Documentation
¶
Index ¶
- Variables
- func NewServerTLSConfig(caPem, certPem, keyPem []byte, authType tls.ClientAuthType) *tls.Config
- type Conn
- func (c *Conn) ClearInTransaction()
- func (c *Conn) Close()
- func (c *Conn) Closed() bool
- func (c *Conn) ConnectionID() uint32
- func (c *Conn) GetUser() string
- func (c *Conn) HandleCommand() error
- func (c *Conn) IsAutoCommit() bool
- func (c *Conn) IsInTransaction() bool
- func (c *Conn) SetInTransaction()
- type CredentialProvider
- type EmptyHandler
- func (h EmptyHandler) HandleFieldList(table string, fieldWildcard string) ([]*Field, error)
- func (h EmptyHandler) HandleOtherCommand(cmd byte, data []byte) error
- func (h EmptyHandler) HandleQuery(query string) (*Result, error)
- func (h EmptyHandler) HandleStmtClose(context interface{}) error
- func (h EmptyHandler) HandleStmtExecute(context interface{}, query string, args []interface{}) (*Result, error)
- func (h EmptyHandler) HandleStmtPrepare(query string) (int, int, interface{}, error)
- func (h EmptyHandler) UseDB(dbName string) error
- type Handler
- type InMemoryProvider
- type Provider
- type Server
- type Stmt
Constants ¶
This section is empty.
Variables ¶
var ErrAccessDenied = errors.New("access denied")
Functions ¶
func NewServerTLSConfig ¶
func NewServerTLSConfig(caPem, certPem, keyPem []byte, authType tls.ClientAuthType) *tls.Config
NewServerTLSConfig: generate TLS config for server side controlling the security level by authType
Types ¶
type Conn ¶
Conn acts like a MySQL server connection, you can use MySQL client to communicate with it.
func NewCustomizedConn ¶
func NewCustomizedConn(conn net.Conn, serverConf *Server, p CredentialProvider, h Handler) (*Conn, error)
NewCustomizedConn: create connection with customized server settings
func (*Conn) ClearInTransaction ¶
func (c *Conn) ClearInTransaction()
func (*Conn) ConnectionID ¶
func (*Conn) HandleCommand ¶
func (*Conn) IsAutoCommit ¶
func (*Conn) IsInTransaction ¶
func (*Conn) SetInTransaction ¶
func (c *Conn) SetInTransaction()
type CredentialProvider ¶
type CredentialProvider interface {
// check if the user exists
CheckUsername(username string) (bool, error)
// get user credential
GetCredential(username string) (password string, found bool, err error)
}
interface for user credential provider hint: can be extended for more functionality =================================IMPORTANT NOTE=============================== if the password in a third-party credential provider could be updated at runtime, we have to invalidate the caching for 'caching_sha2_password' by calling 'func (s *Server)InvalidateCache(string, string)'.
type EmptyHandler ¶
type EmptyHandler struct {
}
func (EmptyHandler) HandleFieldList ¶
func (h EmptyHandler) HandleFieldList(table string, fieldWildcard string) ([]*Field, error)
func (EmptyHandler) HandleOtherCommand ¶
func (h EmptyHandler) HandleOtherCommand(cmd byte, data []byte) error
func (EmptyHandler) HandleQuery ¶
func (h EmptyHandler) HandleQuery(query string) (*Result, error)
func (EmptyHandler) HandleStmtClose ¶
func (h EmptyHandler) HandleStmtClose(context interface{}) error
func (EmptyHandler) HandleStmtExecute ¶
func (h EmptyHandler) HandleStmtExecute(context interface{}, query string, args []interface{}) (*Result, error)
func (EmptyHandler) HandleStmtPrepare ¶
func (h EmptyHandler) HandleStmtPrepare(query string) (int, int, interface{}, error)
func (EmptyHandler) UseDB ¶
func (h EmptyHandler) UseDB(dbName string) error
type Handler ¶
type Handler interface {
//handle COM_INIT_DB command, you can check whether the dbName is valid, or other.
