Documentation ¶
Index ¶
- Variables
- type GlobalPrivValue
- type Handle
- type MySQLPrivilege
- func (p *MySQLPrivilege) DBIsVisible(user, host, db string) bool
- func (p *MySQLPrivilege) FindAllRole(activeRoles []*auth.RoleIdentity) []*auth.RoleIdentity
- func (p *MySQLPrivilege) FindRole(user string, host string, role *auth.RoleIdentity) bool
- func (p *MySQLPrivilege) LoadAll(ctx sessionctx.Context) error
- func (p *MySQLPrivilege) LoadColumnsPrivTable(ctx sessionctx.Context) error
- func (p *MySQLPrivilege) LoadDBTable(ctx sessionctx.Context) error
- func (p *MySQLPrivilege) LoadDefaultRoles(ctx sessionctx.Context) error
- func (p *MySQLPrivilege) LoadGlobalPrivTable(ctx sessionctx.Context) error
- func (p *MySQLPrivilege) LoadRoleGraph(ctx sessionctx.Context) error
- func (p *MySQLPrivilege) LoadTablesPrivTable(ctx sessionctx.Context) error
- func (p *MySQLPrivilege) LoadUserTable(ctx sessionctx.Context) error
- func (p *MySQLPrivilege) RequestVerification(activeRoles []*auth.RoleIdentity, user, host, db, table, column string, ...) bool
- func (p MySQLPrivilege) SortUserTable()
- func (p *MySQLPrivilege) UserPrivilegesTable() [][]types.Datum
- type SSLType
- type UserPrivileges
- func (p *UserPrivileges) ActiveRoles(ctx sessionctx.Context, roleList []*auth.RoleIdentity) (bool, string)
- func (p *UserPrivileges) ConnectionVerification(user, host string, authentication, salt []byte, tlsState *tls.ConnectionState) (u string, h string, success bool)
- func (p *UserPrivileges) DBIsVisible(activeRoles []*auth.RoleIdentity, db string) bool
- func (p *UserPrivileges) FindEdge(ctx sessionctx.Context, role *auth.RoleIdentity, user *auth.UserIdentity) bool
- func (p *UserPrivileges) GetAllRoles(user, host string) []*auth.RoleIdentity
- func (p *UserPrivileges) GetAuthWithoutVerification(user, host string) (u string, h string, success bool)
- func (p *UserPrivileges) GetDefaultRoles(user, host string) []*auth.RoleIdentity
- func (p *UserPrivileges) GetEncodedPassword(user, host string) string
- func (p *UserPrivileges) RequestVerification(activeRoles []*auth.RoleIdentity, db, table, column string, ...) bool
- func (p *UserPrivileges) RequestVerificationWithUser(db, table, column string, priv mysql.PrivilegeType, user *auth.UserIdentity) bool
- func (p *UserPrivileges) ShowGrants(ctx sessionctx.Context, user *auth.UserIdentity, roles []*auth.RoleIdentity) (grants []string, err error)
- func (p *UserPrivileges) UserPrivilegesTable() [][]types.Datum
- type UserRecord
Constants ¶
This section is empty.
Variables ¶
var (
ErrNonexistingGrant = terror.ClassPrivilege.New(mysql.ErrNonexistingGrant, mysql.MySQLErrName[mysql.ErrNonexistingGrant])
)
error definitions.
var SkipWithGrant = false
SkipWithGrant causes the server to start without using the privilege system at all.
Functions ¶
This section is empty.
