22#ifndef SQL_SECURITY_CTX_INCLUDED
23#define SQL_SECURITY_CTX_INCLUDED
63 const char *
host =
"skip-grants host");
74 void set_user_ptr(
const char *user_arg,
const size_t user_arg_length);
76 void assign_user(
const char *user_arg,
const size_t user_arg_length);
80 const std::string &privilege,
81 bool cumulative =
false);
83 bool cumulative =
false,
84 bool ignore_if_nonextant =
true,
85 bool throw_error =
true);
87 bool validate_access =
false);
106 std::vector<std::string> column);
117 void set_host_ptr(
const char *host_arg,
const size_t host_arg_length);
119 void assign_host(
const char *host_arg,
const size_t host_arg_length);
129 void set_ip_ptr(
const char *ip_arg,
const int ip_arg_length);
131 void assign_ip(
const char *ip_arg,
const int ip_arg_length);
153 const int host_or_ip_arg_length);
164 const int ext_user_arg_length);
167 const int ext_user_arg_length);
178 const size_t priv_user_arg_length);
189 const size_t proxy_user_arg_length);
200 const size_t priv_host_arg_length);
248 bool match_any =
false);
298 const std::string &
db_name)
const;
316 const std::string &privilege,
317 bool cumulative =
false);
437 const char *host_or_ip_arg,
const int host_or_ip_arg_length) {
467 ulong master_access,
const Restrictions &restrictions) {
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:79
Definition: sql_auth_cache.h:245
Container for global, schema, table/view and routine ACL maps.
Definition: sql_auth_cache.h:636
Storage container for default auth ids.
Definition: auth_common.h:1064
Definition: sql_list.h:433
Container of all restrictions for a given user.
Definition: partial_revokes.h:117
void clear_db()
Clear database restrictions.
Definition: partial_revokes.cc:1482
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:53
bool user_matches(Security_context *)
Definition: sql_security_ctx.cc:310
String m_external_user
Definition: sql_security_ctx.h:338
ulong db_acl(LEX_CSTRING db, bool use_pattern_scan=true) const
Get grant information for given database.
Definition: sql_security_ctx.cc:497
bool has_table_access(ulong priv, Table_ref *table)
Check if required access to given table is granted.
Definition: sql_security_ctx.cc:1187
THD * get_thd()
Definition: sql_security_ctx.h:512
Grant_table_aggregate table_and_column_acls(LEX_CSTRING db, LEX_CSTRING table)
Definition: sql_security_ctx.cc:566
bool any_table_acl(const LEX_CSTRING &db)
Definition: sql_security_ctx.cc:614
void set_master_access(ulong master_access)
Definition: sql_security_ctx.h:460
String m_host
m_host - host of the client
Definition: sql_security_ctx.h:328
bool m_is_skip_grants_user
True if the skip_grants_user is set.
Definition: sql_security_ctx.h:381
bool check_in_local_temp_privs(const std::string &priv)
std::unique_ptr< std::function< void(Security_context *)> > m_drop_policy
Definition: sql_security_ctx.h:385
void add_as_local_temp_privs(const std::vector< std::string > &privs)
void cache_current_db_access(ulong db_access)
Cache the schema level effective privileges (apply roles first!) for the currently active schema.
Definition: sql_security_ctx.h:482
const char * priv_host_name() const
Definition: sql_security_ctx.h:472
void set_user_ptr(const char *user_arg, const size_t user_arg_length)
Setter method for member m_user.
Definition: sql_security_ctx.cc:810
ulong function_acl(LEX_CSTRING db, LEX_CSTRING procedure_name)
Definition: sql_security_ctx.cc:548
void init()
Definition: sql_security_ctx.cc:77
LEX_CSTRING host() const
Getter method for member m_host.
Definition: sql_security_ctx.cc:848
LEX_CSTRING priv_user() const
Getter method for member m_priv_user.
Definition: sql_security_ctx.cc:776
void assign_user(const char *user_arg, const size_t user_arg_length)
Setter method for member m_user.
Definition: sql_security_ctx.cc:830
void copy_security_ctx(const Security_context &src_sctx)
Deep copy status of sctx object to this.
Definition: sql_security_ctx.cc:200
void set_password_expired(bool password_expired)
Definition: sql_security_ctx.h:490
void set_drop_policy(const std::function< void(Security_context *)> &func)
Definition: sql_security_ctx.cc:124
int activate_role(LEX_CSTRING user, LEX_CSTRING host, bool validate_access=false)
This method pushes a role to the list of active roles.
Definition: sql_security_ctx.cc:347
void set_registration_sandbox_mode(bool v)
Definition: sql_security_ctx.h:506
Restrictions m_restrictions
Definition: sql_security_ctx.h:386
char m_priv_user[USERNAME_LENGTH]
m_priv_user - The user privilege we are using.
Definition: sql_security_ctx.h:343
ulong filter_access(const ulong access, const std::string &db_name) const
If there is a restriction attached to an access on the given database then remove that access otherwi...
