server

package
v0.0.0-...-d5a635e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 26, 2020 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrAccessDenied = errors.New("access denied")

Functions

func NewServerTLSConfig

func NewServerTLSConfig(caPem, certPem, keyPem []byte, authType tls.ClientAuthType) *tls.Config

generate TLS config for server side controlling the security level by authType

Types

type Conn

type Conn struct {
	*packet.Conn
	// contains filtered or unexported fields
}

Conn acts like a MySQL server connection, you can use MySQL client to communicate with it.

func NewConn

func NewConn(conn net.Conn, user string, password string, h Handler) (*Conn, error)

create connection with default server settings

func NewCustomizedConn

func NewCustomizedConn(conn net.Conn, serverConf *Server, p CredentialProvider, h Handler) (*Conn, error)

create connection with customized server settings

func (*Conn) ClearInTransaction

func (c *Conn) ClearInTransaction()

func (*Conn) Close

func (c *Conn) Close()

func (*Conn) Closed

func (c *Conn) Closed() bool

func (*Conn) ConnectionID

func (c *Conn) ConnectionID() uint32

func (*Conn) GetUser

func (c *Conn) GetUser() string

func (*Conn) HandleCommand

func (c *Conn) HandleCommand() error

func (*Conn) IsAutoCommit

func (c *Conn) IsAutoCommit() bool

func (*Conn) IsInTransaction

func (c *Conn) IsInTransaction() bool

func (*Conn) SetInTransaction

func (c *Conn) SetInTransaction()

type CredentialProvider

type CredentialProvider interface {
	// check if the user exists
	CheckUsername(username string) (bool, error)
	// get user credential
	GetCredential(username string) (password string, found bool, err error)
}

interface for user credential provider hint: can be extended for more functionality =================================IMPORTANT NOTE=============================== if the password in a third-party credential provider could be updated at runtime, we have to invalidate the caching for 'caching_sha2_password' by calling 'func (s *Server)InvalidateCache(string, string)'.

type EmptyHandler

type EmptyHandler struct {
}

func (EmptyHandler) HandleFieldList

func (h EmptyHandler) HandleFieldList(table string, fieldWildcard string) ([]*Field, error)

func (EmptyHandler) HandleOtherCommand

func (h EmptyHandler) HandleOtherCommand(cmd byte, data []byte) error

func (EmptyHandler) HandleQuery

func (h EmptyHandler) HandleQuery(query string) (*Result, error)

func (EmptyHandler) HandleStmtClose

func (h EmptyHandler) HandleStmtClose(context interface{}) error

func (EmptyHandler) HandleStmtExecute

func (h EmptyHandler) HandleStmtExecute(context interface{}, query string, args []interface{}) (*Result, error)

func (EmptyHandler) HandleStmtPrepare

func (h EmptyHandler) HandleStmtPrepare(query string) (int, int, interface{}, error)

func (EmptyHandler) UseDB

func (h EmptyHandler) UseDB(dbName string) error

type Handler

type Handler interface {
	//handle COM_INIT_DB command, you can check whether the dbName is valid, or other.
	UseDB(dbName string) error
	//handle COM_QUERY command, like SELECT, INSERT, UPDATE, etc...
	//If Result has a Resultset (SELECT, SHOW, etc...), we will send this as the response, otherwise, we will send Result
	HandleQuery(query string) (*Result, error)
	//handle COM_FILED_LIST command
	HandleFieldList(table string, fieldWildcard string) ([]*Field, error)
	//handle COM_STMT_PREPARE, params is the param number for this statement, columns is the column number
	//context will be used later for statement execute
	HandleStmtPrepare(query string) (params int, columns int, context interface{}, err error)
	//handle COM_STMT_EXECUTE, context is the previous one set in prepare
	//query is the statement prepare query, and args is the params for this statement
	HandleStmtExecute(context interface{}, query string, args []interface{}) (*Result, error)
	//handle COM_STMT_CLOSE, context is the previous one set in prepare
	//this handler has no response
	HandleStmtClose(context interface{}) error
	//handle any other command that is not currently handled by the library,
	//default implementation for this method will return an ER_UNKNOWN_ERROR
	HandleOtherCommand(cmd byte, data []byte) error
}

type InMemoryProvider

type InMemoryProvider struct {
	// contains filtered or unexported fields
}

implements a in memory credential provider

func NewInMemoryProvider

func NewInMemoryProvider() *InMemoryProvider

func (*InMemoryProvider) AddUser

func (m *InMemoryProvider) AddUser(username, password string)

func (*InMemoryProvider) CheckUsername

func (m *InMemoryProvider) CheckUsername(username string) (found bool, err error)

func (*InMemoryProvider) GetCredential

func (m *InMemoryProvider) GetCredential(username string) (password string, found bool, err error)

type Provider

type Provider InMemoryProvider

type Server

type Server struct {
	// contains filtered or unexported fields
}

Defines a basic MySQL server with configs.

We do not aim at implementing the whole MySQL connection suite to have the best compatibilities for the clients. The MySQL server can be configured to switch auth methods covering 'mysql_old_password', 'mysql_native_password', 'mysql_clear_password', 'authentication_windows_client', 'sha256_password', 'caching_sha2_password', etc.

However, since some old auth methods are considered broken with security issues. MySQL major versions like 5.7 and 8.0 default to 'mysql_native_password' or 'caching_sha2_password', and most MySQL clients should have already supported at least one of the three auth methods 'mysql_native_password', 'caching_sha2_password', and 'sha256_password'. Thus here we will only support these three auth methods, and use 'mysql_native_password' as default for maximum compatibility with the clients and leave the other two as config options.

The MySQL doc states that 'mysql_old_password' will be used if 'CLIENT_PROTOCOL_41' or 'CLIENT_SECURE_CONNECTION' flag is not set. We choose to drop the support for insecure 'mysql_old_password' auth method and require client capability 'CLIENT_PROTOCOL_41' and 'CLIENT_SECURE_CONNECTION' are set. Besides, if 'CLIENT_PLUGIN_AUTH' is not set, we fallback to 'mysql_native_password' auth method.

func NewDefaultServer

func NewDefaultServer() *Server

New mysql server with default settings.

NOTES: TLS support will be enabled by default with auto-generated CA and server certificates (however, you can still use non-TLS connection). By default, it will verify the client certificate if present. You can enable TLS support on the client side without providing a client-side certificate. So only when you need the server to verify client identity for maximum security, you need to set a signed certificate for the client.

func NewServer

func NewServer(serverVersion string, collationId uint8, defaultAuthMethod string, pubKey []byte, tlsConfig *tls.Config) *Server

New mysql server with customized settings.

NOTES: You can control the authentication methods and TLS settings here. For auth method, you can specify one of the supported methods 'mysql_native_password', 'caching_sha2_password', and 'sha256_password'. The specified auth method will be enforced by the server in the connection phase. That means, client will be asked to switch auth method if the supplied auth method is different from the server default. And for TLS support, you can specify self-signed or CA-signed certificates and decide whether the client needs to provide a signed or unsigned certificate to provide different level of security.

func (*Server) InvalidateCache

func (s *Server) InvalidateCache(username string, host string)

type Stmt

type Stmt struct {
	ID    uint32
	Query string

	Params  int
	Columns int

	Args []interface{}

	Context interface{}
}

func (*Stmt) ResetParams

func (s *Stmt) ResetParams()

func (*Stmt) Rest

func (s *Stmt) Rest(params int, columns int, context interface{})

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL