database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

WL#1054: Pluggable authentication support

Browse Source 
Merged the implementation to a new base tree.
This commit is contained in:
Georgi Kodinov
2010-08-09 11:32:50 +03:00
parent 81906cdf38
commit 9705711596
127 changed files with 8248 additions and 1616 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
include/mysql/client_plugin.h Normal file
View File

@ -0,0 +1,146 @@
#ifndef MYSQL_CLIENT_PLUGIN_INCLUDED
/* Copyright (C) 2010 Sun Microsystems, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
/**
@file
MySQL Client Plugin API
This file defines the API for plugins that work on the client side
*/
#define MYSQL_CLIENT_PLUGIN_INCLUDED
#include <stdarg.h>
#include <stdlib.h>
/* known plugin types */
#define MYSQL_CLIENT_reserved1 0
#define MYSQL_CLIENT_reserved2 1
#define MYSQL_CLIENT_AUTHENTICATION_PLUGIN 2
#define MYSQL_CLIENT_AUTHENTICATION_PLUGIN_INTERFACE_VERSION 0x0100
#define MYSQL_CLIENT_MAX_PLUGINS 3
#define mysql_declare_client_plugin(X) \
MYSQL_PLUGIN_EXPORT struct st_mysql_client_plugin_ ## X \
_mysql_client_plugin_declaration_ = { \
MYSQL_CLIENT_ ## X ## _PLUGIN, \
MYSQL_CLIENT_ ## X ## _PLUGIN_INTERFACE_VERSION,
#define mysql_end_client_plugin }
/* generic plugin header structure */
#define MYSQL_CLIENT_PLUGIN_HEADER \
int type; \
unsigned int interface_version; \
const char *name; \
const char *author; \
const char *desc; \
unsigned int version[3]; \
int (*init)(char *, size_t, int, va_list); \
int (*deinit)();
struct st_mysql_client_plugin
{
MYSQL_CLIENT_PLUGIN_HEADER
};
struct st_mysql;
/******** authentication plugin specific declarations *********/
#include <mysql/plugin_auth_common.h>
struct st_mysql_client_plugin_AUTHENTICATION
{
MYSQL_CLIENT_PLUGIN_HEADER
int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, struct st_mysql *mysql);
};
/******** using plugins ************/
/**
loads a plugin and initializes it
@param mysql MYSQL structure. only MYSQL_PLUGIN_DIR option value is used,
and last_errno/last_error, for error reporting
@param name a name of the plugin to load
@param type type of plugin that should be loaded, -1 to disable type check
@param argc number of arguments to pass to the plugin initialization
function
@param ... arguments for the plugin initialization function
@retval
a pointer to the loaded plugin, or NULL in case of a failure
*/
struct st_mysql_client_plugin *
mysql_load_plugin(struct st_mysql *mysql, const char *name, int type,
int argc, ...);
/**
loads a plugin and initializes it, taking va_list as an argument
This is the same as mysql_load_plugin, but take va_list instead of
a list of arguments.
@param mysql MYSQL structure. only MYSQL_PLUGIN_DIR option value is used,
and last_errno/last_error, for error reporting
@param name a name of the plugin to load
@param type type of plugin that should be loaded, -1 to disable type check
@param argc number of arguments to pass to the plugin initialization
function
@param args arguments for the plugin initialization function
@retval
a pointer to the loaded plugin, or NULL in case of a failure
*/
struct st_mysql_client_plugin *
mysql_load_plugin_v(struct st_mysql *mysql, const char *name, int type,
int argc, va_list args);
/**
finds an already loaded plugin by name, or loads it, if necessary
@param mysql MYSQL structure. only MYSQL_PLUGIN_DIR option value is used,
and last_errno/last_error, for error reporting
@param name a name of the plugin to load
@param type type of plugin that should be loaded
@retval
a pointer to the plugin, or NULL in case of a failure
*/
struct st_mysql_client_plugin *
mysql_client_find_plugin(struct st_mysql *mysql, const char *name, int type);
/**
adds a plugin structure to the list of loaded plugins
This is useful if an application has the necessary functionality
(for example, a special load data handler) statically linked into
the application binary. It can use this function to register the plugin
directly, avoiding the need to factor it out into a shared object.
@param mysql MYSQL structure. It is only used for error reporting
@param plugin an st_mysql_client_plugin structure to register
@retval
a pointer to the plugin, or NULL in case of a failure
*/
struct st_mysql_client_plugin *
mysql_client_register_plugin(struct st_mysql *mysql,
struct st_mysql_client_plugin *plugin);
#endif

41
include/mysql/client_plugin.h.pp Normal file
View File

@ -0,0 +1,41 @@
#include <stdarg.h>
#include <stdlib.h>
struct st_mysql_client_plugin
{
int type; unsigned int interface_version; const char *name; const char *author; const char *desc; unsigned int version[3]; int (*init)(char *, size_t, int, va_list); int (*deinit)();
};
struct st_mysql;
#include <mysql/plugin_auth_common.h>
typedef struct st_plugin_vio_info
{
enum { MYSQL_VIO_INVALID, MYSQL_VIO_TCP, MYSQL_VIO_SOCKET,
MYSQL_VIO_PIPE, MYSQL_VIO_MEMORY } protocol;
int socket;
} MYSQL_PLUGIN_VIO_INFO;
typedef struct st_plugin_vio
{
int (*read_packet)(struct st_plugin_vio *vio,
unsigned char **buf);
int (*write_packet)(struct st_plugin_vio *vio,
const unsigned char *packet,
int packet_len);
void (*info)(struct st_plugin_vio *vio, struct st_plugin_vio_info *info);
} MYSQL_PLUGIN_VIO;
struct st_mysql_client_plugin_AUTHENTICATION
{
int type; unsigned int interface_version; const char *name; const char *author; const char *desc; unsigned int version[3]; int (*init)(char *, size_t, int, va_list); int (*deinit)();
int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, struct st_mysql *mysql);
};
typedef char *(*mysql_authentication_dialog_ask_t)(struct st_mysql *mysql,
int type, const char *prompt, char *buf, int buf_len);
struct st_mysql_client_plugin *
mysql_load_plugin(struct st_mysql *mysql, const char *name, int type,
int argc, ...);
struct st_mysql_client_plugin *
mysql_load_plugin_v(struct st_mysql *mysql, const char *name, int type,
int argc, va_list args);
struct st_mysql_client_plugin *
mysql_client_find_plugin(struct st_mysql *mysql, const char *name, int type);
struct st_mysql_client_plugin *
mysql_client_register_plugin(struct st_mysql *mysql,
struct st_mysql_client_plugin *plugin);

3
include/mysql/plugin.h
View File

@ -83,7 +83,8 @@ typedef struct st_mysql_xid MYSQL_XID;
#define MYSQL_INFORMATION_SCHEMA_PLUGIN 4 /* The I_S plugin type */
#define MYSQL_AUDIT_PLUGIN 5 /* The Audit plugin type */
#define MYSQL_REPLICATION_PLUGIN 6 /* The replication plugin type */
#define MYSQL_MAX_PLUGIN_TYPE_NUM 7 /* The number of plugin types */
#define MYSQL_AUTHENTICATION_PLUGIN 7 /* The authentication plugin type */
#define MYSQL_MAX_PLUGIN_TYPE_NUM 8 /* The number of plugin types */
/* We use the following strings to define licenses for plugins */
#define PLUGIN_LICENSE_PROPRIETARY 0

