MySQL  8.0.19
Source Code Documentation
security_context.h File Reference

Go to the source code of this file.

Classes

struct  s_mysql_mysql_thd_security_context
 Below are the set of services provides methods for components to manipulate the thread's security context. More...
 
struct  s_mysql_mysql_security_context_factory
 
struct  s_mysql_mysql_account_database_security_context_lookup
 
struct  s_mysql_mysql_security_context_options
 

Typedefs

typedef struct s_mysql_mysql_thd_security_context mysql_service_mysql_thd_security_context_t
 Below are the set of services provides methods for components to manipulate the thread's security context. More...
 
typedef struct s_mysql_mysql_security_context_factory mysql_service_mysql_security_context_factory_t
 
typedef struct s_mysql_mysql_account_database_security_context_lookup mysql_service_mysql_account_database_security_context_lookup_t
 
typedef struct s_mysql_mysql_security_context_options mysql_service_mysql_security_context_options_t
 

Typedef Documentation

◆ mysql_service_mysql_account_database_security_context_lookup_t

◆ mysql_service_mysql_security_context_factory_t

◆ mysql_service_mysql_security_context_options_t

◆ mysql_service_mysql_thd_security_context_t

Below are the set of services provides methods for components to manipulate the thread's security context.

mysql_thd_security_context mysql_security_context_factory mysql_account_database_security_context_lookup mysql_security_context_options

These services allows creation, copying, filling in by user accout and destruction of security context objects. It also allows getting and setting the security context for a thread. And it also allows reading and setting security context properties.

The range of the above services allows components to inspect the security context they're running it, impersonate a user account of their choice (a.k.a. sudo in Unix) and craft a security context not related to an existing user account.

No authentication is done in any of the above services. Authentication is specific to the media and does not belong to the security context, that's used mostly for authorization.

Make sure you keep the original security context of a thread or restore it when done, as leaving a different security context active may lead to various kinds of problems.