MySQL 8.4.2
Source Code Documentation
sql_authorization.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef SQL_AUTHORIZATION_INCLUDED
25#define SQL_AUTHORIZATION_INCLUDED
26
27#include <functional>
28#include <string>
29#include <utility>
30
31#include "lex_string.h"
34
35class String;
36class THD;
37struct LEX_USER;
38
39void roles_graphml(THD *thd, String *);
41 LEX_CSTRING role_host);
43 LEX_CSTRING role_host,
44 Role_vertex_descriptor *found_vertex = nullptr);
45std::pair<std::string, std::string> get_authid_from_quoted_string(
46 std::string str);
48 std::string str, const std::function<bool(const std::string)> &f);
50 List_of_granted_roles *granted_roles);
52 std::function<void(const Role_id &, bool)> f);
53/* For for get_mandatory_roles and Sys_mandatory_roles */
55
56/**
57 Check if the definer is a valid one
58
59 if the definer is different to the current session account, make sure
60 it's OK to use it:
61 - check for the right privs: SUPER or SET_ANY_DEFINER
62 - whether it doesn't violate system user
63
64 if it's not OK, generate an error.
65
66 Also checks if the user\@host is a non-existent user account
67 and if it is throws an error and returns true, given that
68 SUPER or ALLOW_NONEXISTENT_DEFINER are not granted.
69 If the privs arent granted a warning is produced instead of an error.
70
71
72 @param thd the session
73 @param definer the definer to check
74 @retval false : success
75 @retval true : failure
76*/
77extern bool check_valid_definer(THD *thd, LEX_USER *definer);
78
79#endif /* SQL_AUTHORIZATION_INCLUDED */
std::vector< std::pair< Role_id, bool > > List_of_granted_roles
Definition: auth_internal.h:267
Storage container for default auth ids.
Definition: auth_common.h:1070
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:167
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:36
ABI for instrumented mutexes.
char * user
Definition: mysqladmin.cc:66
const char * host
Definition: mysqladmin.cc:65
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1081
boost::graph_traits< Granted_roles_graph >::vertex_descriptor Role_vertex_descriptor
The data type of a vertex in the Granted_roles_graph.
Definition: sql_auth_cache.h:615
bool check_valid_definer(THD *thd, LEX_USER *definer)
Check if the definer is a valid one.
Definition: sql_authorization.cc:7596
void iterate_comma_separated_quoted_string(std::string str, const std::function< bool(const std::string)> &f)
Iterate a string by comma separation and apply a function on each chunk separated by the commas.
Definition: sql_authorization.cc:4558
void roles_graphml(THD *thd, String *)
Definition: sql_authorization.cc:4904
bool check_if_granted_role(LEX_CSTRING user, LEX_CSTRING host, LEX_CSTRING role, LEX_CSTRING role_host)
Examines if a user@host authid is connected to a role@role_host authid by comparing all out-edges if ...
Definition: sql_authorization.cc:6088
bool find_if_granted_role(Role_vertex_descriptor v, LEX_CSTRING role, LEX_CSTRING role_host, Role_vertex_descriptor *found_vertex=nullptr)
Given a vertex in the roles graph, this function finds a directly connected vertex given a (role,...
Definition: sql_authorization.cc:6123
void get_granted_roles(Role_vertex_descriptor &v, List_of_granted_roles *granted_roles)
Populates a list of authorization IDs that are connected to a specified graph vertex in the global ro...
Definition: sql_authorization.cc:6186
mysql_mutex_t LOCK_mandatory_roles
Definition: mysqld.cc:1286
std::pair< std::string, std::string > get_authid_from_quoted_string(std::string str)
Return the unquoted authorization id as a user,host-tuple.
Definition: sql_authorization.cc:4604
Definition: table.h:2731
Definition: mysql_lex_string.h:40
An instrumented mutex structure.
Definition: mysql_mutex_bits.h:50