 |
MySQL 9.1.0
Source Code Documentation
|
|
MySQL 9.1.0
Source Code Documentation
|
A set of THD members describing the current authenticated user. More...
#include <sql_security_ctx.h>
Public Member Functions | |
| Security_context (THD *thd=nullptr) | |
| ~Security_context () | |
| Security_context (const Security_context &src_sctx) | |
| Security_context & | operator= (const Security_context &src_sctx) |
| void | skip_grants (const char *user="skip-grants user", const char *host="skip-grants host") |
| Grants all privilegs to user. More... | |
| bool | is_skip_grants_user () |
| LEX_CSTRING | user () const |
| Getter method for member m_user. More... | |
| void | set_user_ptr (const char *user_arg, const size_t user_arg_length) |
| Setter method for member m_user. More... | |
| void | assign_user (const char *user_arg, const size_t user_arg_length) |
| Setter method for member m_user. More... | |
| std::pair< bool, bool > | has_global_grant (const char *priv, size_t priv_len) |
| Checks if the Current_user has the asked dynamic privilege. More... | |
| std::pair< bool, bool > | has_global_grant (const Auth_id &auth_id, const std::string &privilege, bool cumulative=false) |
| Checks if the Auth_id have the asked dynamic privilege. More... | |
| bool | can_operate_with (const Auth_id &auth_id, const std::string &privilege, bool cumulative=false, bool ignore_if_nonextant=true, bool throw_error=true) |
| Checks if the specified auth_id with privilege can work with the current_user. More... | |
| int | activate_role (LEX_CSTRING user, LEX_CSTRING host, bool validate_access=false) |
| This method pushes a role to the list of active roles. More... | |
| void | clear_active_roles (void) |
| This helper method clears the active roles list and frees the allocated memory used for any previously activated roles. More... | |
| List_of_auth_id_refs * | get_active_roles () |
| size_t | get_num_active_roles () const |
| void | get_active_roles (THD *, List< LEX_USER > &) |
| Get sorted list of roles in LEX_USER format. More... | |
| void | checkout_access_maps (void) |
| Subscribes to a cache entry of aggregated ACLs. More... | |
| Access_bitmask | db_acl (LEX_CSTRING db, bool use_pattern_scan=true) const |
| Get grant information for given database. More... | |
| Access_bitmask | check_db_level_access (THD *thd, const char *db, size_t db_len, bool db_is_pattern=false) const |
| Checks if any database level privileges are granted to the current session either directly or through active roles. More... | |
| Access_bitmask | procedure_acl (LEX_CSTRING db, LEX_CSTRING procedure_name) |
| Access_bitmask | function_acl (LEX_CSTRING db, LEX_CSTRING procedure_name) |
| Access_bitmask | table_acl (LEX_CSTRING db, LEX_CSTRING table) |
| Grant_table_aggregate | table_and_column_acls (LEX_CSTRING db, LEX_CSTRING table) |
| bool | has_with_admin_acl (const LEX_CSTRING &role_name, const LEX_CSTRING &role_host) |
| bool | any_sp_acl (const LEX_CSTRING &db) |
| bool | any_table_acl (const LEX_CSTRING &db) |
| bool | is_table_blocked (Access_bitmask priv, TABLE const *table) |
| Check if required access to given table is not restricted. More... | |
| bool | has_column_access (Access_bitmask priv, TABLE const *table, std::vector< std::string > column) |
| Check if required access to given table column is granted. More... | |
| LEX_CSTRING | host () const |
| Getter method for member m_host. More... | |
| void | set_host_ptr (const char *host_arg, const size_t host_arg_length) |
| Setter method for member m_host. More... | |
| void | assign_host (const char *host_arg, const size_t host_arg_length) |
| Setter method for member m_host. More... | |
| LEX_CSTRING | ip () const |
| Getter method for member m_ip. More... | |
| void | set_ip_ptr (const char *ip_arg, const int ip_arg_length) |
| Setter method for member m_ip. More... | |
| void | assign_ip (const char *ip_arg, const int ip_arg_length) |
| Setter method for member m_ip. More... | |
| LEX_CSTRING | host_or_ip () const |
| Getter method for member m_host_or_ip. More... | |
| void | set_host_or_ip_ptr () |
| Setter method for member m_host_or_ip. More... | |
