22#ifndef SQL_SECURITY_CTX_INCLUDED
23#define SQL_SECURITY_CTX_INCLUDED
62 const char *
host =
"skip-grants host");
73 void set_user_ptr(
const char *user_arg,
const size_t user_arg_length);
75 void assign_user(
const char *user_arg,
const size_t user_arg_length);
79 const std::string &privilege,
80 bool cumulative =
false);
82 bool cumulative =
false,
83 bool ignore_if_nonextant =
true,
84 bool throw_error =
true);
86 bool validate_access =
false);
105 std::vector<std::string> column);
116 void set_host_ptr(
const char *host_arg,
const size_t host_arg_length);
118 void assign_host(
const char *host_arg,
const size_t host_arg_length);
128 void set_ip_ptr(
const char *ip_arg,
const int ip_arg_length);
130 void assign_ip(
const char *ip_arg,
const int ip_arg_length);
152 const int host_or_ip_arg_length);
163 const int ext_user_arg_length);
166 const int ext_user_arg_length);
177 const size_t priv_user_arg_length);
188 const size_t proxy_user_arg_length);
199 const size_t priv_host_arg_length);
247 bool match_any =
false);
297 const std::string &
db_name)
const;
315 const std::string &privilege,
316 bool cumulative =
false);
436 const char *host_or_ip_arg,
const int host_or_ip_arg_length) {
466 ulong master_access,
const Restrictions &restrictions) {
std::vector< Auth_id_ref > List_of_auth_id_refs
Definition: auth_common.h:79
Definition: sql_auth_cache.h:245
Container for global, schema, table/view and routine ACL maps.
Definition: sql_auth_cache.h:636
Storage container for default auth ids.
Definition: auth_common.h:1064
Definition: sql_list.h:433
Container of all restrictions for a given user.
Definition: partial_revokes.h:117
void clear_db()
Clear database restrictions.
Definition: partial_revokes.cc:1483
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:52
bool user_matches(Security_context *)
Definition: sql_security_ctx.cc:312
String m_external_user
Definition: sql_security_ctx.h:337
ulong db_acl(LEX_CSTRING db, bool use_pattern_scan=true) const
Get grant information for given database.
Definition: sql_security_ctx.cc:499
bool has_table_access(ulong priv, Table_ref *table)
Check if required access to given table is granted.
Definition: sql_security_ctx.cc:1189
THD * get_thd()
Definition: sql_security_ctx.h:511
Grant_table_aggregate table_and_column_acls(LEX_CSTRING db, LEX_CSTRING table)
Definition: sql_security_ctx.cc:568
bool any_table_acl(const LEX_CSTRING &db)
Definition: sql_security_ctx.cc:616
void set_master_access(ulong master_access)
Definition: sql_security_ctx.h:459
String m_host
m_host - host of the client
Definition: sql_security_ctx.h:327
bool m_is_skip_grants_user
True if the skip_grants_user is set.
Definition: sql_security_ctx.h:380
bool check_in_local_temp_privs(const std::string &priv)
std::unique_ptr< std::function< void(Security_context *)> > m_drop_policy
Definition: sql_security_ctx.h:384
void add_as_local_temp_privs(const std::vector< std::string > &privs)
void cache_current_db_access(ulong db_access)
Cache the schema level effective privileges (apply roles first!) for the currently active schema.
Definition: sql_security_ctx.h:481
const char * priv_host_name() const
Definition: sql_security_ctx.h:471
void set_user_ptr(const char *user_arg, const size_t user_arg_length)
Setter method for member m_user.
Definition: sql_security_ctx.cc:812
ulong function_acl(LEX_CSTRING db, LEX_CSTRING procedure_name)
Definition: sql_security_ctx.cc:550
void init()
Definition: sql_security_ctx.cc:79
LEX_CSTRING host() const
Getter method for member m_host.
Definition: sql_security_ctx.cc:850
LEX_CSTRING priv_user() const
Getter method for member m_priv_user.
Definition: sql_security_ctx.cc:778
void assign_user(const char *user_arg, const size_t user_arg_length)
Setter method for member m_user.
Definition: sql_security_ctx.cc:832
void copy_security_ctx(const Security_context &src_sctx)
Deep copy status of sctx object to this.
Definition: sql_security_ctx.cc:202
void set_password_expired(bool password_expired)
Definition: sql_security_ctx.h:489
void set_drop_policy(const std::function< void(Security_context *)> &func)
Definition: sql_security_ctx.cc:126
int activate_role(LEX_CSTRING user, LEX_CSTRING host, bool validate_access=false)
This method pushes a role to the list of active roles.
Definition: sql_security_ctx.cc:349
void set_registration_sandbox_mode(bool v)
Definition: sql_security_ctx.h:505
Restrictions m_restrictions
Definition: sql_security_ctx.h:385
char m_priv_user[USERNAME_LENGTH]
m_priv_user - The user privilege we are using.
Definition: sql_security_ctx.h:342
ulong filter_access(const ulong access, const std::string &db_name) const
If there is a restriction attached to an access on the given database then remove that access otherwi...
