tidb: github.com/pingcap/tidb/privilege/privileges Index | Files

package privileges

import "github.com/pingcap/tidb/privilege/privileges"

Index

Package Files

cache.go errors.go privileges.go

Variables

var (
    ErrNonexistingGrant = terror.ClassPrivilege.New(mysql.ErrNonexistingGrant, mysql.MySQLErrName[mysql.ErrNonexistingGrant])
)

error definitions.

var SkipWithGrant = false

SkipWithGrant causes the server to start without using the privilege system at all.

type GlobalPrivValue Uses

type GlobalPrivValue struct {
    SSLType     SSLType `json:"ssl_type,omitempty"`
    SSLCipher   string  `json:"ssl_cipher,omitempty"`
    X509Issuer  string  `json:"x509_issuer,omitempty"`
    X509Subject string  `json:"x509_subject,omitempty"`
}

GlobalPrivValue is store json format for priv column in mysql.global_priv.

func (*GlobalPrivValue) RequireStr Uses

func (g *GlobalPrivValue) RequireStr() string

RequireStr returns describe string after `REQUIRE` clause.

type Handle Uses

type Handle struct {
    // contains filtered or unexported fields
}

Handle wraps MySQLPrivilege providing thread safe access.

func NewHandle Uses

func NewHandle() *Handle

NewHandle returns a Handle.

func (*Handle) Get Uses

func (h *Handle) Get() *MySQLPrivilege

Get the MySQLPrivilege for read.

func (*Handle) Update Uses

func (h *Handle) Update(ctx sessionctx.Context) error

Update loads all the privilege info from kv storage.

type MySQLPrivilege Uses

type MySQLPrivilege struct {

    // This helps in the case that there are a number of users with
    // non-full privileges (i.e. user.db entries).
    User          []UserRecord
    UserMap       map[string][]UserRecord // Accelerate User searching
    Global        map[string][]globalPrivRecord
    DB            []dbRecord
    DBMap         map[string][]dbRecord // Accelerate DB searching
    TablesPriv    []tablesPrivRecord
    TablesPrivMap map[string][]tablesPrivRecord // Accelerate TablesPriv searching
    ColumnsPriv   []columnsPrivRecord
    DefaultRoles  []defaultRoleRecord
    RoleGraph     map[string]roleGraphEdgesTable
}

MySQLPrivilege is the in-memory cache of mysql privilege tables.

func (*MySQLPrivilege) DBIsVisible Uses

func (p *MySQLPrivilege) DBIsVisible(user, host, db string) bool

DBIsVisible checks whether the user can see the db.

func (*MySQLPrivilege) FindAllRole Uses

func (p *MySQLPrivilege) FindAllRole(activeRoles []*auth.RoleIdentity) []*auth.RoleIdentity

FindAllRole is used to find all roles grant to this user.

func (*MySQLPrivilege) FindRole Uses

func (p *MySQLPrivilege) FindRole(user string, host string, role *auth.RoleIdentity) bool

FindRole is used to detect whether there is edges between users and roles.

func (*MySQLPrivilege) LoadAll Uses

func (p *MySQLPrivilege) LoadAll(ctx sessionctx.Context) error

LoadAll loads the tables from database to memory.

func (*MySQLPrivilege) LoadColumnsPrivTable Uses

func (p *MySQLPrivilege) LoadColumnsPrivTable(ctx sessionctx.Context) error

LoadColumnsPrivTable loads the mysql.columns_priv table from database.

func (*MySQLPrivilege) LoadDBTable Uses

func (p *MySQLPrivilege) LoadDBTable(ctx sessionctx.Context) error

LoadDBTable loads the mysql.db table from database.

func (*MySQLPrivilege) LoadDefaultRoles Uses

func (p *MySQLPrivilege) LoadDefaultRoles(ctx sessionctx.Context) error

LoadDefaultRoles loads the mysql.columns_priv table from database.

func (*MySQLPrivilege) LoadGlobalPrivTable Uses

func (p *MySQLPrivilege) LoadGlobalPrivTable(ctx sessionctx.Context) error

LoadGlobalPrivTable loads the mysql.global_priv table from database.

func (*MySQLPrivilege) LoadRoleGraph Uses

func (p *MySQLPrivilege) LoadRoleGraph(ctx sessionctx.Context) error

LoadRoleGraph loads the mysql.role_edges table from database.

func (*MySQLPrivilege) LoadTablesPrivTable Uses

func (p *MySQLPrivilege) LoadTablesPrivTable(ctx sessionctx.Context) error

LoadTablesPrivTable loads the mysql.tables_priv table from database.

func (*MySQLPrivilege) LoadUserTable Uses

func (p *MySQLPrivilege) LoadUserTable(ctx sessionctx.Context) error

LoadUserTable loads the mysql.user table from database.

func (*MySQLPrivilege) RequestVerification Uses

func (p *MySQLPrivilege) RequestVerification(activeRoles []*auth.RoleIdentity, user, host, db, table, column string, priv mysql.PrivilegeType) bool

RequestVerification checks whether the user have sufficient privileges to do the operation.

func (MySQLPrivilege) SortUserTable Uses

func (p MySQLPrivilege) SortUserTable()

SortUserTable sorts p.User in the MySQLPrivilege struct.

func (*MySQLPrivilege) UserPrivilegesTable Uses

func (p *MySQLPrivilege) UserPrivilegesTable() [][]types.Datum

UserPrivilegesTable provide data for INFORMATION_SCHEMA.USERS_PRIVILEGE table.

type SSLType Uses

type SSLType int

SSLType is enum value for GlobalPrivValue.SSLType. the value is compatible with MySQL storage json value.

const (
    // SslTypeNotSpecified indicates .
    SslTypeNotSpecified SSLType = iota - 1
    // SslTypeNone indicates not require use ssl.
    SslTypeNone
    // SslTypeAny indicates require use ssl but not validate cert.
    SslTypeAny
    // SslTypeX509 indicates require use ssl and validate cert.
    SslTypeX509
    // SslTypeSpecified indicates require use ssl and validate cert's subject or issuer.
    SslTypeSpecified
)

type UserPrivileges Uses

type UserPrivileges struct {
    *Handle
    // contains filtered or unexported fields
}

UserPrivileges implements privilege.Manager interface. This is used to check privilege for the current user.

func (*UserPrivileges) ActiveRoles Uses

func (p *UserPrivileges) ActiveRoles(ctx sessionctx.Context, roleList []*auth.RoleIdentity) (bool, string)

ActiveRoles implements privilege.Manager ActiveRoles interface.

func (*UserPrivileges) ConnectionVerification Uses

func (p *UserPrivileges) ConnectionVerification(user, host string, authentication, salt []byte, tlsState *tls.ConnectionState) (u string, h string, success bool)

ConnectionVerification implements the Manager interface.

func (*UserPrivileges) DBIsVisible Uses

func (p *UserPrivileges) DBIsVisible(activeRoles []*auth.RoleIdentity, db string) bool

DBIsVisible implements the Manager interface.

func (*UserPrivileges) FindEdge Uses

func (p *UserPrivileges) FindEdge(ctx sessionctx.Context, role *auth.RoleIdentity, user *auth.UserIdentity) bool

FindEdge implements privilege.Manager FindRelationship interface.

func (*UserPrivileges) GetAllRoles Uses

func (p *UserPrivileges) GetAllRoles(user, host string) []*auth.RoleIdentity

GetAllRoles return all roles of user.

func (*UserPrivileges) GetAuthWithoutVerification Uses

func (p *UserPrivileges) GetAuthWithoutVerification(user, host string) (u string, h string, success bool)

GetAuthWithoutVerification implements the Manager interface.

func (*UserPrivileges) GetDefaultRoles Uses

func (p *UserPrivileges) GetDefaultRoles(user, host string) []*auth.RoleIdentity

GetDefaultRoles returns all default roles for certain user.

func (*UserPrivileges) GetEncodedPassword Uses

func (p *UserPrivileges) GetEncodedPassword(user, host string) string

GetEncodedPassword implements the Manager interface.

func (*UserPrivileges) RequestVerification Uses

func (p *UserPrivileges) RequestVerification(activeRoles []*auth.RoleIdentity, db, table, column string, priv mysql.PrivilegeType) bool

RequestVerification implements the Manager interface.

func (*UserPrivileges) RequestVerificationWithUser Uses

func (p *UserPrivileges) RequestVerificationWithUser(db, table, column string, priv mysql.PrivilegeType, user *auth.UserIdentity) bool

RequestVerificationWithUser implements the Manager interface.

func (*UserPrivileges) ShowGrants Uses

func (p *UserPrivileges) ShowGrants(ctx sessionctx.Context, user *auth.UserIdentity, roles []*auth.RoleIdentity) (grants []string, err error)

ShowGrants implements privilege.Manager ShowGrants interface.

func (*UserPrivileges) UserPrivilegesTable Uses

func (p *UserPrivileges) UserPrivilegesTable() [][]types.Datum

UserPrivilegesTable implements the Manager interface.

type UserRecord Uses

type UserRecord struct {
    AuthenticationString string
    Privileges           mysql.PrivilegeType
    AccountLocked        bool // A role record when this field is true
    // contains filtered or unexported fields
}

UserRecord is used to represent a user record in privilege cache.

func NewUserRecord Uses

func NewUserRecord(host, user string) UserRecord

NewUserRecord return a UserRecord, only use for unit test.

Package privileges imports 27 packages (graph) and is imported by 123 packages. Updated 2020-05-25. Refresh now. Tools for package owners.