| void | set_host_or_ip_ptr (const char *host_or_ip_arg, const int host_or_ip_arg_length) |
| Setter method for member m_host_or_ip. More... | |
| LEX_CSTRING | external_user () const |
| Getter method for member m_external_user. More... | |
| void | set_external_user_ptr (const char *ext_user_arg, const int ext_user_arg_length) |
| Setter method for member m_external_user. More... | |
| void | assign_external_user (const char *ext_user_arg, const int ext_user_arg_length) |
| Setter method for member m_external_user. More... | |
| LEX_CSTRING | priv_user () const |
| Getter method for member m_priv_user. More... | |
| void | assign_priv_user (const char *priv_user_arg, const size_t priv_user_arg_length) |
| Setter method for member m_priv_user. More... | |
| LEX_CSTRING | proxy_user () const |
| Getter method for member m_proxy_user. More... | |
| void | assign_proxy_user (const char *proxy_user_arg, const size_t proxy_user_arg_length) |
| Setter method for member m_proxy_user. More... | |
| LEX_CSTRING | priv_host () const |
| Getter method for member m_priv_host. More... | |
| void | assign_priv_host (const char *priv_host_arg, const size_t priv_host_arg_length) |
| Setter method for member m_priv_host. More... | |
| const char * | priv_host_name () const |
| Access_bitmask | master_access () const |
| Getter method for member m_master_access. More... | |
| Access_bitmask | master_access (const std::string &db_name) const |
| const Restrictions | restrictions () const |
| void | set_master_access (Access_bitmask master_access) |
| void | set_master_access (Access_bitmask master_access, const Restrictions &restrictions) |
| bool | has_account_assigned () const |
| Check if a an account has been assigned to the security context. More... | |
| bool | check_access (Access_bitmask want_access, const std::string &db_name="", bool match_any=false) |
| Check permission against m_master_access. More... | |
| Access_bitmask | current_db_access () const |
| Returns the schema level effective privileges (with applied roles) for the currently active schema. More... | |
| void | cache_current_db_access (Access_bitmask db_access) |
| Cache the schema level effective privileges (apply roles first!) for the currently active schema. More... | |
| bool | password_expired () const |
| Getter method for member m_password_expired. More... | |
| void | set_password_expired (bool password_expired) |
| bool | change_security_context (THD *thd, const LEX_CSTRING &definer_user, const LEX_CSTRING &definer_host, const char *db, Security_context **backup, bool force=false) |
| Initialize this security context from the passed in credentials and activate it in the current thread. More... | |
| void | restore_security_context (THD *thd, Security_context *backup) |
| bool | user_matches (Security_context *) |
| void | logout () |
| bool | account_is_locked () |
| Locked account can still be used as routine definers and when they are there shouldn't be any checks for expired passwords. More... | |
| void | lock_account (bool is_locked) |
| void | set_drop_policy (const std::function< void(Security_context *)> &func) |
| void | add_as_local_temp_privs (const std::vector< std::string > &privs) |
| bool | check_in_local_temp_privs (const std::string &priv) |
| bool | has_drop_policy (void) |
| bool | has_executed_drop_policy (void) |
| void | execute_drop_policy (void) |
| bool | is_access_restricted_on_db (Access_bitmask want_access, const std::string &db_name) const |
| void | clear_db_restrictions () |
| bool | is_in_registration_sandbox_mode () |
| void | set_registration_sandbox_mode (bool v) |
| void | set_thd (THD *thd) |
| THD * | get_thd () |
Static Public Member Functions | |
| static Access_bitmask | check_db_level_access (THD *thd, const Security_context *sctx, const char *host, const char *ip, const char *user, const char *db, size_t db_len, bool db_is_pattern=false) |
| Checks if any database level privileges are granted to the current session either directly or through active roles. More... | |
Private Member Functions | |
| void | init () |
| void | destroy () |
| void | copy_security_ctx (const Security_context &src_sctx) |
| Deep copy status of sctx object to this. More... | |
| Access_bitmask | filter_access (const Access_bitmask access, const std::string &db_name) const |
| If there is a restriction attached to an access on the given database then remove that access otherwise return the access without any change. More... | |
| void | init_restrictions (const Restrictions &restrictions) |
| std::pair< bool, bool > | fetch_global_grant (const ACL_USER &acl_user, const std::string &privilege, bool cumulative=false) |
| Checks if the acl_user does have the asked dynamic privilege. More... | |
| bool | has_table_access (Access_bitmask priv, Table_ref *table) |
| Check if required access to given table is granted. More... | |
Private Attributes | |
| String | m_user |
| m_user - user of the client, set to NULL until the user has been read from the connection More... | |
| String | m_host |
| m_host - host of the client More... | |
| String | m_ip |
| m_ip - client IP More... | |
| String | m_host_or_ip |
| m_host_or_ip - points to host if host is available, otherwise points to ip More... | |
| String | m_external_user |
| char | m_priv_user [USERNAME_LENGTH] |
| m_priv_user - The user privilege we are using. More... | |
| size_t | m_priv_user_length |
| char | m_proxy_user [USERNAME_LENGTH+HOSTNAME_LENGTH+6] |
| size_t | m_proxy_user_length |
| char | m_priv_host [HOSTNAME_LENGTH+1] |
| The host privilege we are using. More... | |
| size_t | m_priv_host_length |
| Access_bitmask | m_master_access |
| Global privileges from mysql.user. More... | |
| Access_bitmask | m_db_access |
| Privileges for current db. More... | |
| bool | m_password_expired |
| password expiration flag. More... | |
| List_of_auth_id_refs | m_active_roles |
| Acl_map * | m_acl_map |
| bool | m_is_locked |
| True if this account can't be logged into. More... | |
| bool | m_is_skip_grants_user |
| True if the skip_grants_user is set. More... | |
| bool | m_executed_drop_policy |
| bool | m_has_drop_policy |
| std::unique_ptr< std::function< void(Security_context *)> > | m_drop_policy |
| Restrictions | m_restrictions |
| bool | m_registration_sandbox_mode |
| This flag tracks if server should be in sandbox mode or not. More... | |
| THD * | m_thd |
| m_thd - Thread handle, set to nullptr if this does not belong to any THD yet More... | |
A set of THD members describing the current authenticated user.
| Security_context::~Security_context | ( | ) |
| Security_context::Security_context | ( | const Security_context & | src_sctx | ) |
|
inline |
Locked account can still be used as routine definers and when they are there shouldn't be any checks for expired passwords.
| int Security_context::activate_role | ( | LEX_CSTRING | role, |
| LEX_CSTRING | role_host, | ||
| bool | validate_access = false |
||
| ) |
This method pushes a role to the list of active roles.
It requires Acl_cache_lock_guard.
This method allocates memory which must be freed when the role is deactivated.
| role | The role name |
| role_host | The role hostname-part. |
| validate_access | True if access validation should be performed. Default value is false. |
| void Security_context::add_as_local_temp_privs | ( | const std::vector< std::string > & | privs | ) |
| bool Security_context::any_sp_acl | ( | const LEX_CSTRING & | db | ) |
| bool Security_context::any_table_acl | ( | const LEX_CSTRING & | db | ) |
| void Security_context::assign_external_user | ( | const char * | ext_user_arg, |
| const int | ext_user_arg_length | ||
| ) |
Setter method for member m_external_user.
Copies ext_user_arg value to the m_external_user if it is not null else m_external_user is set to NULL.
| [in] | ext_user_arg | New user value for m_external_user. |
| [in] | ext_user_arg_length | Length of "ext_user_arg" param. |
| void Security_context::assign_host | ( | const char * | host_arg, |
| const size_t | host_arg_length | ||
| ) |
Setter method for member m_host.
Copies host_arg value to the m_host if it is not null else m_user is set to empty string.
| [in] | host_arg | New user value for m_host. |
| [in] | host_arg_length | Length of "host_arg" param. |
| void Security_context::assign_ip | ( | const char * | ip_arg, |
| const int | ip_arg_length | ||
| ) |
Setter method for member m_ip.
