sql_authorization.cc:6646
bool rename_dynamic_grant(const LEX_CSTRING &old_user, const LEX_CSTRING &old_host, const LEX_CSTRING &new_user, const LEX_CSTRING &new_host, Update_dynamic_privilege_table &update_table)
Definition: sql_authorization.cc:7109
void acl_tables_setup_for_read(Table_ref *tables)
Setup ACL tables to be opened in read mode.
Definition: sql_user_table.cc:2150
void activate_all_granted_and_mandatory_roles(const ACL_USER *acl_user, Security_context *sctx)
Definition: sql_authorization.cc:6230
void default_roles_init(void)
Initialize the default role map that keeps the content from the default_roles table.
Definition: sql_authorization.cc:7164
void acl_insert_db(const char *user, const char *host, const char *db, Access_bitmask privileges)
Definition: sql_auth_cache.cc:3098
std::string get_one_priv(Access_bitmask &revoke_privs)
Converts privilege represented by LSB to string.
Definition: auth_common.cc:136
Access_bitmask get_access(TABLE *form, uint fieldnr, uint *next_field)
Definition: sql_user_table.cc:552
bool check_engine_type_for_acl_table(Table_ref *tables, bool report_error)
Check that every ACL table has a supported storage engine (InnoDB).
Definition: sql_user_table.cc:2593
void activate_all_granted_roles(const ACL_USER *acl_user, Security_context *sctx)
Activates all roles granted to the auth_id.
Definition: sql_authorization.cc:6201
bool report_missing_user_grant_message(THD *thd, bool user_exists, const char *user, const char *host, const char *object_name, int err_code)
Helper method to check if warning or error should be reported based on:
Definition: sql_authorization.cc:2595
ulong get_sort(uint count,...)
Definition: sql_auth_cache.cc:811
void optimize_plugin_compare_by_pointer(LEX_CSTRING *plugin_name)
Definition: sql_authentication.cc:1580
void update_sctx(Security_context *sctx, LEX_USER *to_user)
Definition: sql_authorization.cc:7539
bool auth_plugin_supports_expiration(const char *plugin_name)
Only the plugins that are known to use the mysql.user table to store their passwords support password...
Definition: sql_authentication.cc:1598
void append_auth_id(const THD *thd, ACL_USER *acl_user, String *str)
Append the authorization id for the user.
Definition: sql_auth_cache.cc:697
bool do_update_sctx(Security_context *sctx, LEX_USER *from_user)
Checks if current user needs to be changed in case it is same as the LEX_USER.
Definition: sql_authorization.cc:7520
void revoke_dynamic_privileges_from_auth_id(const Role_id &id, const std::vector< std::string > &priv_list)
Revoke dynamic privielges from in memory internal auth id.
Definition: sql_authorization.cc:7021
ACL_PROXY_USER * acl_find_proxy_user(const char *user, const char *host, const char *ip, char *authenticated_as, bool *proxy_used)
Validate if a user can proxy as another user.
Definition: sql_auth_cache.cc:1246
std::pair< std::string, bool > Grant_privilege
Definition: auth_internal.h:313
std::map< std::string, Grant_table_aggregate > Table_access_map_storage
Definition: auth_internal.h:67
void dynamic_privileges_delete(void)
Definition: sql_authorization.cc:7209
bool drop_role(THD *thd, TABLE *edge_table, TABLE *defaults_table, const Auth_id_ref &authid_user)
Definition: sql_authorization.cc:634
bool revoke_all_roles_from_user(THD *thd, TABLE *edge_table, TABLE *defaults_table, LEX_USER *user)
Used by mysql_drop_user.
Definition: sql_authorization.cc:745
char * caching_sha2_rsa_public_key_path
Definition: sha2_password.cc:80
Rsa_authentication_keys * g_caching_sha2_rsa_keys
Definition: sha2_password.cc:82
bool revoke_all_dynamic_privileges(const LEX_CSTRING &user, const LEX_CSTRING &host, Update_dynamic_privilege_table &func)
Revoke all dynamic global privileges.
Definition: sql_authorization.cc:7088
bool log_and_commit_acl_ddl(THD *thd, bool transactional_tables, std::set< LEX_USER * > *extra_users=nullptr, Rewrite_params *rewrite_params=nullptr, bool extra_error=false, bool log_to_binlog=true)
Definition: sql_user_table.cc:686
std::unordered_set< std::string > Grant_acl_set
Definition: auth_internal.h:90
void roles_delete(void)
Delete the role caches.
