pluggable auth with plugin examples

Makefile.am:
  add new API files to the check_abi rule,
  remove duplicates
client/CMakeLists.txt:
  now a client can use dlopen too
client/Makefile.am:
  be csh-friendly
include/my_global.h:
  add dummy plugs for dlopen and co.
  for the code that needs them to work in static builds
mysys/Makefile.am:
  be csh-friendly
plugin/auth/dialog.c:
  typo fixed

6 files changed, 427 insertions, 1 deletions

diff --git a/include/mysql/client_plugin.h b/include/mysql/client_plugin.h
new file mode 100644
index 00000000000..5e9a337dfc6
--- /dev/null
+++ b/include/mysql/client_plugin.h
@@ -0,0 +1,164 @@
+#ifndef MYSQL_CLIENT_PLUGIN_INCLUDED
+/* Copyright (C) 2010 Sergei Golubchik and Monty Program Ab
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
+
+/**
+  @file
+
+  MySQL Client Plugin API
+
+  This file defines the API for plugins that work on the client side
+*/
+#define MYSQL_CLIENT_PLUGIN_INCLUDED
+
+#include <stdarg.h>
+#include <stdlib.h>
+
+/* known plugin types */
+#define MYSQL_CLIENT_reserved1               0
+#define MYSQL_CLIENT_reserved2               1
+#define MYSQL_CLIENT_AUTHENTICATION_PLUGIN   2
+
+#define MYSQL_CLIENT_AUTHENTICATION_PLUGIN_INTERFACE_VERSION  0x0100
+
+#define MYSQL_CLIENT_MAX_PLUGINS             3
+
+#define mysql_declare_client_plugin(X)          \
+     struct st_mysql_client_plugin_ ## X        \
+        _mysql_client_plugin_declaration_ = {   \
+          MYSQL_CLIENT_ ## X ## _PLUGIN,        \
+          MYSQL_CLIENT_ ## X ## _PLUGIN_INTERFACE_VERSION,
+#define mysql_end_client_plugin             }
+
+/* generic plugin header structure */
+#define MYSQL_CLIENT_PLUGIN_HEADER                      \
+  int type;                                             \
+  unsigned int interface_version;                       \
+  const char *name;                                     \
+  const char *author;                                   \
+  const char *desc;                                     \
+  unsigned int version[3];                              \
+  int (*init)(char *, size_t, int, va_list);            \
+  int (*deinit)();
+
+struct st_mysql_client_plugin
+{
+  MYSQL_CLIENT_PLUGIN_HEADER
+};
+
+struct st_mysql;
+
+/******** authentication plugin specific declarations *********/
+#include <mysql/plugin_auth_common.h>
+
+struct st_mysql_client_plugin_AUTHENTICATION
+{
+  MYSQL_CLIENT_PLUGIN_HEADER
+  int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, struct st_mysql *mysql);
+};
+
+/**
+  type of the mysql_authentication_dialog_ask function
+
+  @param mysql          mysql
+  @param type           type of the input
+                        1 - ordinary string input
+                        2 - password string
+  @param prompt         prompt
+  @param buf            a buffer to store the use input
+  @param buf_len        the length of the buffer
+
+  @retval               a pointer to the user input string.
+                        It may be equal to 'buf' or to 'mysql->password'.
+                        In all other cases it is assumed to be an allocated
+                        string, and the "dialog" plugin will free() it.
+*/
+typedef char *(*mysql_authentication_dialog_ask_t)(struct st_mysql *mysql,
+                      int type, const char *prompt, char *buf, int buf_len);
+/******** using plugins ************/
+
+/**
+  loads a plugin and initializes it
+
+  @param mysql  MYSQL structure. only MYSQL_PLUGIN_DIR option value is used,
+                and last_errno/last_error, for error reporting
+  @param name   a name of the plugin to load
+  @param type   type of plugin that should be loaded, -1 to disable type check
+  @param argc   number of arguments to pass to the plugin initialization
+                function
+  @param ...    arguments for the plugin initialization function
+
+  @retval
+  a pointer to the loaded plugin, or NULL in case of a failure
+*/
+struct st_mysql_client_plugin *
+mysql_load_plugin(struct st_mysql *mysql, const char *name, int type,
+                  int argc, ...);
+
+/**
+  loads a plugin and initializes it, taking va_list as an argument
+
+  This is the same as mysql_load_plugin, but take va_list instead of
+  a list of arguments.
+
+  @param mysql  MYSQL structure. only MYSQL_PLUGIN_DIR option value is used,
+                and last_errno/last_error, for error reporting
+  @param name   a name of the plugin to load
+  @param type   type of plugin that should be loaded, -1 to disable type check
+  @param argc   number of arguments to pass to the plugin initialization
+                function
+  @param args   arguments for the plugin initialization function
+
+  @retval
+  a pointer to the loaded plugin, or NULL in case of a failure
+*/
+struct st_mysql_client_plugin *
+mysql_load_plugin_v(struct st_mysql *mysql, const char *name, int type,
+                    int argc, va_list args);
+
+/**
+  finds an already loaded plugin by name, or loads it, if necessary
+
+  @param mysql  MYSQL structure. only MYSQL_PLUGIN_DIR option value is used,
+                and last_errno/last_error, for error reporting
+  @param name   a name of the plugin to load
+  @param type   type of plugin that should be loaded
+
+  @retval
+  a pointer to the plugin, or NULL in case of a failure
+*/
+struct st_mysql_client_plugin *
+mysql_client_find_plugin(struct st_mysql *mysql, const char *name, int type);
+
+/**
+  adds a plugin structure to the list of loaded plugins
+
+  This is useful if an application has the necessary functionality
+  (for example, a special load data handler) statically linked into
+  the application binary. It can use this function to register the plugin
+  directly, avoiding the need to factor it out into a shared object.
+
+  @param mysql  MYSQL structure. It is only used for error reporting
+  @param plugin an st_mysql_client_plugin structure to register
+
+  @retval
+  a pointer to the plugin, or NULL in case of a failure
+*/
+struct st_mysql_client_plugin *
+mysql_client_register_plugin(struct st_mysql *mysql,
+                             struct st_mysql_client_plugin *plugin);
+
+#endif
+
diff --git a/include/mysql/client_plugin.h.pp b/include/mysql/client_plugin.h.pp
new file mode 100644
index 00000000000..20d353422dd
--- /dev/null
+++ b/include/mysql/client_plugin.h.pp
@@ -0,0 +1,41 @@
+#include <stdarg.h>
+#include <stdlib.h>
+struct st_mysql_client_plugin
+{
+  int type; unsigned int interface_version; const char *name; const char *author; const char *desc; unsigned int version[3]; int (*init)(char *, size_t, int, va_list); int (*deinit)();
+};
+struct st_mysql;
+#include <mysql/plugin_auth_common.h>
+typedef struct st_plugin_vio_info
+{
+  enum { MYSQL_VIO_INVALID, MYSQL_VIO_TCP, MYSQL_VIO_SOCKET,
+         MYSQL_VIO_PIPE, MYSQL_VIO_MEMORY } protocol;
+  int socket;
+} MYSQL_PLUGIN_VIO_INFO;
+typedef struct st_plugin_vio
+{
+  int (*read_packet)(struct st_plugin_vio *vio,
+                     unsigned char **buf);
+  int (*write_packet)(struct st_plugin_vio *vio,
+                      const unsigned char *packet,
+                      int packet_len);
+  void (*info)(struct st_plugin_vio *vio, struct st_plugin_vio_info *info);
+} MYSQL_PLUGIN_VIO;
+struct st_mysql_client_plugin_AUTHENTICATION
+{
+  int type; unsigned int interface_version; const char *name; const char *author; const char *desc; unsigned int version[3]; int (*init)(char *, size_t, int, va_list); int (*deinit)();
+  int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, struct st_mysql *mysql);
+};
+typedef char *(*mysql_authentication_dialog_ask_t)(struct st_mysql *mysql,
+                      int type, const char *prompt, char *buf, int buf_len);
+struct st_mysql_client_plugin *
+mysql_load_plugin(struct st_mysql *mysql, const char *name, int type,