118
include/mysql/plugin_auth.h Normal file
View File

@ -0,0 +1,118 @@
#ifndef MYSQL_PLUGIN_AUTH_INCLUDED
/* Copyright (C) 2010 Sun Microsystems, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
/**
@file
Authentication Plugin API.
This file defines the API for server authentication plugins.
*/
#define MYSQL_PLUGIN_AUTH_INCLUDED
#include <mysql/plugin.h>
#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0100
#include <mysql/plugin_auth_common.h>
/**
Provides server plugin access to authentication information
*/
typedef struct st_mysql_server_auth_info
{
/**
User name as sent by the client and shown in USER().
NULL if the client packet with the user name was not received yet.
*/
char *user_name;
/**
Length of user_name
*/
unsigned int user_name_length;
/**
A corresponding column value from the mysql.user table for the
matching account name
*/
const char *auth_string;
/**
Length of auth_string
*/
unsigned long auth_string_length;
/**
Matching account name as found in the mysql.user table.
A plugin can override it with another name that will be
used by MySQL for authorization, and shown in CURRENT_USER()
*/
char authenticated_as[MYSQL_USERNAME_LENGTH+1];
/**
The unique user name that was used by the plugin to authenticate.
Plugins should put null-terminated UTF-8 here.
Available through the @@EXTERNAL_USER variable.
*/
char external_user[512];
/**
This only affects the "Authentication failed. Password used: %s"
error message. has the following values :
0 : %s will be NO.
1 : %s will be YES.
2 : there will be no %s.
Set it as appropriate or ignore at will.
*/
int password_used;
/**
Set to the name of the connected client if it can be resolved, or to
the address otherwise
*/
const char *host_or_ip;
/**
Length of host_or_ip
*/
unsigned int host_or_ip_length;
} MYSQL_SERVER_AUTH_INFO;
/**
Server authentication plugin descriptor
*/
struct st_mysql_auth
{
int interface_version; /**< version plugin uses */
/**
A plugin that a client must use for authentication with this server
plugin. Can be NULL to mean "any plugin".
*/
const char *client_auth_plugin;
/**
Function provided by the plugin which should perform authentication (using
the vio functions if necessary) and return 0 if successful. The plugin can
also fill the info.authenticated_as field if a different username should be
used for authorization.
*/
int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info);
};
#endif

