MDEV-4307 Support at least 48 utf8 characters in username in server and PAM

Extend plugin auth api to support up to 512 bytes in the user names.
Use the API versioning to support old auth plugins too!

11 files changed, 226 insertions, 11 deletions

diff --git a/include/mysql/plugin_auth.h b/include/mysql/plugin_auth.h
index 75e7fba5266..156fb386aae 100644
--- a/include/mysql/plugin_auth.h
+++ b/include/mysql/plugin_auth.h
@@ -27,7 +27,7 @@
 
 #include <mysql/plugin.h>
 
-#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0100
+#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0200
 
 #include <mysql/plugin_auth_common.h>
 
@@ -78,7 +78,7 @@ typedef struct st_mysql_server_auth_info
     Not used by the server.
     Available through the @@EXTERNAL_USER variable.
   */  
-  char external_user[512];
+  char external_user[MYSQL_USERNAME_LENGTH+1];
 
   /**
     This only affects the "Authentication failed. Password used: %s"
diff --git a/include/mysql/plugin_auth.h.pp b/include/mysql/plugin_auth.h.pp
index 23153198a7d..55b6055ef2f 100644
--- a/include/mysql/plugin_auth.h.pp
+++ b/include/mysql/plugin_auth.h.pp
@@ -266,8 +266,8 @@ typedef struct st_mysql_server_auth_info
   unsigned int user_name_length;
   const char *auth_string;
   unsigned long auth_string_length;
-  char authenticated_as[48 +1];
-  char external_user[512];
+  char authenticated_as[512 +1];
+  char external_user[512 +1];
   int password_used;
   const char *host_or_ip;
   unsigned int host_or_ip_length;
diff --git a/include/mysql/plugin_auth_common.h b/include/mysql/plugin_auth_common.h
index 820d299bf88..c0b61730d0d 100644
--- a/include/mysql/plugin_auth_common.h
+++ b/include/mysql/plugin_auth_common.h
@@ -28,7 +28,7 @@
 #define MYSQL_PLUGIN_AUTH_COMMON_INCLUDED
 
 /** the max allowed length for a user name */
-#define MYSQL_USERNAME_LENGTH 48
+#define MYSQL_USERNAME_LENGTH 512
 
 /**
   return values of the plugin authenticate_user() method.
diff --git a/mysql-test/suite/plugins/r/auth_v0100.result b/mysql-test/suite/plugins/r/auth_v0100.result
new file mode 100644
index 00000000000..53affc94947
--- /dev/null
+++ b/mysql-test/suite/plugins/r/auth_v0100.result
@@ -0,0 +1,18 @@
+install soname 'auth_0x0100';
+select plugin_name, plugin_type_version from information_schema.plugins where plugin_type='authentication' order by plugin_name;
+plugin_name	plugin_type_version
+auth_0x0100	1.0
+mysql_native_password	2.0
+mysql_old_password	2.0
+create user tt identified via auth_0x0100;
+grant select on test.* to zzzzzzzzzzzzzzzz;
+connect(localhost,tt,,test,MASTER_MYPORT,MASTER_MYSOCK);
+ERROR 28000: Access denied for user 'tt'@'localhost' (using password: YES)
+grant proxy on zzzzzzzzzzzzzzzz to tt;
+select user(), current_user(), @@external_user;
+user()	tt@localhost
+current_user()	zzzzzzzzzzzzzzzz@%
+@@external_user	oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo.
+drop user tt;
+drop user zzzzzzzzzzzzzzzz;
+uninstall plugin auth_0x0100;
diff --git a/mysql-test/suite/plugins/t/auth_v0100.test b/mysql-test/suite/plugins/t/auth_v0100.test
new file mode 100644
index 00000000000..3cf93ba67f2
--- /dev/null
+++ b/mysql-test/suite/plugins/t/auth_v0100.test
@@ -0,0 +1,26 @@
+--source include/not_embedded.inc
+
+if (!$AUTH_0X0100_SO) {
+  skip No auth_0x0100 plugin;
+}
+
+install soname 'auth_0x0100';
+
+select plugin_name, plugin_type_version from information_schema.plugins where plugin_type='authentication' order by plugin_name;
+
+create user tt identified via auth_0x0100;
+grant select on test.* to zzzzzzzzzzzzzzzz;
+
+--replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT
+--error ER_ACCESS_DENIED_ERROR
+connect (c0,localhost,tt);
+
+grant proxy on zzzzzzzzzzzzzzzz to tt;
+connect (c1,localhost,tt);
+connection c1;
+
+--query_vertical select user(), current_user(), @@external_user
+connection default;
+drop user tt;
+drop user zzzzzzzzzzzzzzzz;
+uninstall plugin auth_0x0100;
diff --git a/plugin/auth_examples/CMakeLists.txt b/plugin/auth_examples/CMakeLists.txt
index fb27289770f..f6c2b637067 100644
--- a/plugin/auth_examples/CMakeLists.txt
+++ b/plugin/auth_examples/CMakeLists.txt
@@ -27,5 +27,7 @@ MYSQL_ADD_PLUGIN(qa_auth_server qa_auth_server.c
 MYSQL_ADD_PLUGIN(qa_auth_client qa_auth_client.c
   MODULE_ONLY COMPONENT Test)
 
+MYSQL_ADD_PLUGIN(auth_0x0100 auth_0x0100.c MODULE_ONLY COMPONENT Test)
+
 MYSQL_ADD_PLUGIN(mysql_clear_password clear_password_client.c
   MODULE_ONLY COMPONENT SharedLibraries)
diff --git a/plugin/auth_examples/auth_0x0100.c b/plugin/auth_examples/auth_0x0100.c
new file mode 100644
index 00000000000..d1373b8a0b4
--- /dev/null
+++ b/plugin/auth_examples/auth_0x0100.c
@@ -0,0 +1,91 @@
+/* Copyright (C) 2013 Sergei Golubchik and Monty Program Ab
+
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; version 2 of the
+    License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+/**
+  @file
+
+  auth plugin that uses old structures as of
+  MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0100
+
+  To test the old version support.
+  It intentionally uses no constants like CR_OK ok PASSWORD_USED_YES.
+*/
+
+#include <mysql/plugin.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#if 0
+#include <mysql/plugin_auth.h>
+#else
+#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0100
+typedef void MYSQL_PLUGIN_VIO; /* we don't use it here */
+
+typedef struct st_mysql_server_auth_info
+{
+  char *user_name;
+  unsigned int user_name_length;
+  const char *auth_string;
+  unsigned long auth_string_length;
+  char authenticated_as[49]; 
+  char external_user[512];
+  int  password_used;
+  const char *host_or_ip;
+  unsigned int host_or_ip_length;
+} MYSQL_SERVER_AUTH_INFO;
+
+struct st_mysql_auth
+{
+  int interface_version;
+  const char *client_auth_plugin;
+  int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info);
+};
+#endif
+
+static int do_auth_0x0100(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
+{
+  info->password_used= 1;
+  strcpy(info->authenticated_as, "zzzzzzzzzzzzzzzz");
+  memset(info->external_user, 'o', 510);
+  info->external_user[510]='.';
+  info->external_user[511]=0;
+  return vio ? -1 : 0; /* use vio to avoid the 'unused' warning */
+}
+
+static struct st_mysql_auth auth_0x0100_struct=
+{
+  MYSQL_AUTHENTICATION_INTERFACE_VERSION, 0, do_auth_0x0100
+};
+
+maria_declare_plugin(auth_0x0100)
+{
+  MYSQL_AUTHENTICATION_PLUGIN,
+  &auth_0x0100_struct,
+  "auth_0x0100",
+  "Sergei Golubchik",
+  "Test for API 0x0100 support",
+  PLUGIN_LICENSE_GPL,
+  NULL,
+  NULL,
+  0x0100,
+  NULL,
+  NULL,
+  "1.0",
+  MariaDB_PLUGIN_MATURITY_EXPERIMENTAL,
+}
+maria_declare_plugin_end;
+
diff --git a/sql-common/client.c b/sql-common/client.c
index c257c7c96a7..3119236ef2d 100644
--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -2572,8 +2572,6 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
 		     mysql->server_version, mysql->server_capabilities,
 		     mysql->server_status, mysql->client_flag));
 
-  compile_time_assert(MYSQL_USERNAME_LENGTH == USERNAME_LENGTH);
-
   /* This needs to be changed as it's not useful with big packets */
   if (mysql->user[0])
     strmake(end, mysql->user, USERNAME_LENGTH);
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 04d797b3ba1..d1cdf35bb5a 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -52,6 +52,8 @@
 #include "sql_db.h"
 #include "sql_array.h"
 
