WL#1054: Pluggable authentication support

Merged the implementation to a new base tree.

6 files changed, 678 insertions, 0 deletions

diff --git a/plugin/auth/CMakeLists.txt b/plugin/auth/CMakeLists.txt
new file mode 100644
index 00000000000..d616d91bc47
--- /dev/null
+++ b/plugin/auth/CMakeLists.txt
@@ -0,0 +1,32 @@
+# Copyright (C) 2010 Sun Microsystems, Inc
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA 
+
+MYSQL_ADD_PLUGIN(auth dialog.c 
+  MODULE_ONLY)
+MYSQL_ADD_PLUGIN(auth_test_plugin test_plugin.c 
+  MODULE_ONLY)
+
+CHECK_CXX_SOURCE_COMPILES(
+"#define _GNU_SOURCE
+#include <sys/socket.h>
+int main() {
+  struct ucred cred;
+  getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, 0);
+}" HAVE_PEERCRED)
+
+IF(HAVE_PEERCRED)
+  MYSQL_ADD_PLUGIN(auth_socket auth_socket.c
+    MODULE_ONLY)
+ENDIF()
diff --git a/plugin/auth/Makefile.am b/plugin/auth/Makefile.am
new file mode 100644
index 00000000000..ed459b7b2b1
--- /dev/null
+++ b/plugin/auth/Makefile.am
@@ -0,0 +1,16 @@
+pkgplugindir=$(pkglibdir)/plugin
+
+AM_LDFLAGS=-module -rpath $(pkgplugindir)
+AM_CPPFLAGS=-DMYSQL_DYNAMIC_PLUGIN -Wno-pointer-sign -I$(top_srcdir)/include
+
+pkgplugin_LTLIBRARIES=  auth.la auth_test_plugin.la
+auth_la_SOURCES= dialog.c
+auth_test_plugin_la_SOURCES= test_plugin.c
+
+if HAVE_PEERCRED
+pkgplugin_LTLIBRARIES+= auth_socket.la
+auth_socket_la_SOURCES= auth_socket.c
+endif
+
+EXTRA_DIST= plug.in
+
diff --git a/plugin/auth/auth_socket.c b/plugin/auth/auth_socket.c
new file mode 100644
index 00000000000..2e584e760c7
--- /dev/null
+++ b/plugin/auth/auth_socket.c
@@ -0,0 +1,93 @@
+/* Copyright (C) 2010 Sun Microsystems, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
+
+/**
+  @file
+
+  socket_peercred authentication plugin.
+
+  Authentication is successful if the connection is done via a unix socket and
+  the owner of the client process matches the user name that was used when
+  connecting to mysqld.
+*/
+#define _GNU_SOURCE /* for struct ucred */
+
+#include <mysql/plugin_auth.h>
+#include <sys/socket.h>
+#include <pwd.h>
+#include <string.h>
+
+static int socket_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
+{
+  unsigned char *pkt;
+  MYSQL_PLUGIN_VIO_INFO vio_info;
+  struct ucred cred;
+  socklen_t cred_len= sizeof(cred);
+  struct passwd pwd_buf, *pwd;
+  char buf[1024];
+
+  /* no user name yet ? read the client handshake packet with the user name */
+  if (info->user_name == 0)
+  {
+    if (vio->read_packet(vio, &pkt) < 0)
+      return CR_ERROR;
+  }
+
+  info->password_used = 2;
+
+  vio->info(vio, &vio_info);
+  if (vio_info.protocol != MYSQL_VIO_SOCKET)
+    return CR_ERROR;
+
+  /* get the UID of the client process */
+  if (getsockopt(vio_info.socket, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len))
+    return CR_ERROR;
+
+  if (cred_len != sizeof(cred))
+    return CR_ERROR;
+
+  /* and find the username for this uid */
+  getpwuid_r(cred.uid, &pwd_buf, buf, sizeof(buf), &pwd);
+  if (pwd == NULL)
+    return CR_ERROR;
+
+  /* now it's simple as that */
+  return strcmp(pwd->pw_name, info->user_name) ? CR_ERROR : CR_OK;
+}
+
+static struct st_mysql_auth socket_auth_handler=
+{
+  MYSQL_AUTHENTICATION_INTERFACE_VERSION,
+  0,
+  socket_auth
+};
+
+mysql_declare_plugin(socket_auth)
+{
+  MYSQL_AUTHENTICATION_PLUGIN,
+  &socket_auth_handler,
+  "socket_peercred",
+  "Sergei Golubchik",
+  "Unix Socket based authentication",
+  PLUGIN_LICENSE_GPL,
+  NULL,
+  NULL,
+  0x0100,
+  NULL,
+  NULL,
+  NULL
+}
+mysql_declare_plugin_end;
+
diff --git a/plugin/auth/dialog.c b/plugin/auth/dialog.c
new file mode 100644
index 00000000000..157158abb2a
--- /dev/null
+++ b/plugin/auth/dialog.c
@@ -0,0 +1,325 @@
+/* Copyright (C) 2010 Sun Microsystems, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
+
+/**
+  @file
+
+  dialog client authentication plugin with examples
+
+  dialog is a general purpose client authentication plugin, it simply
+  asks the user the question, as provided by the server and reports
+  the answer back to the server. No encryption is involved,
+  the answers are sent in clear text.
+
+  Two examples are provided: two_questions server plugin, that asks
+  the password and an "Are you sure?" question with a reply "yes, of course".
+  It demonstrates the usage of "password" (input is hidden) and "ordinary"
+  (input can be echoed) questions, and how to mark the last question,
+  to avoid an extra roundtrip.
+
+  And three_attempts plugin that gives the user three attempts to enter
+  a correct password. It shows the situation when a number of questions
+  is not known in advance.
+*/
+#if defined (WIN32) && !defined (RTLD_DEFAULT)
+# define RTLD_DEFAULT GetModuleHandle(NULL)
+#endif
+
+#include <my_global.h>
+#include <mysql.h>
+#include <mysql/plugin_auth.h>