205
include/mysql/plugin_auth.h.pp Normal file
View File

@ -0,0 +1,205 @@
#include <mysql/plugin.h>
#include <mysql/services.h>
#include <mysql/service_my_snprintf.h>
#include <stdarg.h>
#include <stdlib.h>
extern struct my_snprintf_service_st {
size_t (*my_snprintf_type)(char*, size_t, const char*, ...);
size_t (*my_vsnprintf_type)(char *, size_t, const char*, va_list);
} *my_snprintf_service;
size_t my_snprintf(char* to, size_t n, const char* fmt, ...);
size_t my_vsnprintf(char *to, size_t n, const char* fmt, va_list ap);
#include <mysql/service_thd_alloc.h>
#include <stdlib.h>
struct st_mysql_lex_string
{
char *str;
size_t length;
};
typedef struct st_mysql_lex_string MYSQL_LEX_STRING;
extern struct thd_alloc_service_st {
void *(*thd_alloc_func)(void*, unsigned int);
void *(*thd_calloc_func)(void*, unsigned int);
char *(*thd_strdup_func)(void*, const char *);
char *(*thd_strmake_func)(void*, const char *, unsigned int);
void *(*thd_memdup_func)(void*, const void*, unsigned int);
MYSQL_LEX_STRING *(*thd_make_lex_string_func)(void*, MYSQL_LEX_STRING *,
const char *, unsigned int, int);
} *thd_alloc_service;
void *thd_alloc(void* thd, unsigned int size);
void *thd_calloc(void* thd, unsigned int size);
char *thd_strdup(void* thd, const char *str);
char *thd_strmake(void* thd, const char *str, unsigned int size);
void *thd_memdup(void* thd, const void* str, unsigned int size);
MYSQL_LEX_STRING *thd_make_lex_string(void* thd, MYSQL_LEX_STRING *lex_str,
const char *str, unsigned int size,
int allocate_lex_string);
struct st_mysql_xid {
long formatID;
long gtrid_length;
long bqual_length;
char data[128];
};
typedef struct st_mysql_xid MYSQL_XID;
enum enum_mysql_show_type
{
SHOW_UNDEF, SHOW_BOOL, SHOW_INT, SHOW_LONG,
SHOW_LONGLONG, SHOW_CHAR, SHOW_CHAR_PTR,
SHOW_ARRAY, SHOW_FUNC, SHOW_DOUBLE,
SHOW_always_last
};
struct st_mysql_show_var {
const char *name;
char *value;
enum enum_mysql_show_type type;
};
typedef int (*mysql_show_var_func)(void*, struct st_mysql_show_var*, char *);
struct st_mysql_sys_var;
struct st_mysql_value;
typedef int (*mysql_var_check_func)(void* thd,
struct st_mysql_sys_var *var,
void *save, struct st_mysql_value *value);
typedef void (*mysql_var_update_func)(void* thd,
struct st_mysql_sys_var *var,
void *var_ptr, const void *save);
struct st_mysql_plugin
{
int type;
void *info;
const char *name;
const char *author;
const char *descr;
int license;
int (*init)(void *);
int (*deinit)(void *);
unsigned int version;
struct st_mysql_show_var *status_vars;
struct st_mysql_sys_var **system_vars;
void * __reserved1;
};
#include "plugin_ftparser.h"
#include "plugin.h"
enum enum_ftparser_mode
{
MYSQL_FTPARSER_SIMPLE_MODE= 0,
MYSQL_FTPARSER_WITH_STOPWORDS= 1,
MYSQL_FTPARSER_FULL_BOOLEAN_INFO= 2
};
enum enum_ft_token_type
{
FT_TOKEN_EOF= 0,
FT_TOKEN_WORD= 1,
FT_TOKEN_LEFT_PAREN= 2,
FT_TOKEN_RIGHT_PAREN= 3,
FT_TOKEN_STOPWORD= 4
};
typedef struct st_mysql_ftparser_boolean_info
{
enum enum_ft_token_type type;
int yesno;
int weight_adjust;
char wasign;
char trunc;
char prev;
char *quot;
} MYSQL_FTPARSER_BOOLEAN_INFO;
typedef struct st_mysql_ftparser_param
{
int (*mysql_parse)(struct st_mysql_ftparser_param *,
char *doc, int doc_len);
int (*mysql_add_word)(struct st_mysql_ftparser_param *,
char *word, int word_len,
MYSQL_FTPARSER_BOOLEAN_INFO *boolean_info);
void *ftparser_state;
void *mysql_ftparam;
struct charset_info_st *cs;
char *doc;
int length;
int flags;
enum enum_ftparser_mode mode;
} MYSQL_FTPARSER_PARAM;
struct st_mysql_ftparser
{
int interface_version;
int (*parse)(MYSQL_FTPARSER_PARAM *param);
int (*init)(MYSQL_FTPARSER_PARAM *param);
int (*deinit)(MYSQL_FTPARSER_PARAM *param);
};
struct st_mysql_daemon
{
int interface_version;
};
struct st_mysql_information_schema
{
int interface_version;
};
struct st_mysql_storage_engine
{
int interface_version;
};
struct handlerton;
struct Mysql_replication {
int interface_version;
};
struct st_mysql_value
{
int (*value_type)(struct st_mysql_value *);
const char *(*val_str)(struct st_mysql_value *, char *buffer, int *length);
int (*val_real)(struct st_mysql_value *, double *realbuf);
int (*val_int)(struct st_mysql_value *, long long *intbuf);
int (*is_unsigned)(struct st_mysql_value *);
};
int thd_in_lock_tables(const void* thd);
int thd_tablespace_op(const void* thd);
long long thd_test_options(const void* thd, long long test_options);
int thd_sql_command(const void* thd);
const char *thd_proc_info(void* thd, const char *info);
void **thd_ha_data(const void* thd, const struct handlerton *hton);
int thd_tx_isolation(const void* thd);
char *thd_security_context(void* thd, char *buffer, unsigned int length,
unsigned int max_query_len);
void thd_inc_row_count(void* thd);
int mysql_tmpfile(const char *prefix);
int thd_killed(const void* thd);
unsigned long thd_get_thread_id(const void* thd);
void thd_get_xid(const void* thd, MYSQL_XID *xid);
void mysql_query_cache_invalidate4(void* thd,
const char *key, unsigned int key_length,
int using_trx);
void *thd_get_ha_data(const void* thd, const struct handlerton *hton);
void thd_set_ha_data(void* thd, const struct handlerton *hton,
const void *ha_data);
#include <mysql/plugin_auth_common.h>
typedef struct st_plugin_vio_info
{
enum { MYSQL_VIO_INVALID, MYSQL_VIO_TCP, MYSQL_VIO_SOCKET,
MYSQL_VIO_PIPE, MYSQL_VIO_MEMORY } protocol;
int socket;
} MYSQL_PLUGIN_VIO_INFO;
typedef struct st_plugin_vio
{
int (*read_packet)(struct st_plugin_vio *vio,
unsigned char **buf);
int (*write_packet)(struct st_plugin_vio *vio,
const unsigned char *packet,
int packet_len);
void (*info)(struct st_plugin_vio *vio, struct st_plugin_vio_info *info);
} MYSQL_PLUGIN_VIO;
typedef struct st_mysql_server_auth_info
{
const char *user_name;
unsigned int user_name_length;
const char *auth_string;
unsigned long auth_string_length;
char authenticated_as[48 +1];
char external_user[512];
int password_used;
const char *host_or_ip;
unsigned int host_or_ip_length;
} MYSQL_SERVER_AUTH_INFO;
struct st_mysql_auth
{
int interface_version;
const char *client_auth_plugin;
int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info);
};

