service_security_context.h File Reference

Definitions for the password validation service. More...

#include "mysql/plugin.h"

Go to the source code of this file.

Classes
struct	security_context_service_st
	This service provides functions for plugins and storage engines to manipulate the thread's security context. More...

Macros
#define	MYSQL_SECURITY_CONTEXT   Security_context *
	an opaque class reference hiding the actual security context object. More...

Typedefs
typedef char	my_svc_bool

Functions
my_svc_bool	thd_get_security_context (MYSQL_THD, MYSQL_SECURITY_CONTEXT *out_ctx)
	Gets the security context for the thread. More...
my_svc_bool	thd_set_security_context (MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx)
	Sets a new security context for the thread. More...
my_svc_bool	security_context_create (MYSQL_SECURITY_CONTEXT *out_ctx)
	Creates a new security context and initializes it with the defaults (no access, no user etc). More...
my_svc_bool	security_context_destroy (MYSQL_SECURITY_CONTEXT ctx)
	Deallocates a security context. More...
my_svc_bool	security_context_copy (MYSQL_SECURITY_CONTEXT in_ctx, MYSQL_SECURITY_CONTEXT *out_ctx)
	Duplicates a security context. More...
my_svc_bool	security_context_lookup (MYSQL_SECURITY_CONTEXT ctx, const char *user, const char *host, const char *ip, const char *db)
	Looks up in the defined user accounts an account based on the user@host[ip] combo supplied and checks if the user has access to the database requested. More...
my_svc_bool	security_context_get_option (MYSQL_SECURITY_CONTEXT, const char *name, void *inout_pvalue)
	Reads a named security context attribute and returns its value. More...
my_svc_bool	security_context_set_option (MYSQL_SECURITY_CONTEXT, const char *name, void *pvalue)
	Sets a value for a named security context attribute Currently defined names are: More...

Variables
struct security_context_service_st *	security_context_service

Detailed Description

Definitions for the password validation service.

See also

security_context_service_st

Macro Definition Documentation

MYSQL_SECURITY_CONTEXT

#define MYSQL_SECURITY_CONTEXT   Security_context *

an opaque class reference hiding the actual security context object.

Typedef Documentation

my_svc_bool

typedef char my_svc_bool

Function Documentation

security_context_copy()

my_svc_bool security_context_copy	(	MYSQL_SECURITY_CONTEXT	in_ctx,
		MYSQL_SECURITY_CONTEXT *	out_ctx
	)

Duplicates a security context.

Parameters

[in]	in_ctx	The handle of the security context to copy
[out]	out_ctx	placeholder for the handle of the copied security context

Return values

true	failure
false	success

See also

security_context_service_st

security_context_create()

my_svc_bool security_context_create

(

MYSQL_SECURITY_CONTEXT *

out_ctx

)

Creates a new security context and initializes it with the defaults (no access, no user etc).

Parameters

[out]

out_ctx

placeholder for the newly created security context handle

Return values

true	failure
false	success

See also

security_context_service_st

security_context_destroy()

my_svc_bool security_context_destroy

(

MYSQL_SECURITY_CONTEXT

ctx

)

Deallocates a security context.

Parameters

[in]

ctx

The handle of the security context to destroy

Return values

true	failure
false	success

See also

security_context_service_st

security_context_get_option()

my_svc_bool security_context_get_option	(	MYSQL_SECURITY_CONTEXT	ctx,
		const char *	name,
		void *	inout_pvalue
	)

Reads a named security context attribute and returns its value.

Currently defined names are:

• user MYSQL_LEX_CSTRING * login user (a.k.a. the user's part of USER())
• host MYSQL_LEX_CSTRING * login host (a.k.a. the host's part of USER())
• ip MYSQL_LEX_CSTRING * login client ip
• host_or_ip MYSQL_LEX_CSTRING * host, if present, ip if not.
• priv_user MYSQL_LEX_CSTRING * authenticated user (a.k.a. the user's part of CURRENT_USER())
• priv_host MYSQL_LEX_CSTRING * authenticated host (a.k.a. the host's part of CURRENT_USER())
• proxy_user MYSQL_LEX_CSTRING * the proxy user used in authenticating
• privilege_super my_svc_bool * 1 if the user account has supper privilege, 0 otherwise
• privilege_execute my_svc_bool * 1 if the user account has execute privilege, 0 otherwise
• is_skip_grants_user bool * true if user account has skip-grants privilege, false otherwise

Parameters

[in]	ctx	The handle of the security context to read from
[in]	name	The option name to read
[out]	inout_pvalue	The value of the option. Type depends on the name.

Return values

true	failure
false	success

See also

security_context_service_st

security_context_lookup()

my_svc_bool security_context_lookup	(	MYSQL_SECURITY_CONTEXT	ctx,
		const char *	user,
		const char *	host,
		const char *	ip,
		const char *	db
	)

Looks up in the defined user accounts an account based on the user@host[ip] combo supplied and checks if the user has access to the database requested.

The lookup is done in exactly the same way as at login time. The new security context need to checkout additional privileges using the checkout_acl method.

Parameters

[in]	ctx	The handle of the security context to update
[in]	user	The user name to look up
[in]	host	The host name to look up
[in]	ip	The ip of the incoming connection
[in]	db	The database to check access to

Return values

true	failure
false	success

See also

security_context_service_st

security_context_set_option()

my_svc_bool security_context_set_option	(	MYSQL_SECURITY_CONTEXT	ctx,
		const char *	name,
		void *	pvalue
	)

Sets a value for a named security context attribute Currently defined names are:

• user MYSQL_LEX_CSTRING * login user (a.k.a. the user's part of USER())
• host MYSQL_LEX_CSTRING * login host (a.k.a. the host's part of USER())
• ip MYSQL_LEX_CSTRING * login client ip
• priv_user MYSQL_LEX_CSTRING * authenticated user (a.k.a. the user's part of CURRENT_USER())
• priv_host MYSQL_LEX_CSTRING * authenticated host (a.k.a. the host's part of CURRENT_USER())
• proxy_user MYSQL_LEX_CSTRING * the proxy user used in authenticating
• privilege_super my_svc_bool * 1 if the user account has supper privilege, 0 otherwise
• privilege_execute my_svc_bool * 1 if the user account has execute privilege, 0 otherwise

Parameters

[in]	ctx	The handle of the security context to set into
[in]	name	The option name to set
[in]	pvalue	The value of the option. Type depends on the name.

Return values

true	failure
false	success

See also

security_context_service_st

thd_get_security_context()

my_svc_bool thd_get_security_context	(	MYSQL_THD	_thd,
		MYSQL_SECURITY_CONTEXT *	out_ctx
	)

Gets the security context for the thread.

Parameters

[in]	_thd	The thread to get the context from
[out]	out_ctx	placeholder for the security context handle

Return values

true	failure
false	success

See also

security_context_service_st

thd_set_security_context()

my_svc_bool thd_set_security_context	(	MYSQL_THD	_thd,
		MYSQL_SECURITY_CONTEXT	in_ctx
	)

Sets a new security context for the thread.

Parameters

[in]	_thd	The thread to set the context to
[in]	in_ctx	The handle of the new security context

Return values

true	failure
false	success

See also

security_context_service_st