MySQL 8.4.2
Source Code Documentation
|
Utility class to allow RAII pattern with Security_context
class.
More...
#include <rpl_rli.h>
Public Member Functions | |
Applier_security_context_guard (Relay_log_info const *rli, THD const *thd) | |
If needed, backs up the current thd security context and replaces it with a security context for PRIVILEGE_CHECKS_USER user. More... | |
virtual | ~Applier_security_context_guard () |
Destructor that restores the backed up security context, if needed. More... | |
Applier_security_context_guard (const Applier_security_context_guard &)=delete | |
Applier_security_context_guard (Applier_security_context_guard &&)=delete | |
Applier_security_context_guard & | operator= (const Applier_security_context_guard &)=delete |
Applier_security_context_guard & | operator= (Applier_security_context_guard &&)=delete |
bool | skip_priv_checks () const |
Returns whether or not privilege checks may be skipped within the current context. More... | |
bool | has_access (std::vector< std::tuple< Access_bitmask, TABLE const *, Rows_log_event * > > &extra_privileges) const |
Checks if the PRIVILEGE_CHECKS_USER user has access to the privilieges passed on by extra_privileges parameter as well as to the privileges passed on at initialization time. More... | |
bool | has_access (std::initializer_list< std::string_view > extra_privileges) const |
Checks if the PRIVILEGE_CHECKS_USER user has access to the privilieges passed on by extra_privileges parameter as well as to the privileges passed on at initialization time. More... | |
bool | has_access (std::initializer_list< Access_bitmask > extra_privileges) const |
Checks if the PRIVILEGE_CHECKS_USER user has access to the privilieges passed on by extra_privileges parameter as well as to the privileges passed on at initialization time. More... | |
std::string | get_username () const |
Returns the username for the user for which the security context was initialized. More... | |
std::string | get_hostname () const |
Returns the hostname for the user for which the security context was initialized. More... | |
Private Member Functions | |
void | extract_columns_to_check (TABLE const *table, Rows_log_event *event, std::vector< std::string > &columns) const |
Private Attributes | |
Relay_log_info const * | m_target |
The Relay_log_info object holding the info required to initialize the context. More... | |
THD const * | m_thd |
The THD object for which the security context will be initialized. More... | |
Security_context | m_applier_security_ctx |
Applier security context based on PRIVILEGE_CHECK_USER user. More... | |
Security_context * | m_current |
Currently in use security context. More... | |
Security_context * | m_previous |
Backed up security context. More... | |
bool | m_privilege_checks_none |
Flag that states if privilege check should be skipped. More... | |
bool | m_logged_in_acl_user |
Flag that states if there is a logged user. More... | |
Utility class to allow RAII pattern with Security_context
class.
At initiliazation, if the THD
main security context isn't already the appropriate one, it copies the Relay_log_info::info_thd::security_context
and replaces it with the one initialized with the PRIVILEGE_CHECK_USER
user. At deinitialization, it copies the backed up security context.
It also deals with the case where no privilege checks are required, meaning, PRIVILEGE_CHECKS_USER
is NULL
.
Usage examples:
(1)
(4)
Applier_security_context_guard::Applier_security_context_guard | ( | Relay_log_info const * | rli, |
THD const * | thd | ||
) |
If needed, backs up the current thd
security context and replaces it with a security context for PRIVILEGE_CHECKS_USER
user.
rli | the Relay_log_info object that holds the PRIVILEGE_CHECKS_USER info. |
thd | the THD for which initialize the security context. |
|
virtual |
Destructor that restores the backed up security context, if needed.
|
delete |
|
delete |
|
private |
std::string Applier_security_context_guard::get_hostname | ( | ) | const |
Returns the hostname for the user for which the security context was initialized.
If PRIVILEGE_CHECKS_USER
was configured for the target Relay_log_info
object, that one is returned.
Otherwise, the hostname associated with the Security_context
initialized for Relay_log_info::info_thd
will be returned.
std::string
holding the hostname for the active security context. std::string Applier_security_context_guard::get_username | ( | ) | const |
Returns the username for the user for which the security context was initialized.
If PRIVILEGE_CHECKS_USER
was configured for the target Relay_log_info
object, that one is returned.
Otherwise, the username associated with the Security_context
initialized for Relay_log_info::info_thd
will be returned.
std::string
holding the username for the active security context. bool Applier_security_context_guard::has_access | ( | std::initializer_list< Access_bitmask > | extra_privileges | ) | const |
Checks if the PRIVILEGE_CHECKS_USER
user has access to the privilieges passed on by extra_privileges
parameter as well as to the privileges passed on at initialization time.
extra_privileges | set of privileges to check, additionally to those passed on at initialization. It's a list of privileges to be checked against any database. |
bool Applier_security_context_guard::has_access | ( | std::initializer_list< std::string_view > | extra_privileges | ) | const |
Checks if the PRIVILEGE_CHECKS_USER
user has access to the privilieges passed on by extra_privileges
parameter as well as to the privileges passed on at initialization time.
extra_privileges | set of privileges to check, additionally to those passed on at initialization. It's a list of privileges to be checked against any database. |
bool Applier_security_context_guard::has_access | ( | std::vector< std::tuple< Access_bitmask, TABLE const *, Rows_log_event * > > & | extra_privileges | ) | const |
Checks if the PRIVILEGE_CHECKS_USER
user has access to the privilieges passed on by extra_privileges
parameter as well as to the privileges passed on at initialization time.
This particular method checks those privileges against a given table and against that table's columns - the ones that are used or changed in the event.
extra_privileges | set of privileges to check, additionally to those passed on at initialization. It's a list of (privilege, TABLE*, Rows_log_event*) tuples. |
|
delete |
|
delete |
bool Applier_security_context_guard::skip_priv_checks | ( | ) | const |
Returns whether or not privilege checks may be skipped within the current context.
|
private |
Applier security context based on PRIVILEGE_CHECK_USER
user.
|
private |
Currently in use security context.
|
private |
Flag that states if there is a logged user.
|
private |
Backed up security context.
|
private |
Flag that states if privilege check should be skipped.
|
private |
The Relay_log_info
object holding the info required to initialize the context.
|
private |
The THD
object for which the security context will be initialized.