I still like my approach.
A plugin name is already known inside the plugin, the server should determine it automatically.
current_user is the name of the user account and it's used in many places as such. Try, for example, to create a view or a stored procedure. Who will be a definer? If not specified, the definer is going to be username@''. And as a result the view or the procedure will be not functional. But i think it's rather correct. The user of the SQL service has to specify
Firstly I don't see any good way for the service to know the name of the plugin that called the mysql_real_connect_local. Technically this call doesn't even have to be hard linked to a plugin. Can be just done by a part of the server. Then why limit the plugin like this? That doesn't add much to the security as the plugin can replace that string anyway. Also one plugin can have more than one connection and I can imagine that different usernames for these connections ake sence. the definer explicitly.
Setting only user() might be ok. I can agree with that. Setting the ctx->user only. In this case the DEFINER of the view/procedure is going to be empty if not explicitly specified. Though don't see any advantage to what is now.
Best regards. HF On Fri, Mar 4, 2022 at 1:08 PM Sergei Golubchik <serg@mariadb.org> wrote:
Hi, Alexey,
On Mar 04, Alexey Botchkov wrote:
revision-id: 14cc679c95e (mariadb-10.7.2-8-g14cc679c95e) parent(s): 33fd136c61b author: Alexey Botchkov committer: Alexey Botchkov timestamp: 2022-02-15 11:35:18 +0400 message:
MDEV-27831 Let the SQL SERVICE user set the current user name.
The 'user' argument added to the mysql_real_connect_local.
I think this is wrong on many levels.
A plugin name is already known inside the plugin, you shouldn't force the plugin to pass its own name as an argument in multiple places, the server should determine it automatically.
You should not set current_user to an arbitrary string for audit plugin to see it. current_user is the name of the user account and it's used in many places as such. Try, for example, to create a view or a stored procedure. Who will be a definer?
Setting only user() might be ok. Setting @@proxy_user or @@external_user is even better, if your audit plugin can show them. @@external_user would be the best, I think it's purely informational.
Regards, Sergei VP of MariaDB Server Engineering and security@mariadb.org
_______________________________________________ Mailing list: https://launchpad.net/~maria-developers Post to : maria-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-developers More help : https://help.launchpad.net/ListHelp