auth

package
v0.8.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 26, 2020 License: Apache-2.0 Imports: 13 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// AllPermissions hold all defined permissions.
	AllPermissions = ReadPerm | WritePerm
	// DefaultPermissions are the permissions granted to a user if not defined.
	DefaultPermissions = ReadPerm

	// PermissionNames is used to translate from human to machine
	// representations.
	PermissionNames = map[string]Permission{
		"read":  ReadPerm,
		"write": WritePerm,
	}

	// ErrNotAuthorized is returned when the user is not allowed to use a
	// permission.
	ErrNotAuthorized = errors.NewKind("not authorized")
	// ErrNoPermission is returned when the user lacks needed permissions.
	ErrNoPermission = errors.NewKind("user does not have permission: %s")
)
View Source
var (

	// ErrParseUserFile is given when user file is malformed.
	ErrParseUserFile = errors.NewKind("error parsing user file")
	// ErrUnknownPermission happens when a user permission is not defined.
	ErrUnknownPermission = errors.NewKind("unknown permission, %s")
	// ErrDuplicateUser happens when a user appears more than once.
	ErrDuplicateUser = errors.NewKind("duplicate user, %s")
)

Functions

func NativePassword

func NativePassword(password string) string

NativePassword generates a mysql_native_password string.

Types

type Audit

type Audit struct {
	// contains filtered or unexported fields
}

Audit is an Auth method proxy that sends audit trails to the specified AuditMethod.

func (*Audit) Allowed

func (a *Audit) Allowed(ctx *sql.Context, permission Permission) error

Allowed implements Auth interface.

func (*Audit) Mysql

func (a *Audit) Mysql() mysql.AuthServer

Mysql implements Auth interface.

func (*Audit) Query

func (a *Audit) Query(ctx *sql.Context, d time.Duration, err error)

Query implements AuditQuery interface.

type AuditLog

type AuditLog struct {
	// contains filtered or unexported fields
}

AuditLog logs audit trails to a logrus.Logger.

func (*AuditLog) Authentication

func (a *AuditLog) Authentication(user string, address string, err error)

Authentication implements AuditMethod interface.

func (*AuditLog) Authorization

func (a *AuditLog) Authorization(ctx *sql.Context, p Permission, err error)

Authorization implements AuditMethod interface.

func (*AuditLog) Query

func (a *AuditLog) Query(ctx *sql.Context, d time.Duration, err error)

type AuditMethod

type AuditMethod interface {
	// Authentication logs an authentication event.
	Authentication(user, address string, err error)
	// Authorization logs an authorization event.
	Authorization(ctx *sql.Context, p Permission, err error)
	// Query logs a query execution.
	Query(ctx *sql.Context, d time.Duration, err error)
}

AuditMethod is called to log the audit trail of actions.

func NewAuditLog

func NewAuditLog(l *logrus.Logger) AuditMethod

NewAuditLog creates a new AuditMethod that logs to a logrus.Logger.

type Auth

type Auth interface {
	// Mysql returns a configured authentication method used by server.Server.
	Mysql() mysql.AuthServer
	// Allowed checks user's permissions with needed permission. If the user
	// does not have enough permissions it returns ErrNotAuthorized.
	// Otherwise is an error using the authentication method.
	Allowed(ctx *sql.Context, permission Permission) error
}

Auth interface provides mysql authentication methods and permission checking for users.

func NewAudit

func NewAudit(auth Auth, method AuditMethod) Auth

NewAudit creates a wrapped Auth that sends audit trails to the specified method.

type MysqlAudit

type MysqlAudit struct {
	mysql.AuthServer
	// contains filtered or unexported fields
}

MysqlAudit wraps mysql.AuthServer to emit audit trails.

func (*MysqlAudit) ValidateHash

func (m *MysqlAudit) ValidateHash(
	salt []byte,
	user string,
	resp []byte,
	addr net.Addr,
) (mysql.Getter, error)

ValidateHash sends authentication calls to an AuditMethod.

type Native

type Native struct {
	// contains filtered or unexported fields
}

Native holds mysql_native_password users.

func NewNativeFile

func NewNativeFile(file string) (*Native, error)

NewNativeFile creates a NativeAuth and loads users from a JSON file.

func NewNativeSingle

func NewNativeSingle(name, password string, perm Permission) *Native

NewNativeSingle creates a NativeAuth with a single user with given permissions.

func (*Native) Allowed

func (s *Native) Allowed(ctx *sql.Context, permission Permission) error

Allowed implements Auth interface.

func (*Native) Mysql

func (s *Native) Mysql() mysql.AuthServer

Mysql implements Auth interface.

type None

type None struct{}

None is an Auth method that always succeeds.

func (*None) Allowed

func (n *None) Allowed(ctx *sql.Context, permission Permission) error

Mysql implements Auth interface.

func (*None) Mysql

func (n *None) Mysql() mysql.AuthServer

Mysql implements Auth interface.

type Permission

type Permission int

Permission holds permissions required by a query or grated to a user.

const (
	// ReadPerm means that it reads.
	ReadPerm Permission = 1 << iota
	// WritePerm means that it writes.
	WritePerm
)

func (Permission) String

func (p Permission) String() string

String returns all the permissions set to on.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL