mysql-server/latest/service__security__context_8h_source.html

/* Copyright (c) 2015, 2023, Oracle and/or its affiliates.


   This program is free software; you can redistribute it and/or modify

   it under the terms of the GNU General Public License, version 2.0,

   as published by the Free Software Foundation.


   This program is also distributed with certain software (including

   but not limited to OpenSSL) that is licensed under separate terms,

   as designated in a particular file or component or in included license

   documentation.  The authors of MySQL hereby grant you an additional

   permission to link the program and your derivative works with the

   separately licensed software that they have included with MySQL.


   This program is distributed in the hope that it will be useful,

   but WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

   GNU General Public License, version 2.0, for more details.


   You should have received a copy of the GNU General Public License

   along with this program; if not, write to the Free Software

   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */


#ifndef MYSQL_SERVICE_SECURITY_CONTEXT

#define MYSQL_SERVICE_SECURITY_CONTEXT


/**

  @file include/mysql/service_security_context.h


  Definitions for the password validation service.


  @sa security_context_service_st

*/


#include "mysql/plugin.h"


#ifdef __cplusplus

class Security_context;

/** an opaque class reference hiding the actual security context object. */

#define MYSQL_SECURITY_CONTEXT Security_context *

#else

#define MYSQL_SECURITY_CONTEXT void *

#endif

typedef char my_svc_bool;


/**

  @ingroup group_ext_plugin_services


  This service provides functions for plugins and storage engines to

  manipulate the thread's security context.


  The service allows creation, copying, filling in by user account and

  destruction of security context objects.

  It also allows getting and setting the security context for a thread.

  And it also allows reading and setting security context properties.


  The range of the above services allows plugins to inspect the security

  context they're running it, impersonate a user account of their choice

  (a.k.a. sudo in Unix) and craft a security context not related to an

  existing user account.


  No authentication is done in any of the above services. Authentication

  is specific to the media and does not belong to the security context,

  that's used mostly for authorization.


  Make sure you keep the original security context of a thread or restore

  it when done, as leaving a different security context active may lead to

  various kinds of problems.


  @sa Security_context, THD, MYSQL_SECURITY_CONTEXT

*/

extern "C" struct security_context_service_st {

  /**

    Retrieves a handle to the current security context for a thread.

    @sa ::thd_get_security_context

  */

  my_svc_bool (*thd_get_security_context)(MYSQL_THD,

                                          MYSQL_SECURITY_CONTEXT *out_ctx);

  /**

    Sets a new security context for a thread

    @sa ::thd_set_security_context

  */

  my_svc_bool (*thd_set_security_context)(MYSQL_THD,

                                          MYSQL_SECURITY_CONTEXT in_ctx);


  /**

    Creates a new security context

    @sa ::security_context_create

  */

  my_svc_bool (*security_context_create)(MYSQL_SECURITY_CONTEXT *out_ctx);

  /**

    Creates a new security context

    @sa ::security_context_create

  */

  my_svc_bool (*security_context_destroy)(MYSQL_SECURITY_CONTEXT);

  /**

    Creates a copy of a security context

    @sa ::security_context_copy

  */

  my_svc_bool (*security_context_copy)(MYSQL_SECURITY_CONTEXT in_ctx,

                                       MYSQL_SECURITY_CONTEXT *out_ctx);


  /**

    Fills in a security context with the attributes of a user account

    @sa ::security_context_lookup

  */

  my_svc_bool (*security_context_lookup)(MYSQL_SECURITY_CONTEXT ctx,

                                         const char *user, const char *host,

                                         const char *ip, const char *db);


  /**

    Retrieves the value for a named attribute of a security context

    @sa ::security_context_get_option

  */

  my_svc_bool (*security_context_get_option)(MYSQL_SECURITY_CONTEXT,

                                             const char *name,

                                             void *inout_pvalue);

  /**

    Sets a new value for a named attribute of a security context

    @sa ::security_context_set_option

  */

  my_svc_bool (*security_context_set_option)(MYSQL_SECURITY_CONTEXT,

                                             const char *name, void *pvalue);

} * security_context_service;


#ifdef MYSQL_DYNAMIC_PLUGIN


#define thd_get_security_context(_THD, _CTX) \

  security_context_service->thd_get_security_context(_THD, _CTX)

#define thd_set_security_context(_THD, _CTX) \

  security_context_service->thd_set_security_context(_THD, _CTX)


#define security_context_create(_CTX) \

  security_context_service->security_context_create(_CTX)

#define security_context_destroy(_CTX) \

  security_context_service->security_context_destroy(_CTX)

#define security_context_copy(_CTX1, _CTX2) \

  security_context_service->security_context_copy(_CTX1, _CTX2)


#define security_context_lookup(_CTX, _U, _H, _IP, _DB) \

  security_context_service->security_context_lookup(_CTX, _U, _H, _IP, _DB)


#define security_context_get_option(_SEC_CTX, _NAME, _VALUE) \

  security_context_service->security_context_get_option(_SEC_CTX, _NAME, _VALUE)

#define security_context_set_option(_SEC_CTX, _NAME, _VALUE) \

  security_context_service->security_context_set_option(_SEC_CTX, _NAME, _VALUE)

