MySQL  8.0.27
Source Code Documentation
security_context_service_st Struct Reference

This service provides functions for plugins and storage engines to manipulate the thread's security context. More...

#include <service_security_context.h>

Public Attributes

my_svc_bool(* thd_get_security_context )(MYSQL_THD, MYSQL_SECURITY_CONTEXT *out_ctx)
 Retrieves a handle to the current security context for a thread. More...
 
my_svc_bool(* thd_set_security_context )(MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx)
 Sets a new security context for a thread. More...
 
my_svc_bool(* security_context_create )(MYSQL_SECURITY_CONTEXT *out_ctx)
 Creates a new security context. More...
 
my_svc_bool(* security_context_destroy )(MYSQL_SECURITY_CONTEXT)
 Creates a new security context. More...
 
my_svc_bool(* security_context_copy )(MYSQL_SECURITY_CONTEXT in_ctx, MYSQL_SECURITY_CONTEXT *out_ctx)
 Creates a copy of a security context. More...
 
my_svc_bool(* security_context_lookup )(MYSQL_SECURITY_CONTEXT ctx, const char *user, const char *host, const char *ip, const char *db)
 Fills in a security context with the attributes of a user account. More...
 
my_svc_bool(* security_context_get_option )(MYSQL_SECURITY_CONTEXT, const char *name, void *inout_pvalue)
 Retrieves the value for a named attribute of a security context. More...
 
my_svc_bool(* security_context_set_option )(MYSQL_SECURITY_CONTEXT, const char *name, void *pvalue)
 Sets a new value for a named attribute of a security context. More...
 

Detailed Description

This service provides functions for plugins and storage engines to manipulate the thread's security context.

The service allows creation, copying, filling in by user accout and destruction of security context objects. It also allows getting and setting the security context for a thread. And it also allows reading and setting security context properties.

The range of the above services allows plugins to inspect the security context they're running it, impersonate a user account of their choice (a.k.a. sudo in Unix) and craft a security context not related to an existing user account.

No authentication is done in any of the above services. Authentication is specific to the media and does not belong to the security context, that's used mostly for authorization.

Make sure you keep the original security context of a thread or restore it when done, as leaving a different security context active may lead to various kinds of problems.

See also
Security_context, THD, MYSQL_SECURITY_CONTEXT

Member Data Documentation

◆ security_context_copy

my_svc_bool(* security_context_service_st::security_context_copy) (MYSQL_SECURITY_CONTEXT in_ctx, MYSQL_SECURITY_CONTEXT *out_ctx)

Creates a copy of a security context.

See also
security_context_copy

◆ security_context_create

my_svc_bool(* security_context_service_st::security_context_create) (MYSQL_SECURITY_CONTEXT *out_ctx)

Creates a new security context.

See also
security_context_create

◆ security_context_destroy

my_svc_bool(* security_context_service_st::security_context_destroy) (MYSQL_SECURITY_CONTEXT)

Creates a new security context.

See also
security_context_create

◆ security_context_get_option

my_svc_bool(* security_context_service_st::security_context_get_option) (MYSQL_SECURITY_CONTEXT, const char *name, void *inout_pvalue)

Retrieves the value for a named attribute of a security context.

See also
security_context_get_option

◆ security_context_lookup

my_svc_bool(* security_context_service_st::security_context_lookup) (MYSQL_SECURITY_CONTEXT ctx, const char *user, const char *host, const char *ip, const char *db)

Fills in a security context with the attributes of a user account.

See also
security_context_lookup

◆ security_context_set_option

my_svc_bool(* security_context_service_st::security_context_set_option) (MYSQL_SECURITY_CONTEXT, const char *name, void *pvalue)

Sets a new value for a named attribute of a security context.

See also
security_context_set_option

◆ thd_get_security_context

my_svc_bool(* security_context_service_st::thd_get_security_context) (MYSQL_THD, MYSQL_SECURITY_CONTEXT *out_ctx)

Retrieves a handle to the current security context for a thread.

See also
thd_get_security_context

◆ thd_set_security_context

my_svc_bool(* security_context_service_st::thd_set_security_context) (MYSQL_THD, MYSQL_SECURITY_CONTEXT in_ctx)

Sets a new security context for a thread.

See also
thd_set_security_context

The documentation for this struct was generated from the following file: