tidb: github.com/pingcap/tidb/privilege/privileges Index | Files

package privileges

import "github.com/pingcap/tidb/privilege/privileges"

Index

Package Files

cache.go errors.go privileges.go

Variables

var SkipWithGrant = false

SkipWithGrant causes the server to start without using the privilege system at all.

type Handle Uses

type Handle struct {
    // contains filtered or unexported fields
}

Handle wraps MySQLPrivilege providing thread safe access.

func NewHandle Uses

func NewHandle() *Handle

NewHandle returns a Handle.

func (*Handle) Get Uses

func (h *Handle) Get() *MySQLPrivilege

Get the MySQLPrivilege for read.

func (*Handle) Update Uses

func (h *Handle) Update(ctx sessionctx.Context) error

Update loads all the privilege info from kv storage.

type MySQLPrivilege Uses

type MySQLPrivilege struct {
    User         []UserRecord
    DB           []dbRecord
    TablesPriv   []tablesPrivRecord
    ColumnsPriv  []columnsPrivRecord
    DefaultRoles []defaultRoleRecord
    RoleGraph    map[string]roleGraphEdgesTable
}

MySQLPrivilege is the in-memory cache of mysql privilege tables.

func (*MySQLPrivilege) DBIsVisible Uses

func (p *MySQLPrivilege) DBIsVisible(user, host, db string) bool

DBIsVisible checks whether the user can see the db.

func (*MySQLPrivilege) FindAllRole Uses

func (p *MySQLPrivilege) FindAllRole(activeRoles []*auth.RoleIdentity) []*auth.RoleIdentity

FindAllRole is used to find all roles grant to this user.

func (*MySQLPrivilege) FindRole Uses

func (p *MySQLPrivilege) FindRole(user string, host string, role *auth.RoleIdentity) bool

FindRole is used to detect whether there is edges between users and roles.

func (*MySQLPrivilege) LoadAll Uses

func (p *MySQLPrivilege) LoadAll(ctx sessionctx.Context) error

LoadAll loads the tables from database to memory.

func (*MySQLPrivilege) LoadColumnsPrivTable Uses

func (p *MySQLPrivilege) LoadColumnsPrivTable(ctx sessionctx.Context) error

LoadColumnsPrivTable loads the mysql.columns_priv table from database.

func (*MySQLPrivilege) LoadDBTable Uses

func (p *MySQLPrivilege) LoadDBTable(ctx sessionctx.Context) error

LoadDBTable loads the mysql.db table from database.

func (*MySQLPrivilege) LoadDefaultRoles Uses

func (p *MySQLPrivilege) LoadDefaultRoles(ctx sessionctx.Context) error

LoadDefaultRoles loads the mysql.columns_priv table from database.

func (*MySQLPrivilege) LoadRoleGraph Uses

func (p *MySQLPrivilege) LoadRoleGraph(ctx sessionctx.Context) error

LoadRoleGraph loads the mysql.role_edges table from database.

func (*MySQLPrivilege) LoadTablesPrivTable Uses

func (p *MySQLPrivilege) LoadTablesPrivTable(ctx sessionctx.Context) error

LoadTablesPrivTable loads the mysql.tables_priv table from database.

func (*MySQLPrivilege) LoadUserTable Uses

func (p *MySQLPrivilege) LoadUserTable(ctx sessionctx.Context) error

LoadUserTable loads the mysql.user table from database.

func (*MySQLPrivilege) RequestVerification Uses

func (p *MySQLPrivilege) RequestVerification(activeRoles []*auth.RoleIdentity, user, host, db, table, column string, priv mysql.PrivilegeType) bool

RequestVerification checks whether the user have sufficient privileges to do the operation.

func (MySQLPrivilege) SortUserTable Uses

func (p MySQLPrivilege) SortUserTable()

SortUserTable sorts p.User in the MySQLPrivilege struct.

func (*MySQLPrivilege) UserPrivilegesTable Uses

func (p *MySQLPrivilege) UserPrivilegesTable() [][]types.Datum

UserPrivilegesTable provide data for INFORMATION_SCHEMA.USERS_PRIVILEGE table.

type UserPrivileges Uses

type UserPrivileges struct {
    *Handle
    // contains filtered or unexported fields
}

UserPrivileges implements privilege.Manager interface. This is used to check privilege for the current user.

func (*UserPrivileges) ActiveRoles Uses

func (p *UserPrivileges) ActiveRoles(ctx sessionctx.Context, roleList []*auth.RoleIdentity) (bool, string)

ActiveRoles implements privilege.Manager ActiveRoles interface.

func (*UserPrivileges) ConnectionVerification Uses

func (p *UserPrivileges) ConnectionVerification(user, host string, authentication, salt []byte) (u string, h string, success bool)

ConnectionVerification implements the Manager interface.

func (*UserPrivileges) DBIsVisible Uses

func (p *UserPrivileges) DBIsVisible(activeRoles []*auth.RoleIdentity, db string) bool

DBIsVisible implements the Manager interface.

func (*UserPrivileges) FindEdge Uses

func (p *UserPrivileges) FindEdge(ctx sessionctx.Context, role *auth.RoleIdentity, user *auth.UserIdentity) bool

FindEdge implements privilege.Manager FindRelationship interface.

func (*UserPrivileges) GetAllRoles Uses

func (p *UserPrivileges) GetAllRoles(user, host string) []*auth.RoleIdentity

GetAllRoles return all roles of user.

func (*UserPrivileges) GetDefaultRoles Uses

func (p *UserPrivileges) GetDefaultRoles(user, host string) []*auth.RoleIdentity

GetDefaultRoles returns all default roles for certain user.

func (*UserPrivileges) GetEncodedPassword Uses

func (p *UserPrivileges) GetEncodedPassword(user, host string) string

GetEncodedPassword implements the Manager interface.

func (*UserPrivileges) RequestVerification Uses

func (p *UserPrivileges) RequestVerification(activeRoles []*auth.RoleIdentity, db, table, column string, priv mysql.PrivilegeType) bool

RequestVerification implements the Manager interface.

func (*UserPrivileges) RequestVerificationWithUser Uses

func (p *UserPrivileges) RequestVerificationWithUser(db, table, column string, priv mysql.PrivilegeType, user *auth.UserIdentity) bool

RequestVerificationWithUser implements the Manager interface.

func (*UserPrivileges) ShowGrants Uses

func (p *UserPrivileges) ShowGrants(ctx sessionctx.Context, user *auth.UserIdentity, roles []*auth.RoleIdentity) (grants []string, err error)

ShowGrants implements privilege.Manager ShowGrants interface.

func (*UserPrivileges) UserPrivilegesTable Uses

func (p *UserPrivileges) UserPrivilegesTable() [][]types.Datum

UserPrivilegesTable implements the Manager interface.

type UserRecord Uses

type UserRecord struct {
    Host          string // max length 60, primary key
    User          string // max length 32, primary key
    Password      string // max length 41
    Privileges    mysql.PrivilegeType
    AccountLocked bool // A role record when this field is true
    // contains filtered or unexported fields
}

UserRecord is used to represent a user record in privilege cache.

Package privileges imports 20 packages (graph) and is imported by 60 packages. Updated 2019-08-02. Refresh now. Tools for package owners.