-
Notifications
You must be signed in to change notification settings - Fork 4k
/
Copy pathsql_rewrite.h
386 lines (344 loc) · 14.1 KB
/
sql_rewrite.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
/* Copyright (c) 2011, 2024, Oracle and/or its affiliates.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, version 2.0,
as published by the Free Software Foundation.
This program is designed to work with certain software (including
but not limited to OpenSSL) that is licensed under separate terms,
as designated in a particular file or component or in included license
documentation. The authors of MySQL hereby grant you an additional
permission to link the program and your derivative works with the
separately licensed software that they have either included with
the program or referenced in the documentation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License, version 2.0, for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#ifndef SQL_REWRITE_INCLUDED
#define SQL_REWRITE_INCLUDED
#include <set>
#include "my_sqlcommand.h"
#include "sql/table.h"
/* Forward declarations */
class THD;
class LEX_GRANT_AS;
/**
Target types where the rewritten query will be added. Query rewrite might
vary based on this type.
*/
enum class Consumer_type {
TEXTLOG, /* General log, slow query log and audit log */
BINLOG, /* Binary logs */
STDOUT /* Standard output */
};
/**
An interface to wrap the parameters required by specific Rewriter.
Parameters required by specific Rewriter must be added in the concrete
implementation.
Clients need to wrap the parameters in specific concrete object.
The Rewrite_params objects are not expected to change and are passed around as
const objects.
*/
class Rewrite_params {
protected:
virtual ~Rewrite_params() = default;
};
/**
Wrapper object for user related parameters required by:
SET PASSWORD|CREATE USER|ALTER USER statements.
*/
class User_params : public Rewrite_params {
public:
User_params(std::set<LEX_USER *> *users_set)
: Rewrite_params(), users(users_set) {}
std::set<LEX_USER *> *users;
};
/**
Wrapper object for parameters required by SHOW CREATE USER statement.
*/
class Show_user_params : public Rewrite_params {
public:
Show_user_params(bool hide_password_hash, bool print_identified_with_as_hex,
String *param_metadata_str)
: Rewrite_params(),
hide_password_hash(hide_password_hash),
print_identified_with_as_hex_(print_identified_with_as_hex),
metadata_str(param_metadata_str) {}
bool hide_password_hash;
bool print_identified_with_as_hex_;
String *metadata_str;
};
/**
Wrapper object for parameters required for GRANT statement.
*/
class Grant_params : public Rewrite_params {
public:
Grant_params(bool grant_as_specified, LEX_GRANT_AS *grant_as)
: Rewrite_params(),
grant_as_provided(grant_as_specified),
grant_as_info(grant_as) {}
bool grant_as_provided;
LEX_GRANT_AS *grant_as_info;
};
/**
Provides the default interface to rewrite the SQL statements to
to obfuscate passwords.
It either sets the thd->rewritten_query with a rewritten query,
or clears it if no rewriting took place.
*/
void mysql_rewrite_query(THD *thd, Consumer_type type = Consumer_type::TEXTLOG,
const Rewrite_params *params = nullptr);
/**
Provides the default interface to rewrite the ACL query.
If do_ps_instrument, it sets the thd->rewritten_query with
a rewritten query.
*/
void mysql_rewrite_acl_query(THD *thd, String &rlb, Consumer_type type,
const Rewrite_params *params = nullptr,
bool do_ps_instrument = true);
/**
An abstract base class to enable the implementation of various query
rewriters. It accepts a THD pointer and the intended target type where the
query will to be written. It either sets the thd->rewritten_query with a
rewritten query, or clears it if no rewriting took place. Concrete classes
must implement the rewrite() method to rewrite the query. Despite concrete
classes may accept additional parameters, it is recommended not to create
their objects directly.
*/
class I_rewriter {
public:
/* Constructors and destructors */
I_rewriter(THD *thd, Consumer_type type);
virtual ~I_rewriter();
/* Prohibit the copy of the object */
I_rewriter(const I_rewriter &) = delete;
const I_rewriter &operator=(const I_rewriter &) = delete;
I_rewriter(const I_rewriter &&) = delete;
const I_rewriter &operator=(const I_rewriter &&) = delete;
/* Reset the previous consumer type before rewriting the query */
void set_consumer_type(Consumer_type type);
/* Return the current consumer type */
Consumer_type consumer_type();
/* Concrete classes must implement the logic to rewrite query here */
virtual bool rewrite(String &rlb) const = 0;
protected:
THD *const m_thd;
Consumer_type m_consumer_type;
};
/**
Abstract base class to define the skeleton of rewriting the users, yet
deferring some steps to the concrete classes. The implementation in specific
steps might vary according to SQL or the consumer type.