Types ¶
type GlobalPrivValue ¶
type GlobalPrivValue struct { SSLType SSLType `json:"ssl_type,omitempty"` SSLCipher string `json:"ssl_cipher,omitempty"` X509Issuer string `json:"x509_issuer,omitempty"` X509Subject string `json:"x509_subject,omitempty"` }
GlobalPrivValue is store json format for priv column in mysql.global_priv.
func (*GlobalPrivValue) RequireStr ¶
func (g *GlobalPrivValue) RequireStr() string
RequireStr returns describe string after `REQUIRE` clause.
type Handle ¶
type Handle struct {
// contains filtered or unexported fields
}
Handle wraps MySQLPrivilege providing thread safe access.
type MySQLPrivilege ¶
type MySQLPrivilege struct { // This helps in the case that there are a number of users with // non-full privileges (i.e. user.db entries). User []UserRecord UserMap map[string][]UserRecord // Accelerate User searching Global map[string][]globalPrivRecord DB []dbRecord DBMap map[string][]dbRecord // Accelerate DB searching TablesPriv []tablesPrivRecord TablesPrivMap map[string][]tablesPrivRecord // Accelerate TablesPriv searching ColumnsPriv []columnsPrivRecord DefaultRoles []defaultRoleRecord RoleGraph map[string]roleGraphEdgesTable }
MySQLPrivilege is the in-memory cache of mysql privilege tables.
func (*MySQLPrivilege) DBIsVisible ¶
func (p *MySQLPrivilege) DBIsVisible(user, host, db string) bool
DBIsVisible checks whether the user can see the db.
func (*MySQLPrivilege) FindAllRole ¶
func (p *MySQLPrivilege) FindAllRole(activeRoles []*auth.RoleIdentity) []*auth.RoleIdentity
FindAllRole is used to find all roles grant to this user.
func (*MySQLPrivilege) FindRole ¶
func (p *MySQLPrivilege) FindRole(user string, host string, role *auth.RoleIdentity) bool
FindRole is used to detect whether there is edges between users and roles.
func (*MySQLPrivilege) LoadAll ¶
func (p *MySQLPrivilege) LoadAll(ctx sessionctx.Context) error
LoadAll loads the tables from database to memory.
func (*MySQLPrivilege) LoadColumnsPrivTable ¶
func (p *MySQLPrivilege) LoadColumnsPrivTable(ctx sessionctx.Context) error
LoadColumnsPrivTable loads the mysql.columns_priv table from database.
func (*MySQLPrivilege) LoadDBTable ¶
func (p *MySQLPrivilege) LoadDBTable(ctx sessionctx.Context) error
LoadDBTable loads the mysql.db table from database.
func (*MySQLPrivilege) LoadDefaultRoles ¶
func (p *MySQLPrivilege) LoadDefaultRoles(ctx sessionctx.Context) error
LoadDefaultRoles loads the mysql.columns_priv table from database.
func (*MySQLPrivilege) LoadGlobalPrivTable ¶
func (p *MySQLPrivilege) LoadGlobalPrivTable(ctx sessionctx.Context) error
LoadGlobalPrivTable loads the mysql.global_priv table from database.
func (*MySQLPrivilege) LoadRoleGraph ¶
func (p *MySQLPrivilege) LoadRoleGraph(ctx sessionctx.Context) error
LoadRoleGraph loads the mysql.role_edges table from database.
func (*MySQLPrivilege) LoadTablesPrivTable ¶
func (p *MySQLPrivilege) LoadTablesPrivTable(ctx sessionctx.Context) error
LoadTablesPrivTable loads the mysql.tables_priv table from database.
func (*MySQLPrivilege) LoadUserTable ¶
func (p *MySQLPrivilege) LoadUserTable(ctx sessionctx.Context) error
LoadUserTable loads the mysql.user table from database.
func (*MySQLPrivilege) RequestVerification ¶
func (p *MySQLPrivilege) RequestVerification(activeRoles []*auth.RoleIdentity, user, host, db, table, column string, priv mysql.PrivilegeType) bool
RequestVerification checks whether the user have sufficient privileges to do the operation.
func (MySQLPrivilege) SortUserTable ¶
func (p MySQLPrivilege) SortUserTable()
SortUserTable sorts p.User in the MySQLPrivilege struct.
func (*MySQLPrivilege) UserPrivilegesTable ¶
func (p *MySQLPrivilege) UserPrivilegesTable() [][]types.Datum
UserPrivilegesTable provide data for INFORMATION_SCHEMA.USERS_PRIVILEGE table.
