import "github.com/pingcap/tidb/privilege/privileges"
cache.go errors.go privileges.go
var ( ErrNonexistingGrant = dbterror.ClassPrivilege.NewStd(mysql.ErrNonexistingGrant) )
error definitions.
SkipWithGrant causes the server to start without using the privilege system at all.
type GlobalPrivValue struct { SSLType SSLType `json:"ssl_type,omitempty"` SSLCipher string `json:"ssl_cipher,omitempty"` X509Issuer string `json:"x509_issuer,omitempty"` X509Subject string `json:"x509_subject,omitempty"` SAN string `json:"san,omitempty"` SANs map[util.SANType][]string `json:"-"` }
GlobalPrivValue is store json format for priv column in mysql.global_priv.
func (g *GlobalPrivValue) RequireStr() string
RequireStr returns describe string after `REQUIRE` clause.
type Handle struct {
// contains filtered or unexported fields
}
Handle wraps MySQLPrivilege providing thread safe access.
NewHandle returns a Handle.
func (h *Handle) Get() *MySQLPrivilege
Get the MySQLPrivilege for read.
func (h *Handle) Update(ctx sessionctx.Context) error
Update loads all the privilege info from kv storage.
type MySQLPrivilege struct { // This helps in the case that there are a number of users with // non-full privileges (i.e. user.db entries). User []UserRecord UserMap map[string][]UserRecord // Accelerate User searching Global map[string][]globalPrivRecord DB []dbRecord DBMap map[string][]dbRecord // Accelerate DB searching TablesPriv []tablesPrivRecord TablesPrivMap map[string][]tablesPrivRecord // Accelerate TablesPriv searching ColumnsPriv []columnsPrivRecord DefaultRoles []defaultRoleRecord RoleGraph map[string]roleGraphEdgesTable }
MySQLPrivilege is the in-memory cache of mysql privilege tables.
func (p *MySQLPrivilege) DBIsVisible(user, host, db string) bool
DBIsVisible checks whether the user can see the db.
func (p *MySQLPrivilege) FindAllRole(activeRoles []*auth.RoleIdentity) []*auth.RoleIdentity
FindAllRole is used to find all roles grant to this user.
func (p *MySQLPrivilege) FindRole(user string, host string, role *auth.RoleIdentity) bool
FindRole is used to detect whether there is edges between users and roles.
func (p *MySQLPrivilege) LoadAll(ctx sessionctx.Context) error
LoadAll loads the tables from database to memory.
func (p *MySQLPrivilege) LoadColumnsPrivTable(ctx sessionctx.Context) error
LoadColumnsPrivTable loads the mysql.columns_priv table from database.
func (p *MySQLPrivilege) LoadDBTable(ctx sessionctx.Context) error
LoadDBTable loads the mysql.db table from database.
func (p *MySQLPrivilege) LoadDefaultRoles(ctx sessionctx.Context) error
LoadDefaultRoles loads the mysql.columns_priv table from database.
func (p *MySQLPrivilege) LoadGlobalPrivTable(ctx sessionctx.Context) error
LoadGlobalPrivTable loads the mysql.global_priv table from database.
func (p *MySQLPrivilege) LoadRoleGraph(ctx sessionctx.Context) error
LoadRoleGraph loads the mysql.role_edges table from database.
func (p *MySQLPrivilege) LoadTablesPrivTable(ctx sessionctx.Context) error
LoadTablesPrivTable loads the mysql.tables_priv table from database.
func (p *MySQLPrivilege) LoadUserTable(ctx sessionctx.Context) error
LoadUserTable loads the mysql.user table from database.
func (p *MySQLPrivilege) RequestVerification(activeRoles []*auth.RoleIdentity, user, host, db, table, column string, priv mysql.PrivilegeType) bool
RequestVerification checks whether the user have sufficient privileges to do the operation.
func (p MySQLPrivilege) SortUserTable()
SortUserTable sorts p.User in the MySQLPrivilege struct.
func (p *MySQLPrivilege) UserPrivilegesTable() [][]types.Datum
UserPrivilegesTable provide data for INFORMATION_SCHEMA.USERS_PRIVILEGE table.
SSLType is enum value for GlobalPrivValue.SSLType. the value is compatible with MySQL storage json value.
const ( // SslTypeNotSpecified indicates . SslTypeNotSpecified SSLType = iota - 1 // SslTypeNone indicates not require use ssl. SslTypeNone // SslTypeAny indicates require use ssl but not validate cert. SslTypeAny // SslTypeX509 indicates require use ssl and validate cert. SslTypeX509 // SslTypeSpecified indicates require use ssl and validate cert's subject or issuer. SslTypeSpecified )
UserPrivileges implements privilege.Manager interface. This is used to check privilege for the current user.
func (p *UserPrivileges) ActiveRoles(ctx sessionctx.Context, roleList []*auth.RoleIdentity) (bool, string)
ActiveRoles implements privilege.Manager ActiveRoles interface.
func (p *UserPrivileges) ConnectionVerification(user, host string, authentication, salt []byte, tlsState *tls.ConnectionState) (u string, h string, success bool)
ConnectionVerification implements the Manager interface.
func (p *UserPrivileges) DBIsVisible(activeRoles []*auth.RoleIdentity, db string) bool
DBIsVisible implements the Manager interface.
func (p *UserPrivileges) FindEdge(ctx sessionctx.Context, role *auth.RoleIdentity, user *auth.UserIdentity) bool
FindEdge implements privilege.Manager FindRelationship interface.
func (p *UserPrivileges) GetAllRoles(user, host string) []*auth.RoleIdentity
GetAllRoles return all roles of user.
func (p *UserPrivileges) GetAuthWithoutVerification(user, host string) (u string, h string, success bool)
GetAuthWithoutVerification implements the Manager interface.
func (p *UserPrivileges) GetDefaultRoles(user, host string) []*auth.RoleIdentity
GetDefaultRoles returns all default roles for certain user.
func (p *UserPrivileges) GetEncodedPassword(user, host string) string
GetEncodedPassword implements the Manager interface.
func (p *UserPrivileges) RequestVerification(activeRoles []*auth.RoleIdentity, db, table, column string, priv mysql.PrivilegeType) bool
RequestVerification implements the Manager interface.
func (p *UserPrivileges) RequestVerificationWithUser(db, table, column string, priv mysql.PrivilegeType, user *auth.UserIdentity) bool
RequestVerificationWithUser implements the Manager interface.
func (p *UserPrivileges) ShowGrants(ctx sessionctx.Context, user *auth.UserIdentity, roles []*auth.RoleIdentity) (grants []string, err error)
ShowGrants implements privilege.Manager ShowGrants interface.
func (p *UserPrivileges) UserPrivilegesTable() [][]types.Datum
UserPrivilegesTable implements the Manager interface.
type UserRecord struct { AuthenticationString string Privileges mysql.PrivilegeType AccountLocked bool // A role record when this field is true // contains filtered or unexported fields }
UserRecord is used to represent a user record in privilege cache.
func NewUserRecord(host, user string) UserRecord
NewUserRecord return a UserRecord, only use for unit test.
Package privileges imports 30 packages (graph) and is imported by 121 packages. Updated 2021-01-27. Refresh now. Tools for package owners.