+#include "sql_plugin_compat.h"
+
 bool mysql_user_table_is_in_short_password_format= false;
 
 static const
@@ -9027,7 +9029,20 @@ static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name,
   if (plugin)
   {
     st_mysql_auth *auth= (st_mysql_auth *) plugin_decl(plugin)->info;
-    res= auth->authenticate_user(mpvio, &mpvio->auth_info);
+    switch (auth->interface_version) {
+    case 0x0200:
+      res= auth->authenticate_user(mpvio, &mpvio->auth_info);
+      break;
+    case 0x0100:
+      {
+        MYSQL_SERVER_AUTH_INFO_0x0100 compat;
+        compat.downgrade(&mpvio->auth_info);
+        res= auth->authenticate_user(mpvio, (MYSQL_SERVER_AUTH_INFO *)&compat);
+        compat.upgrade(&mpvio->auth_info);
+      }
+      break;
+    default: DBUG_ASSERT(0);
+    }
 
     if (unlock_plugin)
       plugin_unlock(thd, plugin);
@@ -9078,8 +9093,6 @@ bool acl_authenticate(THD *thd, uint connect_errors,
                                                              : COM_CONNECT;
   DBUG_ENTER("acl_authenticate");
 
-  compile_time_assert(MYSQL_USERNAME_LENGTH == USERNAME_LENGTH);
-
   bzero(&mpvio, sizeof(mpvio));
   mpvio.read_packet= server_mpvio_read_packet;
   mpvio.write_packet= server_mpvio_write_packet;
diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc
index bf3537c0ed9..f540431b4e9 100644
--- a/sql/sql_plugin.cc
+++ b/sql/sql_plugin.cc
@@ -35,6 +35,8 @@
 #include <mysql/plugin_auth.h>
 #include "lock.h"                               // MYSQL_LOCK_IGNORE_TIMEOUT
 #include <mysql/plugin_auth.h>
+#include "sql_plugin_compat.h"
+
 #define REPORT_TO_LOG  1
 #define REPORT_TO_USER 2
 
@@ -135,7 +137,7 @@ static int min_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]=
   MYSQL_INFORMATION_SCHEMA_INTERFACE_VERSION,
   MYSQL_AUDIT_INTERFACE_VERSION,
   MYSQL_REPLICATION_INTERFACE_VERSION,
-  MYSQL_AUTHENTICATION_INTERFACE_VERSION
+  MIN_AUTHENTICATION_INTERFACE_VERSION
 };
 static int cur_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]=
 {
diff --git a/sql/sql_plugin_compat.h b/sql/sql_plugin_compat.h
new file mode 100644
index 00000000000..8c6014f8dc6
--- /dev/null
+++ b/sql/sql_plugin_compat.h
@@ -0,0 +1,65 @@
+/* Copyright (C) 2013 Sergei Golubchik and Monty Program Ab
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+/* old plugin api structures, used for backward compatibility */
+
+#define upgrade_var(X) latest->X= X
+#define upgrade_str(X) strmake(latest->X, X, sizeof(X))
+#define downgrade_var(X) X= latest->X
+#define downgrade_str(X) strmake(X, latest->X, sizeof(X)-1)
+
+/**************************************************************/
+/* Authentication API, version 0x0100 *************************/
+#define MIN_AUTHENTICATION_INTERFACE_VERSION 0x0100
+
+struct MYSQL_SERVER_AUTH_INFO_0x0100 {
+  char *user_name;
+  unsigned int user_name_length;
+  const char *auth_string;
+  unsigned long auth_string_length;
+  char authenticated_as[49]; 
+  char external_user[512];
+  int  password_used;
+  const char *host_or_ip;
+  unsigned int host_or_ip_length;
+
+  void upgrade(MYSQL_SERVER_AUTH_INFO *latest)
+  {
+    upgrade_var(user_name);
+    upgrade_var(user_name_length);
+    upgrade_var(auth_string);
+    upgrade_var(auth_string_length);
+    upgrade_str(authenticated_as);
+    upgrade_str(external_user);
+    upgrade_var(password_used);
+    upgrade_var(host_or_ip);
+    upgrade_var(host_or_ip_length);
+  }
+  void downgrade(MYSQL_SERVER_AUTH_INFO *latest)
+  {
+    downgrade_var(user_name);
+    downgrade_var(user_name_length);
+    downgrade_var(auth_string);
+    downgrade_var(auth_string_length);
+    downgrade_str(authenticated_as);
+    downgrade_str(external_user);
+    downgrade_var(password_used);
+    downgrade_var(host_or_ip);
+    downgrade_var(host_or_ip_length);
+  }
+};
+
+/**************************************************************/
+