database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

pluggable auth with plugin examples

Browse Source 
Makefile.am:
  add new API files to the check_abi rule,
  remove duplicates
client/CMakeLists.txt:
  now a client can use dlopen too
client/Makefile.am:
  be csh-friendly
include/my_global.h:
  add dummy plugs for dlopen and co.
  for the code that needs them to work in static builds
mysys/Makefile.am:
  be csh-friendly
plugin/auth/dialog.c:
  typo fixed
This commit is contained in:
Sergei Golubchik
2010-03-29 17:13:53 +02:00
parent 3e13f97bd4
commit 291fd96983
81 changed files with 4440 additions and 1504 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
include/mysql/client_plugin.h Normal file
View File

@@ -0,0 +1,164 @@
#ifndef MYSQL_CLIENT_PLUGIN_INCLUDED
/* Copyright (C) 2010 Sergei Golubchik and Monty Program Ab
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
/**
@file
MySQL Client Plugin API
This file defines the API for plugins that work on the client side
*/
#define MYSQL_CLIENT_PLUGIN_INCLUDED
#include <stdarg.h>
#include <stdlib.h>
/* known plugin types */
#define MYSQL_CLIENT_reserved1 0
#define MYSQL_CLIENT_reserved2 1
#define MYSQL_CLIENT_AUTHENTICATION_PLUGIN 2
#define MYSQL_CLIENT_AUTHENTICATION_PLUGIN_INTERFACE_VERSION 0x0100
#define MYSQL_CLIENT_MAX_PLUGINS 3
#define mysql_declare_client_plugin(X) \
struct st_mysql_client_plugin_ ## X \
_mysql_client_plugin_declaration_ = { \
MYSQL_CLIENT_ ## X ## _PLUGIN, \
MYSQL_CLIENT_ ## X ## _PLUGIN_INTERFACE_VERSION,
#define mysql_end_client_plugin }
/* generic plugin header structure */
#define MYSQL_CLIENT_PLUGIN_HEADER \
int type; \
unsigned int interface_version; \
const char *name; \
const char *author; \
const char *desc; \
unsigned int version[3]; \
int (*init)(char *, size_t, int, va_list); \
int (*deinit)();
struct st_mysql_client_plugin
{
MYSQL_CLIENT_PLUGIN_HEADER
};
struct st_mysql;
/******** authentication plugin specific declarations *********/
#include <mysql/plugin_auth_common.h>
struct st_mysql_client_plugin_AUTHENTICATION
{
MYSQL_CLIENT_PLUGIN_HEADER
int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, struct st_mysql *mysql);
};
/**
type of the mysql_authentication_dialog_ask function
@param mysql mysql
@param type type of the input
1 - ordinary string input
2 - password string
@param prompt prompt
@param buf a buffer to store the use input
@param buf_len the length of the buffer
@retval a pointer to the user input string.
It may be equal to 'buf' or to 'mysql->password'.
In all other cases it is assumed to be an allocated
string, and the "dialog" plugin will free() it.
*/
typedef char *(*mysql_authentication_dialog_ask_t)(struct st_mysql *mysql,
int type, const char *prompt, char *buf, int buf_len);
/******** using plugins ************/
/**
loads a plugin and initializes it
@param mysql MYSQL structure. only MYSQL_PLUGIN_DIR option value is used,
and last_errno/last_error, for error reporting
@param name a name of the plugin to load
@param type type of plugin that should be loaded, -1 to disable type check
@param argc number of arguments to pass to the plugin initialization
function
@param ... arguments for the plugin initialization function
@retval
a pointer to the loaded plugin, or NULL in case of a failure
*/
struct st_mysql_client_plugin *
mysql_load_plugin(struct st_mysql *mysql, const char *name, int type,
int argc, ...);
/**
loads a plugin and initializes it, taking va_list as an argument
This is the same as mysql_load_plugin, but take va_list instead of
a list of arguments.
@param mysql MYSQL structure. only MYSQL_PLUGIN_DIR option value is used,
and last_errno/last_error, for error reporting
@param name a name of the plugin to load
@param type type of plugin that should be loaded, -1 to disable type check
@param argc number of arguments to pass to the plugin initialization
function
@param args arguments for the plugin initialization function
@retval
a pointer to the loaded plugin, or NULL in case of a failure
*/
struct st_mysql_client_plugin *
mysql_load_plugin_v(struct st_mysql *mysql, const char *name, int type,
int argc, va_list args);
/**
finds an already loaded plugin by name, or loads it, if necessary
@param mysql MYSQL structure. only MYSQL_PLUGIN_DIR option value is used,
and last_errno/last_error, for error reporting
@param name a name of the plugin to load
@param type type of plugin that should be loaded
@retval
a pointer to the plugin, or NULL in case of a failure
*/
struct st_mysql_client_plugin *
mysql_client_find_plugin(struct st_mysql *mysql, const char *name, int type);
/**
adds a plugin structure to the list of loaded plugins
This is useful if an application has the necessary functionality
(for example, a special load data handler) statically linked into
the application binary. It can use this function to register the plugin
directly, avoiding the need to factor it out into a shared object.
@param mysql MYSQL structure. It is only used for error reporting
@param plugin an st_mysql_client_plugin structure to register
@retval
a pointer to the plugin, or NULL in case of a failure
*/
struct st_mysql_client_plugin *
mysql_client_register_plugin(struct st_mysql *mysql,
struct st_mysql_client_plugin *plugin);
#endif