+                  int argc, ...);
+struct st_mysql_client_plugin *
+mysql_load_plugin_v(struct st_mysql *mysql, const char *name, int type,
+                    int argc, va_list args);
+struct st_mysql_client_plugin *
+mysql_client_find_plugin(struct st_mysql *mysql, const char *name, int type);
+struct st_mysql_client_plugin *
+mysql_client_register_plugin(struct st_mysql *mysql,
+                             struct st_mysql_client_plugin *plugin);
diff --git a/include/mysql/plugin.h b/include/mysql/plugin.h
index 5ac0472fc5f..83f6f163e6e 100644
--- a/include/mysql/plugin.h
+++ b/include/mysql/plugin.h
@@ -67,7 +67,10 @@ typedef struct st_mysql_xid MYSQL_XID;
 #define MYSQL_FTPARSER_PLUGIN        2  /* Full-text parser plugin      */
 #define MYSQL_DAEMON_PLUGIN          3  /* The daemon/raw plugin type */
 #define MYSQL_INFORMATION_SCHEMA_PLUGIN  4  /* The I_S plugin type */
-#define MYSQL_MAX_PLUGIN_TYPE_NUM    5  /* The number of plugin types   */
+#define MYSQL_AUDIT_PLUGIN           5  /* The Audit plugin type        */
+#define MYSQL_REPLICATION_PLUGIN     6	/* The replication plugin type */
+#define MYSQL_AUTHENTICATION_PLUGIN  7  /* The authentication plugin type */
+#define MYSQL_MAX_PLUGIN_TYPE_NUM    8  /* The number of plugin types   */
 
 /* We use the following strings to define licenses for plugins */
 #define PLUGIN_LICENSE_PROPRIETARY 0
diff --git a/include/mysql/plugin_auth.h b/include/mysql/plugin_auth.h
new file mode 100644
index 00000000000..2b84a6c73af
--- /dev/null
+++ b/include/mysql/plugin_auth.h
@@ -0,0 +1,83 @@
+#ifndef MYSQL_PLUGIN_AUTH_INCLUDED
+/* Copyright (C) 2010 Sergei Golubchik and Monty Program Ab
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
+
+/**
+  @file
+
+  Authentication Plugin API.
+
+  This file defines the API for server authentication plugins.
+*/
+
+#define MYSQL_PLUGIN_AUTH_INCLUDED
+
+#include <mysql/plugin.h>
+
+#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0100
+
+#include <mysql/plugin_auth_common.h>
+
+/**
+  Provides server plugin access to authentication information
+*/
+typedef struct st_mysql_server_auth_info
+{
+  /**
+    User name as sent by the client and shown in USER().
+    NULL if the client packet with the user name was not received yet.
+  */
+  const char *user_name;
+  /**
+    A corresponding column value from the mysql.user table for the
+    matching account name
+  */
+  const char *auth_string;
+
+  /**
+    Matching account name as found in the mysql.user table.
+    A plugin can override it with another name that will be
+    used by MySQL for authorization, and shown in CURRENT_USER()
+  */
+  char authenticated_as[MYSQL_USERNAME_LENGTH+1]; 
+  /**
+    This only affects the "Authentication failed. Password used: %s"
+    error message. If set, %s will be YES, otherwise - NO.
+    Set it as appropriate or ignore at will.
+  */
+  int  password_used;
+} MYSQL_SERVER_AUTH_INFO;
+
+/**
+  Server authentication plugin descriptor
+*/
+struct st_mysql_auth
+{
+  int interface_version;                        /**< version plugin uses */
+  /**
+    A plugin that a client must use for authentication with this server
+    plugin. Can be NULL to mean "any plugin".
+  */
+  const char *client_auth_plugin;
+  /**
+    Function provided by the plugin which should perform authentication (using
+    the vio functions if necessary) and return 0 if successful. The plugin can
+    also fill the info.authenticated_as field if a different username should be
+    used for authorization.
