MySQL 8.3.0
Source Code Documentation
sql_authorization.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2023, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23#ifndef SQL_AUTHORIZATION_INCLUDED
24#define SQL_AUTHORIZATION_INCLUDED
25
26#include <functional>
27#include <string>
28#include <utility>
29
30#include "lex_string.h"
33
34class String;
35class THD;
36struct LEX_USER;
37
38void roles_graphml(THD *thd, String *);
40 LEX_CSTRING role_host);
42 LEX_CSTRING role_host,
43 Role_vertex_descriptor *found_vertex = nullptr);
44std::pair<std::string, std::string> get_authid_from_quoted_string(
45 std::string str);
47 std::string str, const std::function<bool(const std::string)> &f);
49 List_of_granted_roles *granted_roles);
51 std::function<void(const Role_id &, bool)> f);
52/* For for get_mandatory_roles and Sys_mandatory_roles */
54
55/**
56 Check if the definer is a valid one
57
58 if the definer is different to the current session account, make sure
59 it's OK to use it:
60 - check for the right privs: SUPER, SET_USER_ID or SET_ANY_DEFINER
61 - whether it doesn't violate system user
62
63 if it's not OK, generate an error.
64
65 Also checks if the user\@host is a non-existent user account
66 and if it is throws an error and returns true, given that
67 SUPER, SET_USER_ID or ALLOW_NONEXISTENT_DEFINER are not granted.
68 If the privs arent granted a warning is produced instead of an error.
69
70
71 @param thd the session
72 @param definer the definer to check
73 @retval false : success
74 @retval true : failure
75*/
76extern bool check_valid_definer(THD *thd, LEX_USER *definer);
77
78#endif /* SQL_AUTHORIZATION_INCLUDED */
std::vector< std::pair< Role_id, bool > > List_of_granted_roles
Definition: auth_internal.h:264
Storage container for default auth ids.
Definition: auth_common.h:1065
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:166
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:35
ABI for instrumented mutexes.
char * user
Definition: mysqladmin.cc:64
const char * host
Definition: mysqladmin.cc:63
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1065
boost::graph_traits< Granted_roles_graph >::vertex_descriptor Role_vertex_descriptor
The data type of a vertex in the Granted_roles_graph.
Definition: sql_auth_cache.h:614
bool check_valid_definer(THD *thd, LEX_USER *definer)
Check if the definer is a valid one.
Definition: sql_authorization.cc:7582
void iterate_comma_separated_quoted_string(std::string str, const std::function< bool(const std::string)> &f)
Iterate a string by comma separation and apply a function on each chunk separated by the commas.
Definition: sql_authorization.cc:4547
void roles_graphml(THD *thd, String *)
Definition: sql_authorization.cc:4892
bool check_if_granted_role(LEX_CSTRING user, LEX_CSTRING host, LEX_CSTRING role, LEX_CSTRING role_host)
Examines if a user@host authid is connected to a role@role_host authid by comparing all out-edges if ...
Definition: sql_authorization.cc:6074
bool find_if_granted_role(Role_vertex_descriptor v, LEX_CSTRING role, LEX_CSTRING role_host, Role_vertex_descriptor *found_vertex=nullptr)
Given a vertex in the roles graph, this function finds a directly connected vertex given a (role,...
Definition: sql_authorization.cc:6109
void get_granted_roles(Role_vertex_descriptor &v, List_of_granted_roles *granted_roles)
Populates a list of authorization IDs that are connected to a specified graph vertex in the global ro...
Definition: sql_authorization.cc:6172
mysql_mutex_t LOCK_mandatory_roles
Definition: mysqld.cc:1288
std::pair< std::string, std::string > get_authid_from_quoted_string(std::string str)
Return the unquoted authorization id as a user,host-tuple.
Definition: sql_authorization.cc:4593
Definition: table.h:2720
Definition: mysql_lex_string.h:39
An instrumented mutex structure.
Definition: mysql_mutex_bits.h:49