MySQL 9.2.0
Source Code Documentation
sql_auth_cache.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23#ifndef SQL_USER_CACHE_INCLUDED
24#define SQL_USER_CACHE_INCLUDED
25
26#include <assert.h>
27#include <string.h>
28#include <sys/types.h>
29#include <atomic>
30#include <boost/graph/adjacency_list.hpp>
31#include <boost/graph/graph_selectors.hpp>
32#include <boost/graph/graph_traits.hpp>
33#include <boost/graph/properties.hpp>
34#include <boost/pending/property.hpp>
35#include <list>
36#include <memory>
37#include <string>
38#include <unordered_map>
39
40#include "lex_string.h"
41#include "lf.h"
42#include "map_helpers.h"
43#include "mf_wcomp.h" // wild_many, wild_one, wild_prefix
44#include "my_alloc.h"
45#include "my_compiler.h"
46#include "my_inttypes.h"
47#include "my_sharedlib.h"
48#include "my_sys.h"
52#include "mysql_com.h" // SCRAMBLE_LENGTH
53#include "mysql_time.h" // MYSQL_TIME
55#include "sql/auth/auth_internal.h" // List_of_authid, Authid
58#include "sql/psi_memory_key.h"
59#include "sql/sql_connect.h" // USER_RESOURCES
60#include "violite.h" // SSL_type
61
62/* Forward declarations */
64class String;
65class THD;
66struct TABLE;
67template <typename Element_type, size_t Prealloc>
70enum class Acl_type;
71enum class Lex_acl_attrib_udyn;
72
73/* Classes */
74
76 public:
77 /**
78 IP mask type enum.
79 */
81 /**
82 Only IP is specified.
83 */
85 /**
86 IP specified with a mask in a CIDR form.
87 */
89 /**
90 IP specified with a mask in a form of a subnet.
91 */
93 };
94
95 const char *hostname;
97 long ip, ip_mask; // Used with masked ip:s
98 /**
99 IP mask type.
100 */
102
103 /**
104 IP mask parsing in the CIDR format.
105
106 @param[in] ip_arg Buffer containing CIDR mask value.
107 @param[out] val Numeric IP mask value on success.
108
109 @retval false Parsing succeeded.
110 @retval true Parsing failed.
111 */
112 static bool calc_cidr_mask(const char *ip_arg, long *val);
113
114 /**
115 IP mask parsing in the subnet format.
116
117 @param[in] ip_arg Buffer containing subnet mask value.
118 @param[out] val Numeric IP mask value on success.
119
120 @retval false Parsing succeeded.
121 @retval true Parsing failed.
122 */
123 static bool calc_ip_mask(const char *ip_arg, long *val);
124
125 /**
126 IP parsing.
127
128 @param[in] ip_arg Buffer containing IP value.
129 @param[out] val Numeric IP value on success.
130
131 @retval !nullptr Parsing succeeded. Returned value is the pointer following
132 the buffer holding the IP.
133 @retval nullptr Parsing failed. The buffer does not contain valid IP value.
134 */
135 static const char *calc_ip(const char *ip_arg, long *val);
136
137 public:
139 : hostname(nullptr),
141 ip(0),
142 ip_mask(0),
144 const char *get_host() const { return hostname ? hostname : ""; }
145 size_t get_host_len() const { return hostname_length; }
146
148 return (strchr(get_host(), wild_many) || strchr(get_host(), wild_one) ||
149 (ip_mask && (ip_mask != (long)UINT_MAX32)));
150 }
151
153 return (!hostname || (hostname[0] == wild_many && !hostname[1]));
154 }
155
156 void update_hostname(const char *host_arg);
157
158 bool compare_hostname(const char *host_arg, const char *ip_arg);
159};
160
162 public:
163 ACL_ACCESS() : host(), sort(0), access(0) {}
165 ulong sort;
167};
168
169/**
170 @class ACL_compare
171
172 Class that compares ACL_ACCESS objects. Used in std::sort functions.
173*/
175 public:
176 /**
177 Determine sort order of two user accounts.
178
179 ACL_ACCESS with IP specified is sorted before host name.
180
181 @param [in] a First object to compare.
182 @param [in] b Second object to compare.
183
184 @retval true First element goes first.
185 @retval false Second element goes first.
186 */
187 bool operator()(const ACL_ACCESS &a, const ACL_ACCESS &b);
188 bool operator()(const ACL_ACCESS *a, const ACL_ACCESS *b);
189};
190
191/**
192 @class ACL_USER_compare
193
194 Class that compares ACL_USER objects.
195*/
197 public:
198 /**
199 Determine sort order of two user accounts.
200
201 ACL_USER with IP specified is sorted before host name.
202 Non anonymous user is sorted before anonymous user, when properties of both
203 are equal.
204
205 @param [in] a First object to compare.
206 @param [in] b Second object to compare.
207
208 @retval true First element goes first.
209 @retval false Second element goes first.
210 */
211 bool operator()(const ACL_USER &a, const ACL_USER &b);
212 bool operator()(const ACL_USER *a, const ACL_USER *b);
213};
214
215/* ACL_HOST is used if no host is specified */
216
217class ACL_HOST : public ACL_ACCESS {
218 public:
219 char *db;
220};
221
222#define NUM_CREDENTIALS 2
223#define PRIMARY_CRED (NUM_CREDENTIALS - NUM_CREDENTIALS)
224#define SECOND_CRED (PRIMARY_CRED + 1)
225
227 public:
229 m_auth_string = {"", 0};
230 memset(m_salt, 0, SCRAMBLE_LENGTH + 1);
231 m_salt_len = 0;
232 }
233
234 public:
236 /**
237 The salt variable is used as the password hash for
238 native_password_authetication.
239 */
240 uint8 m_salt[SCRAMBLE_LENGTH + 1]; // scrambled password in binary form
241 /**
242 In the old protocol the salt_len indicated what type of autnetication
243 protocol was used: 0 - no password, 4 - 3.20, 8 - 4.0, 20 - 4.1.1
244 */
246};
247
248class ACL_USER : public ACL_ACCESS {
249 public:
251 char *user;
260 /**
261 Specifies whether the user account is locked or unlocked.
262 */
264 /**
265 If this ACL_USER was used as a role id then this flag is true.
266 During RENAME USER this variable is used for determining if it is safe
267 to rename the user or not.