41
include/mysql/client_plugin.h.pp Normal file
View File

@@ -0,0 +1,41 @@
#include <stdarg.h>
#include <stdlib.h>
struct st_mysql_client_plugin
{
int type; unsigned int interface_version; const char *name; const char *author; const char *desc; unsigned int version[3]; int (*init)(char *, size_t, int, va_list); int (*deinit)();
};
struct st_mysql;
#include <mysql/plugin_auth_common.h>
typedef struct st_plugin_vio_info
{
enum { MYSQL_VIO_INVALID, MYSQL_VIO_TCP, MYSQL_VIO_SOCKET,
MYSQL_VIO_PIPE, MYSQL_VIO_MEMORY } protocol;
int socket;
} MYSQL_PLUGIN_VIO_INFO;
typedef struct st_plugin_vio
{
int (*read_packet)(struct st_plugin_vio *vio,
unsigned char **buf);
int (*write_packet)(struct st_plugin_vio *vio,
const unsigned char *packet,
int packet_len);
void (*info)(struct st_plugin_vio *vio, struct st_plugin_vio_info *info);
} MYSQL_PLUGIN_VIO;
struct st_mysql_client_plugin_AUTHENTICATION
{
int type; unsigned int interface_version; const char *name; const char *author; const char *desc; unsigned int version[3]; int (*init)(char *, size_t, int, va_list); int (*deinit)();
int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, struct st_mysql *mysql);
};
typedef char *(*mysql_authentication_dialog_ask_t)(struct st_mysql *mysql,
int type, const char *prompt, char *buf, int buf_len);
struct st_mysql_client_plugin *
mysql_load_plugin(struct st_mysql *mysql, const char *name, int type,
int argc, ...);
struct st_mysql_client_plugin *
mysql_load_plugin_v(struct st_mysql *mysql, const char *name, int type,
int argc, va_list args);
struct st_mysql_client_plugin *
mysql_client_find_plugin(struct st_mysql *mysql, const char *name, int type);
struct st_mysql_client_plugin *
mysql_client_register_plugin(struct st_mysql *mysql,
struct st_mysql_client_plugin *plugin);

5
include/mysql/plugin.h
View File

@@ -67,7 +67,10 @@ typedef struct st_mysql_xid MYSQL_XID;
#define MYSQL_FTPARSER_PLUGIN 2 /* Full-text parser plugin */
#define MYSQL_DAEMON_PLUGIN 3 /* The daemon/raw plugin type */
#define MYSQL_INFORMATION_SCHEMA_PLUGIN 4 /* The I_S plugin type */
#define MYSQL_MAX_PLUGIN_TYPE_NUM 5 /* The number of plugin types */
#define MYSQL_AUDIT_PLUGIN 5 /* The Audit plugin type */
#define MYSQL_REPLICATION_PLUGIN 6 /* The replication plugin type */
#define MYSQL_AUTHENTICATION_PLUGIN 7 /* The authentication plugin type */
#define MYSQL_MAX_PLUGIN_TYPE_NUM 8 /* The number of plugin types */
/* We use the following strings to define licenses for plugins */
#define PLUGIN_LICENSE_PROPRIETARY 0

83
include/mysql/plugin_auth.h Normal file
View File

@@ -0,0 +1,83 @@
#ifndef MYSQL_PLUGIN_AUTH_INCLUDED
/* Copyright (C) 2010 Sergei Golubchik and Monty Program Ab
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
/**
@file
Authentication Plugin API.
This file defines the API for server authentication plugins.
*/
#define MYSQL_PLUGIN_AUTH_INCLUDED
#include <mysql/plugin.h>
#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0100
#include <mysql/plugin_auth_common.h>
/**
Provides server plugin access to authentication information
*/
typedef struct st_mysql_server_auth_info
{
/**
User name as sent by the client and shown in USER().
NULL if the client packet with the user name was not received yet.
*/
const char *user_name;
/**
A corresponding column value from the mysql.user table for the
matching account name
*/
const char *auth_string;
/**
Matching account name as found in the mysql.user table.
A plugin can override it with another name that will be
used by MySQL for authorization, and shown in CURRENT_USER()
*/
char authenticated_as[MYSQL_USERNAME_LENGTH+1];
/**
This only affects the "Authentication failed. Password used: %s"
error message. If set, %s will be YES, otherwise - NO.
Set it as appropriate or ignore at will.
*/
int password_used;
} MYSQL_SERVER_AUTH_INFO;
/**
Server authentication plugin descriptor
*/
struct st_mysql_auth
{
int interface_version; /**< version plugin uses */
/**
A plugin that a client must use for authentication with this server
plugin. Can be NULL to mean "any plugin".
*/
const char *client_auth_plugin;
/**
Function provided by the plugin which should perform authentication (using
the vio functions if necessary) and return 0 if successful. The plugin can
also fill the info.authenticated_as field if a different username should be
used for authorization.
*/
int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info);
};
#endif

30
include/mysql/plugin.h.pp → include/mysql/plugin_auth.h.pp
View File

@@ -1,3 +1,4 @@
#include <mysql/plugin.h>
#include <mysql/services.h>
#include <mysql/service_my_snprintf.h>
#include <stdarg.h>
@@ -161,3 +162,32 @@ void thd_get_xid(const void* thd, MYSQL_XID *xid);
void mysql_query_cache_invalidate4(void* thd,
const char *key, unsigned int key_length,
int using_trx);
#include <mysql/plugin_auth_common.h>
typedef struct st_plugin_vio_info
{
enum { MYSQL_VIO_INVALID, MYSQL_VIO_TCP, MYSQL_VIO_SOCKET,
MYSQL_VIO_PIPE, MYSQL_VIO_MEMORY } protocol;
int socket;
} MYSQL_PLUGIN_VIO_INFO;
typedef struct st_plugin_vio
{
int (*read_packet)(struct st_plugin_vio *vio,
unsigned char **buf);
int (*write_packet)(struct st_plugin_vio *vio,
const unsigned char *packet,
int packet_len);
void (*info)(struct st_plugin_vio *vio, struct st_plugin_vio_info *info);
} MYSQL_PLUGIN_VIO;
typedef struct st_mysql_server_auth_info
{
const char *user_name;
const char *auth_string;
char authenticated_as[48 +1];
int password_used;
} MYSQL_SERVER_AUTH_INFO;
struct st_mysql_auth
{
int interface_version;
const char *client_auth_plugin;
int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info);
};

105
include/mysql/plugin_auth_common.h Normal file
View File

@@ -0,0 +1,105 @@
#ifndef MYSQL_PLUGIN_AUTH_COMMON_INCLUDED
/* Copyright (C) 2010 Sergei Golubchik and Monty Program Ab
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
/**
@file
This file defines constants and data structures that are the same for
both client- and server-side authentication plugins.
*/
#define MYSQL_PLUGIN_AUTH_COMMON_INCLUDED
/** the max allowed length for a user name */
#define MYSQL_USERNAME_LENGTH 48
/**
return values of the plugin authenticate_user() method.
*/
/**
Authentication failed. Additionally, all other CR_xxx values
(libmysql error code) can be used too.
The client plugin may set the error code and the error message directly
in the MYSQL structure and return CR_ERROR. If a CR_xxx specific error
code was returned, an error message in the MYSQL structure will be
overwritten. If CR_ERROR is returned without setting the error in MYSQL,
CR_UNKNOWN_ERROR will be user.
*/
#define CR_ERROR 0
/**
Authentication (client part) was successful. It does not mean that the
authentication as a whole was successful, usually it only means
that the client was able to send the user name and the password to the
server. If CR_OK is returned, the libmysql reads the next packet expecting
it to be one of OK, ERROR, or CHANGE_PLUGIN packets.
*/
#define CR_OK -1
/**
Authentication was successful.
It means that the client has done its part successfully and also that
a plugin has read the last packet (one of OK, ERROR, CHANGE_PLUGIN).
In this case, libmysql will not read a packet from the server,
but it will use the data at mysql->net.read_pos.
A plugin may return this value if the number of roundtrips in the
authentication protocol is not known in advance, and the client plugin
needs to read one packet more to determine if the authentication is finished
or not.
*/
#define CR_OK_HANDSHAKE_COMPLETE -2
typedef struct st_plugin_vio_info
{
enum { MYSQL_VIO_INVALID, MYSQL_VIO_TCP, MYSQL_VIO_SOCKET,
MYSQL_VIO_PIPE, MYSQL_VIO_MEMORY } protocol;
int socket; /**< it's set, if the protocol is SOCKET or TCP */
#ifdef _WIN32
HANDLE handle; /**< it's set, if the protocol is PIPE or MEMORY */
#endif
} MYSQL_PLUGIN_VIO_INFO;
/**
Provides plugin access to communication channel
*/
typedef struct st_plugin_vio
{
/**
Plugin provides a pointer reference and this function sets it to the
contents of any incoming packet. Returns the packet length, or -1 if
the plugin should terminate.
*/
int (*read_packet)(struct st_plugin_vio *vio,
unsigned char **buf);
/**
Plugin provides a buffer with data and the length and this
function sends it as a packet. Returns 0 on success, 1 on failure.
*/
int (*write_packet)(struct st_plugin_vio *vio,
const unsigned char *packet,
int packet_len);
/**
Fills in a st_plugin_vio_info structure, providing the information
about the connection.
*/
void (*info)(struct st_plugin_vio *vio, struct st_plugin_vio_info *info);
} MYSQL_PLUGIN_VIO;
#endif