From acc270b7d4ab87394f4a61b2c7cab2cf295a103e Mon Sep 17 00:00:00 2001
From: Georg Richter <georg@mariadb.com>
Date: Mon, 22 Jul 2019 07:27:48 +0200
Subject: [PATCH] CONC-429: Don't allow to load unknown authentication plugins

If the server sends name of authentication plugin, the client needs to check
if this plugin is valid and authorized.
---
 CMakeLists.txt                   |  1 +
 cmake/plugins.cmake              |  3 +++
 libmariadb/ma_client_plugin.c.in | 23 +++++++++++++++++++++++
 plugins/auth/CMakeLists.txt      |  5 ++++-
 4 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index e312dd24..696cd458 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -398,6 +398,7 @@ IF(NOT WIN32)
     ENDIF()
   ENDIF()
 ENDIF()
+
 INCLUDE(${CC_SOURCE_DIR}/plugins/CMakeLists.txt)
 ADD_SUBDIRECTORY(include)
 ADD_SUBDIRECTORY(libmariadb)
diff --git a/cmake/plugins.cmake b/cmake/plugins.cmake
index 68f66d54..4ad63632 100644
--- a/cmake/plugins.cmake
+++ b/cmake/plugins.cmake
@@ -45,6 +45,9 @@ FUNCTION(REGISTER_PLUGIN)
 
   if(NOT ${CC_PLUGIN_DEFAULT} STREQUAL "OFF")
     set(PLUGIN_${CC_PLUGIN_TARGET}_TYPE ${CC_PLUGIN_TYPE})
+    IF(${CC_PLUGIN_TYPE} STREQUAL "MARIADB_CLIENT_PLUGIN_AUTH")
+      SET(ALLOWED_AUTH_PLUGINS ${ALLOWED_AUTH_PLUGINS} ${CC_PLUGIN_TARGET} PARENT_SCOPE)
+    ENDIF()
 
     if(${CC_PLUGIN_DEFAULT} STREQUAL "DYNAMIC")
       set_source_files_properties(${CC_PLUGIN_SOURCES}
diff --git a/libmariadb/ma_client_plugin.c.in b/libmariadb/ma_client_plugin.c.in
index 966eaf15..d1633c80 100644
--- a/libmariadb/ma_client_plugin.c.in
+++ b/libmariadb/ma_client_plugin.c.in
@@ -486,6 +486,29 @@ mysql_client_find_plugin(MYSQL *mysql, const char *name, int type)
                  ER(CR_AUTH_PLUGIN_CANNOT_LOAD), name, "invalid type");
   }
 
+  /* CONC-429: Don't allow unauthorized auth plugins */
+  if (type == MYSQL_CLIENT_AUTHENTICATION_PLUGIN)
+  {
+    char str[]= ALLOWED_AUTH_PLUGINS;
+    char *token= strtok(str, ",");
+    my_bool allowed= 0;
+
+    while (token)
+    {
+      if (!strcmp(name, token))
+      {
+        allowed= 1;
+        break;
+      }
+      token= strtok(NULL, ",");
+    }
+    if (!allowed)
+    {
+      my_set_error(mysql, CR_AUTH_PLUGIN_CANNOT_LOAD, SQLSTATE_UNKNOWN,
+                   ER(CR_AUTH_PLUGIN_CANNOT_LOAD), name, "Unauthorized authentication plugin");
+      return NULL;
+    }
+  }
   if ((p= find_plugin(name, type)))
     return p;
 
diff --git a/plugins/auth/CMakeLists.txt b/plugins/auth/CMakeLists.txt
index 0530f70c..889243f8 100644
--- a/plugins/auth/CMakeLists.txt
+++ b/plugins/auth/CMakeLists.txt
@@ -3,6 +3,8 @@ SET(AUTH_DIR ${CC_SOURCE_DIR}/plugins/auth)
 INCLUDE_DIRECTORIES(${AUTH_DIR})
 INCLUDE_DIRECTORIES(${CC_SOURCE_DIR}/include)
 
+SET(ALLOWED_AUTH_PLUGINS "dummy_fallback_auth")
+
 #native password
 REGISTER_PLUGIN(TARGET mysql_native_password
                 TYPE MARIADB_CLIENT_PLUGIN_AUTH
@@ -131,4 +133,5 @@ REGISTER_PLUGIN(TARGET mysql_clear_password
                 CONFIGURATIONS DYNAMIC STATIC OFF
                 DEFAULT DYNAMIC
                 SOURCES ${AUTH_DIR}/mariadb_cleartext.c)
-
+string(REPLACE ";" "," ALLOWED_AUTH_PLUGINS "${ALLOWED_AUTH_PLUGINS}")
+ADD_DEFINITIONS(-DALLOWED_AUTH_PLUGINS="${ALLOWED_AUTH_PLUGINS}")