Copies ip_arg value to the m_ip if it is not null else m_ip is set to NULL.
| [in] | ip_arg | New user value for m_ip. |
| [in] | ip_arg_length | Length of "ip_arg" param. |
| void Security_context::assign_priv_host | ( | const char * | priv_host_arg, |
| const size_t | priv_host_arg_length | ||
| ) |
Setter method for member m_priv_host.
| [in] | priv_host_arg | New user value for m_priv_host. |
| [in] | priv_host_arg_length | Length of "priv_host_arg" param. |
| void Security_context::assign_priv_user | ( | const char * | priv_user_arg, |
| const size_t | priv_user_arg_length | ||
| ) |
Setter method for member m_priv_user.
| [in] | priv_user_arg | New user value for m_priv_user. |
| [in] | priv_user_arg_length | Length of "priv_user_arg" param. |
| void Security_context::assign_proxy_user | ( | const char * | proxy_user_arg, |
| const size_t | proxy_user_arg_length | ||
| ) |
Setter method for member m_proxy_user.
| [in] | proxy_user_arg | New user value for m_proxy_user. |
| [in] | proxy_user_arg_length | Length of "proxy_user_arg" param. |
| void Security_context::assign_user | ( | const char * | user_arg, |
| const size_t | user_arg_length | ||
| ) |
Setter method for member m_user.
Copies user_arg value to the m_user if it is not null else m_user is set to NULL.
| [in] | user_arg | New user value for m_user. |
| [in] | user_arg_length | Length of "user_arg" param. |
|
inline |
Cache the schema level effective privileges (apply roles first!) for the currently active schema.
| bool Security_context::can_operate_with | ( | const Auth_id & | auth_id, |
| const std::string & | privilege, | ||
| bool | cumulative = false, |
||
| bool | ignore_if_nonextant = true, |
||
| bool | throw_error = true |
||
| ) |
Checks if the specified auth_id with privilege can work with the current_user.
If the auth_id has the specified privilege then current_user must also have the same privilege. Throws error is the auth_id has the privilege but current_user does not have it.
| [in] | auth_id | Auth_id that could represent either a user or a role |
| [in] | privilege | Privilege to check for mismatch |
| [in] | cumulative | Flag to decide how to check the privileges of auth_id false - privilege granted directly or set through a role true - privileges granted directly or coming through roles granted to it irrespective the roles are active or not. |
| [in] | ignore_if_nonextant | Flag to decide how to treat the non-existing auth_id. true - consider as privilege exists false - consider as privilege do not exist |
| [in] | throw_error | Flag to decide if error needs to be thrown or not. |
| true | auth_id has the privilege but the current_auth does not, also throws error. |
| false | Otherwise |
| bool Security_context::change_security_context | ( | THD * | thd, |
| const LEX_CSTRING & | definer_user, | ||
| const LEX_CSTRING & | definer_host, | ||
| const char * | db, | ||
| Security_context ** | backup, | ||
| bool | force = false |
||
| ) |
Initialize this security context from the passed in credentials and activate it in the current thread.
| thd | Thread handle. | |
| definer_user | user part of a 'definer' value. | |
| definer_host | host part of a 'definer' value. | |
| db | Database name. | |
| [out] | backup | Save a pointer to the current security context in the thread. In case of success it points to the saved old context, otherwise it points to NULL. |
| force | Force context switch |
During execution of a statement, multiple security contexts may be needed:
The currently "active" security context is parameterized in THD member security_ctx. By default, after a connection is established, this member points at the "main" security context
Later, if we would like to execute some sub-statement or a part of a statement under credentials of a different user, e.g. definer of a procedure, we authenticate this user in a local instance of Security_context by means of this method (and ultimately by means of acl_getroot), and make the local instance active in the thread by re-setting thd->m_security_ctx pointer.
Note, that the life cycle and memory management of the "main" and temporary security contexts are different. For the main security context, the memory for user/host/ip is allocated on system heap, and the THD class frees this memory in its destructor. The only case when contents of the main security context may change during its life time is when someone issued a CHANGE USER command. Memory management of a "temporary" security context is responsibility of the module that creates it.
| true | There is no user with the given credentials. The error is reported in the thread. |
| false | success |
| bool Security_context::check_access | ( | Access_bitmask | want_access, |
| const std::string & | db_name = "", |
||
| bool | match_any = false |
||
| ) |
Check permission against m_master_access.
