From 630d742b89d0f48edd4b54f9998941848d81f0e7 Mon Sep 17 00:00:00 2001 From: Georg Richter Date: Mon, 2 Nov 2015 14:58:04 +0100 Subject: [PATCH] Last push was incomplete, it contained only new file (old_password.c) --- CMakeLists.txt | 7 ++ client/CMakeLists.txt | 1 + cmake/plugins.cmake | 2 +- cmake/sign.cmake | 12 ++- libmariadb/CMakeLists.txt | 5 ++ plugins/auth/CMakeLists.txt | 17 ++++ plugins/auth/my_auth.c | 105 ++++++----------------- plugins/io/CMakeLists.txt | 6 +- plugins/pvio/CMakeLists.txt | 6 ++ plugins/pvio/pvio_socket.c | 8 +- plugins/trace/CMakeLists.txt | 4 + win/packaging/mariadb-connector-c.xml.in | 2 +- 12 files changed, 82 insertions(+), 93 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index d5438a99..91dec067 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -30,6 +30,13 @@ OPTION(WITH_REMOTEIO "enables remote io support (requires libcurl)" OFF) OPTION(WITH_EXTERNAL_ZLIB "Enables use of external zlib" OFF) ############### +IF(WITH_SIGNCODE) + IF(WIN32) + SET(SIGN_OPTIONS /a /t http://timestamp.verisign.com/scripts/timstamp.dll) + ENDIF() + MARK_AS_ADVANCED(SIGN_OPTIONS) +ENDIF() + IF(WITH_RTC) SET(RTC_OPTIONS "/RTC1 /RTCc") diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 7963329f..0e52a259 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -4,3 +4,4 @@ TARGET_LINK_LIBRARIES(mariadb_client_plugin_info mariadbclient) INSTALL(TARGETS mariadb_client_plugin_info DESTINATION "bin") +SIGN_TARGET(mariadb_client_plugin_info) diff --git a/cmake/plugins.cmake b/cmake/plugins.cmake index 133bee18..47e15597 100644 --- a/cmake/plugins.cmake +++ b/cmake/plugins.cmake @@ -27,7 +27,7 @@ ENDIF() # AUTHENTICATION REGISTER_PLUGIN("AUTH_NATIVE" "${CMAKE_SOURCE_DIR}/plugins/auth/my_auth.c" "native_password_client_plugin" "STATIC" "" 0) -REGISTER_PLUGIN("AUTH_OLDPASSWORD" "${CMAKE_SOURCE_DIR}/plugins/auth/my_auth.c" "old_password_client_plugin" "STATIC" "" 0) +REGISTER_PLUGIN("AUTH_OLDPASSWORD" "${CMAKE_SOURCE_DIR}/plugins/auth/old_password.c" "old_password_client_plugin" "DYNAMIC" "old_password" 1) REGISTER_PLUGIN("AUTH_DIALOG" "${CMAKE_SOURCE_DIR}/plugins/auth/dialog.c" "auth_dialog_plugin" "DYNAMIC" dialog 1) REGISTER_PLUGIN("AUTH_CLEARTEXT" "${CMAKE_SOURCE_DIR}/plugins/auth/mariadb_clear_text.c" "auth_cleartext_plugin" "DYNAMIC" "mysql_clear_password" 1) diff --git a/cmake/sign.cmake b/cmake/sign.cmake index 860da9ed..024b861d 100644 --- a/cmake/sign.cmake +++ b/cmake/sign.cmake @@ -1,6 +1,10 @@ MACRO(SIGN_TARGET target) - SET(target_file $) - ADD_CUSTOM_COMMAND(TARGET ${target} POST_BUILD - DEPENDS ${target} - COMMAND signtool ARGS sign ${SIGN_OPTIONS} ${target_file}) + IF(WITH_SIGNCODE) + IF(WIN32) + SET(target_file $) + MESSAGE(STATUS "TARGET_FILE: <${target_file}>") + ADD_CUSTOM_COMMAND(TARGET ${target} + COMMAND signtool