268 */
270
271 /**
272 The number of old passwords to check when setting a new password
273 */
275
276 /**
277 Ignore @ref password_history_length,
278 use the global default @ref global_password_history
279 */
281
282 /**
283 The number of days that would have to pass before a password can be reused.
284 */
286 /**
287 Ignore @ref password_reuse_interval,
288 use the global default @ref global_password_reuse_interval
289 */
291
292 /**
293 The current password needed to be specified while changing it.
294 */
296
297 /**
298 Additional credentials
299 */
301
302 ACL_USER *copy(MEM_ROOT *root);
303 ACL_USER();
304
305 void set_user(MEM_ROOT *mem, const char *user_arg);
306 void set_host(MEM_ROOT *mem, const char *host_arg);
308 size_t get_username_length() const { return user ? strlen(user) : 0; }
310 public:
311 bool is_active() const {
313 }
314 bool is_default() const {
316 m_daynr_locked == 0);
317 }
320 }
324 }
325 long get_daynr_locked() const { return m_daynr_locked; }
326 void set_temporary_lock_state_parameters(uint remaining_login_attempts,
327 long daynr_locked);
330 bool update(THD *thd, bool successful_login, long *ret_days_remaining);
335 m_daynr_locked(0) {}
336
337 protected:
338 /**
339 read from the user config. The number of days to keep the account locked
340 */
342 /**
343 read from the user config. The number of failed login attempts before the
344 account is locked
345 */
347 /**
348 The remaining login tries, valid only if @ref m_failed_login_attempts and
349 @ref m_password_lock_time_days are non-zero
350 */
352 /** The day the account is locked, 0 if not locked */
356};
357
358class ACL_DB : public ACL_ACCESS {
359 public:
360 char *user, *db;
361
362 void set_user(MEM_ROOT *mem, const char *user_arg);
363 void set_host(MEM_ROOT *mem, const char *host_arg);
364};
365
367 const char *user;
369 const char *proxied_user;
371
372 typedef enum {
381
382 public:
383 ACL_PROXY_USER() = default;
384
385 void init(const char *host_arg, const char *user_arg,
386 const char *proxied_host_arg, const char *proxied_user_arg,
387 bool with_grant_arg);
388
389 void init(MEM_ROOT *mem, const char *host_arg, const char *user_arg,
390 const char *proxied_host_arg, const char *proxied_user_arg,
391 bool with_grant_arg);
392
393 void init(TABLE *table, MEM_ROOT *mem);
394
395 bool get_with_grant() { return with_grant; }
396 const char *get_user() { return user; }
397 const char *get_proxied_user() { return proxied_user; }
398 const char *get_proxied_host() { return proxied_host.get_host(); }
399 void set_user(MEM_ROOT *mem, const char *user_arg);
400 void set_host(MEM_ROOT *mem, const char *host_arg);
401
402 bool check_validity(bool check_no_resolve);
403
404 bool matches(const char *host_arg, const char *user_arg, const char *ip_arg,
405 const char *proxied_user_arg, bool any_proxy_user);
406
407 inline static bool auth_element_equals(const char *a, const char *b) {
408 return (a == b || (a != nullptr && b != nullptr && !strcmp(a, b)));
409 }
410
411 bool pk_equals(ACL_PROXY_USER *grant);
412
413 bool granted_on(const char *host_arg, const char *user_arg) {
414 return (
415 ((!user && (!user_arg || !user_arg[0])) ||
416 (user && user_arg && !strcmp(user, user_arg))) &&
417 ((!host.get_host() && (!host_arg || !host_arg[0])) ||
418 (host.get_host() && host_arg && !strcmp(host.get_host(), host_arg))));
419 }
420
421 void print_grant(THD *thd, String *str);
422
423 void set_data(ACL_PROXY_USER *grant) { with_grant = grant->with_grant; }
424
425 static int store_pk(TABLE *table, const LEX_CSTRING &host,
428
429 static int store_with_grant(TABLE *table, bool with_grant);
430
431 static int store_data_record(TABLE *table, const LEX_CSTRING &host,
432 const LEX_CSTRING &user,
435 const char *grantor);
436
437 size_t get_user_length() const { return user ? strlen(user) : 0; }
438
439 size_t get_proxied_user_length() const {
440 return proxied_user ? strlen(proxied_user) : 0;
441 }
442};
443
445 public:
448 char key[1]; // Key will be stored here
449};
450
452 public:
454 std::string column;
456};
457
459 public:
461 char *db;
462 const char *user;
463 char *tname;
465 ulong sort;
466 std::string hash_key;
467 GRANT_NAME(const char *h, const char *d, const char *u, const char *t,
468 Access_bitmask p, bool is_routine);
469 GRANT_NAME(TABLE *form, bool is_routine);
470 virtual ~GRANT_NAME() = default;
471 virtual bool ok() { return privs != 0; }
472 void set_user_details(const char *h, const char *d, const char *u,
473 const char *t, bool is_routine);
474};
475
476class GRANT_TABLE : public GRANT_NAME {
477 public:
482
483 GRANT_TABLE(const char *h, const char *d, const char *u, const char *t,
485 explicit GRANT_TABLE(TABLE *form);
486 bool init(TABLE *col_privs);
487 ~GRANT_TABLE() override;
488 bool ok() override { return privs != 0 || cols != 0; }
489};
490
491/*
492 * A default/no-arg constructor is useful with containers-of-containers
493 * situations in which a two-allocator scoped_allocator_adapter is not enough.
494 * This custom allocator provides a Malloc_allocator with a no-arg constructor
495 * by hard-coding the key_memory_acl_cache constructor argument.
496 * This "solution" lacks beauty, yet is pragmatic.
497 */
498template <class T>
500 public:
502 template <class U>
503 struct rebind {
505 };
506
507 template <class U>
508 Acl_cache_allocator(const Acl_cache_allocator<U> &other [[maybe_unused]])
510
511 template <class U>
513 [[maybe_unused]]) {}
514};
516typedef std::list<ACL_USER *, Acl_user_ptr_allocator> Acl_user_ptr_list;
519
520/* Data Structures */
522extern MEM_ROOT memex;
523const size_t ACL_PREALLOC_SIZE = 10U;
531extern std::unique_ptr<
535extern bool allow_all_hosts;
536extern uint grant_version; /* Version of priv tables */
537extern std::unique_ptr<Acl_restrictions> acl_restrictions;
538// Search for a matching grant. Prefer exact grants before non-exact ones.
