#include <functional>
#include <string>
#include <utility>
#include "lex_string.h"
#include "mysql/components/services/bits/mysql_mutex_bits.h"
#include "sql/auth/sql_auth_cache.h"

Functions
void	roles_graphml (THD thd, String )

bool	check_if_granted_role (LEX_CSTRING user, LEX_CSTRING host, LEX_CSTRING role, LEX_CSTRING role_host)
	Examines if a user@host authid is connected to a role@role_host authid by comparing all out-edges if the user@host vertex in the global role graph. More...

bool	find_if_granted_role (Role_vertex_descriptor v, LEX_CSTRING role, LEX_CSTRING role_host, Role_vertex_descriptor *found_vertex=nullptr)
	Given a vertex in the roles graph, this function finds a directly connected vertex given a (role, role_host) tuple. More...

std::pair< std::string, std::string >	get_authid_from_quoted_string (std::string str)
	Return the unquoted authorization id as a user,host-tuple. More...

void	iterate_comma_separated_quoted_string (std::string str, const std::function< bool(const std::string)> &f)
	Iterate a string by comma separation and apply a function on each chunk separated by the commas. More...

void	get_granted_roles (Role_vertex_descriptor &v, List_of_granted_roles *granted_roles)
	Populates a list of authorization IDs that are connected to a specified graph vertex in the global roles graph. More...

void	get_granted_roles (Role_vertex_descriptor &v, std::function< void(const Role_id &, bool)> f)

bool	check_valid_definer (THD thd, LEX_USER definer)
	Check if the definer is a valid one. More...

Variables
mysql_mutex_t	LOCK_mandatory_roles

Function Documentation

◆ check_if_granted_role()

bool check_if_granted_role	(	LEX_CSTRING	user,
		LEX_CSTRING	host,
		LEX_CSTRING	role,
		LEX_CSTRING	role_host
	)

Examines if a user@host authid is connected to a role@role_host authid by comparing all out-edges if the user@host vertex in the global role graph.

Return values

true	the two vertices are connected (role is granted)
false	not connected (role is not granted)

◆ check_valid_definer()

bool check_valid_definer	(	THD *	thd,
		LEX_USER *	definer
	)

Check if the definer is a valid one.

if the definer is different to the current session account, make sure it's OK to use it:

check for the right privs: SUPER or SET_ANY_DEFINER
whether it doesn't violate system user

if it's not OK, generate an error.

Also checks if the user@host is a non-existent user account and if it is throws an error and returns true, given that SUPER or ALLOW_NONEXISTENT_DEFINER are not granted. If the privs arent granted a warning is produced instead of an error.

Parameters

thd	the session
definer	the definer to check

Return values

false	: success
true	: failure

◆ find_if_granted_role()

bool find_if_granted_role	(	Role_vertex_descriptor	v,
		LEX_CSTRING	role,
		LEX_CSTRING	role_host,
		Role_vertex_descriptor *	found_vertex
	)

Given a vertex in the roles graph, this function finds a directly connected vertex given a (role, role_host) tuple.

The resulting vertex is returned to the caller through an out-param.

Parameters

	v	Vertex descriptor of the authid which might have a granted role
	role	User name part of an authid
	role_host	Host name part of an authid
[out]	found_vertex	The corresponding vertex of the granted role.

Returns: Success state

Return values

true	The role is granted and the corresponding vertex is returned.
false	No such role is granted.

◆ get_authid_from_quoted_string()

std::pair< std::string, std::string > get_authid_from_quoted_string ( std::string str )

Return the unquoted authorization id as a user,host-tuple.

Parameters

str	The quoted or unquoted string representation of an authid

Returns: The unquoted authorization id as a user,host-tuple

◆ get_granted_roles() [1/2]

void get_granted_roles	(	Role_vertex_descriptor &	v,
		List_of_granted_roles *	granted_roles
	)

Populates a list of authorization IDs that are connected to a specified graph vertex in the global roles graph.

The constructed list contains references to a shared memory. The authIDs are not copied!

The list of granted roles is /appended/ to the out variable.

Parameters

	v	A valid vertex descriptor from the global roles graph
[out]	granted_roles	A list of authorization IDs

◆ get_granted_roles() [2/2]

void get_granted_roles	(	Role_vertex_descriptor &	v,
		std::function< void(const Role_id &, bool)>	f
	)

◆ iterate_comma_separated_quoted_string()

void iterate_comma_separated_quoted_string	(	std::string	str,
		const std::function< bool(const std::string)> &	f
	)

Iterate a string by comma separation and apply a function on each chunk separated by the commas.

Parameters

str	The string to be iterated
f	A function which will receive the comma separated strings.

◆ roles_graphml()

void roles_graphml	(	THD *	thd,
		String *	str
	)

Variable Documentation

◆ LOCK_mandatory_roles

mysql_mutex_t LOCK_mandatory_roles

extern

Functions

Variables

Function Documentation

◆ check_if_granted_role()

◆ check_valid_definer()

◆ find_if_granted_role()

◆ get_authid_from_quoted_string()

◆ get_granted_roles() [1/2]

◆ get_granted_roles() [2/2]

◆ iterate_comma_separated_quoted_string()

◆ roles_graphml()

Variable Documentation

◆ LOCK_mandatory_roles