Definition: sql_authorization.cc:7200
bool check_system_user_privilege(THD *thd, List< LEX_USER > list)
Checks if any of the users has SYSTEM_USER privilege then current user must also have SYSTEM_USER pri...
Definition: sql_authorization.cc:7579
bool grant_dynamic_privilege(const LEX_CSTRING &str_priv, const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, bool with_grant_option, Update_dynamic_privilege_table &func)
Grant one privilege to one user.
Definition: sql_authorization.cc:6847
std::unordered_multimap< Role_id, Role_id, role_id_hash > Default_roles
Definition: auth_internal.h:278
bool populate_roles_caches(THD *thd, Table_ref *tablelst)
Definition: role_tables.cc:200
bool is_privileged_user_for_credential_change(THD *thd)
Definition: sql_authorization.cc:5888
bool read_user_application_user_metadata_from_table(LEX_CSTRING user, LEX_CSTRING host, String *metadata_str, TABLE *table, bool mode_no_backslash)
Helper function for recreating the CREATE USER statement when an SHOW CREATE USER statement is issued...
Definition: acl_table_user.cc:2305
int replace_db_table(THD *thd, TABLE *table, const char *db, const LEX_USER &combo, Access_bitmask rights, bool revoke_grant, bool all_current_privileges)
change grants in the mysql.db table.
Definition: sql_user_table.cc:983
void acl_insert_user(THD *thd, const char *user, const char *host, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, Access_bitmask privileges, const LEX_CSTRING &plugin, const LEX_CSTRING &auth, const MYSQL_TIME &password_change_time, const LEX_ALTER &password_life, Restrictions &restrictions, uint failed_login_attempts, int password_lock_time, const I_multi_factor_auth *mfa)
Definition: sql_auth_cache.cc:3012
int replace_table_table(THD *thd, GRANT_TABLE *grant_table, std::unique_ptr< GRANT_TABLE, Destroy_only< GRANT_TABLE > > *deleted_grant_table, TABLE *table, const LEX_USER &combo, const char *db, const char *table_name, Access_bitmask rights, Access_bitmask col_rights, bool revoke_grant, bool all_current_privileges)
Search and create/update a record for requested table privileges.
Definition: sql_user_table.cc:1771
bool grant_dynamic_privileges_to_auth_id(const Role_id &id, const std::vector< std::string > &priv_list)
Grant needed dynamic privielges to in memory internal auth id.
Definition: sql_authorization.cc:6998
void dynamic_privileges_init(void)
Definition: sql_authorization.cc:7205
void default_roles_delete(void)
Delete the default role instance.
Definition: sql_authorization.cc:7169
bool roles_rename_authid(THD *thd, TABLE *edge_table, TABLE *defaults_table, LEX_USER *user_from, LEX_USER *user_to)
Renames a user in the mysql.role_edge and the mysql.default_roles tables.
Definition: sql_authorization.cc:913
bool is_expected_or_transient_error(THD *thd)
Small helper function which allows to determine if error which caused failure to open and lock privil...
Definition: sql_auth_cache.cc:2139
bool sha256_rsa_auth_status()
Check if server has valid public key/private key pair for RSA communication.
Definition: sql_authentication.cc:2544
void append_identifier(const THD *thd, String *packet, const char *name, size_t length)
Definition: sql_show.cc:1603
bool auth_plugin_is_built_in(const char *plugin_name)
Definition: sql_authentication.cc:1585
bool grant_grant_option_for_all_dynamic_privileges(const LEX_CSTRING &str_user, const LEX_CSTRING &str_host, Update_dynamic_privilege_table &func)
Grant grant option to one user for all dynamic privileges.
Definition: sql_authorization.cc:6903
void acl_notify_htons(THD *thd, enum_sql_command operation, const List< LEX_USER > *users, std::set< LEX_USER * > *rewrite_users=nullptr, const List< LEX_CSTRING > *dynamic_privs=nullptr)
Definition: sql_user_table.cc:587
Kerberos Client Authentication nullptr
Definition: auth_kerberos_client_plugin.cc:251
Definition: sql_auth_cache.h:354
Definition: sql_auth_cache.h:246
Per internal table ACL access rules.
Definition: auth_common.h:107
Storage container for default auth ids.
