 |
MySQL 9.1.0
Source Code Documentation
|
|
MySQL 9.1.0
Source Code Documentation
|
Utility class to allow RAII pattern with Security_context class.
More...
#include <rpl_rli.h>
Public Member Functions | |
| Applier_security_context_guard (Relay_log_info const *rli, THD const *thd) | |
If needed, backs up the current thd security context and replaces it with a security context for PRIVILEGE_CHECKS_USER user. More... | |
| virtual | ~Applier_security_context_guard () |
| Destructor that restores the backed up security context, if needed. More... | |
| Applier_security_context_guard (const Applier_security_context_guard &)=delete | |
| Applier_security_context_guard (Applier_security_context_guard &&)=delete | |
| Applier_security_context_guard & | operator= (const Applier_security_context_guard &)=delete |
| Applier_security_context_guard & | operator= (Applier_security_context_guard &&)=delete |
| bool | skip_priv_checks () const |
| Returns whether or not privilege checks may be skipped within the current context. More... | |
| bool | has_access (std::vector< std::tuple< Access_bitmask, TABLE const *, Rows_log_event * > > &extra_privileges) const |
Checks if the PRIVILEGE_CHECKS_USER user has access to the privilieges passed on by extra_privileges parameter as well as to the privileges passed on at initialization time. More... | |
| bool | has_access (std::initializer_list< std::string_view > extra_privileges) const |
Checks if the PRIVILEGE_CHECKS_USER user has access to the privilieges passed on by extra_privileges parameter as well as to the privileges passed on at initialization time. More... | |
| bool | has_access (std::initializer_list< Access_bitmask > extra_privileges) const |
Checks if the PRIVILEGE_CHECKS_USER user has access to the privilieges passed on by extra_privileges parameter as well as to the privileges passed on at initialization time. More... | |
| std::string | get_username () const |
| Returns the username for the user for which the security context was initialized. More... | |
| std::string | get_hostname () const |
| Returns the hostname for the user for which the security context was initialized. More... | |
Private Member Functions | |
| void | extract_columns_to_check (TABLE const *table, Rows_log_event *event, std::vector< std::string > &columns) const |
Private Attributes | |
| Relay_log_info const * | m_target |
The Relay_log_info object holding the info required to initialize the context. More... | |
| THD const * | m_thd |
The THD object for which the security context will be initialized. More... | |
| Security_context | m_applier_security_ctx |
Applier security context based on PRIVILEGE_CHECK_USER user. More... | |
| Security_context * | m_current |
| Currently in use security context. More... | |
| Security_context * | m_previous |
| Backed up security context. More... | |
| bool | m_privilege_checks_none |
| Flag that states if privilege check should be skipped. More... | |
| bool | m_logged_in_acl_user |
| Flag that states if there is a logged user. More... | |
Utility class to allow RAII pattern with Security_context class.
At initiliazation, if the THD main security context isn't already the appropriate one, it copies the Relay_log_info::info_thd::security_context and replaces it with the one initialized with the PRIVILEGE_CHECK_USER user. At deinitialization, it copies the backed up security context.
It also deals with the case where no privilege checks are required, meaning, PRIVILEGE_CHECKS_USER is NULL.
Usage examples:
(1)
(4)
| Applier_security_context_guard::Applier_security_context_guard | ( | Relay_log_info const * | rli, |
| THD const * | thd | ||
| ) |
If needed, backs up the current thd security context and replaces it with a security context for PRIVILEGE_CHECKS_USER user.
| rli | the Relay_log_info object that holds the PRIVILEGE_CHECKS_USER info. |
| thd | the THD for which initialize the security context. |
|
virtual |
Destructor that restores the backed up security context, if needed.
|
delete |
|
delete |
|
private |
| std::string Applier_security_context_guard::get_hostname | ( | ) | const |
Returns the hostname for the user for which the security context was initialized.
If PRIVILEGE_CHECKS_USER was configured for the target Relay_log_info object, that one is returned.
Otherwise, the hostname associated with the Security_context initialized for Relay_log_info::info_thd will be returned.
std::string holding the hostname for the active security context. | std::string Applier_security_context_guard::get_username | ( | ) | const |
Returns the username for the user for which the security context was initialized.
If PRIVILEGE_CHECKS_USER was configured for the target Relay_log_info object, that one is returned.
Otherwise, the username associated with the Security_context initialized for Relay_log_info::info_thd will be returned.
std::string holding the username for the active security context. | bool Applier_security_context_guard::has_access | ( | std::initializer_list< Access_bitmask > | extra_privileges | ) | const |
Checks if the PRIVILEGE_CHECKS_USER user has access to the privilieges passed on by extra_privileges parameter as well as to the privileges passed on at initialization time.
| extra_privileges | set of privileges to check, additionally to those passed on at initialization. It's a list of privileges to be checked against any database. |
| bool Applier_security_context_guard::has_access | ( | std::initializer_list< std::string_view > | extra_privileges | ) | const |
Checks if the PRIVILEGE_CHECKS_USER user has access to the privilieges passed on by extra_privileges parameter as well as to the privileges passed on at initialization time.
| extra_privileges | set of privileges to check, additionally to those passed on at initialization. It's a list of privileges to be checked against any database. |
| bool Applier_security_context_guard::has_access | ( | std::vector< std::tuple< Access_bitmask, TABLE const *, Rows_log_event * > > & | extra_privileges | ) | const |
Checks if the PRIVILEGE_CHECKS_USER user has access to the privilieges passed on by extra_privileges parameter as well as to the privileges passed on at initialization time.
This particular method checks those privileges against a given table and against that table's columns - the ones that are used or changed in the event.
| extra_privileges | set of privileges to check, additionally to those passed on at initialization. It's a list of (privilege, TABLE*, Rows_log_event*) tuples. |
|
delete |
|
delete |
| bool Applier_security_context_guard::skip_priv_checks | ( | ) | const |
Returns whether or not privilege checks may be skipped within the current context.
|
private |
Applier security context based on PRIVILEGE_CHECK_USER user.
|
private |
Currently in use security context.
|
private |
Flag that states if there is a logged user.
|
private |
Backed up security context.
|
private |
Flag that states if privilege check should be skipped.
|
private |
The Relay_log_info object holding the info required to initialize the context.
|
private |
The THD object for which the security context will be initialized.
1.9.2