Definition: sql_security_ctx.cc:1124
void assign_proxy_user(const char *proxy_user_arg, const size_t proxy_user_arg_length)
Setter method for member m_proxy_user.
Definition: sql_security_ctx.cc:1053
void skip_grants(const char *user="skip-grants user", const char *host="skip-grants host")
Grants all privilegs to user.
Definition: sql_security_ctx.cc:173
~Security_context()
Definition: sql_security_ctx.cc:58
void checkout_access_maps(void)
Subscribes to a cache entry of aggregated ACLs.
Definition: sql_security_ctx.cc:378
size_t get_num_active_roles() const
Definition: sql_security_ctx.cc:445
THD * m_thd
m_thd - Thread handle, set to nullptr if this does not belong to any THD yet
Definition: sql_security_ctx.h:403
char m_proxy_user[USERNAME_LENGTH+HOSTNAME_LENGTH+6]
Definition: sql_security_ctx.h:346
void set_external_user_ptr(const char *ext_user_arg, const int ext_user_arg_length)
Setter method for member m_external_user.
Definition: sql_security_ctx.cc:975
String m_user
m_user - user of the client, set to NULL until the user has been read from the connection
Definition: sql_security_ctx.h:325
String m_ip
m_ip - client IP
Definition: sql_security_ctx.h:331
ulong m_db_access
Privileges for current db.
Definition: sql_security_ctx.h:363
bool any_sp_acl(const LEX_CSTRING &db)
Definition: sql_security_ctx.cc:599
ulong master_access() const
Getter method for member m_master_access.
Definition: sql_security_ctx.h:454
bool has_account_assigned() const
Check if a an account has been assigned to the security context.
Definition: sql_security_ctx.h:476
size_t m_proxy_user_length
Definition: sql_security_ctx.h:347
bool has_column_access(ulong priv, TABLE const *table, std::vector< std::string > column)
Check if required access to given table column is granted.
Definition: sql_security_ctx.cc:1264
LEX_CSTRING external_user() const
Getter method for member m_external_user.
Definition: sql_security_ctx.h:443
void assign_host(const char *host_arg, const size_t host_arg_length)
Setter method for member m_host.
Definition: sql_security_ctx.cc:891
void set_host_ptr(const char *host_arg, const size_t host_arg_length)
Setter method for member m_host.
Definition: sql_security_ctx.cc:868
bool m_is_locked
True if this account can't be logged into.
Definition: sql_security_ctx.h:377
bool is_in_registration_sandbox_mode()
Definition: sql_security_ctx.h:502
bool is_access_restricted_on_db(ulong want_access, const std::string &db_name) const
Definition: sql_security_ctx.cc:1109
bool m_password_expired
password expiration flag.
Definition: sql_security_ctx.h:371
size_t m_priv_user_length
Definition: sql_security_ctx.h:344
bool account_is_locked()
Locked account can still be used as routine definers and when they are there shouldn't be any checks ...
Definition: sql_security_ctx.h:282
ulong procedure_acl(LEX_CSTRING db, LEX_CSTRING procedure_name)
Definition: sql_security_ctx.cc:530
Security_context(THD *thd=nullptr)
Definition: sql_security_ctx.cc:53
void execute_drop_policy(void)
Definition: sql_security_ctx.cc:117
void assign_ip(const char *ip_arg, const int ip_arg_length)
Setter method for member m_ip.
Definition: sql_security_ctx.cc:955
List_of_auth_id_refs * get_active_roles()
Definition: sql_security_ctx.cc:441
void init_restrictions(const Restrictions &restrictions)
Definition: sql_security_ctx.cc:1105
Acl_map * m_acl_map
Definition: sql_security_ctx.h:373
void assign_external_user(const char *ext_user_arg, const int ext_user_arg_length)
Setter method for member m_external_user.
Definition: sql_security_ctx.cc:995
bool has_with_admin_acl(const LEX_CSTRING &role_name, const LEX_CSTRING &role_host)
Definition: sql_security_ctx.cc:585
bool password_expired() const
Getter method for member m_password_expired.
Definition: sql_security_ctx.h:486
LEX_CSTRING ip() const
Getter method for member m_ip.
Definition: sql_security_ctx.cc:915
char m_priv_host[HOSTNAME_LENGTH+1]
The host privilege we are using.
Definition: sql_security_ctx.h:352
size_t m_priv_host_length
Definition: sql_security_ctx.h:353
LEX_CSTRING priv_host() const
Getter method for member m_priv_host.
Definition: sql_security_ctx.cc:1073
ulong table_acl(LEX_CSTRING db, LEX_CSTRING table)
Definition: sql_security_ctx.cc:579
void set_host_or_ip_ptr()
Setter method for member m_host_or_ip.
Definition: sql_security_ctx.h:423
bool is_table_blocked(ulong priv, TABLE const *table)
Check if required access to given table is not restricted.
Definition: sql_security_ctx.cc:1231
bool check_access(ulong want_access, const std::string &db_name="", bool match_any=false)
Check permission against m_master_access.