539
541
542template <class T>
545 &name_hash,
546 const char *host, const char *ip, const char *db, const char *user,
547 const char *tname, bool exact, bool name_tolower) {
548 T *found = nullptr;
549
550 std::string name = tname;
551 if (name_tolower) my_casedn_str(files_charset_info, &name[0]);
552 std::string key = user;
553 key.push_back('\0');
554 key.append(db);
555 key.push_back('\0');
556 key.append(name);
557 key.push_back('\0');
558
559 auto it_range = name_hash.equal_range(key);
560 for (auto it = it_range.first; it != it_range.second; ++it) {
561 T *grant_name = it->second.get();
562 if (exact) {
563 if (!grant_name->host.get_host() ||
565 grant_name->host.get_host())) ||
566 (ip && !strcmp(ip, grant_name->host.get_host())))
567 return grant_name;
568 } else {
569 if (grant_name->host.compare_hostname(host, ip) &&
570 (!found || found->sort < grant_name->sort))
571 found = grant_name; // Host ok
572 }
573 }
574 return found;
575}
576
579
580inline GRANT_NAME *routine_hash_search(const char *host, const char *ip,
581 const char *db, const char *user,
582 const char *tname,
583 Acl_type routine_acl_type, bool exact) {
584 return name_hash_search(*get_routine_priv_hash(routine_acl_type), host, ip,
585 db, user, tname, exact, true);
586}
587
588inline GRANT_TABLE *table_hash_search(const char *host, const char *ip,
589 const char *db, const char *user,
590 const char *tname, bool exact) {
591 assert(column_priv_hash);
592 return name_hash_search(*column_priv_hash, host, ip, db, user, tname, exact,
593 false);
594}
595
596inline GRANT_COLUMN *column_hash_search(GRANT_TABLE *t, const char *cname,
597 size_t length) {
598 return find_or_nullptr(t->hash_columns, std::string(cname, length));
599}
600
601/* Role management */
602
603/** Tag dispatch for custom Role_properties */
604namespace boost {
606BOOST_INSTALL_PROPERTY(vertex, acl_user);
607} // namespace boost
608
609/**
610 Custom vertex properties used in Granted_roles_graph
611 TODO ACL_USER contains too much information. We only need global access,
612 username and hostname. If this was a POD we don't have to hold the same
613 mutex as ACL_USER.
614*/
615typedef boost::property<boost::vertex_acl_user_t, ACL_USER,
616 boost::property<boost::vertex_name_t, std::string>>
618
619typedef boost::property<boost::edge_capacity_t, int> Role_edge_properties;
620
621/** A graph of all users/roles privilege inheritance */
622typedef boost::adjacency_list<boost::setS, // OutEdges
623 boost::vecS, // Vertices
624 boost::bidirectionalS, // Directed graph
625 Role_properties, // Vertex props
628
629/** The data type of a vertex in the Granted_roles_graph */
630typedef boost::graph_traits<Granted_roles_graph>::vertex_descriptor
632
633/** The data type of an edge in the Granted_roles_graph */
634typedef boost::graph_traits<Granted_roles_graph>::edge_descriptor
636
637/** The datatype of the map between authids and graph vertex descriptors */
638typedef std::unordered_map<std::string, Role_vertex_descriptor> Role_index_map;
639
640/** The type used for the number of edges incident to a vertex in the graph.
641 */
642using degree_s_t = boost::graph_traits<Granted_roles_graph>::degree_size_type;
643
644/** The type for the iterator returned by out_edges(). */
646 boost::graph_traits<Granted_roles_graph>::out_edge_iterator;
647
648/** The type for the iterator returned by in_edges(). */
650 boost::graph_traits<Granted_roles_graph>::in_edge_iterator;
651
652/** Container for global, schema, table/view and routine ACL maps */
653class Acl_map {
654 public:
655 Acl_map(Security_context *sctx, uint64 ver);
656 Acl_map(const Acl_map &map) = delete;
657 Acl_map(const Acl_map &&map);
658 ~Acl_map();
659
660 private:
661 Acl_map &operator=(const Acl_map &map);
662
663 public:
664 void *operator new(size_t size);
665 void operator delete(void *p);
669
682
683 private:
684 std::atomic<int32> m_reference_count;
696};
697
699
701 public:
702 Acl_cache();
703 ~Acl_cache();
704
705 /**
706 When ever the role graph is modified we must flatten the privileges again.
707 This is done by increasing the role graph version counter. Next time
708 a security context is created for an authorization id (aid) a request is
709 also sent to the acl_cache to checkout a flattened acl_map for this
710 particular aid. If a previous acl_map exists the version of this map is
711 compared to the role graph version. If they don't match a new acl_map
712 is calculated and inserted into the cache.
713 */
714 void increase_version();
715 /**
716 Returns a pointer to an acl map to the caller and increase the reference
717 count on the object, iff the object version is the same as the global
718 graph version.
719 If no acl map exists which correspond to the current authorization id of
720 the security context, a new acl map is calculated, inserted into the cache
721 and returned to the user.
722 A new object will also be created if the role graph version counter is
723 different than the acl map object's version.
724
725 @param sctx The target Security_context
726 @param uid The target authid
727 @param active_roles A list of active roles
728
729 @return A pointer to an Acl_map
730 @retval !NULL Success
731 @retval NULL A fatal OOM error happened.
732 */
734 List_of_auth_id_refs &active_roles);
735 /**
736 When the security context is done with the acl map it calls the cache
737 to decrease the reference count on that object.
738 @param map acl map
739 */
741 /**
742 Removes all acl map objects with a references count of zero.
743 */
744 void flush_cache();
745 /**
746 Removes all acl map objects when shutdown_acl_cache is called.
747 */
748 void clear_acl_cache();
749 /**
750 Return a lower boundary to the current version count.
751 */
752 uint64 version();
753 /**
754 Return a snapshot of the number of items in the cache
755 */
756 int32 size();
757
758 private:
759 /**
760 Creates a new acl map for the authorization id of the security context.
761
762 @param version The version of the new map
763 @param sctx The associated security context
764 */
766 /** Role graph version counter */
767 std::atomic<uint64> m_role_graph_version;
770};
771
773
774/**
775 Enum for specifying lock type over Acl cache
776*/
777
779
780/**
781 Lock guard for ACL Cache.
782 Destructor automatically releases the lock.
783*/
784
786 public:
788
789 /**
790 Acl_cache_lock_guard destructor.
791
792 Release lock(s) if taken
793 */
795
796 bool lock(bool raise_error = true);
797 void unlock();
798
799 private:
800 bool already_locked();
801
802 private:
803 /** Handle to THD object */
805 /** Lock mode */
807 /** Lock status */
809};
810
811/**
812 Cache to store the Restrictions of every auth_id.
813 This cache is not thread safe.
814 Callers must acquire acl_cache_write_lock before to amend the cache.
815 Callers should acquire acl_cache_read_lock to probe the cache.
816
817 Acl_restrictions is not part of ACL_USER because as of now latter is POD
818 type class. We use copy-POD for ACL_USER that makes the explicit memory
819 management of its members hard.
820*/
822 public:
824
829
830 void remove_restrictions(const ACL_USER *acl_user);
831 void upsert_restrictions(const ACL_USER *acl_user,
832 const Restrictions &restriction);
833
834 Restrictions find_restrictions(const ACL_USER *acl_user) const;
835 size_t size() const;
836
837 private:
839};
840
841/**
842 Enables preserving temporary account locking attributes during ACL DDL.
843 Enables restoring temporary account locking attributes after ACL reload.
844
845 This class is used to preserve the state of the accounts being altered by the
846 current ACL statement. The account locking data needs to be preserved since
847 the current state of account locking is not stored into the table and can't be
848 restored from it when the code needs to re-create the ACL caches from the
849 tables.
