MySQL  8.0.19
Source Code Documentation
sql_auth_cache.h
Go to the documentation of this file.
1 /* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 #ifndef SQL_USER_CACHE_INCLUDED
23 #define SQL_USER_CACHE_INCLUDED
24 
25 #include <string.h>
26 #include <sys/types.h>
27 #include <atomic>
28 #include <boost/graph/adjacency_list.hpp>
29 #include <boost/graph/graph_selectors.hpp>
30 #include <boost/graph/graph_traits.hpp>
31 #include <boost/graph/properties.hpp>
32 #include <boost/pending/property.hpp>
33 #include <list>
34 #include <memory>
35 #include <string>
36 #include <unordered_map>
37 
38 #include "lex_string.h"
39 #include "lf.h"
40 #include "m_ctype.h"
41 #include "map_helpers.h"
42 #include "mf_wcomp.h" // wild_many, wild_one, wild_prefix
43 #include "my_alloc.h"
44 #include "my_compiler.h"
45 #include "my_inttypes.h"
46 #include "my_sharedlib.h"
47 #include "my_sys.h"
49 #include "mysql/mysql_lex_string.h"
50 #include "mysql_com.h" // SCRAMBLE_LENGTH
51 #include "mysql_time.h" // MYSQL_TIME
52 #include "sql/auth/auth_common.h"
53 #include "sql/auth/auth_internal.h" // List_of_authid, Authid
55 #include "sql/malloc_allocator.h"
56 #include "sql/psi_memory_key.h"
57 #include "sql/sql_connect.h" // USER_RESOURCES
58 #include "violite.h" // SSL_type
59 
60 /* Forward declarations */
61 class Security_context;
62 class String;
63 class THD;
64 struct TABLE;
65 template <typename Element_type, size_t Prealloc>
66 class Prealloced_array;
67 class Acl_restrictions;
68 enum class Lex_acl_attrib_udyn;
69 
70 /* Classes */
71 
73  const char *hostname;
75  long ip, ip_mask; // Used with masked ip:s
76 
77  const char *calc_ip(const char *ip_arg, long *val, char end);
78 
79  public:
81  : hostname(nullptr), hostname_length(0), ip(0), ip_mask(0) {}
82  const char *get_host() const { return hostname ? hostname : ""; }
83  size_t get_host_len() const { return hostname_length; }
84 
85  bool has_wildcard() {
86  return (strchr(get_host(), wild_many) || strchr(get_host(), wild_one) ||
87  ip_mask);
88  }
89 
91  return (!hostname || (hostname[0] == wild_many && !hostname[1]));
92  }
93 
94  void update_hostname(const char *host_arg);
95 
96  bool compare_hostname(const char *host_arg, const char *ip_arg);
97 };
98 
99 class ACL_ACCESS {
100  public:
101  ACL_ACCESS() : host(), sort(0), access(0) {}
105 };
106 
107 class ACL_compare {
108  public:
109  bool operator()(const ACL_ACCESS &a, const ACL_ACCESS &b);
110  bool operator()(const ACL_ACCESS *a, const ACL_ACCESS *b);
111 };
112 
113 /* ACL_HOST is used if no host is specified */
114 
115 class ACL_HOST : public ACL_ACCESS {
116  public:
117  char *db;
118 };
119 
120 #define NUM_CREDENTIALS 2
121 #define PRIMARY_CRED (NUM_CREDENTIALS - NUM_CREDENTIALS)
122 #define SECOND_CRED (PRIMARY_CRED + 1)
123 
125  public:
127  m_auth_string = {"", 0};
128  memset(m_salt, 0, SCRAMBLE_LENGTH + 1);
129  m_salt_len = 0;
130  }
131 
132  public:
134  /**
135  The salt variable is used as the password hash for
136  native_password_authetication.
137  */
138  uint8 m_salt[SCRAMBLE_LENGTH + 1]; // scrambled password in binary form
139  /**
140  In the old protocol the salt_len indicated what type of autnetication
141  protocol was used: 0 - no password, 4 - 3.20, 8 - 4.0, 20 - 4.1.1
142  */
144 };
145 
146 class ACL_USER : public ACL_ACCESS {
147  public:
149  char *user;
158  /**
159  Specifies whether the user account is locked or unlocked.
160  */
162  /**
163  If this ACL_USER was used as a role id then this flag is true.
164  During RENAME USER this variable is used for determining if it is safe
165  to rename the user or not.
166  */
167  bool is_role;
168 
169  /**
170  The number of old passwords to check when setting a new password
171  */
173 
174  /**
175  Ignore @ref password_history_length,
176  use the global default @ref global_password_history
177  */
179 
180  /**
181  The number of days that would have to pass before a password can be reused.
182  */
184  /**
185  Ignore @ref password_reuse_interval,
186  use the global default @ref global_password_reuse_interval
187  */
189 
190  /**
191  The current password needed to be specified while changing it.
192  */
194 
195  /**
196  Additional credentials
197  */
199 
200  ACL_USER *copy(MEM_ROOT *root);
201  ACL_USER();
202 
204  public:
205  bool is_active() const {
207  }
210  }
214  bool update(THD *thd, bool successful_login, long *ret_days_remaining);
219  m_daynr_locked(0) {}
220 
221  protected:
222  /**
223  read from the user config. The number of days to keep the accont locked
224  */
226  /**
227  read from the user config. The number of failed login attemps before the
228  account is locked
229  */
231  /**
232  The remaining login tries, valid ony if @ref m_failed_login_attempts and
233  @ref m_password_lock_time_days are non-zero
234  */
236  /** The day the account is locked, 0 if not locked */
239 };
240 
241 class ACL_DB : public ACL_ACCESS {
242  public:
243  char *user, *db;
244 };
245 
246 class ACL_PROXY_USER : public ACL_ACCESS {
247  const char *user;
249  const char *proxied_user;
251 
252  typedef enum {
261 
262  public:
264 
265  void init(const char *host_arg, const char *user_arg,
266  const char *proxied_host_arg, const char *proxied_user_arg,
267  bool with_grant_arg);
268 
269  void init(MEM_ROOT *mem, const char *host_arg, const char *user_arg,
270  const char *proxied_host_arg, const char *proxied_user_arg,
271  bool with_grant_arg);
272 
273  void init(TABLE *table, MEM_ROOT *mem);
274 
275  bool get_with_grant() { return with_grant; }
276  const char *get_user() { return user; }
277  const char *get_proxied_user() { return proxied_user; }
278  const char *get_proxied_host() { return proxied_host.get_host(); }
279  void set_user(MEM_ROOT *mem, const char *user_arg) {
280  user = user_arg && *user_arg ? strdup_root(mem, user_arg) : NULL;
281  }
282 
283  bool check_validity(bool check_no_resolve);
284 
285  bool matches(const char *host_arg, const char *user_arg, const char *ip_arg,
286  const char *proxied_user_arg, bool any_proxy_user);
287 
288  inline static bool auth_element_equals(const char *a, const char *b) {
289  return (a == b || (a != NULL && b != NULL && !strcmp(a, b)));
290  }
291 
292  bool pk_equals(ACL_PROXY_USER *grant);
293 
294  bool granted_on(const char *host_arg, const char *user_arg) {
295  return (
296  ((!user && (!user_arg || !user_arg[0])) ||
297  (user && user_arg && !strcmp(user, user_arg))) &&
298  ((!host.get_host() && (!host_arg || !host_arg[0])) ||
299  (host.get_host() && host_arg && !strcmp(host.get_host(), host_arg))));
300  }
301 
302  void print_grant(String *str);
303 
304  void set_data(ACL_PROXY_USER *grant) { with_grant = grant->with_grant; }
305 
306  static int store_pk(TABLE *table, const LEX_CSTRING &host,
307  const LEX_CSTRING &user, const LEX_CSTRING &proxied_host,
308  const LEX_CSTRING &proxied_user);
309 
310  static int store_with_grant(TABLE *table, bool with_grant);
311 
312  static int store_data_record(TABLE *table, const LEX_CSTRING &host,
313  const LEX_CSTRING &user,
314  const LEX_CSTRING &proxied_host,
315  const LEX_CSTRING &proxied_user, bool with_grant,
316  const char *grantor);
317 };
318 
319 class acl_entry {
320  public:
323  char key[1]; // Key will be stored here
324 };
325 
327  public:
329  std::string column;
330  GRANT_COLUMN(String &c, ulong y);
331 };
332 
333 class GRANT_NAME {
334  public:
336  char *db;
337  const char *user;
338  char *tname;
341  std::string hash_key;
342  GRANT_NAME(const char *h, const char *d, const char *u, const char *t,
343  ulong p, bool is_routine);
344  GRANT_NAME(TABLE *form, bool is_routine);
345  virtual ~GRANT_NAME() {}
346  virtual bool ok() { return privs != 0; }
347  void set_user_details(const char *h, const char *d, const char *u,
348  const char *t, bool is_routine);
349 };
350 
351 class GRANT_TABLE : public GRANT_NAME {
352  public:
354  collation_unordered_multimap<std::string,
357 
358  GRANT_TABLE(const char *h, const char *d, const char *u, const char *t,
359  ulong p, ulong c);
360  explicit GRANT_TABLE(TABLE *form);
361  bool init(TABLE *col_privs);
362  ~GRANT_TABLE();
363  bool ok() { return privs != 0 || cols != 0; }
364 };
365 
366 /*
367  * A default/no-arg constructor is useful with containers-of-containers
368  * situations in which a two-allocator scoped_allocator_adapter is not enough.
369  * This custom allocator provides a Malloc_allocator with a no-arg constructor
370  * by hard-coding the key_memory_acl_cache constructor argument.
371  * This "solution" lacks beauty, yet is pragmatic.
372  */
373 template <class T>
375  public:
377  template <class U>
378  struct rebind {
380  };
381 
382  template <class U>
384  const Acl_cache_allocator<U> &other MY_ATTRIBUTE((unused)))
386 
387  template <class U>
389  const Acl_cache_allocator<U> &other MY_ATTRIBUTE((unused))) {}
390 };
392 typedef std::list<ACL_USER *, Acl_user_ptr_allocator> Acl_user_ptr_list;
395 
396 /* Data Structures */
398 extern MEM_ROOT memex;
399 const size_t ACL_PREALLOC_SIZE = 10U;
404 extern std::unique_ptr<malloc_unordered_multimap<
407 extern std::unique_ptr<
411 extern bool allow_all_hosts;
412 extern uint grant_version; /* Version of priv tables */
413 extern std::unique_ptr<Acl_restrictions> acl_restrictions;
414 // Search for a matching grant. Prefer exact grants before non-exact ones.
415 
417 
418 template <class T>
421  &name_hash,
422  const char *host, const char *ip, const char *db, const char *user,
423  const char *tname, bool exact, bool name_tolower) {
424  T *found = nullptr;
425 
426  std::string name = tname;
427  if (name_tolower) my_casedn_str(files_charset_info, &name[0]);
428  std::string key = user;
429  key.push_back('\0');
430  key.append(db);
431  key.push_back('\0');
432  key.append(name);
433  key.push_back('\0');
434 
435  auto it_range = name_hash.equal_range(key);
436  for (auto it = it_range.first; it != it_range.second; ++it) {
437  T *grant_name = it->second.get();
438  if (exact) {
439  if (!grant_name->host.get_host() ||
441  grant_name->host.get_host())) ||
442  (ip && !strcmp(ip, grant_name->host.get_host())))
443  return grant_name;
444  } else {
445  if (grant_name->host.compare_hostname(host, ip) &&
446  (!found || found->sort < grant_name->sort))
447  found = grant_name; // Host ok
448  }
449  }
450  return found;
451 }
452 
453 inline GRANT_NAME *routine_hash_search(const char *host, const char *ip,
454  const char *db, const char *user,
455  const char *tname, bool proc,
456  bool exact) {
457  return name_hash_search(proc ? *proc_priv_hash : *func_priv_hash, host, ip,
458  db, user, tname, exact, true);
459 }
460 
461 inline GRANT_TABLE *table_hash_search(const char *host, const char *ip,
462  const char *db, const char *user,
463  const char *tname, bool exact) {
464  return name_hash_search(*column_priv_hash, host, ip, db, user, tname, exact,
465  false);
466 }
467 
468 inline GRANT_COLUMN *column_hash_search(GRANT_TABLE *t, const char *cname,
469  size_t length) {
470  return find_or_nullptr(t->hash_columns, std::string(cname, length));
471 }
472 
473 /* Role management */
474 
475 /** Tag dispatch for custom Role_properties */
476 namespace boost {
478 BOOST_INSTALL_PROPERTY(vertex, acl_user);
479 } // namespace boost
480 
481 /**
482  Custom vertex properties used in Granted_roles_graph
483  TODO ACL_USER contains too much information. We only need global access,
484  username and hostname. If this was a POD we don't have to hold the same
485  mutex as ACL_USER.
486 */
487 typedef boost::property<boost::vertex_acl_user_t, ACL_USER,
488  boost::property<boost::vertex_name_t, std::string>>
490 
491 typedef boost::property<boost::edge_capacity_t, int> Role_edge_properties;
492 
493 /** A graph of all users/roles privilege inheritance */
494 typedef boost::adjacency_list<boost::setS, // OutEdges
495  boost::vecS, // Vertices
496  boost::bidirectionalS, // Directed graph
497  Role_properties, // Vertex props
500 
501 /** The data type of a vertex in the Granted_roles_graph */
502 typedef boost::graph_traits<Granted_roles_graph>::vertex_descriptor
504 
505 /** The data type of an edge in the Granted_roles_graph */
506 typedef boost::graph_traits<Granted_roles_graph>::edge_descriptor
508 
509 /** The datatype of the map between authids and graph vertex descriptors */
510 typedef std::unordered_map<std::string, Role_vertex_descriptor> Role_index_map;
511 
512 /** The type used for the number of edges incident to a vertex in the graph.