*/
class Rewriter_user : public I_rewriter {
protected:
Rewriter_user(THD *thd, Consumer_type target_type);
/*
Provides the skeleton to rewrite the users. The actual user is rewritten
through the concrete implementation of private methods.
*/
void rewrite_users(LEX *lex, String *str) const;
/* Append the literal value <secret> to the str */
void append_literal_secret(String *str) const;
/* Append the password hash to the output string */
virtual void append_auth_str(LEX_USER *lex, String *str) const;
/* Append the authentication plugin name for the user */
void append_plugin_name(const LEX_USER *user, String *str) const;
/* Append authentication plugin name from LEX_MFA for the user */
void append_mfa_plugin_name(const LEX_MFA *user, String *str) const;
/* Append the authentication string from LEX_MFA for the user */
void append_mfa_auth_str(const LEX_MFA *user, String *str) const;
/*
Rewrites some of the user specific properties which are common to
concrete classes.
*/
bool rewrite(String &rlb) const override;
/*
Abstract method to be implemented by the concrete classes.
The implementation methods should add the user authID, plugin info and
auth str
*/
virtual void append_user_auth_info(LEX_USER *user, bool comma,
String *str) const = 0;
/* Append the PASSWORD REUSE OPTIONS clause for users */
virtual void rewrite_password_history(const LEX *lex, String *str) const = 0;
/* Append the PASSWORD REUSE OPTIONS clause for users */
virtual void rewrite_password_reuse(const LEX *lex, String *str) const = 0;
/* Append the ATTRIBUTE or COMMENT clause for user */
virtual void rewrite_user_application_user_metadata(const LEX *lex,
String *str) const = 0;
/* Use LEX to reconstruct the ATTRIBUTE or COMMENT clauses */
void rewrite_in_memory_user_application_user_metadata(const LEX *user,
String *str) const;
private:
/* Append the SSL OPTIONS clause for users */
void rewrite_ssl_properties(const LEX *lex, String *str) const;
/* Append the RESOURCES OPTIONS clause for users */
void rewrite_user_resources(const LEX *lex, String *str) const;
/* Append the ACCOUNT LOCK OPTIONS clause for users */
void rewrite_account_lock(const LEX *lex, String *str) const;
/* Append the PASSWORD EXPIRED OPTIONS clause for users */
void rewrite_password_expired(const LEX *lex, String *str) const;
/* Append the PASSWORD REQUIRE CURRENT clause for users */
void rewrite_password_require_current(LEX *lex, String *str) const;
/* Append FAILED_LOGIN_ATTEMPTS/PASSWORD_LOCK_TIME */
void rewrite_account_lock_state(LEX *lex, String *str) const;
/* Append the DEFAULT ROLE OPTIONS clause */
void rewrite_default_roles(const LEX *lex, String *str) const;
};
/** Rewrites the CREATE USER statement. */
class Rewriter_create_user final : public Rewriter_user {
using parent = Rewriter_user;
public:
Rewriter_create_user(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
void rewrite_user_application_user_metadata(const LEX *lex,
String *str) const override;
private:
void append_user_auth_info(LEX_USER *user, bool comma,
String *str) const override;
void rewrite_password_history(const LEX *lex, String *str) const override;
void rewrite_password_reuse(const LEX *lex, String *str) const override;
};
/** Rewrites the ALTER USER statement. */
class Rewriter_alter_user final : public Rewriter_user {
using parent = Rewriter_user;
public:
Rewriter_alter_user(THD *thd, Consumer_type type = Consumer_type::TEXTLOG);
bool rewrite(String &rlb) const override;
void rewrite_user_application_user_metadata(const LEX *lex,
String *str) const override;
private:
void append_user_auth_info(LEX_USER *user, bool comma,
String *str) const override;
void rewrite_password_history(const LEX *lex, String *str) const override;
void rewrite_password_reuse(const LEX *lex, String *str) const override;
};
/** Rewrites the SHOW CREATE USER statement. */
class Rewriter_show_create_user final : public Rewriter_user {
using parent = Rewriter_user;
public:
Rewriter_show_create_user(THD *thd, Consumer_type type,
const Rewrite_params *params);
bool rewrite(String &rlb) const override;