Definition: sql_security_ctx.cc:1126
void assign_proxy_user(const char *proxy_user_arg, const size_t proxy_user_arg_length)
Setter method for member m_proxy_user.
Definition: sql_security_ctx.cc:1055
void skip_grants(const char *user="skip-grants user", const char *host="skip-grants host")
Grants all privilegs to user.
Definition: sql_security_ctx.cc:175
~Security_context()
Definition: sql_security_ctx.cc:60
void checkout_access_maps(void)
Subscribes to a cache entry of aggregated ACLs.
Definition: sql_security_ctx.cc:380
size_t get_num_active_roles() const
Definition: sql_security_ctx.cc:447
THD * m_thd
m_thd - Thread handle, set to nullptr if this does not belong to any THD yet
Definition: sql_security_ctx.h:402
char m_proxy_user[USERNAME_LENGTH+HOSTNAME_LENGTH+6]
Definition: sql_security_ctx.h:345
void set_external_user_ptr(const char *ext_user_arg, const int ext_user_arg_length)
Setter method for member m_external_user.
Definition: sql_security_ctx.cc:977
String m_user
m_user - user of the client, set to NULL until the user has been read from the connection
Definition: sql_security_ctx.h:324
String m_ip
m_ip - client IP
Definition: sql_security_ctx.h:330
ulong m_db_access
Privileges for current db.
Definition: sql_security_ctx.h:362
bool any_sp_acl(const LEX_CSTRING &db)
Definition: sql_security_ctx.cc:601
ulong master_access() const
Getter method for member m_master_access.
Definition: sql_security_ctx.h:453
bool has_account_assigned() const
Check if a an account has been assigned to the security context.
Definition: sql_security_ctx.h:475
size_t m_proxy_user_length
Definition: sql_security_ctx.h:346
bool has_column_access(ulong priv, TABLE const *table, std::vector< std::string > column)
Check if required access to given table column is granted.
Definition: sql_security_ctx.cc:1266
LEX_CSTRING external_user() const
Getter method for member m_external_user.
Definition: sql_security_ctx.h:442
void assign_host(const char *host_arg, const size_t host_arg_length)
Setter method for member m_host.
Definition: sql_security_ctx.cc:893
void set_host_ptr(const char *host_arg, const size_t host_arg_length)
Setter method for member m_host.
Definition: sql_security_ctx.cc:870
bool m_is_locked
True if this account can't be logged into.
Definition: sql_security_ctx.h:376
bool is_in_registration_sandbox_mode()
Definition: sql_security_ctx.h:501
bool is_access_restricted_on_db(ulong want_access, const std::string &db_name) const
Definition: sql_security_ctx.cc:1111
bool m_password_expired
password expiration flag.
Definition: sql_security_ctx.h:370
size_t m_priv_user_length
Definition: sql_security_ctx.h:343
bool account_is_locked()
Locked account can still be used as routine definers and when they are there shouldn't be any checks ...
Definition: sql_security_ctx.h:281
ulong procedure_acl(LEX_CSTRING db, LEX_CSTRING procedure_name)
Definition: sql_security_ctx.cc:532
Security_context(THD *thd=nullptr)
Definition: sql_security_ctx.cc:55
void execute_drop_policy(void)
Definition: sql_security_ctx.cc:119
void assign_ip(const char *ip_arg, const int ip_arg_length)
Setter method for member m_ip.
Definition: sql_security_ctx.cc:957
List_of_auth_id_refs * get_active_roles()
Definition: sql_security_ctx.cc:443
void init_restrictions(const Restrictions &restrictions)
Definition: sql_security_ctx.cc:1107
Acl_map * m_acl_map
Definition: sql_security_ctx.h:372
void assign_external_user(const char *ext_user_arg, const int ext_user_arg_length)
Setter method for member m_external_user.
Definition: sql_security_ctx.cc:997
bool has_with_admin_acl(const LEX_CSTRING &role_name, const LEX_CSTRING &role_host)
Definition: sql_security_ctx.cc:587
bool password_expired() const
Getter method for member m_password_expired.
Definition: sql_security_ctx.h:485
LEX_CSTRING ip() const
Getter method for member m_ip.
Definition: sql_security_ctx.cc:917
char m_priv_host[HOSTNAME_LENGTH+1]
The host privilege we are using.
Definition: sql_security_ctx.h:351
size_t m_priv_host_length
Definition: sql_security_ctx.h:352
LEX_CSTRING priv_host() const
Getter method for member m_priv_host.
Definition: sql_security_ctx.cc:1075
ulong table_acl(LEX_CSTRING db, LEX_CSTRING table)
Definition: sql_security_ctx.cc:581
void set_host_or_ip_ptr()
Setter method for member m_host_or_ip.
Definition: sql_security_ctx.h:422
bool is_table_blocked(ulong priv, TABLE const *table)
Check if required access to given table is not restricted.
Definition: sql_security_ctx.cc:1233
bool check_access(ulong want_access, const std::string &db_name="", bool match_any=false)
Check permission against m_master_access.
