MySQL  8.0.22
Source Code Documentation
service_security_context.h
Go to the documentation of this file.
1 /* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef MYSQL_SERVICE_SECURITY_CONTEXT
24 #define MYSQL_SERVICE_SECURITY_CONTEXT
25 
26 /**
27  @file include/mysql/service_security_context.h
28 
29  Definitions for the password validation service.
30 
31  @sa security_context_service_st
32 */
33 
34 #include "mysql/plugin.h"
35 
36 #ifdef __cplusplus
37 class Security_context;
38 /** an opaque class reference hiding the actual security context object. */
39 #define MYSQL_SECURITY_CONTEXT Security_context *
40 #else
41 #define MYSQL_SECURITY_CONTEXT void *
42 #endif
43 typedef char my_svc_bool;
44 
45 /**
46  @ingroup group_ext_plugin_services
47 
48  This service provides functions for plugins and storage engines to
49  manipulate the thread's security context.
50 
51  The service allows creation, copying, filling in by user accout and
52  destruction of security context objects.
53  It also allows getting and setting the security context for a thread.
54  And it also allows reading and setting security context properties.
55 
56  The range of the above services allows plugins to inspect the security
57  context they're running it, impersonate a user account of their choice
58  (a.k.a. sudo in Unix) and craft a security context not related to an
59  existing user account.
60 
61  No authentication is done in any of the above services. Authentication
62  is specific to the media and does not belong to the security context,
63  that's used mostly for authorization.
64 
65  Make sure you keep the original security context of a thread or restore
66  it when done, as leaving a different security context active may lead to
67  various kinds of problems.
68 
69  @sa Security_context, THD, MYSQL_SECURITY_CONTEXT
70 */
71 extern "C" struct security_context_service_st {
72  /**
73  Retrieves a handle to the current security context for a thread.
74  @sa ::thd_get_security_context
75  */
77  MYSQL_SECURITY_CONTEXT *out_ctx);
78  /**
79  Sets a new security context for a thread
80  @sa ::thd_set_security_context
81  */
83  MYSQL_SECURITY_CONTEXT in_ctx);
84 
85  /**
86  Creates a new security context
87  @sa ::security_context_create
88  */
90  /**
91  Creates a new security context
92  @sa ::security_context_create
93  */
95  /**
96  Creates a copy of a security context
97  @sa ::security_context_copy
98  */
100  MYSQL_SECURITY_CONTEXT *out_ctx);
101 
102  /**
103  Fills in a security context with the attributes of a user account
104  @sa ::security_context_lookup
105  */
107  const char *user, const char *host,
108  const char *ip, const char *db);
109 
110  /**
111  Retrieves the value for a named attribute of a security context
112  @sa ::security_context_get_option
113  */
115  const char *name,
116  void *inout_pvalue);
117  /**
118  Sets a new value for a named attribute of a security context
119  @sa ::security_context_set_option
120  */
122  const char *name, void *pvalue);
124 
125 #ifdef MYSQL_DYNAMIC_PLUGIN
126 
127 #define thd_get_security_context(_THD, _CTX) \
128  security_context_service->thd_get_security_context(_THD, _CTX)
129 #define thd_set_security_context(_THD, _CTX) \
130  security_context_service->thd_set_security_context(_THD, _CTX)
131 
132 #define security_context_create(_CTX) \
133  security_context_service->security_context_create(_CTX)
134 #define security_context_destroy(_CTX) \
135  security_context_service->security_context_destroy(_CTX)
136 #define security_context_copy(_CTX1, _CTX2) \
137  security_context_service->security_context_copy(_CTX1, _CTX2)
138 
139 #define security_context_lookup(_CTX, _U, _H, _IP, _DB) \
140  security_context_service->security_context_lookup(_CTX, _U, _H, _IP, _DB)
141 
142 #define security_context_get_option(_SEC_CTX, _NAME, _VALUE) \
143  security_context_service->security_context_get_option(_SEC_CTX, _NAME, _VALUE)
144 #define security_context_set_option(_SEC_CTX, _NAME, _VALUE) \
145  security_context_service->security_context_set_option(_SEC_CTX, _NAME, _VALUE)
146 #else
148  MYSQL_SECURITY_CONTEXT *out_ctx);
150 
154  MYSQL_SECURITY_CONTEXT *out_ctx);
155 
157  const char *user, const char *host,
158  const char *ip, const char *db);
159 
161  const char *name, void *inout_pvalue);
163  const char *name, void *pvalue);
164 #endif /* !MYSQL_DYNAMIC_PLUGIN */
165 
166 #endif /* !MYSQL_SERVICE_SECURITY_CONTEXT */
my_svc_bool(* security_context_set_option)(MYSQL_SECURITY_CONTEXT, const char *name, void *pvalue)
Sets a new value for a named attribute of a security context.
Definition: service_security_context.h:121
#define MYSQL_SECURITY_CONTEXT
an opaque class reference hiding the actual security context object.
Definition: service_security_context.h:39
char * user
Definition: mysqladmin.cc:59
my_svc_bool(* thd_get_security_context)(MYSQL_THD, MYSQL_SECURITY_CONTEXT *out_ctx)
Retrieves a handle to the current security context for a thread.
Definition: service_security_context.h:76
my_svc_bool(* security_context_get_option)(MYSQL_SECURITY_CONTEXT, const char *name, void *inout_pvalue)
Retrieves the value for a named attribute of a security context.
Definition: service_security_context.h:114
const char * host
Definition: mysqladmin.cc:58
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:53
#define MYSQL_THD
Definition: backup_page_tracker.h:37
my_svc_bool(* security_context_copy)(MYSQL_SECURITY_CONTEXT in_ctx, MYSQL_SECURITY_CONTEXT *out_ctx)
Creates a copy of a security context.
Definition: service_security_context.h:99
my_svc_bool(* security_context_lookup)(MYSQL_SECURITY_CONTEXT ctx, const char *user, const char *host, const char *ip, const char *db)
Fills in a security context with the attributes of a user account.
Definition: service_security_context.h:106
my_svc_bool(* thd_set_security_context)(MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx)
Sets a new security context for a thread.
Definition: service_security_context.h:82
case opt name
Definition: sslopt-case.h:32
my_svc_bool(* security_context_create)(MYSQL_SECURITY_CONTEXT *out_ctx)
Creates a new security context.
Definition: service_security_context.h:89
char my_svc_bool
Definition: service_security_context.h:43
struct security_context_service_st * security_context_service
This service provides functions for plugins and storage engines to manipulate the thread's security c...
Definition: service_security_context.h:71
my_svc_bool(* security_context_destroy)(MYSQL_SECURITY_CONTEXT)
Creates a new security context.
Definition: service_security_context.h:94