Definition: auth_common.h:1070
const std::string & host() const
Definition: auth_common.cc:125
const std::string & user() const
Definition: auth_common.cc:124
Definition: my_alloc.h:470
Definition: sql_auth_cache.h:439
Definition: sql_auth_cache.h:446
Definition: sql_auth_cache.h:464
An interface to access information about Multi factor authentication methods.
Definition: sql_mfa.h:49
Represents a JSON container value of type "object" (ECMA), type J_OBJECT here.
Definition: json_dom.h:369
Abstraction for accessing JSON values irrespective of whether they are (started out as) binary JSON v...
Definition: json_dom.h:1153
Definition: sql_list.h:467
Map with RWLock protections.
Definition: auth_utility.h:37
Container of all restrictions for a given user.
Definition: partial_revokes.h:155
An interface to wrap the parameters required by specific Rewriter.
Definition: sql_rewrite.h:52
Definition: sql_authentication.h:104
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:54
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:167
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:36
Definition: auth_internal.h:68
Table_access_map_storage m_values
Definition: auth_internal.h:88
THD * m_thd
Definition: auth_internal.h:87
mapped_type & operator[](const Table_access_map_storage::key_type &key)
Definition: auth_internal.h:75
iterator find(const Table_access_map_storage::key_type &key)
Definition: auth_internal.h:80
Table_access_map_storage::iterator iterator
Definition: auth_internal.h:72
void set_thd(THD *thd)
Definition: auth_internal.h:83
THD * get_thd()
Definition: auth_internal.h:84
Table_access_map_storage::mapped_type mapped_type
Definition: auth_internal.h:74
iterator begin()
Definition: auth_internal.h:78
Table_access_map_storage::value_type value_type
Definition: auth_internal.h:73
iterator end()
Definition: auth_internal.h:79
Table_access_map()
Definition: auth_internal.h:70
Definition: table.h:2871
Definition: dynamic_privilege_table.h:45
Definition: user_table.h:47
static bool report_error(THD *thd, int error_code, Sql_condition::enum_severity_level level, Args... args)
Definition: error_handler.cc:290
enum_sql_command
Definition: my_sqlcommand.h:46
uint64_t table_map
Definition: my_table_map.h:30
static int count
Definition: myisam_ftdump.cc:45
Time declarations shared between the server and client API: you should not add anything to this heade...
char * user
Definition: mysqladmin.cc:66
const char * host
Definition: mysqladmin.cc:65
uint16_t value_type
Definition: vt100.h:184
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1081
static PFS_engine_table_share_proxy table
Definition: pfs.cc:61
const std::string failed_login_attempts("failed_login_attempts")
underkeys of password locking
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:76
int key_type
Definition: method.h:38
const char * table_name
Definition: rules_table_service.cc:56
std::map< Key, Value, Compare, ut::allocator< std::pair< const Key, Value > > > map
Specialization of map which uses ut_allocator.
Definition: ut0new.h:2893
std::conditional_t< !std::is_array< T >::value, std::unique_ptr< T, detail::Deleter< T > >, std::conditional_t< detail::is_unbounded_array_v< T >, std::unique_ptr< T, detail::Array_deleter< std::remove_extent_t< T > > >, void > > unique_ptr
The following is a common type that is returned by all the ut::make_unique (non-aligned) specializati...
Definition: ut0new.h:2439
std::list< T, ut::allocator< T > > list
Specialization of list which uses ut_allocator.
Definition: ut0new.h:2879
required string key
Definition: replication_asynchronous_connection_failover.proto:60
LEX_CSTRING * plugin_name(st_plugin_int **ref)
Definition: sql_plugin_ref.h:95
case opt name
Definition: sslopt-case.h:29
State information for internal tables grants.
Definition: table.h:346
Definition: auth_internal.h:59
Access_bitmask table_access
Definition: auth_internal.h:61
Grant_table_aggregate()
Definition: auth_internal.h:60
Column_map columns
Definition: auth_internal.h:63
Access_bitmask cols
Definition: auth_internal.h:62
Definition: table.h:2694
Definition: table.h:2738
Definition: mysql_lex_string.h:40
Definition: mysql_time.h:82
Definition: table.h:1407
Definition: auth_internal.h:269
std::size_t operator()(const Role_id &k) const
Definition: auth_internal.h:270
Definition: sql_connect.h:41
Vio Lite.
SSL_type
Definition: violite.h:307