Definition: sql_security_ctx.cc:321
std::pair< bool, bool > fetch_global_grant(const ACL_USER &acl_user, const std::string &privilege, bool cumulative=false)
Checks if the acl_user does have the asked dynamic privilege.
Definition: sql_security_ctx.cc:1155
std::pair< bool, bool > has_global_grant(const char *priv, size_t priv_len)
Checks if the Current_user has the asked dynamic privilege.
Definition: sql_security_ctx.cc:646
void set_thd(THD *thd)
Definition: sql_security_ctx.h:509
void destroy()
Definition: sql_security_ctx.cc:133
String m_host_or_ip
m_host_or_ip - points to host if host is available, otherwise points to ip
Definition: sql_security_ctx.h:335
bool m_has_drop_policy
Definition: sql_security_ctx.h:383
LEX_CSTRING user() const
Getter method for member m_user.
Definition: sql_security_ctx.cc:792
void clear_db_restrictions()
Definition: sql_security_ctx.h:497
bool m_executed_drop_policy
Definition: sql_security_ctx.h:382
void logout()
Definition: sql_security_ctx.cc:100
void restore_security_context(THD *thd, Security_context *backup)
Definition: sql_security_ctx.cc:307
const Restrictions restrictions() const
Definition: sql_security_ctx.h:455
bool m_registration_sandbox_mode
This flag tracks if server should be in sandbox mode or not.
Definition: sql_security_ctx.h:397
void lock_account(bool is_locked)
Definition: sql_security_ctx.h:283
LEX_CSTRING host_or_ip() const
Getter method for member m_host_or_ip.
Definition: sql_security_ctx.h:411
bool is_skip_grants_user()
Definition: sql_security_ctx.h:493
ulong m_master_access
Global privileges from mysql.user.
Definition: sql_security_ctx.h:357
List_of_auth_id_refs m_active_roles
Definition: sql_security_ctx.h:371
bool has_executed_drop_policy(void)
Definition: sql_security_ctx.cc:115
bool has_drop_policy(void)
Definition: sql_security_ctx.cc:113
bool change_security_context(THD *thd, const LEX_CSTRING &definer_user, const LEX_CSTRING &definer_host, const char *db, Security_context **backup, bool force=false)
Initialize this security context from the passed in credentials and activate it in the current thread...
Definition: sql_security_ctx.cc:280
void assign_priv_user(const char *priv_user_arg, const size_t priv_user_arg_length)
Setter method for member m_priv_user.
Definition: sql_security_ctx.cc:1017
ulong current_db_access() const
Returns the schema level effective privileges (with applied roles) for the currently active schema.
Definition: sql_security_ctx.h:479
void set_ip_ptr(const char *ip_arg, const int ip_arg_length)
Setter method for member m_ip.
Definition: sql_security_ctx.cc:937
Security_context & operator=(const Security_context &src_sctx)
Definition: sql_security_ctx.cc:67
bool can_operate_with(const Auth_id &auth_id, const std::string &privilege, bool cumulative=false, bool ignore_if_nonextant=true, bool throw_error=true)
Checks if the specified auth_id with privilege can work with the current_user.
Definition: sql_security_ctx.cc:740
void clear_active_roles(void)
This helper method clears the active roles list and frees the allocated memory used for any previousl...
Definition: sql_security_ctx.cc:424
LEX_CSTRING proxy_user() const
Getter method for member m_proxy_user.
Definition: sql_security_ctx.cc:1037
void assign_priv_host(const char *priv_host_arg, const size_t priv_host_arg_length)
Setter method for member m_priv_host.
Definition: sql_security_ctx.cc:1093
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:166
const char * ptr() const
Definition: sql_string.h:248
size_t length() const
Definition: sql_string.h:240
void set(String &str, size_t offset, size_t arg_length)
Definition: sql_string.h:279
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:33
MYSQL_PLUGIN_IMPORT CHARSET_INFO * system_charset_info
Definition: mysqld.cc:1552
#define DBUG_PRINT(keyword, arglist)
Definition: my_dbug.h:180
#define DBUG_TRACE
Definition: my_dbug.h:145
Common definition used by mysys, performance schema and server & client.
static constexpr int HOSTNAME_LENGTH
Definition: my_hostname.h:42
static bool backup
Definition: myisampack.cc:197
Common definition between mysql server & client.
#define USERNAME_LENGTH
Definition: mysql_com.h:68
static PFS_engine_table_share_proxy table
Definition: pfs.cc:60
const char * db_name
Definition: rules_table_service.cc:54
std::conditional_t< !std::is_array< T >::value, std::unique_ptr< T, detail::Deleter< T > >, std::conditional_t< detail::is_unbounded_array_v< T >, std::unique_ptr< T, detail::Array_deleter< std::remove_extent_t< T > > >, void > > unique_ptr
The following is a common type that is returned by all the ut::make_unique (non-aligned) specializati...
Definition: ut0new.h:2437
File containing constants that can be used throughout the server.
Our own string classes, used pervasively throughout the executor.
Definition: auth_internal.h:58
Definition: mysql_lex_string.h:39
const char * str
Definition: mysql_lex_string.h:40
size_t length
Definition: mysql_lex_string.h:41