850
851 When an ACL DDL statement that can modify account locking data starts, a new
852 instance of this class is created and the current in-memory account locking
853 data is preserved for each user that is modified by the statement, if account
854 locking data is not default.
855
856 ACL DDL rollback results in the in-memory ACL cache being re-created during
857 ACL reload.
858
859 After ACL reload:
860 - For all users in the new ACL cache, the temporary account locking state is
861 restored from the old ACL cache, if account locking data is not default.
862 - For specific users in the new ACL cache, the temporary account locking state
863 is restored from the instances of this class that were created at the start
864 of the ACL DDL statement. This needs to be done since these accounts could
865 be dropped (mysql_drop_user), renamed (mysql_rename_user) or altered
866 (mysql_alter_user) in the old ACL cache.
867*/
869 public:
870 ACL_temporary_lock_state(const char *host, const char *user,
871 uint remaining_login_attempts, long daynr_locked);
872
873 static bool is_modified(ACL_USER *acl_user);
874
875 static ACL_USER *preserve_user_lock_state(const char *host, const char *user,
876 Lock_state_list &user_list);
877
878 static void restore_user_lock_state(const char *host, const char *user,
879 uint remaining_login_attempts,
880 long daynr_locked);
881
884 Lock_state_list *modified_user_lock_state_list);
885
886 private:
887 const char *m_host;
888 const char *m_user;
890 const long m_daynr_locked;
891};
892
893#endif /* SQL_USER_CACHE_INCLUDED */
uint32_t Access_bitmask
Definition: auth_acls.h:34
std::pair< LEX_CSTRING, LEX_CSTRING > Auth_id_ref
user, host tuple which reference either acl_cache or g_default_roles
Definition: auth_common.h:83
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:84
std::vector< ACL_temporary_lock_state > Lock_state_list
Definition: auth_common.h:72
std::map< std::string, Access_bitmask > SP_access_map
Definition: auth_internal.h:63
std::map< std::string, Access_bitmask > Db_access_map
Definition: auth_internal.h:64
std::map< std::string, bool > Dynamic_privileges
Definition: auth_internal.h:280
std::unordered_set< std::string > Grant_acl_set
Definition: auth_internal.h:88
Kerberos Client Authentication nullptr
Definition: auth_kerberos_client_plugin.cc:251
Definition: sql_auth_cache.h:161
Access_bitmask access
Definition: sql_auth_cache.h:166
ACL_HOST_AND_IP host
Definition: sql_auth_cache.h:164
ACL_ACCESS()
Definition: sql_auth_cache.h:163
ulong sort
Definition: sql_auth_cache.h:165
Definition: sql_auth_cache.h:358
char * user
Definition: sql_auth_cache.h:360
char * db
Definition: sql_auth_cache.h:360
void set_user(MEM_ROOT *mem, const char *user_arg)
Definition: sql_auth_cache.cc:714
void set_host(MEM_ROOT *mem, const char *host_arg)
Definition: sql_auth_cache.cc:718
Definition: sql_auth_cache.h:75
bool check_allow_all_hosts()
Definition: sql_auth_cache.h:152
bool has_wildcard()
Definition: sql_auth_cache.h:147
static bool calc_cidr_mask(const char *ip_arg, long *val)
IP mask parsing in the CIDR format.
Definition: sql_auth_cache.cc:252
long ip_mask
Definition: sql_auth_cache.h:97
size_t get_host_len() const
Definition: sql_auth_cache.h:145
enum_ip_mask_type
IP mask type enum.
Definition: sql_auth_cache.h:80
@ ip_mask_type_cidr
IP specified with a mask in a CIDR form.
Definition: sql_auth_cache.h:88
@ ip_mask_type_subnet
IP specified with a mask in a form of a subnet.
Definition: sql_auth_cache.h:92
@ ip_mask_type_implicit
Only IP is specified.
Definition: sql_auth_cache.h:84
static const char * calc_ip(const char *ip_arg, long *val)
IP parsing.
Definition: sql_auth_cache.cc:275
long ip
Definition: sql_auth_cache.h:97
static bool calc_ip_mask(const char *ip_arg, long *val)
IP mask parsing in the subnet format.
Definition: sql_auth_cache.cc:263
size_t hostname_length
Definition: sql_auth_cache.h:96
void update_hostname(const char *host_arg)
Update the hostname.
Definition: sql_auth_cache.cc:296
ACL_HOST_AND_IP()
Definition: sql_auth_cache.h:138
const char * get_host() const
Definition: sql_auth_cache.h:144
enum_ip_mask_type ip_mask_type
IP mask type.
Definition: sql_auth_cache.h:101
const char * hostname
Definition: sql_auth_cache.h:95
bool compare_hostname(const char *host_arg, const char *ip_arg)
Definition: sql_auth_cache.cc:348
Definition: sql_auth_cache.h:217
char * db
Definition: sql_auth_cache.h:219
Definition: sql_auth_cache.h:366
ACL_HOST_AND_IP proxied_host
Definition: sql_auth_cache.h:368
static int store_data_record(TABLE *table, const LEX_CSTRING &host, const LEX_CSTRING &user, const LEX_CSTRING &proxied_host, const LEX_CSTRING &proxied_user, bool with_grant, const char *grantor)
Definition: sql_auth_cache.cc:688
bool get_with_grant()
Definition: sql_auth_cache.h:395
const char * get_proxied_host()
Definition: sql_auth_cache.h:398
void print_grant(THD *thd, String *str)
Definition: sql_auth_cache.cc:641
bool matches(const char *host_arg, const char *user_arg, const char *ip_arg, const char *proxied_user_arg, bool any_proxy_user)
Definition: sql_auth_cache.cc:592
const char * get_user()
Definition: sql_auth_cache.h:396
void set_host(MEM_ROOT *mem, const char *host_arg)
Definition: sql_auth_cache.cc:710
size_t get_proxied_user_length() const
Definition: sql_auth_cache.h:439
size_t get_user_length() const
Definition: sql_auth_cache.h:437
void init(const char *host_arg, const char *user_arg, const char *proxied_host_arg, const char *proxied_user_arg, bool with_grant_arg)
Definition: sql_auth_cache.cc:543
static int store_pk(TABLE *table, const LEX_CSTRING &host, const LEX_CSTRING &user, const LEX_CSTRING &proxied_host, const LEX_CSTRING &proxied_user)
Definition: sql_auth_cache.cc:652
bool pk_equals(ACL_PROXY_USER *grant)
Definition: sql_auth_cache.cc:618
bool check_validity(bool check_no_resolve)
Definition: sql_auth_cache.cc:579
static bool auth_element_equals(const char *a, const char *b)
Definition: sql_auth_cache.h:407
void set_user(MEM_ROOT *mem, const char *user_arg)
Definition: sql_auth_cache.cc:706
static int store_with_grant(TABLE *table, bool with_grant)
Definition: sql_auth_cache.cc:678
void set_data(ACL_PROXY_USER *grant)
Definition: sql_auth_cache.h:423
old_acl_proxy_users
Definition: sql_auth_cache.h:372
@ MYSQL_PROXIES_PRIV_PROXIED_HOST
Definition: sql_auth_cache.h:375
@ MYSQL_PROXIES_PRIV_HOST
Definition: sql_auth_cache.h:373
@ MYSQL_PROXIES_PRIV_WITH_GRANT
Definition: sql_auth_cache.h:377
@ MYSQL_PROXIES_PRIV_GRANTOR
Definition: sql_auth_cache.h:378
@ MYSQL_PROXIES_PRIV_PROXIED_USER
Definition: sql_auth_cache.h:376
@ MYSQL_PROXIES_PRIV_TIMESTAMP
Definition: sql_auth_cache.h:379
@ MYSQL_PROXIES_PRIV_USER
Definition: sql_auth_cache.h:374
const char * proxied_user
Definition: sql_auth_cache.h:369
const char * get_proxied_user()
Definition: sql_auth_cache.h:397
ACL_PROXY_USER()=default
const char * user
Definition: sql_auth_cache.h:367
bool granted_on(const char *host_arg, const char *user_arg)
Definition: sql_auth_cache.h:413
bool with_grant
Definition: sql_auth_cache.h:370
Definition: sql_auth_cache.h:309
Password_locked_state()
Definition: sql_auth_cache.h:331
bool is_default() const
Definition: sql_auth_cache.h:314
void set_parameters(int password_lock_time_days, uint failed_login_attempts)
Definition: sql_auth_cache.cc:406
int m_password_lock_time_days
read from the user config.
