I still like my approach.

> A plugin name is already known inside the plugin,
> the server should determine it automatically.

Firstly I don't see any good way for the service to know the
name of the plugin that called the mysql_real_connect_local.
Technically this call doesn't even have to be hard linked to a plugin.
Can be just done by a part of the server.

Then why limit the plugin like this? That doesn't add much to the security as the
plugin can replace that string anyway.

Also one plugin can have more than one connection and
I can imagine that different usernames for these connections ake sence.

> current_user is the name of the user account and it's used in
> many places as such. Try, for example, to create a view or a stored
> procedure. Who will be a definer?
If not specified, the definer is going to be username@''.
And as a result the view or the procedure will be not functional.
But i think it's rather correct. The user of the SQL service has to specify the definer explicitly.

> Setting only user() might be ok.
I can agree with that. Setting the ctx->user only.
In this case the DEFINER of the view/procedure is going to be empty
if not explicitly specified.
Though don't see any advantage to what is now.

Best regards.
HF

On Fri, Mar 4, 2022 at 1:08 PM Sergei Golubchik <serg@mariadb.org> wrote:
Hi, Alexey,

On Mar 04, Alexey Botchkov wrote:
> revision-id: 14cc679c95e (mariadb-10.7.2-8-g14cc679c95e)
> parent(s): 33fd136c61b
> author: Alexey Botchkov
> committer: Alexey Botchkov
> timestamp: 2022-02-15 11:35:18 +0400
> message:
>
> MDEV-27831 Let the SQL SERVICE user set the current user name.
>
> The 'user' argument added to the mysql_real_connect_local.

I think this is wrong on many levels.

A plugin name is already known inside the plugin, you shouldn't force
the plugin to pass its own name as an argument in multiple places, the
server should determine it automatically.

You should not set current_user to an arbitrary string for audit plugin
to see it. current_user is the name of the user account and it's used in
many places as such. Try, for example, to create a view or a stored
procedure. Who will be a definer?

Setting only user() might be ok. Setting @@proxy_user or @@external_user
is even better, if your audit plugin can show them. @@external_user
would be the best, I think it's purely informational.

Regards,
Sergei
VP of MariaDB Server Engineering
and security@mariadb.org

_______________________________________________
Mailing list: https://launchpad.net/~maria-developers
Post to     : maria-developers@lists.launchpad.net
Unsubscribe : https://launchpad.net/~maria-developers
More help   : https://help.launchpad.net/ListHelp