#else

my_svc_bool thd_get_security_context(MYSQL_THD,

                                     MYSQL_SECURITY_CONTEXT *out_ctx);

my_svc_bool thd_set_security_context(MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx);


my_svc_bool security_context_create(MYSQL_SECURITY_CONTEXT *out_ctx);

my_svc_bool security_context_destroy(MYSQL_SECURITY_CONTEXT ctx);

my_svc_bool security_context_copy(MYSQL_SECURITY_CONTEXT in_ctx,

                                  MYSQL_SECURITY_CONTEXT *out_ctx);


my_svc_bool security_context_lookup(MYSQL_SECURITY_CONTEXT ctx,

                                    const char *user, const char *host,

                                    const char *ip, const char *db);


my_svc_bool security_context_get_option(MYSQL_SECURITY_CONTEXT,

                                        const char *name, void *inout_pvalue);

my_svc_bool security_context_set_option(MYSQL_SECURITY_CONTEXT,

                                        const char *name, void *pvalue);

#endif /* !MYSQL_DYNAMIC_PLUGIN */


#endif /* !MYSQL_SERVICE_SECURITY_CONTEXT */

MYSQL_THD
#define MYSQL_THD
Definition: backup_page_tracker.h:37

Security_context
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:52

security_context_service
struct security_context_service_st * security_context_service

plugin.h

user
char * user
Definition: mysqladmin.cc:64

host
const char * host
Definition: mysqladmin.cc:63

thd_get_security_context
my_svc_bool thd_get_security_context(MYSQL_THD, MYSQL_SECURITY_CONTEXT *out_ctx)
Gets the security context for the thread.
Definition: service_security_context.cc:54

security_context_set_option
my_svc_bool security_context_set_option(MYSQL_SECURITY_CONTEXT, const char *name, void *pvalue)
Sets a value for a named security context attribute Currently defined names are:
Definition: service_security_context.cc:303

security_context_lookup
my_svc_bool security_context_lookup(MYSQL_SECURITY_CONTEXT ctx, const char *user, const char *host, const char *ip, const char *db)
Looks up in the defined user accounts an account based on the user@host[ip] combo supplied and checks...
Definition: service_security_context.cc:176

security_context_create
my_svc_bool security_context_create(MYSQL_SECURITY_CONTEXT *out_ctx)
Creates a new security context and initializes it with the defaults (no access, no user etc).
Definition: service_security_context.cc:108

security_context_get_option
my_svc_bool security_context_get_option(MYSQL_SECURITY_CONTEXT, const char *name, void *inout_pvalue)
Reads a named security context attribute and returns its value.
Definition: service_security_context.cc:238

my_svc_bool
char my_svc_bool
Definition: service_security_context.h:43

security_context_copy
my_svc_bool security_context_copy(MYSQL_SECURITY_CONTEXT in_ctx, MYSQL_SECURITY_CONTEXT *out_ctx)
Duplicates a security context.
Definition: service_security_context.cc:145

MYSQL_SECURITY_CONTEXT
#define MYSQL_SECURITY_CONTEXT
an opaque class reference hiding the actual security context object.
Definition: service_security_context.h:39

thd_set_security_context
my_svc_bool thd_set_security_context(MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx)
Sets a new security context for the thread.
Definition: service_security_context.cc:79

security_context_destroy
my_svc_bool security_context_destroy(MYSQL_SECURITY_CONTEXT ctx)
Deallocates a security context.
Definition: service_security_context.cc:126

name
case opt name
Definition: sslopt-case.h:32

security_context_service_st
This service provides functions for plugins and storage engines to manipulate the thread's security c...
Definition: service_security_context.h:71

security_context_service_st::security_context_destroy
my_svc_bool(* security_context_destroy)(MYSQL_SECURITY_CONTEXT)
Creates a new security context.
Definition: service_security_context.h:94

security_context_service_st::thd_get_security_context
my_svc_bool(* thd_get_security_context)(MYSQL_THD, MYSQL_SECURITY_CONTEXT *out_ctx)
Retrieves a handle to the current security context for a thread.
Definition: service_security_context.h:76

security_context_service_st::security_context_create
my_svc_bool(* security_context_create)(MYSQL_SECURITY_CONTEXT *out_ctx)
Creates a new security context.
Definition: service_security_context.h:89

security_context_service_st::security_context_copy
my_svc_bool(* security_context_copy)(MYSQL_SECURITY_CONTEXT in_ctx, MYSQL_SECURITY_CONTEXT *out_ctx)
Creates a copy of a security context.
Definition: service_security_context.h:99

security_context_service_st::thd_set_security_context
my_svc_bool(* thd_set_security_context)(MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx)
Sets a new security context for a thread.
Definition: service_security_context.h:82

security_context_service_st::security_context_lookup
my_svc_bool(* security_context_lookup)(MYSQL_SECURITY_CONTEXT ctx, const char *user, const char *host, const char *ip, const char *db)
Fills in a security context with the attributes of a user account.
Definition: service_security_context.h:106

security_context_service_st::security_context_set_option
my_svc_bool(* security_context_set_option)(MYSQL_SECURITY_CONTEXT, const char *name, void *pvalue)
Sets a new value for a named attribute of a security context.
Definition: service_security_context.h:121

security_context_service_st::security_context_get_option
my_svc_bool(* security_context_get_option)(MYSQL_SECURITY_CONTEXT, const char *name, void *inout_pvalue)
Retrieves the value for a named attribute of a security context.
Definition: service_security_context.h:114