Definition: sql_auth_cache.h:341
uint get_failed_login_attempts() const
Definition: sql_auth_cache.h:321
bool is_active() const
Definition: sql_auth_cache.h:311
void set_temporary_lock_state_parameters(uint remaining_login_attempts, long daynr_locked)
Definition: sql_auth_cache.cc:400
uint m_remaining_login_attempts
The remaining login tries, valid only if m_failed_login_attempts and m_password_lock_time_days are no...
Definition: sql_auth_cache.h:351
long m_daynr_locked
The day the account is locked, 0 if not locked.
Definition: sql_auth_cache.h:353
uint get_remaining_login_attempts() const
Definition: sql_auth_cache.h:322
uint m_failed_login_attempts
read from the user config.
Definition: sql_auth_cache.h:346
int get_password_lock_time_days() const
Definition: sql_auth_cache.h:318
bool update(THD *thd, bool successful_login, long *ret_days_remaining)
Updates the password locked state based on the time of day fetched from the THD.
Definition: sql_auth_cache.cc:425
long get_daynr_locked() const
Definition: sql_auth_cache.h:325
Class that compares ACL_USER objects.
Definition: sql_auth_cache.h:196
bool operator()(const ACL_USER &a, const ACL_USER &b)
Determine sort order of two user accounts.
Definition: sql_auth_cache.cc:4005
Definition: sql_auth_cache.h:248
bool account_locked
Specifies whether the user account is locked or unlocked.
Definition: sql_auth_cache.h:263
Acl_credential credentials[NUM_CREDENTIALS]
Additional credentials.
Definition: sql_auth_cache.h:300
void set_mfa(MEM_ROOT *mem, I_multi_factor_auth *m)
Definition: sql_auth_cache.cc:525
MYSQL_TIME password_last_changed
Definition: sql_auth_cache.h:257
bool use_default_password_reuse_interval
Ignore password_reuse_interval, use the global default global_password_reuse_interval.
Definition: sql_auth_cache.h:290
uint password_lifetime
Definition: sql_auth_cache.h:258
Lex_acl_attrib_udyn password_require_current
The current password needed to be specified while changing it.
Definition: sql_auth_cache.h:295
bool can_authenticate
Definition: sql_auth_cache.h:256
bool is_role
If this ACL_USER was used as a role id then this flag is true.
Definition: sql_auth_cache.h:269
void set_host(MEM_ROOT *mem, const char *host_arg)
Definition: sql_auth_cache.cc:521
LEX_CSTRING plugin
Definition: sql_auth_cache.h:254
bool use_default_password_history
Ignore password_history_length, use the global default global_password_history.
Definition: sql_auth_cache.h:280
ACL_USER()
Definition: sql_auth_cache.cc:362
enum SSL_type ssl_type
Definition: sql_auth_cache.h:252
const char * x509_subject
Definition: sql_auth_cache.h:253
const char * ssl_cipher
Definition: sql_auth_cache.h:253
size_t get_username_length() const
Definition: sql_auth_cache.h:308
uint32 password_reuse_interval
The number of days that would have to pass before a password can be reused.
Definition: sql_auth_cache.h:285
I_multi_factor_auth * m_mfa
Definition: sql_auth_cache.h:355
bool password_expired
Definition: sql_auth_cache.h:255
USER_RESOURCES user_resource
Definition: sql_auth_cache.h:250
void set_user(MEM_ROOT *mem, const char *user_arg)
Definition: sql_auth_cache.cc:517
class ACL_USER::Password_locked_state password_locked_state
char * user
Definition: sql_auth_cache.h:251
const char * x509_issuer
Definition: sql_auth_cache.h:253
bool use_default_password_lifetime
Definition: sql_auth_cache.h:259
uint32 password_history_length
The number of old passwords to check when setting a new password.
Definition: sql_auth_cache.h:274
ACL_USER * copy(MEM_ROOT *root)
Definition: sql_auth_cache.cc:483
Class that compares ACL_ACCESS objects.
Definition: sql_auth_cache.h:174
bool operator()(const ACL_ACCESS &a, const ACL_ACCESS &b)
Determine sort order of two user accounts.
Definition: sql_auth_cache.cc:3975
Enables preserving temporary account locking attributes during ACL DDL.
Definition: sql_auth_cache.h:868
static bool is_modified(ACL_USER *acl_user)
Definition: sql_auth_cache.cc:2184
const char * m_host
Definition: sql_auth_cache.h:887
const uint m_remaining_login_attempts
Definition: sql_auth_cache.h:889
static void restore_temporary_account_locking(Prealloced_array< ACL_USER, ACL_PREALLOC_SIZE > *old_acl_users, Lock_state_list *modified_user_lock_state_list)
Enables restoring temporary account locking attributes of all users after ACL reload.
Definition: sql_auth_cache.cc:2253
const long m_daynr_locked
Definition: sql_auth_cache.h:890
static void restore_user_lock_state(const char *host, const char *user, uint remaining_login_attempts, long daynr_locked)
Enables restoring temporary account locking attributes of a user after ACL reload.