513  */
514 using degree_s_t = boost::graph_traits<Granted_roles_graph>::degree_size_type;
515 
516 /** The type for the iterator returned by out_edges(). */
517 using out_edge_itr_t =
518  boost::graph_traits<Granted_roles_graph>::out_edge_iterator;
519 
520 /** The type for the iterator returned by in_edges(). */
521 using in_edge_itr_t =
522  boost::graph_traits<Granted_roles_graph>::in_edge_iterator;
523 
524 /** Container for global, schema, table/view and routine ACL maps */
525 class Acl_map {
526  public:
527  Acl_map(Security_context *sctx, uint64 ver);
528  Acl_map(const Acl_map &map) = delete;
529  Acl_map(const Acl_map &&map);
530  ~Acl_map();
531 
532  private:
533  Acl_map &operator=(const Acl_map &map);
534 
535  public:
536  void *operator new(size_t size);
537  void operator delete(void *p);
538  Acl_map &operator=(Acl_map &&map);
541 
542  ulong global_acl();
551  uint64 version() { return m_version; }
553 
554  private:
555  std::atomic<int32> m_reference_count;
566 };
567 
569 
570 class Acl_cache {
571  public:
572  Acl_cache();
573  ~Acl_cache();
574 
575  /**
576  When ever the role graph is modified we must flatten the privileges again.
577  This is done by increasing the role graph version counter. Next time
578  a security context is created for an authorization id (aid) a request is
579  also sent to the acl_cache to checkout a flattened acl_map for this
580  particular aid. If a previous acl_map exists the version of this map is
581  compared to the role graph version. If they don't match a new acl_map
582  is calculated and inserted into the cache.
583  */
584  void increase_version();
585  /**
586  Returns a pointer to an acl map to the caller and increase the reference
587  count on the object, iff the object version is the same as the global
588  graph version.
589  If no acl map exists which correspond to the current authorization id of
590  the security context, a new acl map is calculated, inserted into the cache
591  and returned to the user.
592  A new object will also be created if the role graph version counter is
593  different than the acl map object's version.
594 
595  @param uid
596  @return
597  */
599  List_of_auth_id_refs &active_roles);
600  /**
601  When the security context is done with the acl map it calls the cache
602  to decrease the reference count on that object.
603  @param map
604  */
605  void return_acl_map(Acl_map *map);
606  /**
607  Removes all acl map objects with a references count of zero.
608  */
609  void flush_cache();
610  /**
611  Return a lower boundary to the current version count.
612  */
613  uint64 version();
614  /**
615  Return a snapshot of the number of items in the cache
616  */
617  int32 size();
618 
619  private:
620  /**
621  Creates a new acl map for the authorization id of the security context.
622 
623  @param version The version of the new map
624  @param sctx The associated security context
625  @return
626  */
628  /** Role graph version counter */
629  std::atomic<uint64> m_role_graph_version;
632 };
633 
635 
636 /**
637  Enum for specifying lock type over Acl cache
638 */
639 
641 
642 /**
643  Lock guard for ACL Cache.
644  Destructor automatically releases the lock.
645 */
646 
648  public:
650 
651  /**
652  Acl_cache_lock_guard destructor.
653 
654  Release lock(s) if taken
655  */
657 
658  bool lock(bool raise_error = true);
659  void unlock();
660 
661  private:
662  bool already_locked();
663 
664  private:
665  /** Handle to THD object */
667  /** Lock mode */
669  /** Lock status */
670  bool m_locked;
671 };
672 
673 /**
674  Cache to store the Restrictions of every auth_id.
675  This cache is not thread safe.
676  Callers must acquire acl_cache_write_lock before to amend the cache.
677  Callers should acquire acl_cache_read_lock to probe the cache.
678 
679  Acl_restrictions is not part of ACL_USER because as of now latter is POD
680  type class. We use copy-POD for ACL_USER that makes the explicit memory
681  management of its members hard.
682 */
684  public:
686 
687  Acl_restrictions(const Acl_restrictions &) = delete;
688  Acl_restrictions(Acl_restrictions &&) = delete;
689  Acl_restrictions &operator=(const Acl_restrictions &) = delete;
691 
692  void remove_restrictions(const ACL_USER *acl_user);
693  void upsert_restrictions(const ACL_USER *acl_user,
694  const Restrictions &restriction);
695 
696  Restrictions find_restrictions(const ACL_USER *acl_user) const;
697  size_t size() const;
698 
699  private:
701 };
702 
703 #endif /* SQL_USER_CACHE_INCLUDED */
wild_one
const char wild_one
Character constant for wildcard representing any one character (SQL style).
Definition: mf_wcomp.h:36
Acl_restrictions::upsert_restrictions
void upsert_restrictions(const ACL_USER *acl_user, const Restrictions &restriction)
Update, insert or remove the Restrictions for the ACL_USER.
Definition: sql_auth_cache.cc:3562
Acl_cache::m_cache
Acl_cache_internal m_cache
Definition: sql_auth_cache.h:630
acl_entry::access
ulong access
Definition: sql_auth_cache.h:321
GRANT_COLUMN
Definition: sql_auth_cache.h:326
Auth_id_ref
std::pair< LEX_CSTRING, LEX_CSTRING > Auth_id_ref
user, host tuple which reference either acl_cache or g_default_roles
Definition: auth_common.h:74
auth_common.h
MYSQL_LEX_CSTRING
Definition: mysql_lex_string.h:39
malloc_unordered_map< std::string, Restrictions >
THD
Definition: sql_class.h:764
files_charset_info
MYSQL_PLUGIN_IMPORT CHARSET_INFO * files_charset_info
Definition: mysqld.cc:1316
Acl_cache::m_role_graph_version
std::atomic< uint64 > m_role_graph_version
Role graph version counter.
Definition: sql_auth_cache.h:629
Role_properties
boost::property< boost::vertex_acl_user_t, ACL_USER, boost::property< boost::vertex_name_t, std::string > > Role_properties
Custom vertex properties used in Granted_roles_graph TODO ACL_USER contains too much information.
Definition: sql_auth_cache.h:489
int32
int32_t int32
Definition: my_inttypes.h:65
Acl_cache_lock_guard::m_thd
THD * m_thd
Handle to THD object.
Definition: sql_auth_cache.h:666
ACL_HOST_AND_IP::has_wildcard
bool has_wildcard()
Definition: sql_auth_cache.h:85
Acl_credential::m_auth_string
LEX_CSTRING m_auth_string
Definition: sql_auth_cache.h:133
Acl_cache::checkout_acl_map
Acl_map * checkout_acl_map(Security_context *sctx, Auth_id_ref &uid, List_of_auth_id_refs &active_roles)
Returns a pointer to an acl map to the caller and increase the reference count on the object,...