Definition: sql_security_ctx.cc:319
std::pair< bool, bool > fetch_global_grant(const ACL_USER &acl_user, const std::string &privilege, bool cumulative=false)
Checks if the acl_user does have the asked dynamic privilege.
Definition: sql_security_ctx.cc:1153
std::pair< bool, bool > has_global_grant(const char *priv, size_t priv_len)
Checks if the Current_user has the asked dynamic privilege.
Definition: sql_security_ctx.cc:644
void set_thd(THD *thd)
Definition: sql_security_ctx.h:510
void destroy()
Definition: sql_security_ctx.cc:131
String m_host_or_ip
m_host_or_ip - points to host if host is available, otherwise points to ip
Definition: sql_security_ctx.h:336
bool m_has_drop_policy
Definition: sql_security_ctx.h:384
LEX_CSTRING user() const
Getter method for member m_user.
Definition: sql_security_ctx.cc:790
void clear_db_restrictions()
Definition: sql_security_ctx.h:498
bool m_executed_drop_policy
Definition: sql_security_ctx.h:383
void logout()
Definition: sql_security_ctx.cc:98
void restore_security_context(THD *thd, Security_context *backup)
Definition: sql_security_ctx.cc:305
const Restrictions restrictions() const
Definition: sql_security_ctx.h:456
bool m_registration_sandbox_mode
This flag tracks if server should be in sandbox mode or not.
Definition: sql_security_ctx.h:398
void lock_account(bool is_locked)
Definition: sql_security_ctx.h:284
LEX_CSTRING host_or_ip() const
Getter method for member m_host_or_ip.
Definition: sql_security_ctx.h:412
bool is_skip_grants_user()
Definition: sql_security_ctx.h:494
ulong m_master_access
Global privileges from mysql.user.
Definition: sql_security_ctx.h:358
List_of_auth_id_refs m_active_roles
Definition: sql_security_ctx.h:372
bool has_executed_drop_policy(void)
Definition: sql_security_ctx.cc:113
bool has_drop_policy(void)
Definition: sql_security_ctx.cc:111
bool change_security_context(THD *thd, const LEX_CSTRING &definer_user, const LEX_CSTRING &definer_host, const char *db, Security_context **backup, bool force=false)
Initialize this security context from the passed in credentials and activate it in the current thread...
Definition: sql_security_ctx.cc:278
void assign_priv_user(const char *priv_user_arg, const size_t priv_user_arg_length)
Setter method for member m_priv_user.
Definition: sql_security_ctx.cc:1015
ulong current_db_access() const
Returns the schema level effective privileges (with applied roles) for the currently active schema.
Definition: sql_security_ctx.h:480
void set_ip_ptr(const char *ip_arg, const int ip_arg_length)
Setter method for member m_ip.
Definition: sql_security_ctx.cc:935
Security_context & operator=(const Security_context &src_sctx)
Definition: sql_security_ctx.cc:65
bool can_operate_with(const Auth_id &auth_id, const std::string &privilege, bool cumulative=false, bool ignore_if_nonextant=true, bool throw_error=true)
Checks if the specified auth_id with privilege can work with the current_user.
Definition: sql_security_ctx.cc:738
void clear_active_roles(void)
This helper method clears the active roles list and frees the allocated memory used for any previousl...
Definition: sql_security_ctx.cc:422
LEX_CSTRING proxy_user() const
Getter method for member m_proxy_user.
Definition: sql_security_ctx.cc:1035
void assign_priv_host(const char *priv_host_arg, const size_t priv_host_arg_length)
Setter method for member m_priv_host.
Definition: sql_security_ctx.cc:1091
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:166
const char * ptr() const
Definition: sql_string.h:248
size_t length() const
Definition: sql_string.h:240
void set(String &str, size_t offset, size_t arg_length)
Definition: sql_string.h:279
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:33
A better implementation of the UNIX ctype(3) library.
MYSQL_PLUGIN_IMPORT CHARSET_INFO * system_charset_info
Definition: mysqld.cc:1541
#define DBUG_PRINT(keyword, arglist)
Definition: my_dbug.h:180
#define DBUG_TRACE
Definition: my_dbug.h:145
Common definition used by mysys, performance schema and server & client.
static constexpr int HOSTNAME_LENGTH
Definition: my_hostname.h:42
static bool backup
Definition: myisampack.cc:194
Common definition between mysql server & client.
#define USERNAME_LENGTH
Definition: mysql_com.h:68
const char * db_name
Definition: rules_table_service.cc:54
std::conditional_t< !std::is_array< T >::value, std::unique_ptr< T, detail::Deleter< T > >, std::conditional_t< detail::is_unbounded_array_v< T >, std::unique_ptr< T, detail::Array_deleter< std::remove_extent_t< T > > >, void > > unique_ptr
The following is a common type that is returned by all the ut::make_unique (non-aligned) specializati...
Definition: ut0new.h:2436
File containing constants that can be used throughout the server.
Our own string classes, used pervasively throughout the executor.
Definition: auth_internal.h:58
Definition: mysql_lex_string.h:39
const char * str
Definition: mysql_lex_string.h:40
size_t length
Definition: mysql_lex_string.h:41