Definition: sql_auth_cache.cc:2231
const char * m_user
Definition: sql_auth_cache.h:888
ACL_temporary_lock_state(const char *host, const char *user, uint remaining_login_attempts, long daynr_locked)
Definition: sql_auth_cache.cc:2176
static ACL_USER * preserve_user_lock_state(const char *host, const char *user, Lock_state_list &user_list)
Enables preserving temporary account locking attributes of a user during ACL DDL.
Definition: sql_auth_cache.cc:2203
Definition: sql_auth_cache.h:499
Acl_cache_allocator(const Acl_cache_allocator< U > &other)
Definition: sql_auth_cache.h:508
Acl_cache_allocator & operator=(const Acl_cache_allocator< U > &other)
Definition: sql_auth_cache.h:512
Acl_cache_allocator()
Definition: sql_auth_cache.h:501
Lock guard for ACL Cache.
Definition: sql_auth_cache.h:785
Acl_cache_lock_guard(THD *thd, Acl_cache_lock_mode mode)
Acl_cache_lock_guard constructor.
Definition: sql_auth_cache.cc:3756
Acl_cache_lock_mode m_mode
Lock mode.
Definition: sql_auth_cache.h:806
bool lock(bool raise_error=true)
Explicitly take lock on Acl_cache_lock_cache object.
Definition: sql_auth_cache.cc:3772
void unlock()
Explicitly unlock all acquired locks.
Definition: sql_auth_cache.cc:3802
~Acl_cache_lock_guard()
Acl_cache_lock_guard destructor.
Definition: sql_auth_cache.h:794
bool already_locked()
Check whether lock is already obtained or not.
Definition: sql_auth_cache.cc:3834
bool m_locked
Lock status.
Definition: sql_auth_cache.h:808
THD * m_thd
Handle to THD object.
Definition: sql_auth_cache.h:804
Definition: sql_auth_cache.h:700
int32 size()
Return a snapshot of the number of items in the cache.
Definition: sql_auth_cache.cc:3509
void increase_version()
When ever the role graph is modified we must flatten the privileges again.
Definition: sql_auth_cache.cc:3487
uint64 version()
Return a lower boundary to the current version count.
Definition: sql_auth_cache.cc:3507
~Acl_cache()
Definition: sql_auth_cache.cc:3404
Acl_map * create_acl_map(uint64 version, Security_context *sctx)
Creates a new acl map for the authorization id of the security context.
Definition: sql_auth_cache.cc:3657
mysql_mutex_t m_cache_flush_mutex
Definition: sql_auth_cache.h:769
void flush_cache()
Removes all acl map objects with a references count of zero.
Definition: sql_auth_cache.cc:3596
std::atomic< uint64 > m_role_graph_version
Role graph version counter.
Definition: sql_auth_cache.h:767
void clear_acl_cache()
Removes all acl map objects when shutdown_acl_cache is called.
Definition: sql_auth_cache.cc:3639
Acl_cache_internal m_cache
Definition: sql_auth_cache.h:768
Acl_cache()
Definition: sql_auth_cache.cc:3391
Acl_map * checkout_acl_map(Security_context *sctx, Auth_id_ref &uid, List_of_auth_id_refs &active_roles)
Returns a pointer to an acl map to the caller and increase the reference count on the object,...
Definition: sql_auth_cache.cc:3511
void return_acl_map(Acl_map *map)
When the security context is done with the acl map it calls the cache to decrease the reference count...
Definition: sql_auth_cache.cc:3567
Definition: sql_auth_cache.h:226
uint8 m_salt[SCRAMBLE_LENGTH+1]
The salt variable is used as the password hash for native_password_authetication.
Definition: sql_auth_cache.h:240
uint8 m_salt_len
In the old protocol the salt_len indicated what type of autnetication protocol was used: 0 - no passw...
Definition: sql_auth_cache.h:245
LEX_CSTRING m_auth_string
Definition: sql_auth_cache.h:235
Acl_credential()
Definition: sql_auth_cache.h:228
Container for global, schema, table/view and routine ACL maps.
Definition: sql_auth_cache.h:653
Grant_acl_set * grant_acls()
Definition: sql_auth_cache.cc:3469
void increase_reference_count()
Definition: sql_auth_cache.cc:3483
std::atomic< int32 > m_reference_count
Definition: sql_auth_cache.h:684
Dynamic_privileges * dynamic_privileges()
Definition: sql_auth_cache.cc:3477
Restrictions & restrictions()
Definition: sql_auth_cache.cc:3481
SP_access_map * lib_acls()
Definition: sql_auth_cache.cc:3475
Acl_map(Security_context *sctx, uint64 ver)
Definition: sql_auth_cache.cc:3409
Acl_map & operator=(const Acl_map &map)
Definition: sql_auth_cache.cc:3459
void decrease_reference_count()
Definition: sql_auth_cache.cc:3485
Acl_map(const Acl_map &map)=delete
~Acl_map()
Definition: sql_auth_cache.cc:3437
Db_access_map * db_acls()
Definition: sql_auth_cache.cc:3463
SP_access_map m_sp_acls
Definition: sql_auth_cache.h:690
Table_access_map m_table_acls
Definition: sql_auth_cache.h:688
Access_bitmask m_global_acl
Definition: sql_auth_cache.h:689
uint32 reference_count()
Definition: sql_auth_cache.h:681
SP_access_map m_lib_acls
Definition: sql_auth_cache.h:692
Db_access_map * db_wild_acls()
Definition: sql_auth_cache.cc:3465
Access_bitmask global_acl()
Definition: sql_auth_cache.cc:3461
Db_access_map m_db_acls
Definition: sql_auth_cache.h:686
uint64 m_version
Definition: sql_auth_cache.h:685
Db_access_map m_db_wild_acls
Definition: sql_auth_cache.h:687
Table_access_map * table_acls()
Definition: sql_auth_cache.cc:3467
SP_access_map * sp_acls()
Definition: sql_auth_cache.cc:3471
Dynamic_privileges m_dynamic_privileges
Definition: sql_auth_cache.h:694
SP_access_map * func_acls()
Definition: sql_auth_cache.cc:3473
Restrictions m_restrictions
Definition: sql_auth_cache.h:695
SP_access_map m_func_acls
Definition: sql_auth_cache.h:691
Grant_acl_set m_with_admin_acls
Definition: sql_auth_cache.h:693
uint64 version()
Definition: sql_auth_cache.h:680
Cache to store the Restrictions of every auth_id.
Definition: sql_auth_cache.h:821
Acl_restrictions(Acl_restrictions &&)=delete
malloc_unordered_map< std::string, Restrictions > m_restrictions_map
Definition: sql_auth_cache.h:838
Acl_restrictions(const Acl_restrictions &)=delete
Acl_restrictions & operator=(Acl_restrictions &&)=delete
void upsert_restrictions(const ACL_USER *acl_user, const Restrictions &restriction)
Update, insert or remove the Restrictions for the ACL_USER.
Definition: sql_auth_cache.cc:4062
Restrictions find_restrictions(const ACL_USER *acl_user) const
Find the Restrictions of the ACL_USER.
Definition: sql_auth_cache.cc:4089
size_t size() const
Definition: sql_auth_cache.cc:4103
void remove_restrictions(const ACL_USER *acl_user)
Remove the Restrictions of the ACL_USER.
Definition: sql_auth_cache.cc:4042
Acl_restrictions & operator=(const Acl_restrictions &)=delete
Acl_restrictions()
Construstor.
Definition: sql_auth_cache.cc:4035
Definition: sql_auth_cache.h:451
Access_bitmask rights
Definition: sql_auth_cache.h:453
GRANT_COLUMN(String &c, Access_bitmask y)
Definition: sql_auth_cache.cc:948
std::string column
Definition: sql_auth_cache.h:454
Definition: sql_auth_cache.h:458
void set_user_details(const char *h, const char *d, const char *u, const char *t, bool is_routine)
Definition: sql_auth_cache.cc:951
std::string hash_key
Definition: sql_auth_cache.h:466
char * tname
Definition: sql_auth_cache.h:463
const char * user
Definition: sql_auth_cache.h:462
Access_bitmask privs
Definition: sql_auth_cache.h:464
ACL_HOST_AND_IP host
Definition: sql_auth_cache.h:460
char * db
Definition: sql_auth_cache.h:461
virtual ~GRANT_NAME()=default
ulong sort
Definition: sql_auth_cache.h:465
GRANT_NAME(const char *h, const char *d, const char *u, const char *t, Access_bitmask p, bool is_routine)
Definition: sql_auth_cache.cc:975
virtual bool ok()
Definition: sql_auth_cache.h:471
Definition: sql_auth_cache.h:476
collation_unordered_multimap< std::string, unique_ptr_destroy_only< GRANT_COLUMN > > hash_columns
Definition: sql_auth_cache.h:481
GRANT_TABLE(const char *h, const char *d, const char *u, const char *t, Access_bitmask p, Access_bitmask c)
Definition: sql_auth_cache.cc:981
bool init(TABLE *col_privs)
Definition: sql_auth_cache.cc:1039
~GRANT_TABLE() override
bool ok() override
Definition: sql_auth_cache.h:488
Access_bitmask cols
Definition: sql_auth_cache.h:478
An interface to access information about Multi factor authentication methods.
Definition: sql_mfa.h:49
Malloc_allocator is a C++ STL memory allocator based on my_malloc/my_free.
Definition: malloc_allocator.h:63
A typesafe replacement for DYNAMIC_ARRAY.
Definition: prealloced_array.h:71
Container of all restrictions for a given user.
Definition: partial_revokes.h:155
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:54
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:167
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:36
Definition: auth_internal.h:66
Definition: sql_auth_cache.h:444
uint16 length
Definition: sql_auth_cache.h:447
char key[1]
Definition: sql_auth_cache.h:448
Access_bitmask access
Definition: sql_auth_cache.h:446
std::unordered_map, but with my_malloc and collation-aware comparison.
Definition: map_helpers.h:219
std::unordered_multimap, but with my_malloc and collation-aware comparison.
Definition: map_helpers.h:235
std::unordered_map, but with my_malloc, so that you can track the memory used using PSI memory keys.
Definition: map_helpers.h:157
std::unordered_multimap, but with my_malloc, so that you can track the memory used using PSI memory k...
Definition: map_helpers.h:198
const char * p
Definition: ctype-mb.cc:1225
Acl_type
Definition: sql_lex.h:267
A better implementation of the UNIX ctype(3) library.
int my_strcasecmp(const CHARSET_INFO *cs, const char *s1, const char *s2)
Definition: m_ctype.h:651
size_t my_casedn_str(const CHARSET_INFO *cs, char *str)
Definition: m_ctype.h:732
static auto find_or_nullptr(const Container &container, const Key &key)
Some useful helpers for associative arrays with MySQL-specific semantics.
Definition: map_helpers.h:54
MYSQL_PLUGIN_IMPORT CHARSET_INFO * system_charset_info
Definition: mysqld.cc:1562
const char wild_many
Character constant for wildcard representing zero or more characters (SQL style).
Definition: mf_wcomp.h:43
const char wild_one
Character constant for wildcard representing any one character (SQL style).
Definition: mf_wcomp.h:37
This file follows Google coding style, except for the name MEM_ROOT (which is kept for historical rea...
std::unique_ptr< T, Destroy_only< T > > unique_ptr_destroy_only
std::unique_ptr, but only destroying.
Definition: my_alloc.h:480
Header for compiler-dependent features.
Some integer typedefs for easier portability.
uint8_t uint8
Definition: my_inttypes.h:63
int32_t int32
Definition: my_inttypes.h:66
uint64_t uint64
Definition: my_inttypes.h:69
uint16_t uint16
Definition: my_inttypes.h:65
uint32_t uint32
Definition: my_inttypes.h:67
#define UINT_MAX32
Definition: my_inttypes.h:79
Functions related to handling of plugins and other dynamically loaded libraries.
#define MYSQL_PLUGIN_IMPORT
Definition: my_sharedlib.h:71
Common header for many mysys elements.
Common definition between mysql server & client.
#define SCRAMBLE_LENGTH
Length of random string sent by server on handshake; this is also length of obfuscated password,...
Definition: mysql_com.h:128
ABI for instrumented mutexes.
Time declarations shared between the server and client API: you should not add anything to this heade...
char * user
Definition: mysqladmin.cc:67
const char * host
Definition: mysqladmin.cc:66
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1117
static PFS_engine_table_share_proxy table
Definition: pfs.cc:61
Tag dispatch for custom Role_properties.
Definition: sql_auth_cache.h:604
BOOST_INSTALL_PROPERTY(vertex, acl_user)
vertex_acl_user_t
Definition: sql_auth_cache.h:605
@ vertex_acl_user
Definition: sql_auth_cache.h:605
const std::string password_lock_time_days("password_lock_time_days")
underkeys of password locking
const std::string failed_login_attempts("failed_login_attempts")
underkeys of password locking
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:76
size_t size(const char *const c)
Definition: base64.h:46
mode
Definition: file_handle.h:61
std::map< Key, Value, Compare, ut::allocator< std::pair< const Key, Value > > > map
Specialization of map which uses ut_allocator.
Definition: ut0new.h:2894
std::conditional_t< !std::is_array< T >::value, std::unique_ptr< T, detail::Deleter< T > >, std::conditional_t< detail::is_unbounded_array_v< T >, std::unique_ptr< T, detail::Array_deleter< std::remove_extent_t< T > > >, void > > unique_ptr
The following is a common type that is returned by all the ut::make_unique (non-aligned) specializati...