Check global access
| want_access | The required privileges |
| db_name | The database name to check if it has restrictions attached |
| match_any | if the security context must match all or any of the req. privileges. |
| Access_bitmask Security_context::check_db_level_access | ( | THD * | thd, |
| const char * | db, | ||
| size_t | db_len, | ||
| bool | db_is_pattern = false |
||
| ) | const |
Checks if any database level privileges are granted to the current session either directly or through active roles.
| [in] | thd | Thread handler |
| [in] | db | Database name |
| [in] | db_len | Database name length |
| [in] | db_is_pattern | Flag to treat db name as pattern |
|
static |
Checks if any database level privileges are granted to the current session either directly or through active roles.
| [in] | thd | Thread handler |
| [in] | sctx | Security context |
| [in] | host | Host name |
| [in] | ip | Ip |
| [in] | user | User name |
| [in] | db | Database name |
| [in] | db_len | Database name length |
| [in] | db_is_pattern | Flag to treat db name as pattern |
| bool Security_context::check_in_local_temp_privs | ( | const std::string & | priv | ) |
| void Security_context::checkout_access_maps | ( | void | ) |
Subscribes to a cache entry of aggregated ACLs.
A Security_context can only have one subscription at a time. If another one is requested, the former will be returned.
We do this subscription before execution of every statement(prepared or conventional) as the global acl version might have increased due to a grant/revoke or flush. Hence, the granularity of after effects of grant/revoke or flush due to roles is per statement.
| void Security_context::clear_active_roles | ( | void | ) |
This helper method clears the active roles list and frees the allocated memory used for any previously activated roles.
|
inline |
|
private |
Deep copy status of sctx object to this.
| [in] | src_sctx | Object from which status should be copied. |
|
inline |
Returns the schema level effective privileges (with applied roles) for the currently active schema.
| Access_bitmask Security_context::db_acl | ( | LEX_CSTRING | db, |
| bool | use_pattern_scan = true |
||
| ) | const |
Get grant information for given database.
Cached database access is split into two containers:
First we perform the exact name comprison. If that returns the result, all good.
Otherwise, we take a look at each db in second list and compare incoming database name against it. If patial_revokes is OFF, use_pattern_scan flag is passed to wild_compare. This would allow incoming database name like db1name to match against wild card db entry db_name/dbname.
| [in] | db | Name of the database |
| [in] | use_pattern_scan | Flag to treat database name as pattern |
|
private |
| void Security_context::execute_drop_policy | ( | void | ) |
|
inline |
Getter method for member m_external_user.
| LEX_CSTRING | object having constant pointer to m_external_host.Ptr and its length |
|
private |
Checks if the acl_user does have the asked dynamic privilege.
This method assumes acl_cache_lock is already taken and ACL_USER is valid
| [in] | acl_user | ACL_USER to check for privilege |
| [in] | privilege | privilege to check for |
| [in] | cumulative | Flag to decide how to fetch the privileges of ACL_USER false - privilege granted directly or set through a role true - privileges granted directly or coming through roles granted to it irrespective the roles are active or not. |
| <true, true> | has required privilege with grant option |
| <true, false> | has required privilege without grant option |
| <false, false> | does not have the required privilege |
|
private |
If there is a restriction attached to an access on the given database then remove that access otherwise return the access without any change.
| [in] | access | access mask to be scanned to remove |
| [in] | db_name | database to be searched in the restrictions |
| filtered | access mask |
| Access_bitmask Security_context::function_acl | ( | LEX_CSTRING | db, |
| LEX_CSTRING | procedure_name | ||
| ) |
| List_of_auth_id_refs * Security_context::get_active_roles | ( | void | ) |
Get sorted list of roles in LEX_USER format.
| [in] | thd | For mem_root |
| [out] | list | List of active roles |
| size_t Security_context::get_num_active_roles | ( | void | ) | const |
|
inline |
|
inline |
Check if a an account has been assigned to the security context.
The account assignment to the security context is always executed in the following order: 1) assign user's name to the context 2) assign user's hostname to the context Whilst user name can be null, hostname cannot. This is why we can say that the full account has been assigned to the context when hostname is not equal to empty string.
| true | account has been assigned to the security context |
| false | account has not yet been assigned to the security context |
| bool Security_context::has_column_access | ( | Access_bitmask | priv, |
| TABLE const * | table, | ||
| std::vector< std::string > | columns | ||
| ) |
Check if required access to given table column is granted.
| [in] | priv | Required access |
| [in] | table | Table object |
| [in] | columns | List of column names to check |
| true | Success |
| false | Failure |
| bool Security_context::has_drop_policy | ( | void | ) |
| bool Security_context::has_executed_drop_policy | ( | void | ) |
| std::pair< bool, bool > Security_context::has_global_grant | ( | const Auth_id & | auth_id, |
| const std::string & | privilege, | ||
| bool | cumulative = false |
||
| ) |
Checks if the Auth_id have the asked dynamic privilege.
| [in] | auth_id | Auth_id that could represent either a user or a role |
| [in] | privilege | privilege to check for |
| [in] | cumulative | Flag to decide how to fetch the privileges of ACL_USER false - privilege granted directly or set through a role true - privileges granted directly or coming through roles granted to it irrespective the roles are active or not. |
| <true, true> | has required privilege with grant option |
| <true, false> | has required privilege without grant option |
| <false, false> | does not have the required privilege, OR auth_id does not exist. |
| std::pair< bool, bool > Security_context::has_global_grant | ( | const char * | priv, |
| size_t | priv_len | ||
| ) |
Checks if the Current_user has the asked dynamic privilege.
if the server is initializing the datadir, or current_user is –skip-grants-user then it returns that user has privilege with grant option.
| [in] | priv | privilege to check |
| [in] | priv_len | length of privilege |
| <true, true> | has required privilege with grant option |
| <true, false> | has required privilege without grant option |
| <false, false> | does not have the required privilege |
|
private |
Check if required access to given table is granted.
| [in] | priv | Required access |
| [in,out] | tables | Table list object |
| true | Success |
| false | Failure |
| bool Security_context::has_with_admin_acl | ( | const LEX_CSTRING & | role_name, |
| const LEX_CSTRING & | role_host | ||
| ) |
| LEX_CSTRING Security_context::host | ( | ) | const |
Getter method for member m_host.
| LEX_CSTRING | object having constant pointer to m_host.Ptr and its length. |
|
inline |
Getter method for member m_host_or_ip.
| LEX_CSTRING | object having constant pointer to m_host_or_ip.Ptr and its length |
|
private |
|
private |
| LEX_CSTRING Security_context::ip | ( | ) | const |
Getter method for member m_ip.
| LEX_CSTRING | object having constant pointer to m_ip.Ptr and its length |
| bool Security_context::is_access_restricted_on_db | ( | Access_bitmask | want_access, |
| const std::string & | db_name | ||
| ) | const |
|
inline |
|
inline |
| bool Security_context::is_table_blocked | ( | Access_bitmask | priv, |
| TABLE const * | table | ||
| ) |
Check if required access to given table is not restricted.
| [in] | priv | Required access |
| [in,out] | table | Table object |
| true | Access to the table is blocked |
| false | Access to the table is not blocked |
|
inline |
| void Security_context::logout | ( | ) |
|
inline |
Getter method for member m_master_access.
| Access_bitmask Security_context::master_access | ( | const std::string & | db_name | ) | const |
| Security_context & Security_context::operator= | ( | const Security_context & | src_sctx | ) |
|
inline |
Getter method for member m_password_expired.
| LEX_CSTRING Security_context::priv_host | ( | ) | const |
Getter method for member m_priv_host.
| LEX_CSTRING | object having constant pointer to m_priv_host.Ptr and its length |
|
inline |
| LEX_CSTRING Security_context::priv_user | ( | ) | const |
Getter method for member m_priv_user.
| LEX_CSTRING | object having constant pointer to m_priv_user.Ptr and its length |
| Access_bitmask Security_context::procedure_acl | ( | LEX_CSTRING | db, |
| LEX_CSTRING | procedure_name | ||
| ) |
| LEX_CSTRING Security_context::proxy_user | ( | ) | const |
Getter method for member m_proxy_user.
| LEX_CSTRING | object having constant pointer to m_proxy_user.Ptr and its length |
| void Security_context::restore_security_context | ( | THD * | thd, |
| Security_context * | backup | ||
| ) |
|
inline |
| void Security_context::set_drop_policy | ( | const std::function< void(Security_context *)> & | func | ) |
| void Security_context::set_external_user_ptr | ( | const char * | ext_user_arg, |
| const int | ext_user_arg_length | ||
| ) |
Setter method for member m_external_user.