+  */
+  int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info);
+};
+#endif
+
diff --git a/include/mysql/plugin.h.pp b/include/mysql/plugin_auth.h.pp
index c5c520dfe51..9ab379a1f0f 100644
--- a/include/mysql/plugin.h.pp
+++ b/include/mysql/plugin_auth.h.pp
@@ -1,3 +1,4 @@
+#include <mysql/plugin.h>
 #include <mysql/services.h>
 #include <mysql/service_my_snprintf.h>
 #include <stdarg.h>
@@ -161,3 +162,32 @@ void thd_get_xid(const void* thd, MYSQL_XID *xid);
 void mysql_query_cache_invalidate4(void* thd,
                                    const char *key, unsigned int key_length,
                                    int using_trx);
+#include <mysql/plugin_auth_common.h>
+typedef struct st_plugin_vio_info
+{
+  enum { MYSQL_VIO_INVALID, MYSQL_VIO_TCP, MYSQL_VIO_SOCKET,
+         MYSQL_VIO_PIPE, MYSQL_VIO_MEMORY } protocol;
+  int socket;
+} MYSQL_PLUGIN_VIO_INFO;
+typedef struct st_plugin_vio
+{
+  int (*read_packet)(struct st_plugin_vio *vio,
+                     unsigned char **buf);
+  int (*write_packet)(struct st_plugin_vio *vio,
+                      const unsigned char *packet,
+                      int packet_len);
+  void (*info)(struct st_plugin_vio *vio, struct st_plugin_vio_info *info);
+} MYSQL_PLUGIN_VIO;
+typedef struct st_mysql_server_auth_info
+{
+  const char *user_name;
+  const char *auth_string;
+  char authenticated_as[48 +1];
+  int password_used;
+} MYSQL_SERVER_AUTH_INFO;
+struct st_mysql_auth
+{
+  int interface_version;
+  const char *client_auth_plugin;
+  int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info);
+};
diff --git a/include/mysql/plugin_auth_common.h b/include/mysql/plugin_auth_common.h
new file mode 100644
index 00000000000..b71591d6eb6
--- /dev/null
+++ b/include/mysql/plugin_auth_common.h
@@ -0,0 +1,105 @@
+#ifndef MYSQL_PLUGIN_AUTH_COMMON_INCLUDED
+/* Copyright (C) 2010 Sergei Golubchik and Monty Program Ab
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
+
+/**
+  @file
+
+  This file defines constants and data structures that are the same for
+  both client- and server-side authentication plugins.
+*/
+#define MYSQL_PLUGIN_AUTH_COMMON_INCLUDED
+
+/** the max allowed length for a user name */
+#define MYSQL_USERNAME_LENGTH 48
+
+/**
+  return values of the plugin authenticate_user() method.
+*/
+
+/**
+  Authentication failed. Additionally, all other CR_xxx values
+  (libmysql error code) can be used too.
+
+  The client plugin may set the error code and the error message directly
+  in the MYSQL structure and return CR_ERROR. If a CR_xxx specific error
+  code was returned, an error message in the MYSQL structure will be
+  overwritten. If CR_ERROR is returned without setting the error in MYSQL,
+  CR_UNKNOWN_ERROR will be user.
+*/
+#define CR_ERROR 0
+/**
+  Authentication (client part) was successful. It does not mean that the
+  authentication as a whole was successful, usually it only means
+  that the client was able to send the user name and the password to the
+  server. If CR_OK is returned, the libmysql reads the next packet expecting
+  it to be one of OK, ERROR, or CHANGE_PLUGIN packets.
+*/
+#define CR_OK -1
+/**
+  Authentication was successful.
+  It means that the client has done its part successfully and also that
+  a plugin has read the last packet (one of OK, ERROR, CHANGE_PLUGIN).
+  In this case, libmysql will not read a packet from the server,
+  but it will use the data at mysql->net.read_pos.
+
+  A plugin may return this value if the number of roundtrips in the
+  authentication protocol is not known in advance, and the client plugin
+  needs to read one packet more to determine if the authentication is finished
+  or not.
+*/
+#define CR_OK_HANDSHAKE_COMPLETE -2
+
+typedef struct st_plugin_vio_info
+{
+  enum { MYSQL_VIO_INVALID, MYSQL_VIO_TCP, MYSQL_VIO_SOCKET,
+         MYSQL_VIO_PIPE, MYSQL_VIO_MEMORY } protocol;
+  int socket;     /**< it's set, if the protocol is SOCKET or TCP */
+#ifdef _WIN32
+  HANDLE handle;  /**< it's set, if the protocol is PIPE or MEMORY */
+#endif
+} MYSQL_PLUGIN_VIO_INFO;
+
+/**
+  Provides plugin access to communication channel
+*/
+typedef struct st_plugin_vio
+{
+  /**
+    Plugin provides a pointer reference and this function sets it to the
+    contents of any incoming packet. Returns the packet length, or -1 if
+    the plugin should terminate.
+  */
+  int (*read_packet)(struct st_plugin_vio *vio, 
+                     unsigned char **buf);
+  
+  /**
+    Plugin provides a buffer with data and the length and this
+    function sends it as a packet. Returns 0 on success, 1 on failure.
+  */
+  int (*write_packet)(struct st_plugin_vio *vio, 
+                      const unsigned char *packet, 
+                      int packet_len);
+
+  /**
+    Fills in a st_plugin_vio_info structure, providing the information
+    about the connection.
+  */
+  void (*info)(struct st_plugin_vio *vio, struct st_plugin_vio_info *info);
+
+} MYSQL_PLUGIN_VIO;
+
+#endif
+