WL#12670: Warn when using 'everyone' for named_pipe_full_access_group

Affects: Server-8.0 — Status: Complete

Description
Requirements
Dependent Tasks
High Level Architecture
Low Level Design

See WL#12445 Improve Windows named pipe access control

This worklog is a step on the way to changing the default value of the
named_pipe_full_access_group system variable from '*everyone*' (insecure by
default) to '' (i.e. no-one: secure by default).

Starting with MySQL server version 5.6.x, 5.7.x and 8.0.17, the server should
both raise and log a warning message when the named_pipe_full_access_group
system variable is set to a value that maps to the built in Windows Everyone
group (SID S-1-1-0).

The idea is to encourage the MySQL server DBA to select a different Windows
group with a smaller membership than 'everyone', and to encourage third party
named pipe connector developers to modify their code to request fewer
permissions on the MySQL named pipe. 

Named pipe connectors that request limited permission on the MySQL named pipe
can open the named pipe without requiring the Windows user running the connector
to be a member of the Windows group indicated by the
named_pipe_full_access_group system variable.

Note that checking the state of the named_pipe_full_access_group should be
performed in a language independent fashion, as the string used to identify the
Everyone group varies with the Windows default system language.

Functional requirements:
F-1: If the string value assigned to the named_pipe_full_access_group system
variable during MySQL server start up corresponds to the Windows 'Everyone'
group AND named pipes are enabled then a warning message SHALL be written to the
error log.

F-2: If the named_pipe_full_access_group system variable's value is modified
after MySQL server startup to a value that corresponds to the Windows 'Everyone'
group then a warning message SHALL be written to the error log and raised to the
client.

F-3: The string "*everyone*" SHALL be treated as a Windows System Language
independent name for the Windows 'Everyone' group.

WL#12445: Improve Windows named pipe access control

The warning message written to the error log when the
named_pipe_full_access_group system variable is updated to a value corresponding
to the 'Everyone' windows group is of the form:

Setting named_pipe_full_access_group='%s' is insecure. Consider using a Windows
group with fewer members.

Where %s is replaced with the value used to update the
named_pipe_full_access_group system variable.

Note that the 'Everyone' group name is localized on Windows by the configured
Windows System Language - for example, on a French system the Everyone group
name is 'Tout le monde'.

In order to determine whether the new value of the named_pipe_full_access system
variable corresponds to the 'Everyone' group in a Windows System language
independent fashion, the new group name will be converted to its corresponding
Windows Security Identified (SID).  

The new group name's SID can then be easily compared with the "well known" SID
corresponding to the 'Everyone' group (identified by the WinWorldSid SID type)
using the EqualSid Windows API function.

Note that new group name values of null pointer and the empty string are valid
and correspond to no group - which is NOT the same as the 'Everyone' group.

The '*everyone*' value will have to be treated as a special case which is
treated as always matching the 'Everyone' group regardless of Windows System
language.