privileges

package
v3.1.0-fork Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 18, 2020 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

error definitions.

View Source
var SkipWithGrant = false

SkipWithGrant causes the server to start without using the privilege system at all.

Functions

This section is empty.

Types

type GlobalPrivValue

type GlobalPrivValue struct {
	SSLType     SSLType `json:"ssl_type,omitempty"`
	SSLCipher   string  `json:"ssl_cipher,omitempty"`
	X509Issuer  string  `json:"x509_issuer,omitempty"`
	X509Subject string  `json:"x509_subject,omitempty"`
}

GlobalPrivValue is store json format for priv column in mysql.global_priv.

func (*GlobalPrivValue) RequireStr

func (g *GlobalPrivValue) RequireStr() string

RequireStr returns describe string after `REQUIRE` clause.

type Handle

type Handle struct {
	// contains filtered or unexported fields
}

Handle wraps MySQLPrivilege providing thread safe access.

func NewHandle

func NewHandle() *Handle

NewHandle returns a Handle.

func (*Handle) Get

func (h *Handle) Get() *MySQLPrivilege

Get the MySQLPrivilege for read.

func (*Handle) Update

func (h *Handle) Update(ctx sessionctx.Context) error

Update loads all the privilege info from kv storage.

type MySQLPrivilege

type MySQLPrivilege struct {

	// This helps in the case that there are a number of users with
	// non-full privileges (i.e. user.db entries).
	User          []UserRecord
	UserMap       map[string][]UserRecord // Accelerate User searching
	Global        map[string][]globalPrivRecord
	DB            []dbRecord
	DBMap         map[string][]dbRecord // Accelerate DB searching
	TablesPriv    []tablesPrivRecord
	TablesPrivMap map[string][]tablesPrivRecord // Accelerate TablesPriv searching
	ColumnsPriv   []columnsPrivRecord
	DefaultRoles  []defaultRoleRecord
	RoleGraph     map[string]roleGraphEdgesTable
}

MySQLPrivilege is the in-memory cache of mysql privilege tables.

func (*MySQLPrivilege) DBIsVisible

func (p *MySQLPrivilege) DBIsVisible(user, host, db string) bool

DBIsVisible checks whether the user can see the db.

func (*MySQLPrivilege) FindAllRole

func (p *MySQLPrivilege) FindAllRole(activeRoles []*auth.RoleIdentity) []*auth.RoleIdentity

FindAllRole is used to find all roles grant to this user.

func (*MySQLPrivilege) FindRole

func (p *MySQLPrivilege) FindRole(user string, host string, role *auth.RoleIdentity) bool

FindRole is used to detect whether there is edges between users and roles.

func (*MySQLPrivilege) LoadAll

func (p *MySQLPrivilege) LoadAll(ctx sessionctx.Context) error

LoadAll loads the tables from database to memory.

func (*MySQLPrivilege) LoadColumnsPrivTable

func (p *MySQLPrivilege) LoadColumnsPrivTable(ctx sessionctx.Context) error

LoadColumnsPrivTable loads the mysql.columns_priv table from database.

func (*MySQLPrivilege) LoadDBTable

func (p *MySQLPrivilege) LoadDBTable(ctx sessionctx.Context) error

LoadDBTable loads the mysql.db table from database.

func (*MySQLPrivilege) LoadDefaultRoles

func (p *MySQLPrivilege) LoadDefaultRoles(ctx sessionctx.Context) error

LoadDefaultRoles loads the mysql.columns_priv table from database.

func (*MySQLPrivilege) LoadGlobalPrivTable

func (p *MySQLPrivilege) LoadGlobalPrivTable(ctx sessionctx.Context) error

LoadGlobalPrivTable loads the mysql.global_priv table from database.

func (*MySQLPrivilege) LoadRoleGraph

func (p *MySQLPrivilege) LoadRoleGraph(ctx sessionctx.Context) error

LoadRoleGraph loads the mysql.role_edges table from database.

func (*MySQLPrivilege) LoadTablesPrivTable

func (p *MySQLPrivilege) LoadTablesPrivTable(ctx sessionctx.Context) error

LoadTablesPrivTable loads the mysql.tables_priv table from database.

func (*MySQLPrivilege) LoadUserTable

func (p *MySQLPrivilege) LoadUserTable(ctx sessionctx.Context) error

LoadUserTable loads the mysql.user table from database.

func (*MySQLPrivilege) RequestVerification

func (p *MySQLPrivilege) RequestVerification(activeRoles []*auth.RoleIdentity, user, host, db, table, column string, priv mysql.PrivilegeType) bool

RequestVerification checks whether the user have sufficient privileges to do the operation.

func (MySQLPrivilege) SortUserTable

func (p MySQLPrivilege) SortUserTable()

SortUserTable sorts p.User in the MySQLPrivilege struct.

func (*MySQLPrivilege) UserPrivilegesTable

func (p *MySQLPrivilege) UserPrivilegesTable() [][]types.Datum

UserPrivilegesTable provide data for INFORMATION_SCHEMA.USERS_PRIVILEGE table.

type SSLType

type SSLType int

SSLType is enum value for GlobalPrivValue.SSLType. the value is compatible with MySQL storage json value.

const (
	// SslTypeNotSpecified indicates .
	SslTypeNotSpecified SSLType = iota - 1
	// SslTypeNone indicates not require use ssl.
	SslTypeNone
	// SslTypeAny indicates require use ssl but not validate cert.
	SslTypeAny
	// SslTypeX509 indicates require use ssl and validate cert.
	SslTypeX509
	// SslTypeSpecified indicates require use ssl and validate cert's subject or issuer.
	SslTypeSpecified
)

type UserPrivileges

type UserPrivileges struct {
	*Handle
	// contains filtered or unexported fields
}

UserPrivileges implements privilege.Manager interface. This is used to check privilege for the current user.

func (*UserPrivileges) ActiveRoles

func (p *UserPrivileges) ActiveRoles(ctx sessionctx.Context, roleList []*auth.RoleIdentity) (bool, string)

ActiveRoles implements privilege.Manager ActiveRoles interface.

func (*UserPrivileges) ConnectionVerification

func (p *UserPrivileges) ConnectionVerification(user, host string, authentication, salt []byte, tlsState *tls.ConnectionState) (u string, h string, success bool)

ConnectionVerification implements the Manager interface.

func (*UserPrivileges) DBIsVisible

func (p *UserPrivileges) DBIsVisible(activeRoles []*auth.RoleIdentity, db string) bool

DBIsVisible implements the Manager interface.

func (*UserPrivileges) FindEdge

func (p *UserPrivileges) FindEdge(ctx sessionctx.Context, role *auth.RoleIdentity, user *auth.UserIdentity) bool

FindEdge implements privilege.Manager FindRelationship interface.

func (*UserPrivileges) GetAllRoles

func (p *UserPrivileges) GetAllRoles(user, host string) []*auth.RoleIdentity

GetAllRoles return all roles of user.

func (*UserPrivileges) GetAuthWithoutVerification

func (p *UserPrivileges) GetAuthWithoutVerification(user, host string) (u string, h string, success bool)

GetAuthWithoutVerification implements the Manager interface.

func (*UserPrivileges) GetDefaultRoles

func (p *UserPrivileges) GetDefaultRoles(user, host string) []*auth.RoleIdentity

GetDefaultRoles returns all default roles for certain user.

func (*UserPrivileges) GetEncodedPassword

func (p *UserPrivileges) GetEncodedPassword(user, host string) string

GetEncodedPassword implements the Manager interface.

func (*UserPrivileges) RequestVerification

func (p *UserPrivileges) RequestVerification(activeRoles []*auth.RoleIdentity, db, table, column string, priv mysql.PrivilegeType) bool

RequestVerification implements the Manager interface.

func (*UserPrivileges) RequestVerificationWithUser

func (p *UserPrivileges) RequestVerificationWithUser(db, table, column string, priv mysql.PrivilegeType, user *auth.UserIdentity) bool

RequestVerificationWithUser implements the Manager interface.

func (*UserPrivileges) ShowGrants

func (p *UserPrivileges) ShowGrants(ctx sessionctx.Context, user *auth.UserIdentity, roles []*auth.RoleIdentity) (grants []string, err error)

ShowGrants implements privilege.Manager ShowGrants interface.

func (*UserPrivileges) UserPrivilegesTable

func (p *UserPrivileges) UserPrivilegesTable() [][]types.Datum

UserPrivilegesTable implements the Manager interface.

type UserRecord

type UserRecord struct {
	AuthenticationString string
	Privileges           mysql.PrivilegeType
	AccountLocked        bool // A role record when this field is true
	// contains filtered or unexported fields
}

UserRecord is used to represent a user record in privilege cache.

func NewUserRecord

func NewUserRecord(host, user string) UserRecord

NewUserRecord return a UserRecord, only use for unit test.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL