mirror of
https://github.com/MariaDB/server.git
synced 2025-11-12 10:22:39 +03:00
7c40996cc8
Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
54 lines
1.6 KiB
Plaintext
54 lines
1.6 KiB
Plaintext
#
|
|
# MDEV-12160 Modern alternative to the SHA1 authentication plugin
|
|
#
|
|
source include/not_embedded.inc;
|
|
if (!$AUTH_ED25519_SO) {
|
|
skip No auth_ed25519 plugin;
|
|
}
|
|
|
|
replace_result dll so;
|
|
eval create function ed25519_password returns string soname "$AUTH_ED25519_SO";
|
|
error ER_CANT_INITIALIZE_UDF;
|
|
select ed25519_password();
|
|
error ER_CANT_INITIALIZE_UDF;
|
|
select ed25519_password(1);
|
|
error ER_CANT_INITIALIZE_UDF;
|
|
select ed25519_password("foo", "bar");
|
|
error ER_CANT_INITIALIZE_UDF;
|
|
select ed25519_password("foo");
|
|
|
|
install soname 'auth_ed25519';
|
|
select ed25519_password("foo");
|
|
select ed25519_password("foobar");
|
|
select ed25519_password("foo bar");
|
|
select ed25519_password(NULL);
|
|
|
|
replace_result dll so;
|
|
query_vertical select * from information_schema.plugins where plugin_name='ed25519';
|
|
let $pwd=`select ed25519_password("secret")`;
|
|
eval create user test1@localhost identified via ed25519 using '$pwd';
|
|
show grants for test1@localhost;
|
|
drop user test1@localhost;
|
|
create user test1@localhost identified via ed25519 using password('foo');
|
|
show grants for test1@localhost;
|
|
select ed25519_password('foo');
|
|
set password for test1@localhost = password('bar');
|
|
show create user test1@localhost;
|
|
select ed25519_password('bar');
|
|
eval set password for test1@localhost = '$pwd';
|
|
show create user test1@localhost;
|
|
|
|
replace_result $MASTER_MYPORT PORT $MASTER_MYSOCK SOCKET;
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
connect con1, localhost, test1, public;
|
|
connect con1, localhost, test1, secret;
|
|
select current_user();
|
|
disconnect con1;
|
|
connection default;
|
|
|
|
drop user test1@localhost;
|
|
uninstall plugin ed25519;
|
|
error ER_CANT_INITIALIZE_UDF;
|
|
select ed25519_password("foo");
|
|
drop function ed25519_password;
|