UseDB(dbName string) error
//handle COM_QUERY command, like SELECT, INSERT, UPDATE, etc...
//If Result has a Resultset (SELECT, SHOW, etc...), we will send this as the response, otherwise, we will send Result
HandleQuery(query string) (*Result, error)
//handle COM_FILED_LIST command
HandleFieldList(table string, fieldWildcard string) ([]*Field, error)
//handle COM_STMT_PREPARE, params is the param number for this statement, columns is the column number
//context will be used later for statement execute
HandleStmtPrepare(query string) (params int, columns int, context interface{}, err error)
//handle COM_STMT_EXECUTE, context is the previous one set in prepare
//query is the statement prepare query, and args is the params for this statement
HandleStmtExecute(context interface{}, query string, args []interface{}) (*Result, error)
//handle COM_STMT_CLOSE, context is the previous one set in prepare
//this handler has no response
HandleStmtClose(context interface{}) error
//handle any other command that is not currently handled by the library,
//default implementation for this method will return an ER_UNKNOWN_ERROR
HandleOtherCommand(cmd byte, data []byte) error
}
type InMemoryProvider ¶
type InMemoryProvider struct {
// contains filtered or unexported fields
}
implements a in memory credential provider
func NewInMemoryProvider ¶
func NewInMemoryProvider() *InMemoryProvider
func (*InMemoryProvider) AddUser ¶
func (m *InMemoryProvider) AddUser(username, password string)
func (*InMemoryProvider) CheckUsername ¶
func (m *InMemoryProvider) CheckUsername(username string) (found bool, err error)
func (*InMemoryProvider) GetCredential ¶
func (m *InMemoryProvider) GetCredential(username string) (password string, found bool, err error)
type Provider ¶
type Provider InMemoryProvider
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Defines a basic MySQL server with configs.
We do not aim at implementing the whole MySQL connection suite to have the best compatibilities for the clients. The MySQL server can be configured to switch auth methods covering 'mysql_old_password', 'mysql_native_password', 'mysql_clear_password', 'authentication_windows_client', 'sha256_password', 'caching_sha2_password', etc.
However, since some old auth methods are considered broken with security issues. MySQL major versions like 5.7 and 8.0 default to 'mysql_native_password' or 'caching_sha2_password', and most MySQL clients should have already supported at least one of the three auth methods 'mysql_native_password', 'caching_sha2_password', and 'sha256_password'. Thus here we will only support these three auth methods, and use 'mysql_native_password' as default for maximum compatibility with the clients and leave the other two as config options.
The MySQL doc states that 'mysql_old_password' will be used if 'CLIENT_PROTOCOL_41' or 'CLIENT_SECURE_CONNECTION' flag is not set. We choose to drop the support for insecure 'mysql_old_password' auth method and require client capability 'CLIENT_PROTOCOL_41' and 'CLIENT_SECURE_CONNECTION' are set. Besides, if 'CLIENT_PLUGIN_AUTH' is not set, we fallback to 'mysql_native_password' auth method.
func NewDefaultServer ¶
func NewDefaultServer() *Server
NewDefaultServer: New mysql server with default settings.
NOTES: TLS support will be enabled by default with auto-generated CA and server certificates (however, you can still use non-TLS connection). By default, it will verify the client certificate if present. You can enable TLS support on the client side without providing a client-side certificate. So only when you need the server to verify client identity for maximum security, you need to set a signed certificate for the client.
func NewServer ¶
func NewServer(serverVersion string, collationId uint8, defaultAuthMethod string, pubKey []byte, tlsConfig *tls.Config) *Server
NewServer: New mysql server with customized settings.
NOTES: You can control the authentication methods and TLS settings here. For auth method, you can specify one of the supported methods 'mysql_native_password', 'caching_sha2_password', and 'sha256_password'. The specified auth method will be enforced by the server in the connection phase. That means, client will be asked to switch auth method if the supplied auth method is different from the server default. And for TLS support, you can specify self-signed or CA-signed certificates and decide whether the client needs to provide a signed or unsigned certificate to provide different level of security.
Source Files