MySQL 8.4.2
Source Code Documentation
service_security_context.h File Reference

Definitions for the password validation service. More...

#include "mysql/plugin.h"

Go to the source code of this file.

Classes

struct  security_context_service_st
 This service provides functions for plugins and storage engines to manipulate the thread's security context. More...
 

Macros

#define MYSQL_SECURITY_CONTEXT   Security_context *
 an opaque class reference hiding the actual security context object. More...
 

Typedefs

typedef char my_svc_bool
 

Functions

my_svc_bool thd_get_security_context (MYSQL_THD, MYSQL_SECURITY_CONTEXT *out_ctx)
 Gets the security context for the thread. More...
 
my_svc_bool thd_set_security_context (MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx)
 Sets a new security context for the thread. More...
 
my_svc_bool security_context_create (MYSQL_SECURITY_CONTEXT *out_ctx)
 Creates a new security context and initializes it with the defaults (no access, no user etc). More...
 
my_svc_bool security_context_destroy (MYSQL_SECURITY_CONTEXT ctx)
 Deallocates a security context. More...
 
my_svc_bool security_context_copy (MYSQL_SECURITY_CONTEXT in_ctx, MYSQL_SECURITY_CONTEXT *out_ctx)
 Duplicates a security context. More...
 
my_svc_bool security_context_lookup (MYSQL_SECURITY_CONTEXT ctx, const char *user, const char *host, const char *ip, const char *db)
 Looks up in the defined user accounts an account based on the user@host[ip] combo supplied and checks if the user has access to the database requested. More...
 
my_svc_bool security_context_get_option (MYSQL_SECURITY_CONTEXT, const char *name, void *inout_pvalue)
 Reads a named security context attribute and returns its value. More...
 
my_svc_bool security_context_set_option (MYSQL_SECURITY_CONTEXT, const char *name, void *pvalue)
 Sets a value for a named security context attribute Currently defined names are: More...
 

Variables

struct security_context_service_stsecurity_context_service
 

Detailed Description

Definitions for the password validation service.

See also
security_context_service_st

Macro Definition Documentation

◆ MYSQL_SECURITY_CONTEXT

#define MYSQL_SECURITY_CONTEXT   Security_context *

an opaque class reference hiding the actual security context object.

Typedef Documentation

◆ my_svc_bool

typedef char my_svc_bool

Function Documentation

◆ security_context_copy()

my_svc_bool security_context_copy ( MYSQL_SECURITY_CONTEXT  in_ctx,
MYSQL_SECURITY_CONTEXT out_ctx 
)

Duplicates a security context.

Parameters
[in]in_ctxThe handle of the security context to copy
[out]out_ctxplaceholder for the handle of the copied security context
Return values
truefailure
falsesuccess
See also
security_context_service_st

◆ security_context_create()

my_svc_bool security_context_create ( MYSQL_SECURITY_CONTEXT out_ctx)

Creates a new security context and initializes it with the defaults (no access, no user etc).

Parameters
[out]out_ctxplaceholder for the newly created security context handle
Return values
truefailure
falsesuccess
See also
security_context_service_st

◆ security_context_destroy()

my_svc_bool security_context_destroy ( MYSQL_SECURITY_CONTEXT  ctx)

Deallocates a security context.

Parameters
[in]ctxThe handle of the security context to destroy
Return values
truefailure
falsesuccess
See also
security_context_service_st

◆ security_context_get_option()

my_svc_bool security_context_get_option ( MYSQL_SECURITY_CONTEXT  ctx,
const char *  name,
void *  inout_pvalue 
)

Reads a named security context attribute and returns its value.

Currently defined names are:

  • user MYSQL_LEX_CSTRING * login user (a.k.a. the user's part of USER())
  • host MYSQL_LEX_CSTRING * login host (a.k.a. the host's part of USER())
  • ip MYSQL_LEX_CSTRING * login client ip
  • host_or_ip MYSQL_LEX_CSTRING * host, if present, ip if not.
  • priv_user MYSQL_LEX_CSTRING * authenticated user (a.k.a. the user's part of CURRENT_USER())
  • priv_host MYSQL_LEX_CSTRING * authenticated host (a.k.a. the host's part of CURRENT_USER())
  • proxy_user MYSQL_LEX_CSTRING * the proxy user used in authenticating
  • privilege_super my_svc_bool * 1 if the user account has supper privilege, 0 otherwise
  • privilege_execute my_svc_bool * 1 if the user account has execute privilege, 0 otherwise
  • is_skip_grants_user bool * true if user account has skip-grants privilege, false otherwise
Parameters
[in]ctxThe handle of the security context to read from
[in]nameThe option name to read
[out]inout_pvalueThe value of the option. Type depends on the name.
Return values
truefailure
falsesuccess
See also
security_context_service_st

◆ security_context_lookup()

my_svc_bool security_context_lookup ( MYSQL_SECURITY_CONTEXT  ctx,
const char *  user,
const char *  host,
const char *  ip,
const char *  db 
)

Looks up in the defined user accounts an account based on the user@host[ip] combo supplied and checks if the user has access to the database requested.

The lookup is done in exactly the same way as at login time. The new security context need to checkout additional privileges using the checkout_acl method.

Parameters
[in]ctxThe handle of the security context to update
[in]userThe user name to look up
[in]hostThe host name to look up
[in]ipThe ip of the incoming connection
[in]dbThe database to check access to
Return values
truefailure
falsesuccess
See also
security_context_service_st

◆ security_context_set_option()

my_svc_bool security_context_set_option ( MYSQL_SECURITY_CONTEXT  ctx,
const char *  name,
void *  pvalue 
)

Sets a value for a named security context attribute Currently defined names are:

  • user MYSQL_LEX_CSTRING * login user (a.k.a. the user's part of USER())
  • host MYSQL_LEX_CSTRING * login host (a.k.a. the host's part of USER())
  • ip MYSQL_LEX_CSTRING * login client ip
  • priv_user MYSQL_LEX_CSTRING * authenticated user (a.k.a. the user's part of CURRENT_USER())
  • priv_host MYSQL_LEX_CSTRING * authenticated host (a.k.a. the host's part of CURRENT_USER())
  • proxy_user MYSQL_LEX_CSTRING * the proxy user used in authenticating
  • privilege_super my_svc_bool * 1 if the user account has supper privilege, 0 otherwise
  • privilege_execute my_svc_bool * 1 if the user account has execute privilege, 0 otherwise
Parameters
[in]ctxThe handle of the security context to set into
[in]nameThe option name to set
[in]pvalueThe value of the option. Type depends on the name.
Return values
truefailure
falsesuccess
See also
security_context_service_st

◆ thd_get_security_context()

my_svc_bool thd_get_security_context ( MYSQL_THD  _thd,
MYSQL_SECURITY_CONTEXT out_ctx 
)

Gets the security context for the thread.

Parameters
[in]_thdThe thread to get the context from
[out]out_ctxplaceholder for the security context handle
Return values
truefailure
falsesuccess
See also
security_context_service_st

◆ thd_set_security_context()

my_svc_bool thd_set_security_context ( MYSQL_THD  _thd,
MYSQL_SECURITY_CONTEXT  in_ctx 
)

Sets a new security context for the thread.

Parameters
[in]_thdThe thread to set the context to
[in]in_ctxThe handle of the new security context
Return values
truefailure
falsesuccess
See also
security_context_service_st