105
include/mysql/plugin_auth_common.h Normal file
View File

@ -0,0 +1,105 @@
#ifndef MYSQL_PLUGIN_AUTH_COMMON_INCLUDED
/* Copyright (C) 2010 Sun Microsystems, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
/**
@file
This file defines constants and data structures that are the same for
both client- and server-side authentication plugins.
*/
#define MYSQL_PLUGIN_AUTH_COMMON_INCLUDED
/** the max allowed length for a user name */
#define MYSQL_USERNAME_LENGTH 48
/**
return values of the plugin authenticate_user() method.
*/
/**
Authentication failed. Additionally, all other CR_xxx values
(libmysql error code) can be used too.
The client plugin may set the error code and the error message directly
in the MYSQL structure and return CR_ERROR. If a CR_xxx specific error
code was returned, an error message in the MYSQL structure will be
overwritten. If CR_ERROR is returned without setting the error in MYSQL,
CR_UNKNOWN_ERROR will be user.
*/
#define CR_ERROR 0
/**
Authentication (client part) was successful. It does not mean that the
authentication as a whole was successful, usually it only means
that the client was able to send the user name and the password to the
server. If CR_OK is returned, the libmysql reads the next packet expecting
it to be one of OK, ERROR, or CHANGE_PLUGIN packets.
*/
#define CR_OK -1
/**
Authentication was successful.
It means that the client has done its part successfully and also that
a plugin has read the last packet (one of OK, ERROR, CHANGE_PLUGIN).
In this case, libmysql will not read a packet from the server,
but it will use the data at mysql->net.read_pos.
A plugin may return this value if the number of roundtrips in the
authentication protocol is not known in advance, and the client plugin
needs to read one packet more to determine if the authentication is finished
or not.
*/
#define CR_OK_HANDSHAKE_COMPLETE -2
typedef struct st_plugin_vio_info
{
enum { MYSQL_VIO_INVALID, MYSQL_VIO_TCP, MYSQL_VIO_SOCKET,
MYSQL_VIO_PIPE, MYSQL_VIO_MEMORY } protocol;
int socket; /**< it's set, if the protocol is SOCKET or TCP */
#ifdef _WIN32
HANDLE handle; /**< it's set, if the protocol is PIPE or MEMORY */
#endif
} MYSQL_PLUGIN_VIO_INFO;
/**
Provides plugin access to communication channel
*/
typedef struct st_plugin_vio
{
/**
Plugin provides a pointer reference and this function sets it to the
contents of any incoming packet. Returns the packet length, or -1 if
the plugin should terminate.
*/
int (*read_packet)(struct st_plugin_vio *vio,
unsigned char **buf);
/**
Plugin provides a buffer with data and the length and this
function sends it as a packet. Returns 0 on success, 1 on failure.
*/
int (*write_packet)(struct st_plugin_vio *vio,
const unsigned char *packet,
int packet_len);
/**
Fills in a st_plugin_vio_info structure, providing the information
about the connection.
*/
void (*info)(struct st_plugin_vio *vio, struct st_plugin_vio_info *info);
} MYSQL_PLUGIN_VIO;
#endif