mirror of
https://github.com/MariaDB/server.git
synced 2025-12-01 17:39:21 +03:00
c94ec9fc67
Revert the side effect of 7c40996cc8.
Do not convert password hash to its binary representation when a user
entry is loaded. Do it lazily on the first authenticatation attempt.
As a collateral - force all authentication plugins to follow the
protocol and read_packet at least once before accessing info->username
(username is not available before first client handshake packet is read).
Fix PAM and GSSAPI plugins to behave.
87 lines
2.1 KiB
C
87 lines
2.1 KiB
C
/*
|
|
Copyright (c) 2011, 2018 MariaDB Corporation
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; version 2 of the License.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */
|
|
|
|
#include <mysql/plugin_auth.h>
|
|
|
|
struct param {
|
|
unsigned char buf[10240], *ptr, *cached;
|
|
int cached_len;
|
|
MYSQL_PLUGIN_VIO *vio;
|
|
};
|
|
|
|
static int roundtrip(struct param *param, const unsigned char *buf,
|
|
int buf_len, unsigned char **pkt)
|
|
{
|
|
if (param->cached && (buf[0] >> 1) == 2)
|
|
{
|
|
*pkt= param->cached;
|
|
param->cached= NULL;
|
|
return param->cached_len;
|
|
}
|
|
param->cached= NULL;
|
|
if (param->vio->write_packet(param->vio, buf, buf_len))
|
|
return -1;
|
|
return param->vio->read_packet(param->vio, pkt);
|
|
}
|
|
|
|
#include "auth_pam_base.c"
|
|
|
|
static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
|
|
{
|
|
struct param param;
|
|
param.vio = vio;
|
|
|
|
/* no user name yet ? read the client handshake packet with the user name */
|
|
if (info->user_name == 0)
|
|
{
|
|
if ((param.cached_len= vio->read_packet(vio, ¶m.cached) < 0))
|
|
return CR_ERROR;
|
|
}
|
|
else
|
|
param.cached= NULL;
|
|
|
|
return pam_auth_base(¶m, info);
|
|
}
|
|
|
|
|
|
#include "auth_pam_common.c"
|
|
|
|
|
|
static int init(void *p __attribute__((unused)))
|
|
{
|
|
if (use_cleartext_plugin)
|
|
info.client_auth_plugin= "mysql_clear_password";
|
|
return 0;
|
|
}
|
|
|
|
maria_declare_plugin(pam)
|
|
{
|
|
MYSQL_AUTHENTICATION_PLUGIN,
|
|
&info,
|
|
"pam",
|
|
"Sergei Golubchik",
|
|
"PAM based authentication",
|
|
PLUGIN_LICENSE_GPL,
|
|
init,
|
|
NULL,
|
|
0x0100,
|
|
NULL,
|
|
vars,
|
|
"1.0",
|
|
MariaDB_PLUGIN_MATURITY_STABLE
|
|
}
|
|
maria_declare_plugin_end;
|