void rewrite_user_application_user_metadata(const LEX *lex,
String *str) const override;
protected:
/* Append the password hash to the output string */
void append_auth_str(LEX_USER *lex, String *str) const override;
private:
void append_user_auth_info(LEX_USER *user, bool comma,
String *str) const override;
void rewrite_password_history(const LEX *lex, String *str) const override;
void rewrite_password_reuse(const LEX *lex, String *str) const override;
const Show_user_params *show_params_;
};
/** Rewrites the SET statement. */
class Rewriter_set : public I_rewriter {
public:
Rewriter_set(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
};
/*
Rewrites the SET PASSWORD statement
*/
class Rewriter_set_password final : public Rewriter_set {
using parent = Rewriter_set;
public:
Rewriter_set_password(THD *thd, Consumer_type type,
const Rewrite_params *params);
bool rewrite(String &rlb) const override;
private:
/* Name of the user whose password has to be changed */
std::set<LEX_USER *> *m_users = nullptr;
};
/** Rewrites the GRANT statement. */
class Rewriter_grant final : public I_rewriter {
public:
Rewriter_grant(THD *thd, Consumer_type type, const Rewrite_params *params);
bool rewrite(String &rlb) const override;
private:
/* GRANT AS information */
const Grant_params *grant_params = nullptr;
};
/** Rewrites the CHANGE REPLICATION SOURCE statement. */
class Rewriter_change_replication_source final : public I_rewriter {
public:
Rewriter_change_replication_source(THD *thd, Consumer_type);
bool rewrite(String &rlb) const override;
};
/** Rewrites the START REPLICA statement. */
class Rewriter_replica_start final : public I_rewriter {
public:
Rewriter_replica_start(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
};
/** Base class for SERVER OPTIONS related statement */
class Rewriter_server_option : public I_rewriter {
public:
Rewriter_server_option(THD *thd, Consumer_type type);
protected:
// Append the SERVER OPTIONS clause
void mysql_rewrite_server_options(const LEX *lex, String *str) const;
};
/** Rewrites the CREATE SERVER statement. */
class Rewriter_create_server final : public Rewriter_server_option {
using parent = Rewriter_server_option;
public:
Rewriter_create_server(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
};
/** Rewrites the ALTER SERVER statement. */
class Rewriter_alter_server final : public Rewriter_server_option {
using parent = Rewriter_server_option;
public:
Rewriter_alter_server(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
};
/** Rewrites the PREPARE statement.*/
class Rewriter_prepare final : public I_rewriter {
public:
Rewriter_prepare(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
};
/** Rewrites CLONE statement.*/
class Rewriter_clone final : public I_rewriter {
public:
Rewriter_clone(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
};
/** Rewrites the START GROUP_REPLICATION command.*/
class Rewriter_start_group_replication final : public I_rewriter {
public:
Rewriter_start_group_replication(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
};
/** Rewrites the par URL used in external tables. */
void redact_par_url(String original_query_str, String &rlb);
/** Rewrites the SELECT statement. */
class Rewriter_select_query final : public I_rewriter {
public:
Rewriter_select_query(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
};
/** Rewrites the CREATE PROCEDURE or CREATE FUNCTION statement. */
class Rewriter_create_procedure final : public I_rewriter {
public:
Rewriter_create_procedure(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
};
/** Rewrites the CREATE TABLE statement for external tables. */
class Rewriter_create_table final : public I_rewriter {
public:
Rewriter_create_table(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
};
/** Rewrites the ALTER TABLE statement for external tales. */
class Rewriter_alter_table final : public I_rewriter {
public:
Rewriter_alter_table(THD *thd, Consumer_type type);
bool rewrite(String &rlb) const override;
};
#endif /* SQL_REWRITE_INCLUDED */