Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BindPrivilegeManager ¶
func BindPrivilegeManager(ctx sessionctx.Context, pc Manager)
BindPrivilegeManager binds Manager to context.
Types ¶
type Manager ¶
type Manager interface { // ShowGrants shows granted privileges for user. ShowGrants(ctx context.Context, sctx sessionctx.Context, user *auth.UserIdentity, roles []*auth.RoleIdentity) ([]string, error) // RequestVerification verifies user privilege for the request. // If table is "", only check global/db scope privileges. // If table is not "", check global/db/table scope privileges. // priv should be a defined constant like CreatePriv, if pass AllPrivMask to priv, // this means any privilege would be OK. RequestVerification(activeRole []*auth.RoleIdentity, db, table, column string, priv mysql.PrivilegeType) bool // RequestVerificationWithUser verifies specific user privilege for the request. RequestVerificationWithUser(ctx context.Context, db, table, column string, priv mysql.PrivilegeType, user *auth.UserIdentity) bool // HasExplicitlyGrantedDynamicPrivilege verifies is a user has a dynamic privilege granted // without using the SUPER privilege as a fallback. HasExplicitlyGrantedDynamicPrivilege(activeRoles []*auth.RoleIdentity, privName string, grantable bool) bool // RequestDynamicVerification verifies user privilege for a DYNAMIC privilege. // Dynamic privileges are only assignable globally, and have their own grantable attribute. RequestDynamicVerification(activeRoles []*auth.RoleIdentity, privName string, grantable bool) bool // RequestDynamicVerificationWithUser verifies a DYNAMIC privilege for a specific user. RequestDynamicVerificationWithUser(ctx context.Context, privName string, grantable bool, user *auth.UserIdentity) bool // VerifyAccountAutoLockInMemory automatically unlock when the time comes. VerifyAccountAutoLockInMemory(user string, host string) (bool, error) // IsAccountAutoLockEnabled verifies whether the account has enabled Failed-Login Tracking and Temporary Account Locking. IsAccountAutoLockEnabled(user string, host string) bool // ConnectionVerification verifies user privilege for connection. // Requires exact match on user name and host name. ConnectionVerification(user *auth.UserIdentity, authUser, authHost string, auth, salt []byte, sessionVars *variable.SessionVars, authConn conn.AuthConn) (VerificationInfo, error) // AuthSuccess records auth success state AuthSuccess(authUser, authHost string) // GetAuthWithoutVerification uses to get auth name without verification. // Requires exact match on user name and host name. GetAuthWithoutVerification(user, host string) bool // MatchIdentity matches an identity MatchIdentity(ctx context.Context, user, host string, skipNameResolve bool) (string, string, bool) // MatchUserResourceGroupName matches a user with specified resource group name MatchUserResourceGroupName(exec sqlexec.RestrictedSQLExecutor, resourceGroupName string) (string, bool) // DBIsVisible returns true is the database is visible to current user. DBIsVisible(activeRole []*auth.RoleIdentity, db string) bool // UserPrivilegesTable provide data for INFORMATION_SCHEMA.USER_PRIVILEGES table. UserPrivilegesTable(activeRoles []*auth.RoleIdentity, user, host string) [][]types.Datum // ActiveRoles active roles for current session. // The first illegal role will be returned. ActiveRoles(ctx context.Context, sctx sessionctx.Context, roleList []*auth.RoleIdentity) (bool, string) // FindEdge find if there is an edge between role and user. FindEdge(ctx context.Context, role *auth.RoleIdentity, user *auth.UserIdentity) bool // GetDefaultRoles returns all default roles for certain user. GetDefaultRoles(ctx context.Context, user, host string) []*auth.RoleIdentity // GetAllRoles return all roles of user. GetAllRoles(user, host string) []*auth.RoleIdentity // IsDynamicPrivilege returns if a privilege is in the list of privileges. IsDynamicPrivilege(privNameInUpper string) bool // GetAuthPluginForConnection gets the authentication plugin used in connection establishment. GetAuthPluginForConnection(ctx context.Context, user, host string) (string, error) // GetAuthPlugin gets the authentication plugin for the account identified by the user and host GetAuthPlugin(ctx context.Context, user, host string) (string, error) }
Manager is the interface for providing privilege related operations.
func GetPrivilegeManager ¶
func GetPrivilegeManager(ctx privilegeManagerKeyProvider) Manager
GetPrivilegeManager gets Checker from context.
type VerificationInfo ¶
type VerificationInfo struct { // InSandBoxMode indicates that the session will enter sandbox mode, and only execute statement for resetting password. InSandBoxMode bool // FailedDueToWrongPassword indicates that the verification failed due to wrong password. FailedDueToWrongPassword bool // ResourceGroupName records the resource group name for the user. ResourceGroupName string }
VerificationInfo records some information returned by Manager.ConnectionVerification
Click to show internal directories.
Click to hide internal directories.