ARGS sign ${SIGN_OPTIONS} ${target_file}) + ENDIF() + ENDIF() ENDMACRO() diff --git a/libmariadb/CMakeLists.txt b/libmariadb/CMakeLists.txt index 7181849d..e3b9f7e4 100644 --- a/libmariadb/CMakeLists.txt +++ b/libmariadb/CMakeLists.txt @@ -7,6 +7,10 @@ ADD_DEFINITIONS(-D HAVE_COMPRESS) ADD_DEFINITIONS(-D LIBMARIADB) ADD_DEFINITIONS(-D THREAD) +IF(WITH_SIGNCODE) + INCLUDE(${CMAKE_SOURCE_DIR}/cmake/sign.cmake) +ENDIF() + SET(EXPORT_SYMBOLS load_defaults ma_pvio_register_callback @@ -387,6 +391,7 @@ TARGET_LINK_LIBRARIES(libmariadb ${SYSTEM_LIBS}) IF(UNIX) SET_TARGET_PROPERTIES(libmariadb PROPERTIES COMPILE_FLAGS "${CMAKE_SHARED_LIBRARY_C_FLAGS}") ENDIF() +SIGN_TARGET(libmariadb) IF(CMAKE_SYSTEM_NAME MATCHES "Linux") TARGET_LINK_LIBRARIES (libmariadb "-Wl,--no-undefined") diff --git a/plugins/auth/CMakeLists.txt b/plugins/auth/CMakeLists.txt index da1a38f7..5d716af8 100644 --- a/plugins/auth/CMakeLists.txt +++ b/plugins/auth/CMakeLists.txt @@ -1,6 +1,9 @@ INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include) INCLUDE(${CMAKE_SOURCE_DIR}/cmake/install_plugins.cmake) +IF(WITH_SIGNCODE) + INCLUDE(${CMAKE_SOURCE_DIR}/cmake/sign.cmake) +ENDIF() # Dialog plugin IF(AUTH_DIALOG_PLUGIN_TYPE MATCHES "DYNAMIC") @@ -12,8 +15,21 @@ IF(AUTH_DIALOG_PLUGIN_TYPE MATCHES "DYNAMIC") ADD_LIBRARY(dialog SHARED ${DIALOG_SOURCES}) SET_TARGET_PROPERTIES(dialog PROPERTIES PREFIX "") INSTALL_PLUGIN(dialog ${CMAKE_BINARY_DIR}/plugins/auth) + SIGN_TARGET(dialog) ENDIF() +# old_password plugin +IF(AUTH_OLDPASSWORD_PLUGIN_TYPE MATCHES "DYNAMIC") + ADD_DEFINITIONS(-DHAVE_OLDPASSWORD_DYNAMIC=1) + SET(OLDPASSWORD_SOURCES old_password.c) + IF(WIN32) + SET(OLDPASSWORD_SOURCES ${DIALOG_SOURCES} ${CMAKE_SOURCE_DIR}/plugins/plugin.def) + ENDIF() + ADD_LIBRARY(old_password SHARED ${OLDPASSWORD_SOURCES}) + SET_TARGET_PROPERTIES(old_password PROPERTIES PREFIX "") + INSTALL_PLUGIN(old_password ${CMAKE_BINARY_DIR}/plugins/auth) + SIGN_TARGET(old_password) +ENDIF() # Cleartext IF(AUTH_CLEARTEXT_PLUGIN_TYPE MATCHES "DYNAMIC") @@ -25,4 +41,5 @@ IF(AUTH_CLEARTEXT_PLUGIN_TYPE MATCHES "DYNAMIC") ADD_LIBRARY(mysql_clear_password SHARED ${CTEXT_SOURCES}) SET_TARGET_PROPERTIES(mysql_clear_password PROPERTIES PREFIX "") INSTALL_PLUGIN(mysql_clear_password ${CMAKE_BINARY_DIR}/plugins/auth) + SIGN_TARGET(mysql_clear_password) ENDIF() diff --git a/plugins/auth/my_auth.c b/plugins/auth/my_auth.c index 30c6d2e9..85aab78a 100644 --- a/plugins/auth/my_auth.c +++ b/plugins/auth/my_auth.c @@ -4,15 +4,29 @@ #include #include #include -#include typedef struct st_mysql_client_plugin_AUTHENTICATION auth_plugin_t; static int client_mpvio_write_packet(struct st_plugin_vio*, const uchar*, size_t); static int native_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql); -static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql); extern void read_user_name(char *name); extern uchar *ma_send_connect_attr(MYSQL *mysql, uchar *buffer); +typedef struct { + int (*read_packet)(struct st_plugin_vio *vio, uchar **buf); + int (*write_packet)(struct st_plugin_vio *vio, const uchar *pkt, size_t pkt_len); + void (*info)(struct st_plugin_vio *vio, struct st_plugin_vio_info *info); + /* -= end of MYSQL_PLUGIN_VIO =- */ + MYSQL *mysql; + auth_plugin_t *plugin; /**< what plugin we're under */ + const char *db; + struct { + uchar *pkt; /**< pointer into NET::buff */ + uint pkt_len; + } cached_server_reply; + uint packets_read, packets_written; /**< counters for send/received packets */ + my_bool mysql_change_user; /**< if it's mysql_change_user() */ + int last_read_packet_len; /**< the length of the last *read* packet */ +} MCPVIO_EXT; /* #define compile_time_assert(A) \ do {\ @@ -34,36 +48,6 @@ auth_plugin_t native_password_client_plugin= native_password_auth_client }; -auth_plugin_t old_password_client_plugin= -{ - MYSQL_CLIENT_AUTHENTICATION_PLUGIN, - MYSQL_CLIENT_AUTHENTICATION_PLUGIN_INTERFACE_VERSION, - old_password_plugin_name, - "R.J.Silk, Sergei Golubchik", - "Old MySQL-3.23 authentication", - {1, 0, 0}, - "LGPL", - NULL, - NULL, - old_password_auth_client -}; - -typedef struct { - int (*read_packet)(struct st_plugin_vio *vio, uchar **buf); - int (*write_packet)(struct st_plugin_vio *vio, const uchar *pkt, size_t pkt_len); - void (*info)(struct st_plugin_vio *vio, struct st_plugin_vio_info *info); - /* -= end of MYSQL_PLUGIN_VIO =- */ - MYSQL *mysql; - auth_plugin_t *plugin; /**< what plugin we're under */ - const char *db; - struct { - uchar *pkt; /**< pointer into NET::buff */ - uint pkt_len; - } cached_server_reply; - uint packets_read, packets_written; /**< counters for send/received packets */ - my_bool mysql_change_user; /**< if it's mysql_change_user() */ - int last_read_packet_len; /**< the length of the last *read* packet */ -} MCPVIO_EXT; static int native_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql) { @@ -108,53 +92,6 @@ static int native_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql) } -/** - client authentication plugin that does old MySQL authentication - using an 8-byte (4.0-) scramble -*/ - -static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql) -{ - uchar *pkt; - int pkt_len; - - if (((MCPVIO_EXT *)vio)->mysql_change_user) - { - /* - in mysql_change_user() the client sends the first packet. - we use the old scramble. - */ - pkt= (uchar*)mysql->scramble_buff; - pkt_len= SCRAMBLE_LENGTH_323 + 1; - } - else - { - /* read the scramble */ - if ((pkt_len= vio->read_packet(vio, &pkt)) < 0) - return CR_ERROR; - - if (pkt_len != SCRAMBLE_LENGTH_323 + 1 && - pkt_len != SCRAMBLE_LENGTH + 1) - return CR_SERVER_HANDSHAKE_ERR; - - /* save it in MYSQL */ - memcpy(mysql->scramble_buff, pkt, pkt_len); - mysql->scramble_buff[pkt_len] = 0; - } - - if (mysql->passwd[0]) - { - char scrambled[SCRAMBLE_LENGTH_323 + 1]; - scramble_323(scrambled, (char*)pkt, mysql->passwd); - if (vio->write_packet(vio, (uchar*)scrambled, SCRAMBLE_LENGTH_323 + 1)) - return CR_ERROR; - } - else - if (vio->write_packet(vio, 0, 0)) /* no password */ - return CR_ERROR; - - return CR_OK; -} static int send_change_user_packet(MCPVIO_EXT *mpvio, const uchar *data, int data_len) @@ -567,8 +504,14 @@ int run_plugin_auth(MYSQL *mysql, char *data, uint data_len, } else { - auth_plugin= mysql->server_capabilities & CLIENT_PROTOCOL_41 ? - &native_password_client_plugin : &old_password_client_plugin; + if (mysql->server_capabilities & CLIENT_PROTOCOL_41) + auth_plugin= &native_password_client_plugin; + else + { + if (!(auth_plugin= (auth_plugin_t*)mysql_client_find_plugin(mysql, + "old_password", MYSQL_CLIENT_AUTHENTICATION_PLUGIN))) + return 1; /* not found */ + } auth_plugin_name= auth_plugin->name; } diff --git a/plugins/io/CMakeLists.txt b/plugins/io/CMakeLists.txt index db89874e..374e2a3b 100644 --- a/plugins/io/CMakeLists.txt +++ b/plugins/io/CMakeLists.txt @@ -1,6 +1,9 @@ INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include) INCLUDE(${CMAKE_SOURCE_DIR}/cmake/install_plugins.cmake) +IF(WITH_SIGNCODE) + INCLUDE(${CMAKE_SOURCE_DIR}/cmake/sign.cmake) +ENDIF() IF(REMOTEIO_PLUGIN_TYPE MATCHES "DYNAMIC") IF(CURL_FOUND) @@ -9,9 +12,8 @@ IF(REMOTEIO_PLUGIN_TYPE MATCHES "DYNAMIC") SET(REMOTE_IO_SOURCES remote_io.c) ADD_LIBRARY(remote_io SHARED ${REMOTE_IO_SOURCES} ${CMAKE_SOURCE_DIR}/plugins/plugin.def) TARGET_LINK_LIBRARIES(remote_io ${CURL_LIBRARIES}) - SET_TARGET_PROPERTIES(remote_io PROPERTIES PREFIX "") - INSTALL_PLUGIN(remote_io ${CMAKE_BINARY_DIR}/plugins/io) + SIGN_TARGET(remote_io) ENDIF() ENDIF() diff --git a/plugins/pvio/CMakeLists.txt b/plugins/pvio/CMakeLists.txt index 98ef0212..400fc2e9 100644 --- a/plugins/pvio/CMakeLists.txt +++ b/plugins/pvio/CMakeLists.txt @@ -3,6 +3,9 @@ IF(WIN32) ENDIF() INCLUDE(${CMAKE_SOURCE_DIR}/cmake/install_plugins.cmake) +IF(WITH_SIGNCODE) + INCLUDE(${CMAKE_SOURCE_DIR}/cmake/sign.cmake) +ENDIF() INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include) @@ -12,6 +15,7 @@ IF(SOCKET_PLUGIN_TYPE MATCHES "DYNAMIC") ADD_DEFINITIONS(-DHAVE_SOCKET_DYNAMIC=1) ADD_LIBRARY(pvio_socket SHARED pvio_socket.c ${EXPORT_FILE}) INSTALL_PLUGIN(pvio_socket ${CMAKE_BINARY_DIR}/plugins/pvio) + SIGN_TARGET(pvio_socket) ENDIF() IF(WIN32) @@ -19,10 +23,12 @@ IF(WIN32) ADD_DEFINITIONS(-DHAVE_NPIPE_DYNAMIC=1) ADD_LIBRARY(pvio_npipe SHARED pvio_npipe.c ${EXPORT_FILE}) INSTALL_PLUGIN(pvio_npipe ${CMAKE_BINARY_DIR}/plugins/pvio) + SIGN_TARGET(pvio_npipe) ENDIF() IF(SHMEM_PLUGIN_TYPE MATCHES "DYNAMIC") ADD_DEFINITIONS(-DHAVE_SHMEM_DYNAMIC=1) ADD_LIBRARY(pvio_shmem SHARED pvio_shmem.c ${EXPORT_FILE}) INSTALL_PLUGIN(pvio_shmem ${CMAKE_BINARY_DIR}/plugins/pvio) + SIGN_TARGET(pvio_shmem) ENDIF() ENDIF() diff --git a/plugins/pvio/pvio_socket.c b/plugins/pvio/pvio_socket.c index 2231deb1..d891e6f8 100644 --- a/plugins/pvio/pvio_socket.c +++ b/plugins/pvio/pvio_socket.c @@ -63,8 +63,8 @@ /* Function prototypes */ my_bool pvio_socket_set_timeout(MARIADB_PVIO *pvio, enum enum_pvio_timeout type, int timeout); int pvio_socket_get_timeout(MARIADB_PVIO *pvio, enum enum_pvio_timeout type); -size_t pvio_socket_read(MARIADB_PVIO *pvio, const uchar *buffer, size_t length); -size_t pvio_socket_async_read(MARIADB_PVIO *pvio, const uchar *buffer, size_t length); +size_t pvio_socket_read(MARIADB_PVIO *pvio, uchar *buffer, size_t length); +size_t pvio_socket_async_read(MARIADB_PVIO *pvio, uchar *buffer, size_t length); size_t pvio_socket_write(MARIADB_PVIO *pvio, const uchar *buffer, size_t length); size_t pvio_socket_async_write(MARIADB_PVIO *pvio, const uchar *buffer, size_t length); int pvio_socket_wait_io_or_timeout(MARIADB_PVIO *pvio, my_bool is_read, int timeout); @@ -217,7 +217,7 @@ int pvio_socket_get_timeout(MARIADB_PVIO *pvio, enum enum_pvio_timeout type) -1 on error */ -size_t pvio_socket_read(MARIADB_PVIO *pvio, const uchar *buffer, size_t length) +size_t pvio_socket_read(MARIADB_PVIO *pvio, uchar *buffer, size_t length) { ssize_t r= -1; #ifndef _WIN32 @@ -293,7 +293,7 @@ size_t pvio_socket_read(MARIADB_PVIO *pvio, const uchar *buffer, size_t length) -1 on error */ -size_t pvio_socket_async_read(MARIADB_PVIO *pvio, const uchar *buffer, size_t length) +size_t pvio_socket_async_read(MARIADB_PVIO *pvio, uchar *buffer, size_t length) { ssize_t r= -1; #ifndef _WIN32 diff --git a/plugins/trace/CMakeLists.txt b/plugins/trace/CMakeLists.txt index 86fba1ff..df3f6209 100644 --- a/plugins/trace/CMakeLists.txt +++ b/plugins/trace/CMakeLists.txt @@ -1,5 +1,8 @@ INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include) INCLUDE(${CMAKE_SOURCE_DIR}/cmake/install_plugins.cmake) +IF(WITH_SIGNCODE) + INCLUDE(${CMAKE_SOURCE_DIR}/cmake/sign.cmake) +ENDIF() # Trace example plugin IF(TRACE_EXAMPLE_PLUGIN_TYPE MATCHES "DYNAMIC") @@ -11,4 +14,5 @@ IF(TRACE_EXAMPLE_PLUGIN_TYPE MATCHES "DYNAMIC") ADD_LIBRARY(trace_example SHARED ${TRACE_EXAMPLE_SOURCES}) SET_TARGET_PROPERTIES(trace_example PROPERTIES PREFIX "") INSTALL_PLUGIN(trace_example ${CMAKE_BINARY_DIR}/plugins/trace) + SIGN_TARGET(trace_example) ENDIF() diff --git a/win/packaging/mariadb-connector-c.xml.in b/win/packaging/mariadb-connector-c.xml.in index b2786d20..4213bbed 100644 --- a/win/packaging/mariadb-connector-c.xml.in +++ b/win/packaging/mariadb-connector-c.xml.in @@ -30,10 +30,10 @@ + -