Definition: sql_auth_cache.cc:3167
acl_proxy_users
Prealloced_array< ACL_PROXY_USER, ACL_PREALLOC_SIZE > * acl_proxy_users
Definition: sql_auth_cache.cc:130
ACL_ACCESS
Definition: sql_auth_cache.h:99
cached_acl_users_for_name
Acl_user_ptr_list * cached_acl_users_for_name(const char *name)
Fetch the list of ACL_USERs which share name or have no name.
Definition: sql_auth_cache.cc:1009
Acl_user_ptr_list
std::list< ACL_USER *, Acl_user_ptr_allocator > Acl_user_ptr_list
Definition: sql_auth_cache.h:392
Prealloced_array
A typesafe replacement for DYNAMIC_ARRAY.
Definition: prealloced_array.h:66
GRANT_TABLE::hash_columns
collation_unordered_multimap< std::string, unique_ptr_destroy_only< GRANT_COLUMN > > hash_columns
Definition: sql_auth_cache.h:356
Acl_cache_lock_guard::already_locked
bool already_locked()
Check whether lock is already obtained or not.
Definition: sql_auth_cache.cc:3442
Acl_cache::flush_cache
void flush_cache()
Removes all acl map objects with a references count of zero.
Definition: sql_auth_cache.cc:3244
Acl_cache_lock_mode::READ_MODE
@ READ_MODE
Acl_map::m_global_acl
ulong m_global_acl
Definition: sql_auth_cache.h:560
NULL
#define NULL
Definition: types.h:55
Acl_restrictions::remove_restrictions
void remove_restrictions(const ACL_USER *acl_user)
Remove the Restrictions of the ACL_USER.
Definition: sql_auth_cache.cc:3542
collation_unordered_map
std::unordered_map, but with my_malloc and collation-aware comparison.
Definition: map_helpers.h:236
Acl_cache_lock_guard::m_mode
Acl_cache_lock_mode m_mode
Lock mode.
Definition: sql_auth_cache.h:668
ACL_PROXY_USER::auth_element_equals
static bool auth_element_equals(const char *a, const char *b)
Definition: sql_auth_cache.h:288
GRANT_NAME::ok
virtual bool ok()
Definition: sql_auth_cache.h:346
my_compiler.h
Acl_map::sp_acls
SP_access_map * sp_acls()
Definition: sql_auth_cache.cc:3129
ACL_PROXY_USER::proxied_host
ACL_HOST_AND_IP proxied_host
Definition: sql_auth_cache.h:248
Acl_cache_allocator::Acl_cache_allocator
Acl_cache_allocator()
Definition: sql_auth_cache.h:376
GRANT_TABLE::~GRANT_TABLE
~GRANT_TABLE()
Definition: sql_auth_cache.cc:863
CHARSET_INFO
Definition: m_ctype.h:354
ACL_HOST_AND_IP::get_host_len
size_t get_host_len() const
Definition: sql_auth_cache.h:83
acl_users
Prealloced_array< ACL_USER, ACL_PREALLOC_SIZE > * acl_users
Definition: sql_auth_cache.cc:129
ACL_USER::is_role
bool is_role
If this ACL_USER was used as a role id then this flag is true.
Definition: sql_auth_cache.h:167
Acl_map::restrictions
Restrictions & restrictions()
Definition: sql_auth_cache.cc:3137
ACL_USER::user
char * user
Definition: sql_auth_cache.h:149
string.h
Acl_credential::m_salt
uint8 m_salt[SCRAMBLE_LENGTH+1]
The salt variable is used as the password hash for native_password_authetication.
Definition: sql_auth_cache.h:138
Acl_map::Acl_map
Acl_map(Security_context *sctx, uint64 ver)
Definition: sql_auth_cache.cc:3068
uint64
uint64_t uint64
Definition: my_inttypes.h:68
Acl_cache_lock_guard
Lock guard for ACL Cache.
Definition: sql_auth_cache.h:647
Db_access_map
std::map< std::string, unsigned long > Db_access_map
Definition: auth_internal.h:64
String
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:164
ACL_USER
Definition: sql_auth_cache.h:146
TABLE
Definition: table.h:1305
Acl_map
Container for global, schema, table/view and routine ACL maps.
Definition: sql_auth_cache.h:525
violite.h
ACL_HOST::db
char * db
Definition: sql_auth_cache.h:117
psi_memory_key.h
GRANT_NAME::tname
char * tname
Definition: sql_auth_cache.h:338
mysql_mutex_t
An instrumented mutex structure.
Definition: mysql_mutex_bits.h:49
column_priv_hash
std::unique_ptr< malloc_unordered_multimap< std::string, unique_ptr_destroy_only< GRANT_TABLE > > > column_priv_hash
Definition: sql_auth_cache.cc:139
ACL_USER::x509_issuer
const char * x509_issuer
Definition: sql_auth_cache.h:151
strdup_root
char * strdup_root(MEM_ROOT *root, const char *str)
Definition: my_alloc.cc:242
malloc_allocator.h
ACL_USER::password_history_length
uint32 password_history_length
The number of old passwords to check when setting a new password.
Definition: sql_auth_cache.h:172
ACL_PROXY_USER::MYSQL_PROXIES_PRIV_WITH_GRANT
@ MYSQL_PROXIES_PRIV_WITH_GRANT
Definition: sql_auth_cache.h:257
collation_unordered_multimap
std::unordered_multimap, but with my_malloc and collation-aware comparison.
Definition: map_helpers.h:252
boost::vertex_acl_user
@ vertex_acl_user
Definition: sql_auth_cache.h:477
ACL_PROXY_USER::ACL_PROXY_USER
ACL_PROXY_USER()
Definition: sql_auth_cache.h:263
proc_priv_hash
std::unique_ptr< malloc_unordered_multimap< std::string, unique_ptr_destroy_only< GRANT_NAME > > > proc_priv_hash
Definition: sql_auth_cache.cc:142
ACL_HOST_AND_IP
Definition: sql_auth_cache.h:72
ACL_HOST_AND_IP::calc_ip
const char * calc_ip(const char *ip_arg, long *val, char end)
Definition: sql_auth_cache.cc:210
Acl_map::table_acls
Table_access_map * table_acls()
Definition: sql_auth_cache.cc:3125
ACL_USER::ssl_type
enum SSL_type ssl_type
Definition: sql_auth_cache.h:150
Acl_credential::Acl_credential
Acl_credential()
Definition: sql_auth_cache.h:126
ACL_HOST
Definition: sql_auth_cache.h:115
ACL_HOST_AND_IP::hostname
const char * hostname
Definition: sql_auth_cache.h:73
mem
static MEM_ROOT mem
Definition: sql_servers.cc:97
ACL_USER::ssl_cipher
const char * ssl_cipher
Definition: sql_auth_cache.h:151
unique_ptr_destroy_only
std::unique_ptr< T, Destroy_only< T > > unique_ptr_destroy_only
std::unique_ptr, but only destroying.
Definition: my_alloc.h:408
boost
Tag dispatch for custom Role_properties.
Definition: sql_auth_cache.h:476
GRANT_NAME::sort
ulong sort
Definition: sql_auth_cache.h:340
ACL_ACCESS::ACL_ACCESS
ACL_ACCESS()
Definition: sql_auth_cache.h:101
acl_entry
Definition: sql_auth_cache.h:319
ACL_PROXY_USER::MYSQL_PROXIES_PRIV_GRANTOR
@ MYSQL_PROXIES_PRIV_GRANTOR
Definition: sql_auth_cache.h:258
ACL_USER::Password_locked_state
Definition: sql_auth_cache.h:203
ACL_USER::Password_locked_state::Password_locked_state
Password_locked_state()
Definition: sql_auth_cache.h:215
Acl_cache::Acl_cache
Acl_cache()
Definition: sql_auth_cache.cc:3050
Acl_cache_allocator::Acl_cache_allocator
Acl_cache_allocator(const Acl_cache_allocator< U > &other)
Definition: sql_auth_cache.h:383
GRANT_NAME::hash_key
std::string hash_key
Definition: sql_auth_cache.h:341
U
#define U
Definition: ctype-tis620.cc:74
key
static const char * key
Definition: suite_stubs.c:14
ACL_PROXY_USER::get_user
const char * get_user()
Definition: sql_auth_cache.h:276
MYSQL_PLUGIN_IMPORT
#define MYSQL_PLUGIN_IMPORT
Definition: my_sharedlib.h:70
ACL_PROXY_USER::MYSQL_PROXIES_PRIV_PROXIED_HOST
@ MYSQL_PROXIES_PRIV_PROXIED_HOST
Definition: sql_auth_cache.h:255
ACL_PROXY_USER::proxied_user
const char * proxied_user
Definition: sql_auth_cache.h:249
acl_check_hosts
collation_unordered_map< std::string, ACL_USER * > * acl_check_hosts
Definition: sql_auth_cache.cc:145
SCRAMBLE_LENGTH
#define SCRAMBLE_LENGTH
Length of random string sent by server on handshake; this is also length of obfuscated password,...
Definition: mysql_com.h:116
ACL_DB::user
char * user
Definition: sql_auth_cache.h:243
Acl_cache_lock_guard::Acl_cache_lock_guard
Acl_cache_lock_guard(THD *thd, Acl_cache_lock_mode mode)
Acl_cache_lock_guard constructor.
Definition: sql_auth_cache.cc:3364
GRANT_TABLE::init
bool init(TABLE *col_privs)
Definition: sql_auth_cache.cc:865
host
const char * host
Definition: mysqladmin.cc:58
ACL_USER::plugin
LEX_CSTRING plugin
Definition: sql_auth_cache.h:152
my_alloc.h
Acl_map::version
uint64 version()
Definition: sql_auth_cache.h:551
GRANT_TABLE::ok
bool ok()
Definition: sql_auth_cache.h:363
Acl_map::m_db_wild_acls
Db_access_map m_db_wild_acls
Definition: sql_auth_cache.h:558
ACL_PROXY_USER::MYSQL_PROXIES_PRIV_PROXIED_USER
@ MYSQL_PROXIES_PRIV_PROXIED_USER
Definition: sql_auth_cache.h:256
Acl_cache_lock_guard::lock
bool lock(bool raise_error=true)
Explicitly take lock on Acl_cache_lock_cache object.
Definition: sql_auth_cache.cc:3380
ACL_USER::user_resource
USER_RESOURCES user_resource
Definition: sql_auth_cache.h:148
ACL_USER::Password_locked_state::m_remaining_login_attempts
uint m_remaining_login_attempts
The remaining login tries, valid ony if m_failed_login_attempts and m_password_lock_time_days are non...
Definition: sql_auth_cache.h:235
ACL_USER::account_locked
bool account_locked
Specifies whether the user account is locked or unlocked.
Definition: sql_auth_cache.h:161
Acl_cache::version
uint64 version()
Return a lower boundary to the current version count.
Definition: sql_auth_cache.cc:3149
Acl_restrictions::find_restrictions
Restrictions find_restrictions(const ACL_USER *acl_user) const
Find the Restrictions of the ACL_USER.
Definition: sql_auth_cache.cc:3589
Acl_cache::m_cache_flush_mutex
mysql_mutex_t m_cache_flush_mutex
Definition: sql_auth_cache.h:631
grant_version
uint grant_version
Definition: sql_auth_cache.cc:162
ACL_USER::password_lifetime
uint password_lifetime
Definition: sql_auth_cache.h:156
ACL_compare
Definition: sql_auth_cache.h:107
Acl_map::m_version
uint64 m_version
Definition: sql_auth_cache.h:556
ACL_DB
Definition: sql_auth_cache.h:241
ACL_HOST_AND_IP::ip_mask
long ip_mask
Definition: sql_auth_cache.h:75
ACL_USER::Password_locked_state::is_active
bool is_active() const
Definition: sql_auth_cache.h:205
GRANT_COLUMN::GRANT_COLUMN
GRANT_COLUMN(String &c, ulong y)
Definition: sql_auth_cache.cc:776
Acl_cache_allocator::operator=
Acl_cache_allocator & operator=(const Acl_cache_allocator< U > &other)
Definition: sql_auth_cache.h:388
GRANT_TABLE::cols
ulong cols
Definition: sql_auth_cache.h:353
Acl_map::grant_acls
Grant_acl_set * grant_acls()
Definition: sql_auth_cache.cc:3127
ACL_HOST_AND_IP::compare_hostname
bool compare_hostname(const char *host_arg, const char *ip_arg)
Definition: sql_auth_cache.cc:264
my_casedn_str
#define my_casedn_str(s, a)
Definition: m_ctype.h:730
my_inttypes.h
Acl_map::m_restrictions
Restrictions m_restrictions
Definition: sql_auth_cache.h:565
ACL_USER::use_default_password_history
bool use_default_password_history
Ignore password_history_length, use the global default global_password_history.
Definition: sql_auth_cache.h:178
m_ctype.h
Role_edge_descriptor
boost::graph_traits< Granted_roles_graph >::edge_descriptor Role_edge_descriptor
The data type of an edge in the Granted_roles_graph.
Definition: sql_auth_cache.h:507
consts::failed_login_attempts
const std::string failed_login_attempts("failed_login_attempts")
underkeys of password locking
Role_vertex_descriptor
boost::graph_traits< Granted_roles_graph >::vertex_descriptor Role_vertex_descriptor
The data type of a vertex in the Granted_roles_graph.