Definition: ut0new.h:2440
PSI_memory_key key_memory_acl_cache
Definition: psi_memory_key.cc:102
required string key
Definition: replication_asynchronous_connection_failover.proto:60
required string type
Definition: replication_group_member_actions.proto:34
Lex_acl_attrib_udyn
This is generic enum.
Definition: table.h:2651
GRANT_NAME * routine_hash_search(const char *host, const char *ip, const char *db, const char *user, const char *tname, Acl_type routine_acl_type, bool exact)
Definition: sql_auth_cache.h:580
uint grant_version
Definition: sql_auth_cache.cc:169
std::unique_ptr< malloc_unordered_multimap< std::string, unique_ptr_destroy_only< GRANT_TABLE > > > column_priv_hash
Definition: sql_auth_cache.cc:145
Prealloced_array< ACL_DB, ACL_PREALLOC_SIZE > * acl_dbs
Definition: sql_auth_cache.cc:137
std::unique_ptr< malloc_unordered_multimap< std::string, unique_ptr_destroy_only< GRANT_NAME > > > proc_priv_hash
Definition: sql_auth_cache.cc:148
Acl_user_ptr_list * cached_acl_users_for_name(const char *name)
Fetch the list of ACL_USERs which share name or have no name.
Definition: sql_auth_cache.cc:1184
Acl_cache_allocator< ACL_USER * > Acl_user_ptr_allocator
Definition: sql_auth_cache.h:515
boost::adjacency_list< boost::setS, boost::vecS, boost::bidirectionalS, Role_properties, Role_edge_properties > Granted_roles_graph
A graph of all users/roles privilege inheritance.
Definition: sql_auth_cache.h:627
T * name_hash_search(const malloc_unordered_multimap< std::string, unique_ptr_destroy_only< T > > &name_hash, const char *host, const char *ip, const char *db, const char *user, const char *tname, bool exact, bool name_tolower)
Definition: sql_auth_cache.h:543
Acl_cache_lock_mode
Enum for specifying lock type over Acl cache.
Definition: sql_auth_cache.h:778
MYSQL_PLUGIN_IMPORT CHARSET_INFO * files_charset_info
Definition: mysqld.cc:1562
MEM_ROOT global_acl_memory
Definition: sql_auth_cache.cc:133
malloc_unordered_multimap< std::string, unique_ptr_destroy_only< GRANT_NAME > > * get_routine_priv_hash(Acl_type type)
Returns a non-owning raw pointer of either func_priv_hash, proc_priv_hash or library_priv_hash.
Definition: sql_auth_cache.cc:180
Prealloced_array< ACL_USER, ACL_PREALLOC_SIZE > * acl_users
Definition: sql_auth_cache.cc:135
bool allow_all_hosts
Definition: sql_auth_cache.cc:168
boost::property< boost::vertex_acl_user_t, ACL_USER, boost::property< boost::vertex_name_t, std::string > > Role_properties
Custom vertex properties used in Granted_roles_graph TODO ACL_USER contains too much information.
Definition: sql_auth_cache.h:617
boost::graph_traits< Granted_roles_graph >::in_edge_iterator in_edge_itr_t
The type for the iterator returned by in_edges().
Definition: sql_auth_cache.h:650
Acl_cache * get_global_acl_cache()
Definition: sql_auth_cache.cc:111
std::unique_ptr< malloc_unordered_multimap< std::string, unique_ptr_destroy_only< GRANT_NAME > > > library_priv_hash
Definition: sql_auth_cache.h:533
std::unique_ptr< malloc_unordered_multimap< std::string, unique_ptr_destroy_only< GRANT_NAME > > > func_priv_hash
Definition: sql_auth_cache.h:533
boost::graph_traits< Granted_roles_graph >::out_edge_iterator out_edge_itr_t
The type for the iterator returned by out_edges().
Definition: sql_auth_cache.h:646
std::unique_ptr< Acl_restrictions > acl_restrictions
Definition: sql_auth_cache.cc:153
Prealloced_array< ACL_HOST_AND_IP, ACL_PREALLOC_SIZE > * acl_wild_hosts
Definition: sql_auth_cache.cc:138
void rebuild_cached_acl_users_for_name(void)
Build the lists of ACL_USERs which share name or have no name.
Definition: sql_auth_cache.cc:1134
#define NUM_CREDENTIALS
Definition: sql_auth_cache.h:222
boost::property< boost::edge_capacity_t, int > Role_edge_properties
Definition: sql_auth_cache.h:619
MEM_ROOT memex
Definition: sql_auth_cache.cc:134
boost::graph_traits< Granted_roles_graph >::vertex_descriptor Role_vertex_descriptor
The data type of a vertex in the Granted_roles_graph.
Definition: sql_auth_cache.h:631
boost::graph_traits< Granted_roles_graph >::edge_descriptor Role_edge_descriptor
The data type of an edge in the Granted_roles_graph.
Definition: sql_auth_cache.h:635
GRANT_TABLE * table_hash_search(const char *host, const char *ip, const char *db, const char *user, const char *tname, bool exact)
Definition: sql_auth_cache.h:588
std::list< ACL_USER *, Acl_user_ptr_allocator > Acl_user_ptr_list
Definition: sql_auth_cache.h:516
std::unordered_map< std::string, Role_vertex_descriptor > Role_index_map
The datatype of the map between authids and graph vertex descriptors.
Definition: sql_auth_cache.h:638
boost::graph_traits< Granted_roles_graph >::degree_size_type degree_s_t
The type used for the number of edges incident to a vertex in the graph.
Definition: sql_auth_cache.h:642
collation_unordered_map< std::string, ACL_USER * > * acl_check_hosts
Definition: sql_auth_cache.cc:152
const size_t ACL_PREALLOC_SIZE
Definition: sql_auth_cache.h:523
Prealloced_array< ACL_PROXY_USER, ACL_PREALLOC_SIZE > * acl_proxy_users
Definition: sql_auth_cache.cc:136
GRANT_COLUMN * column_hash_search(GRANT_TABLE *t, const char *cname, size_t length)
Definition: sql_auth_cache.h:596
LF_HASH Acl_cache_internal
Definition: sql_auth_cache.h:698
static MEM_ROOT mem
Definition: sql_servers.cc:100
case opt name
Definition: sslopt-case.h:29
Definition: sql_auth_cache.h:503
Acl_cache_allocator< U > other
Definition: sql_auth_cache.h:504
Definition: m_ctype.h:421
Definition: lf.h:187
The MEM_ROOT is a simple arena, where allocations are carved out of larger blocks.
Definition: my_alloc.h:83
Definition: mysql_lex_string.h:40
Definition: mysql_time.h:82
Definition: table.h:1421
An instrumented mutex structure.
Definition: mysql_mutex_bits.h:50
Definition: sql_connect.h:41
Vio Lite.
SSL_type
Definition: violite.h:307