MySQL 9.0.1
Source Code Documentation
|
This service provides functions for plugins and storage engines to manipulate the thread's security context. More...
#include <service_security_context.h>
Public Attributes | |
my_svc_bool(* | thd_get_security_context )(MYSQL_THD, MYSQL_SECURITY_CONTEXT *out_ctx) |
Retrieves a handle to the current security context for a thread. More... | |
my_svc_bool(* | thd_set_security_context )(MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx) |
Sets a new security context for a thread. More... | |
my_svc_bool(* | security_context_create )(MYSQL_SECURITY_CONTEXT *out_ctx) |
Creates a new security context. More... | |
my_svc_bool(* | security_context_destroy )(MYSQL_SECURITY_CONTEXT) |
Creates a new security context. More... | |
my_svc_bool(* | security_context_copy )(MYSQL_SECURITY_CONTEXT in_ctx, MYSQL_SECURITY_CONTEXT *out_ctx) |
Creates a copy of a security context. More... | |
my_svc_bool(* | security_context_lookup )(MYSQL_SECURITY_CONTEXT ctx, const char *user, const char *host, const char *ip, const char *db) |
Fills in a security context with the attributes of a user account. More... | |
my_svc_bool(* | security_context_get_option )(MYSQL_SECURITY_CONTEXT, const char *name, void *inout_pvalue) |
Retrieves the value for a named attribute of a security context. More... | |
my_svc_bool(* | security_context_set_option )(MYSQL_SECURITY_CONTEXT, const char *name, void *pvalue) |
Sets a new value for a named attribute of a security context. More... | |
This service provides functions for plugins and storage engines to manipulate the thread's security context.
The service allows creation, copying, filling in by user account and destruction of security context objects. It also allows getting and setting the security context for a thread. And it also allows reading and setting security context properties.
The range of the above services allows plugins to inspect the security context they're running it, impersonate a user account of their choice (a.k.a. sudo in Unix) and craft a security context not related to an existing user account.
No authentication is done in any of the above services. Authentication is specific to the media and does not belong to the security context, that's used mostly for authorization.
Make sure you keep the original security context of a thread or restore it when done, as leaving a different security context active may lead to various kinds of problems.
my_svc_bool(* security_context_service_st::security_context_copy) (MYSQL_SECURITY_CONTEXT in_ctx, MYSQL_SECURITY_CONTEXT *out_ctx) |
Creates a copy of a security context.
my_svc_bool(* security_context_service_st::security_context_create) (MYSQL_SECURITY_CONTEXT *out_ctx) |
Creates a new security context.
my_svc_bool(* security_context_service_st::security_context_destroy) (MYSQL_SECURITY_CONTEXT) |
Creates a new security context.
my_svc_bool(* security_context_service_st::security_context_get_option) (MYSQL_SECURITY_CONTEXT, const char *name, void *inout_pvalue) |
Retrieves the value for a named attribute of a security context.
my_svc_bool(* security_context_service_st::security_context_lookup) (MYSQL_SECURITY_CONTEXT ctx, const char *user, const char *host, const char *ip, const char *db) |
Fills in a security context with the attributes of a user account.
my_svc_bool(* security_context_service_st::security_context_set_option) (MYSQL_SECURITY_CONTEXT, const char *name, void *pvalue) |
Sets a new value for a named attribute of a security context.
my_svc_bool(* security_context_service_st::thd_get_security_context) (MYSQL_THD, MYSQL_SECURITY_CONTEXT *out_ctx) |
Retrieves a handle to the current security context for a thread.
my_svc_bool(* security_context_service_st::thd_set_security_context) (MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx) |
Sets a new security context for a thread.