Definition: sql_auth_cache.h:503
Acl_cache_allocator::rebind::other
Acl_cache_allocator< U > other
Definition: sql_auth_cache.h:379
Acl_cache::create_acl_map
Acl_map * create_acl_map(uint64 version, Security_context *sctx)
Creates a new acl map for the authorization id of the security context.
Definition: sql_auth_cache.cc:3265
mysql_mutex_bits.h
MEM_ROOT
The MEM_ROOT is a simple arena, where allocations are carved out of larger blocks.
Definition: my_alloc.h:77
lex_string.h
allow_all_hosts
bool allow_all_hosts
Definition: sql_auth_cache.cc:161
ACL_PROXY_USER::init
void init(const char *host_arg, const char *user_arg, const char *proxied_host_arg, const char *proxied_user_arg, bool with_grant_arg)
Definition: sql_auth_cache.cc:423
func_priv_hash
std::unique_ptr< malloc_unordered_multimap< std::string, unique_ptr_destroy_only< GRANT_NAME > > > func_priv_hash
Definition: sql_auth_cache.h:409
Acl_cache_lock_guard::m_locked
bool m_locked
Lock status.
Definition: sql_auth_cache.h:670
ACL_PROXY_USER::user
const char * user
Definition: sql_auth_cache.h:247
Acl_user_ptr_allocator
Acl_cache_allocator< ACL_USER * > Acl_user_ptr_allocator
Definition: sql_auth_cache.h:391
wild_many
const char wild_many
Character constant for wildcard representing zero or more characters (SQL style).
Definition: mf_wcomp.h:42
auth_internal.h
Acl_cache
Definition: sql_auth_cache.h:570
Acl_map::db_acls
Db_access_map * db_acls()
Definition: sql_auth_cache.cc:3121
GRANT_NAME
Definition: sql_auth_cache.h:333
out_edge_itr_t
boost::graph_traits< Granted_roles_graph >::out_edge_iterator out_edge_itr_t
The type for the iterator returned by out_edges().
Definition: sql_auth_cache.h:518
uint
unsigned int uint
Definition: uca-dump.cc:29
LF_HASH
Definition: lf.h:181
mysql_com.h
ACL_ACCESS::sort
ulong sort
Definition: sql_auth_cache.h:103
boost::BOOST_INSTALL_PROPERTY
BOOST_INSTALL_PROPERTY(vertex, acl_user)
map_helpers.h
ACL_USER::credentials
Acl_credential credentials[NUM_CREDENTIALS]
Additional credentials.
Definition: sql_auth_cache.h:198
Acl_restrictions::m_restrictions_map
malloc_unordered_map< std::string, Restrictions > m_restrictions_map
Definition: sql_auth_cache.h:700
Acl_map::m_reference_count
std::atomic< int32 > m_reference_count
Definition: sql_auth_cache.h:555
boost::vertex_acl_user_t
vertex_acl_user_t
Definition: sql_auth_cache.h:477
Acl_cache_lock_mode::WRITE_MODE
@ WRITE_MODE
GRANT_NAME::set_user_details
void set_user_details(const char *h, const char *d, const char *u, const char *t, bool is_routine)
Definition: sql_auth_cache.cc:779
ACL_USER::use_default_password_lifetime
bool use_default_password_lifetime
Definition: sql_auth_cache.h:157
system_charset_info
MYSQL_PLUGIN_IMPORT CHARSET_INFO * system_charset_info
Definition: mysqld.cc:1316
acl_restrictions
std::unique_ptr< Acl_restrictions > acl_restrictions
Definition: sql_auth_cache.cc:146
Acl_cache::~Acl_cache
~Acl_cache()
Definition: sql_auth_cache.cc:3063
Dynamic_privileges
std::map< std::string, bool > Dynamic_privileges
Definition: auth_internal.h:272
Acl_cache_allocator::rebind
Definition: sql_auth_cache.h:378
memex
MEM_ROOT memex
Definition: sql_auth_cache.cc:128
ACL_PROXY_USER::MYSQL_PROXIES_PRIV_USER
@ MYSQL_PROXIES_PRIV_USER
Definition: sql_auth_cache.h:254
mf_wcomp.h
column_hash_search
GRANT_COLUMN * column_hash_search(GRANT_TABLE *t, const char *cname, size_t length)
Definition: sql_auth_cache.h:468
Acl_cache_internal
LF_HASH Acl_cache_internal
Definition: sql_auth_cache.h:568
rules_table_service::end
Cursor end()
A past-the-end Cursor.
Definition: rules_table_service.cc:188
Role_edge_properties
boost::property< boost::edge_capacity_t, int > Role_edge_properties
Definition: sql_auth_cache.h:491
user
char * user
Definition: mysqladmin.cc:59
ACL_USER::copy
ACL_USER * copy(MEM_ROOT *root)
Definition: sql_auth_cache.cc:390
ACL_PROXY_USER::MYSQL_PROXIES_PRIV_HOST
@ MYSQL_PROXIES_PRIV_HOST
Definition: sql_auth_cache.h:253
ACL_USER::password_last_changed
MYSQL_TIME password_last_changed
Definition: sql_auth_cache.h:155
Malloc_allocator
Malloc_allocator is a C++ STL memory allocator based on my_malloc/my_free.
Definition: malloc_allocator.h:62
GRANT_COLUMN::rights
ulong rights
Definition: sql_auth_cache.h:328
Acl_map::~Acl_map
~Acl_map()
Definition: sql_auth_cache.cc:3095
sql_connect.h
GRANT_TABLE
Definition: sql_auth_cache.h:351
ACL_USER::Password_locked_state::set_parameters
void set_parameters(uint password_lock_time_days, uint failed_login_attempts)
Definition: sql_auth_cache.cc:314
uint32
uint32_t uint32
Definition: my_inttypes.h:66
Acl_map::func_acls
SP_access_map * func_acls()
Definition: sql_auth_cache.cc:3131
Acl_cache::size
int32 size()
Return a snapshot of the number of items in the cache.
Definition: sql_auth_cache.cc:3151
GRANT_NAME::privs
ulong privs
Definition: sql_auth_cache.h:339
Grant_acl_set
std::unordered_set< std::string > Grant_acl_set
Definition: auth_internal.h:88
ACL_USER::password_require_current
Lex_acl_attrib_udyn password_require_current
The current password needed to be specified while changing it.
Definition: sql_auth_cache.h:193
Acl_restrictions
Cache to store the Restrictions of every auth_id.
Definition: sql_auth_cache.h:683
acl_dbs
Prealloced_array< ACL_DB, ACL_PREALLOC_SIZE > * acl_dbs
Definition: sql_auth_cache.cc:131
ACL_compare::operator()
bool operator()(const ACL_ACCESS &a, const ACL_ACCESS &b)
Determine sort order for two user accounts.
Definition: sql_auth_cache.cc:3516
ACL_HOST_AND_IP::get_host
const char * get_host() const
Definition: sql_auth_cache.h:82
ACL_USER::can_authenticate
bool can_authenticate
Definition: sql_auth_cache.h:154
SP_access_map
std::map< std::string, unsigned long > SP_access_map
Definition: auth_internal.h:63
Acl_cache::return_acl_map
void return_acl_map(Acl_map *map)
When the security context is done with the acl map it calls the cache to decrease the reference count...
Definition: sql_auth_cache.cc:3216
name
const string name("\"Name\"")
ACL_USER::Password_locked_state::get_failed_login_attempts
uint get_failed_login_attempts() const
Definition: sql_auth_cache.h:211
acl_wild_hosts
Prealloced_array< ACL_HOST_AND_IP, ACL_PREALLOC_SIZE > * acl_wild_hosts
Definition: sql_auth_cache.cc:132
Acl_credential::m_salt_len
uint8 m_salt_len
In the old protocol the salt_len indicated what type of autnetication protocol was used: 0 - no passw...
Definition: sql_auth_cache.h:143
Acl_restrictions::operator=
Acl_restrictions & operator=(const Acl_restrictions &)=delete
key_memory_acl_cache
PSI_memory_key key_memory_acl_cache
Definition: psi_memory_key.cc:95
malloc_unordered_multimap
std::unordered_multimap, but with my_malloc, so that you can track the memory used using PSI memory k...
Definition: map_helpers.h:215
MYSQL_TIME
Definition: mysql_time.h:81
partial_revokes.h
ACL_PROXY_USER::print_grant
void print_grant(String *str)
Definition: sql_auth_cache.cc:521
ACL_HOST_AND_IP::hostname_length
size_t hostname_length
Definition: sql_auth_cache.h:74
Role_index_map
std::unordered_map< std::string, Role_vertex_descriptor > Role_index_map
The datatype of the map between authids and graph vertex descriptors.
Definition: sql_auth_cache.h:510
ACL_USER::Password_locked_state::get_password_lock_time_days
int get_password_lock_time_days() const
Definition: sql_auth_cache.h:208
Acl_map::operator=
Acl_map & operator=(const Acl_map &map)
Definition: sql_auth_cache.cc:3117
GRANT_NAME::user
const char * user
Definition: sql_auth_cache.h:337
uint8
uint8_t uint8
Definition: my_inttypes.h:62
Acl_restrictions::size
size_t size() const
Definition: sql_auth_cache.cc:3603
in_edge_itr_t
boost::graph_traits< Granted_roles_graph >::in_edge_iterator in_edge_itr_t
The type for the iterator returned by in_edges().
Definition: sql_auth_cache.h:522
lf.h
ACL_PROXY_USER::set_user
void set_user(MEM_ROOT *mem, const char *user_arg)
Definition: sql_auth_cache.h:279
ACL_USER::Password_locked_state::m_password_lock_time_days
int m_password_lock_time_days
read from the user config.
Definition: sql_auth_cache.h:225
Acl_restrictions::Acl_restrictions
Acl_restrictions()
Construstor.
Definition: sql_auth_cache.cc:3535
ACL_PROXY_USER::store_data_record
static int store_data_record(TABLE *table, const LEX_CSTRING &host, const LEX_CSTRING &user, const LEX_CSTRING &proxied_host, const LEX_CSTRING &proxied_user, bool with_grant, const char *grantor)
Definition: sql_auth_cache.cc:571
degree_s_t
boost::graph_traits< Granted_roles_graph >::degree_size_type degree_s_t
The type used for the number of edges incident to a vertex in the graph.
Definition: sql_auth_cache.h:514
find_or_nullptr
static auto find_or_nullptr(const Container &container, const Key &key) -> typename std::enable_if< std::is_pointer< typename Container::value_type::second_type >::value, typename Container::value_type::second_type >::type
Some useful helpers for associative arrays with MySQL-specific semantics.
Definition: map_helpers.h:53
acl_entry::length
uint16 length
Definition: sql_auth_cache.h:322
Granted_roles_graph
boost::adjacency_list< boost::setS, boost::vecS, boost::bidirectionalS, Role_properties, Role_edge_properties > Granted_roles_graph
A graph of all users/roles privilege inheritance.
Definition: sql_auth_cache.h:499
ACL_HOST_AND_IP::update_hostname
void update_hostname(const char *host_arg)
Update the hostname.
Definition: sql_auth_cache.cc:232
ACL_USER::password_locked_state
class ACL_USER::Password_locked_state password_locked_state
Acl_cache_lock_mode
Acl_cache_lock_mode
Enum for specifying lock type over Acl cache.
Definition: sql_auth_cache.h:640
SSL_type
SSL_type
Definition: violite.h:308
mysql_lex_string.h
ACL_PROXY_USER::store_pk
static int store_pk(TABLE *table, const LEX_CSTRING &host, const LEX_CSTRING &user, const LEX_CSTRING &proxied_host, const LEX_CSTRING &proxied_user)
Definition: sql_auth_cache.cc:535
get_global_acl_cache
Acl_cache * get_global_acl_cache()
Definition: sql_auth_cache.cc:105
ACL_PROXY_USER::get_proxied_host
const char * get_proxied_host()
Definition: sql_auth_cache.h:278
Acl_map::reference_count
uint32 reference_count()
Definition: sql_auth_cache.h:552
ACL_PROXY_USER
Definition: sql_auth_cache.h:246
ACL_USER::Password_locked_state::update
bool update(THD *thd, bool successful_login, long *ret_days_remaining)
Updates the password locked state based on the time of day fetched from the THD.
Definition: sql_auth_cache.cc:332
ACL_HOST_AND_IP::check_allow_all_hosts
bool check_allow_all_hosts()
Definition: sql_auth_cache.h:90
rebuild_cached_acl_users_for_name
void rebuild_cached_acl_users_for_name(void)
Build the lists of ACL_USERs which share name or have no name.
