MySQL 8.0.31
Source Code Documentation
service_security_context.h
Go to the documentation of this file.
1/* Copyright (c) 2015, 2022, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23#ifndef MYSQL_SERVICE_SECURITY_CONTEXT
24#define MYSQL_SERVICE_SECURITY_CONTEXT
25
26/**
27 @file include/mysql/service_security_context.h
28
29 Definitions for the password validation service.
30
31 @sa security_context_service_st
32*/
33
34#include "mysql/plugin.h"
35
36#ifdef __cplusplus
38/** an opaque class reference hiding the actual security context object. */
39#define MYSQL_SECURITY_CONTEXT Security_context *
40#else
41#define MYSQL_SECURITY_CONTEXT void *
42#endif
43typedef char my_svc_bool;
44
45/**
46 @ingroup group_ext_plugin_services
47
48 This service provides functions for plugins and storage engines to
49 manipulate the thread's security context.
50
51 The service allows creation, copying, filling in by user account and
52 destruction of security context objects.
53 It also allows getting and setting the security context for a thread.
54 And it also allows reading and setting security context properties.
55
56 The range of the above services allows plugins to inspect the security
57 context they're running it, impersonate a user account of their choice
58 (a.k.a. sudo in Unix) and craft a security context not related to an
59 existing user account.
60
61 No authentication is done in any of the above services. Authentication
62 is specific to the media and does not belong to the security context,
63 that's used mostly for authorization.
64
65 Make sure you keep the original security context of a thread or restore
66 it when done, as leaving a different security context active may lead to
67 various kinds of problems.
68
69 @sa Security_context, THD, MYSQL_SECURITY_CONTEXT
70*/
71extern "C" struct security_context_service_st {
72 /**
73 Retrieves a handle to the current security context for a thread.
74 @sa ::thd_get_security_context
75 */
77 MYSQL_SECURITY_CONTEXT *out_ctx);
78 /**
79 Sets a new security context for a thread
80 @sa ::thd_set_security_context
81 */
84
85 /**
86 Creates a new security context
87 @sa ::security_context_create
88 */
90 /**
91 Creates a new security context
92 @sa ::security_context_create
93 */
95 /**
96 Creates a copy of a security context
97 @sa ::security_context_copy
98 */
100 MYSQL_SECURITY_CONTEXT *out_ctx);
101
102 /**
103 Fills in a security context with the attributes of a user account
104 @sa ::security_context_lookup
105 */
107 const char *user, const char *host,
108 const char *ip, const char *db);
109
110 /**
111 Retrieves the value for a named attribute of a security context
112 @sa ::security_context_get_option
113 */
115 const char *name,
116 void *inout_pvalue);
117 /**
118 Sets a new value for a named attribute of a security context
119 @sa ::security_context_set_option
120 */
122 const char *name, void *pvalue);
124
125#ifdef MYSQL_DYNAMIC_PLUGIN
126
127#define thd_get_security_context(_THD, _CTX) \
128 security_context_service->thd_get_security_context(_THD, _CTX)
129#define thd_set_security_context(_THD, _CTX) \
130 security_context_service->thd_set_security_context(_THD, _CTX)
131
132#define security_context_create(_CTX) \
133 security_context_service->security_context_create(_CTX)
134#define security_context_destroy(_CTX) \
135 security_context_service->security_context_destroy(_CTX)
136#define security_context_copy(_CTX1, _CTX2) \
137 security_context_service->security_context_copy(_CTX1, _CTX2)
138
139#define security_context_lookup(_CTX, _U, _H, _IP, _DB) \
140 security_context_service->security_context_lookup(_CTX, _U, _H, _IP, _DB)
141
142#define security_context_get_option(_SEC_CTX, _NAME, _VALUE) \
143 security_context_service->security_context_get_option(_SEC_CTX, _NAME, _VALUE)
144#define security_context_set_option(_SEC_CTX, _NAME, _VALUE) \
145 security_context_service->security_context_set_option(_SEC_CTX, _NAME, _VALUE)
146#else
148 MYSQL_SECURITY_CONTEXT *out_ctx);
150
154 MYSQL_SECURITY_CONTEXT *out_ctx);
155
157 const char *user, const char *host,
158 const char *ip, const char *db);
159
161 const char *name, void *inout_pvalue);
163 const char *name, void *pvalue);
164#endif /* !MYSQL_DYNAMIC_PLUGIN */
165
166#endif /* !MYSQL_SERVICE_SECURITY_CONTEXT */
#define MYSQL_THD
Definition: backup_page_tracker.h:37
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:53
struct security_context_service_st * security_context_service
char * user
Definition: mysqladmin.cc:59
const char * host
Definition: mysqladmin.cc:58
my_svc_bool thd_get_security_context(MYSQL_THD, MYSQL_SECURITY_CONTEXT *out_ctx)
Gets the security context for the thread.
Definition: service_security_context.cc:54
my_svc_bool security_context_set_option(MYSQL_SECURITY_CONTEXT, const char *name, void *pvalue)
Sets a value for a named security context attribute Currently defined names are:
Definition: service_security_context.cc:303
my_svc_bool security_context_lookup(MYSQL_SECURITY_CONTEXT ctx, const char *user, const char *host, const char *ip, const char *db)
Looks up in the defined user accounts an account based on the user@host[ip] combo supplied and checks...
Definition: service_security_context.cc:176
my_svc_bool security_context_create(MYSQL_SECURITY_CONTEXT *out_ctx)
Creates a new security context and initializes it with the defaults (no access, no user etc).
Definition: service_security_context.cc:108
my_svc_bool security_context_get_option(MYSQL_SECURITY_CONTEXT, const char *name, void *inout_pvalue)
Reads a named security context attribute and returns its value.
Definition: service_security_context.cc:238
char my_svc_bool
Definition: service_security_context.h:43
my_svc_bool security_context_copy(MYSQL_SECURITY_CONTEXT in_ctx, MYSQL_SECURITY_CONTEXT *out_ctx)
Duplicates a security context.
Definition: service_security_context.cc:145
#define MYSQL_SECURITY_CONTEXT
an opaque class reference hiding the actual security context object.
Definition: service_security_context.h:39
my_svc_bool thd_set_security_context(MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx)
Sets a new security context for the thread.
Definition: service_security_context.cc:79
my_svc_bool security_context_destroy(MYSQL_SECURITY_CONTEXT ctx)
Deallocates a security context.
Definition: service_security_context.cc:126
case opt name
Definition: sslopt-case.h:32
This service provides functions for plugins and storage engines to manipulate the thread's security c...
Definition: service_security_context.h:71
my_svc_bool(* security_context_destroy)(MYSQL_SECURITY_CONTEXT)
Creates a new security context.
Definition: service_security_context.h:94
my_svc_bool(* thd_get_security_context)(MYSQL_THD, MYSQL_SECURITY_CONTEXT *out_ctx)
Retrieves a handle to the current security context for a thread.
Definition: service_security_context.h:76
my_svc_bool(* security_context_create)(MYSQL_SECURITY_CONTEXT *out_ctx)
Creates a new security context.
Definition: service_security_context.h:89
my_svc_bool(* security_context_copy)(MYSQL_SECURITY_CONTEXT in_ctx, MYSQL_SECURITY_CONTEXT *out_ctx)
Creates a copy of a security context.
Definition: service_security_context.h:99
my_svc_bool(* thd_set_security_context)(MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx)
Sets a new security context for a thread.
Definition: service_security_context.h:82
my_svc_bool(* security_context_lookup)(MYSQL_SECURITY_CONTEXT ctx, const char *user, const char *host, const char *ip, const char *db)
Fills in a security context with the attributes of a user account.
Definition: service_security_context.h:106
my_svc_bool(* security_context_set_option)(MYSQL_SECURITY_CONTEXT, const char *name, void *pvalue)
Sets a new value for a named attribute of a security context.
Definition: service_security_context.h:121
my_svc_bool(* security_context_get_option)(MYSQL_SECURITY_CONTEXT, const char *name, void *inout_pvalue)
Retrieves the value for a named attribute of a security context.
Definition: service_security_context.h:114