Function just sets the ext_user_arg pointer to the m_external_user, ext_user_arg is not copied.
| [in] | ext_user_arg | New user value for m_external_user. |
| [in] | ext_user_arg_length | Length of "ext_user_arg" param. |
|
inline |
Setter method for member m_host_or_ip.
|
inline |
Setter method for member m_host_or_ip.
| [in] | host_or_ip_arg | New user value for m_host_or_ip. |
| [in] | host_or_ip_arg_length | Length of "host_or_ip_arg" param. |
| void Security_context::set_host_ptr | ( | const char * | host_arg, |
| const size_t | host_arg_length | ||
| ) |
Setter method for member m_host.
Function just sets the host_arg pointer value to the m_host, host_arg value is not copied. host_arg value must not be NULL.
| [in] | host_arg | New user value for m_host. |
| [in] | host_arg_length | Length of "host_arg" param. |
| void Security_context::set_ip_ptr | ( | const char * | ip_arg, |
| const int | ip_arg_length | ||
| ) |
Setter method for member m_ip.
Function just sets the ip_arg pointer value to the m_ip, ip_arg value is not copied.
| [in] | ip_arg | New user value for m_ip. |
| [in] | ip_arg_length | Length of "ip_arg" param. |
|
inline |
|
inline |
|
inline |
|
inline |
|
inline |
| void Security_context::set_user_ptr | ( | const char * | user_arg, |
| const size_t | user_arg_length | ||
| ) |
Setter method for member m_user.
Function just sets the user_arg pointer value to the m_user, user_arg value is not copied.
| [in] | user_arg | New user value for m_user. |
| [in] | user_arg_length | Length of "user_arg" param. |
| void Security_context::skip_grants | ( | const char * | user = "skip-grants user", |
| const char * | host = "skip-grants host" |
||
| ) |
Grants all privilegs to user.
Sets the user and host name of privilege user.
| [in] | user | User name for current_user to set. Default value is "skip-grants user" |
| [in] | host | Host name for the current user to set. Default value is "skip-grants host" |
| Access_bitmask Security_context::table_acl | ( | LEX_CSTRING | db, |
| LEX_CSTRING | table | ||
| ) |
| Grant_table_aggregate Security_context::table_and_column_acls | ( | LEX_CSTRING | db, |
| LEX_CSTRING | table | ||
| ) |
| LEX_CSTRING Security_context::user | ( | ) | const |
Getter method for member m_user.
| LEX_CSTRING | object having constant pointer to m_user.Ptr and its length. |
| bool Security_context::user_matches | ( | Security_context * | them | ) |
|
private |
|
private |
|
private |
Privileges for current db.
|
private |
|
private |
|
private |
|
private |
|
private |
m_host - host of the client
|
private |
m_host_or_ip - points to host if host is available, otherwise points to ip
|
private |
m_ip - client IP
|
private |
True if this account can't be logged into.
|
private |
True if the skip_grants_user is set.
|
private |
Global privileges from mysql.user.
|
private |
password expiration flag.
This flag is set according to connecting user's context and not the effective user.
|
private |
The host privilege we are using.
|
private |
|
private |
m_priv_user - The user privilege we are using.
May be "" for anonymous user.
|
private |
|
private |
|
private |
|
private |
This flag tracks if server should be in sandbox mode or not.
When user account connects to server, with any of its authentication plugin's registration step pending, in that case, the connection is set in sandbox(or registration) mode i.e m_registration_sandbox_mode is set to TRUE. During this time only ALTER USER, SET PASSWORD statements are allowed. Once user finishes the registration steps for the authentication plugin via an ALTER USER statement, m_registration_sandbox_mode is set to FALSE, making a full fledged connection, where user can execute any sql statement.
|
private |
|
private |
m_thd - Thread handle, set to nullptr if this does not belong to any THD yet
|
private |
m_user - user of the client, set to NULL until the user has been read from the connection
1.9.2