Definition: sql_auth_cache.cc:959
user_resources
Definition: sql_connect.h:40
Acl_map::m_func_acls
SP_access_map m_func_acls
Definition: sql_auth_cache.h:562
ACL_HOST_AND_IP::ip
long ip
Definition: sql_auth_cache.h:75
gis::length
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:75
table_hash_search
GRANT_TABLE * table_hash_search(const char *host, const char *ip, const char *db, const char *user, const char *tname, bool exact)
Definition: sql_auth_cache.h:461
GRANT_TABLE::GRANT_TABLE
GRANT_TABLE(const char *h, const char *d, const char *u, const char *t, ulong p, ulong c)
Definition: sql_auth_cache.cc:809
my_sharedlib.h
ACL_USER::password_expired
bool password_expired
Definition: sql_auth_cache.h:153
ACL_PROXY_USER::store_with_grant
static int store_with_grant(TABLE *table, bool with_grant)
Definition: sql_auth_cache.cc:561
ulong
unsigned long ulong
Definition: my_inttypes.h:48
uint16
uint16_t uint16
Definition: my_inttypes.h:64
ACL_PROXY_USER::matches
bool matches(const char *host_arg, const char *user_arg, const char *ip_arg, const char *proxied_user_arg, bool any_proxy_user)
Definition: sql_auth_cache.cc:472
GRANT_NAME::host
ACL_HOST_AND_IP host
Definition: sql_auth_cache.h:335
Acl_map::global_acl
ulong global_acl()
Definition: sql_auth_cache.cc:3119
global_acl_memory
MEM_ROOT global_acl_memory
Definition: sql_auth_cache.cc:127
consts::password_lock_time_days
const std::string password_lock_time_days("password_lock_time_days")
underkeys of password locking
GRANT_NAME::GRANT_NAME
GRANT_NAME(const char *h, const char *d, const char *u, const char *t, ulong p, bool is_routine)
Definition: sql_auth_cache.cc:803
Acl_map::increase_reference_count
void increase_reference_count()
Definition: sql_auth_cache.cc:3139
ACL_PROXY_USER::with_grant
bool with_grant
Definition: sql_auth_cache.h:250
ACL_USER::x509_subject
const char * x509_subject
Definition: sql_auth_cache.h:151
NUM_CREDENTIALS
#define NUM_CREDENTIALS
Definition: sql_auth_cache.h:120
Acl_map::db_wild_acls
Db_access_map * db_wild_acls()
Definition: sql_auth_cache.cc:3123
ACL_USER::password_reuse_interval
uint32 password_reuse_interval
The number of days that would have to pass before a password can be reused.
Definition: sql_auth_cache.h:183
ACL_USER::use_default_password_reuse_interval
bool use_default_password_reuse_interval
Ignore password_reuse_interval, use the global default global_password_reuse_interval.
Definition: sql_auth_cache.h:188
ACL_USER::Password_locked_state::m_daynr_locked
long m_daynr_locked
The day the account is locked, 0 if not locked.
Definition: sql_auth_cache.h:237
ACL_PROXY_USER::pk_equals
bool pk_equals(ACL_PROXY_USER *grant)
Definition: sql_auth_cache.cc:498
ACL_PROXY_USER::set_data
void set_data(ACL_PROXY_USER *grant)
Definition: sql_auth_cache.h:304
my_strcasecmp
#define my_strcasecmp(s, a, b)
Definition: m_ctype.h:678
ACL_ACCESS::access
ulong access
Definition: sql_auth_cache.h:104
Acl_cache_lock_guard::~Acl_cache_lock_guard
~Acl_cache_lock_guard()
Acl_cache_lock_guard destructor.
Definition: sql_auth_cache.h:656
ACL_PROXY_USER::old_acl_proxy_users
old_acl_proxy_users
Definition: sql_auth_cache.h:252
ACL_USER::ACL_USER
ACL_USER()
Definition: sql_auth_cache.cc:277
Security_context
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:53
ACL_PROXY_USER::get_with_grant
bool get_with_grant()
Definition: sql_auth_cache.h:275
p
const char * p
Definition: ctype-mb.cc:1233
my_sys.h
ACL_PROXY_USER::granted_on
bool granted_on(const char *host_arg, const char *user_arg)
Definition: sql_auth_cache.h:294
Lex_acl_attrib_udyn
Lex_acl_attrib_udyn
This is generic enum.
Definition: table.h:2311
GRANT_NAME::~GRANT_NAME
virtual ~GRANT_NAME()
Definition: sql_auth_cache.h:345
ACL_HOST_AND_IP::ACL_HOST_AND_IP
ACL_HOST_AND_IP()
Definition: sql_auth_cache.h:80
Acl_map::decrease_reference_count
void decrease_reference_count()
Definition: sql_auth_cache.cc:3141
Acl_cache::increase_version
void increase_version()
When ever the role graph is modified we must flatten the privileges again.
Definition: sql_auth_cache.cc:3143
Acl_credential
Definition: sql_auth_cache.h:124
ACL_USER::Password_locked_state::m_failed_login_attempts
uint m_failed_login_attempts
read from the user config.
Definition: sql_auth_cache.h:230
Table_access_map
Definition: auth_internal.h:66
Acl_cache_lock_guard::unlock
void unlock()
Explicitly unlock all acquired locks.
Definition: sql_auth_cache.cc:3410
Acl_map::m_with_admin_acls
Grant_acl_set m_with_admin_acls
Definition: sql_auth_cache.h:563
Acl_map::dynamic_privileges
Dynamic_privileges * dynamic_privileges()
Definition: sql_auth_cache.cc:3133
ACL_ACCESS::host
ACL_HOST_AND_IP host
Definition: sql_auth_cache.h:102
ACL_PREALLOC_SIZE
const size_t ACL_PREALLOC_SIZE
Definition: sql_auth_cache.h:399
mysql_time.h
Acl_cache_allocator
Definition: sql_auth_cache.h:374
Acl_map::m_dynamic_privileges
Dynamic_privileges m_dynamic_privileges
Definition: sql_auth_cache.h:564
List_of_auth_id_refs
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:75
Acl_map::m_db_acls
Db_access_map m_db_acls
Definition: sql_auth_cache.h:557
ACL_DB::db
char * db
Definition: sql_auth_cache.h:243
ACL_PROXY_USER::get_proxied_user
const char * get_proxied_user()
Definition: sql_auth_cache.h:277
acl_entry::key
char key[1]
Definition: sql_auth_cache.h:323
GRANT_NAME::db
char * db
Definition: sql_auth_cache.h:336
GRANT_COLUMN::column
std::string column
Definition: sql_auth_cache.h:329
ACL_PROXY_USER::check_validity
bool check_validity(bool check_no_resolve)
Definition: sql_auth_cache.cc:459
Restrictions
Container of all restrictions for a given user.
Definition: partial_revokes.h:123
routine_hash_search
GRANT_NAME * routine_hash_search(const char *host, const char *ip, const char *db, const char *user, const char *tname, bool proc, bool exact)
Definition: sql_auth_cache.h:453
Acl_map::m_sp_acls
SP_access_map m_sp_acls
Definition: sql_auth_cache.h:561
name_hash_search
T * name_hash_search(const malloc_unordered_multimap< std::string, unique_ptr_destroy_only< T >> &name_hash, const char *host, const char *ip, const char *db, const char *user, const char *tname, bool exact, bool name_tolower)
Definition: sql_auth_cache.h:419
ACL_PROXY_USER::MYSQL_PROXIES_PRIV_TIMESTAMP
@ MYSQL_PROXIES_PRIV_TIMESTAMP
Definition: sql_auth_cache.h:259
Acl_map::m_table_acls
Table_access_map m_table_acls
Definition: sql_auth_cache.h:559