type SSLType ¶
type SSLType int
SSLType is enum value for GlobalPrivValue.SSLType. the value is compatible with MySQL storage json value.
const ( // SslTypeNotSpecified indicates . SslTypeNotSpecified SSLType = iota - 1 // SslTypeNone indicates not require use ssl. SslTypeNone // SslTypeAny indicates require use ssl but not validate cert. SslTypeAny // SslTypeX509 indicates require use ssl and validate cert. SslTypeX509 // SslTypeSpecified indicates require use ssl and validate cert's subject or issuer. SslTypeSpecified )
type UserPrivileges ¶
type UserPrivileges struct { *Handle // contains filtered or unexported fields }
UserPrivileges implements privilege.Manager interface. This is used to check privilege for the current user.
func (*UserPrivileges) ActiveRoles ¶
func (p *UserPrivileges) ActiveRoles(ctx sessionctx.Context, roleList []*auth.RoleIdentity) (bool, string)
ActiveRoles implements privilege.Manager ActiveRoles interface.
func (*UserPrivileges) ConnectionVerification ¶
func (p *UserPrivileges) ConnectionVerification(user, host string, authentication, salt []byte, tlsState *tls.ConnectionState) (u string, h string, success bool)
ConnectionVerification implements the Manager interface.
func (*UserPrivileges) DBIsVisible ¶
func (p *UserPrivileges) DBIsVisible(activeRoles []*auth.RoleIdentity, db string) bool
DBIsVisible implements the Manager interface.
func (*UserPrivileges) FindEdge ¶
func (p *UserPrivileges) FindEdge(ctx sessionctx.Context, role *auth.RoleIdentity, user *auth.UserIdentity) bool
FindEdge implements privilege.Manager FindRelationship interface.
func (*UserPrivileges) GetAllRoles ¶
func (p *UserPrivileges) GetAllRoles(user, host string) []*auth.RoleIdentity
GetAllRoles return all roles of user.
func (*UserPrivileges) GetAuthWithoutVerification ¶
func (p *UserPrivileges) GetAuthWithoutVerification(user, host string) (u string, h string, success bool)
GetAuthWithoutVerification implements the Manager interface.
func (*UserPrivileges) GetDefaultRoles ¶
func (p *UserPrivileges) GetDefaultRoles(user, host string) []*auth.RoleIdentity
GetDefaultRoles returns all default roles for certain user.
func (*UserPrivileges) GetEncodedPassword ¶
func (p *UserPrivileges) GetEncodedPassword(user, host string) string
GetEncodedPassword implements the Manager interface.
func (*UserPrivileges) RequestVerification ¶
func (p *UserPrivileges) RequestVerification(activeRoles []*auth.RoleIdentity, db, table, column string, priv mysql.PrivilegeType) bool
RequestVerification implements the Manager interface.
func (*UserPrivileges) RequestVerificationWithUser ¶
func (p *UserPrivileges) RequestVerificationWithUser(db, table, column string, priv mysql.PrivilegeType, user *auth.UserIdentity) bool
RequestVerificationWithUser implements the Manager interface.
func (*UserPrivileges) ShowGrants ¶
func (p *UserPrivileges) ShowGrants(ctx sessionctx.Context, user *auth.UserIdentity, roles []*auth.RoleIdentity) (grants []string, err error)
ShowGrants implements privilege.Manager ShowGrants interface.
func (*UserPrivileges) UserPrivilegesTable ¶
func (p *UserPrivileges) UserPrivilegesTable() [][]types.Datum
UserPrivilegesTable implements the Manager interface.
type UserRecord ¶
type UserRecord struct { AuthenticationString string Privileges mysql.PrivilegeType AccountLocked bool // A role record when this field is true // contains filtered or unexported fields }
UserRecord is used to represent a user record in privilege cache.
func NewUserRecord ¶
func NewUserRecord(host, user string) UserRecord
NewUserRecord return a UserRecord, only use for unit test.