MySQL 8.4.2
Source Code Documentation
sql_authorization.h File Reference
#include <functional>
#include <string>
#include <utility>
#include "lex_string.h"
#include "mysql/components/services/bits/mysql_mutex_bits.h"
#include "sql/auth/sql_auth_cache.h"

Go to the source code of this file.

Functions

void roles_graphml (THD *thd, String *)
 
bool check_if_granted_role (LEX_CSTRING user, LEX_CSTRING host, LEX_CSTRING role, LEX_CSTRING role_host)
 Examines if a user@host authid is connected to a role@role_host authid by comparing all out-edges if the user@host vertex in the global role graph. More...
 
bool find_if_granted_role (Role_vertex_descriptor v, LEX_CSTRING role, LEX_CSTRING role_host, Role_vertex_descriptor *found_vertex=nullptr)
 Given a vertex in the roles graph, this function finds a directly connected vertex given a (role, role_host) tuple. More...
 
std::pair< std::string, std::string > get_authid_from_quoted_string (std::string str)
 Return the unquoted authorization id as a user,host-tuple. More...
 
void iterate_comma_separated_quoted_string (std::string str, const std::function< bool(const std::string)> &f)
 Iterate a string by comma separation and apply a function on each chunk separated by the commas. More...
 
void get_granted_roles (Role_vertex_descriptor &v, List_of_granted_roles *granted_roles)
 Populates a list of authorization IDs that are connected to a specified graph vertex in the global roles graph. More...
 
void get_granted_roles (Role_vertex_descriptor &v, std::function< void(const Role_id &, bool)> f)
 
bool check_valid_definer (THD *thd, LEX_USER *definer)
 Check if the definer is a valid one. More...
 

Variables

mysql_mutex_t LOCK_mandatory_roles
 

Function Documentation

◆ check_if_granted_role()

bool check_if_granted_role ( LEX_CSTRING  user,
LEX_CSTRING  host,
LEX_CSTRING  role,
LEX_CSTRING  role_host 
)

Examines if a user@host authid is connected to a role@role_host authid by comparing all out-edges if the user@host vertex in the global role graph.

Return values
truethe two vertices are connected (role is granted)
falsenot connected (role is not granted)

◆ check_valid_definer()

bool check_valid_definer ( THD thd,
LEX_USER definer 
)

Check if the definer is a valid one.

if the definer is different to the current session account, make sure it's OK to use it:

  • check for the right privs: SUPER or SET_ANY_DEFINER
  • whether it doesn't violate system user

if it's not OK, generate an error.

Also checks if the user@host is a non-existent user account and if it is throws an error and returns true, given that SUPER or ALLOW_NONEXISTENT_DEFINER are not granted. If the privs arent granted a warning is produced instead of an error.

Parameters
thdthe session
definerthe definer to check
Return values
false: success
true: failure

◆ find_if_granted_role()

bool find_if_granted_role ( Role_vertex_descriptor  v,
LEX_CSTRING  role,
LEX_CSTRING  role_host,
Role_vertex_descriptor found_vertex 
)

Given a vertex in the roles graph, this function finds a directly connected vertex given a (role, role_host) tuple.

The resulting vertex is returned to the caller through an out-param.

Parameters
vVertex descriptor of the authid which might have a granted role
roleUser name part of an authid
role_hostHost name part of an authid
[out]found_vertexThe corresponding vertex of the granted role.
Returns
Success state
Return values
trueThe role is granted and the corresponding vertex is returned.
falseNo such role is granted.

◆ get_authid_from_quoted_string()

std::pair< std::string, std::string > get_authid_from_quoted_string ( std::string  str)

Return the unquoted authorization id as a user,host-tuple.

Parameters
strThe quoted or unquoted string representation of an authid
Returns
The unquoted authorization id as a user,host-tuple

◆ get_granted_roles() [1/2]

void get_granted_roles ( Role_vertex_descriptor v,
List_of_granted_roles granted_roles 
)

Populates a list of authorization IDs that are connected to a specified graph vertex in the global roles graph.

The constructed list contains references to a shared memory. The authIDs are not copied!

The list of granted roles is /appended/ to the out variable.

Parameters
vA valid vertex descriptor from the global roles graph
[out]granted_rolesA list of authorization IDs

◆ get_granted_roles() [2/2]

void get_granted_roles ( Role_vertex_descriptor v,
std::function< void(const Role_id &, bool)>  f 
)

◆ iterate_comma_separated_quoted_string()

void iterate_comma_separated_quoted_string ( std::string  str,
const std::function< bool(const std::string)> &  f 
)

Iterate a string by comma separation and apply a function on each chunk separated by the commas.

Parameters
strThe string to be iterated
fA function which will receive the comma separated strings.

◆ roles_graphml()

void roles_graphml ( THD thd,
String str 
)

Variable Documentation

◆ LOCK_mandatory_roles

mysql_mutex_t LOCK_mandatory_roles
extern