+#include <mysql/client_plugin.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#if !defined (_GNU_SOURCE)
+# define _GNU_SOURCE /* for RTLD_DEFAULT */
+#endif
+
+/**
+  first byte of the question string is the question "type".
+  It can be a "ordinary" or a "password" question.
+  The last bit set marks a last question in the authentication exchange.
+*/
+#define ORDINARY_QUESTION       "\2"
+#define LAST_QUESTION           "\3"
+#define PASSWORD_QUESTION       "\4"
+#define LAST_PASSWORD           "\5"
+
+/********************* SERVER SIDE ****************************************/
+
+/**
+  dialog demo with two questions, one password and one, the last, ordinary.
+*/
+static int two_questions(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
+{
+  unsigned char *pkt;
+  int pkt_len;
+
+  /* send a password question */
+  if (vio->write_packet(vio, (const unsigned char *) PASSWORD_QUESTION "Password, please:", 18))
+    return CR_ERROR;
+
+  /* read the answer */
+  if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
+    return CR_ERROR;
+
+  info->password_used = 1;
+
+  /* fail if the password is wrong */
+  if (strcmp((const char *)pkt, info->auth_string))
+    return CR_ERROR;
+
+  /* send the last, ordinary, question */
+  if (vio->write_packet(vio, (const unsigned char *) LAST_QUESTION "Are you sure ?", 15))
+    return CR_ERROR;
+
+  /* read the answer */
+  if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
+    return CR_ERROR;
+
+  /* check the reply */
+  return strcmp((const char *)pkt, "yes, of course") ? CR_ERROR : CR_OK;
+}
+
+static struct st_mysql_auth two_handler=
+{
+  MYSQL_AUTHENTICATION_INTERFACE_VERSION,
+  "dialog", /* requires dialog client plugin */
+  two_questions
+};
+
+/* dialog demo where the number of questions is not known in advance */
+static int three_attempts(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
+{
+  unsigned char *pkt;
+  int pkt_len, i;
+
+  for (i= 0; i < 3; i++)
+  {
+    /* send the prompt */
+    if (vio->write_packet(vio, 
+		(const unsigned char *) PASSWORD_QUESTION "Password, please:", 18))
+      return CR_ERROR;
+
+    /* read the password */
+    if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
+      return CR_ERROR;
+
+    info->password_used = 1;
+
+    /*
+      finish, if the password is correct.
+      note, that we did not mark the prompt packet as "last"
+    */
+    if (strcmp((const char *) pkt, info->auth_string) == 0)
+      return CR_OK;
+  }
+
+  return CR_ERROR;
+}
+
+static struct st_mysql_auth three_handler=
+{
+  MYSQL_AUTHENTICATION_INTERFACE_VERSION,
+  "dialog", /* requires dialog client plugin */
+  three_attempts 
+};
+
+mysql_declare_plugin(dialog)
+{
+  MYSQL_AUTHENTICATION_PLUGIN,
+  &two_handler,
+  "two_questions",
+  "Sergei Golubchik",
+  "Dialog plugin demo 1",
+  PLUGIN_LICENSE_GPL,
+  NULL,
+  NULL,
+  0x0100,
+  NULL,
+  NULL,
+  NULL
+},
+{
+  MYSQL_AUTHENTICATION_PLUGIN,
+  &three_handler,
+  "three_attempts",
+  "Sergei Golubchik",
+  "Dialog plugin demo 2",
+  PLUGIN_LICENSE_GPL,
+  NULL,
+  NULL,
+  0x0100,
+  NULL,
+  NULL,
+  NULL
+}
+mysql_declare_plugin_end;
+
+/********************* CLIENT SIDE ***************************************/
+/*
+  This plugin performs a dialog with the user, asking questions and
+  reading answers. Depending on the client it may be desirable to do it
+  using GUI, or console, with or without curses, or read answers
+  from a smardcard, for example.
+
+  To support all this variety, the dialog plugin has a callback function
+  "authentication_dialog_ask". If the client has a function of this name
+  dialog plugin will use it for communication with the user. Otherwise
+  a default gets() based implementation will be used.
+*/
+
+/**
+  type of the mysql_authentication_dialog_ask function
+
+  @param mysql          mysql
+  @param type           type of the input
+                        1 - ordinary string input
+                        2 - password string
+  @param prompt         prompt
+  @param buf            a buffer to store the use input
+  @param buf_len        the length of the buffer
+
+  @retval               a pointer to the user input string.
+                        It may be equal to 'buf' or to 'mysql->password'.
+                        In all other cases it is assumed to be an allocated
+                        string, and the "dialog" plugin will free() it.
+*/
+typedef char *(*mysql_authentication_dialog_ask_t)(struct st_mysql *mysql,
+                      int type, const char *prompt, char *buf, int buf_len);
+
+static mysql_authentication_dialog_ask_t ask;
+
+static char *builtin_ask(MYSQL *mysql __attribute__((unused)),
+                         int type __attribute__((unused)),
+                         const char *prompt,
+                         char *buf, int buf_len __attribute__((unused)))
+{
+  fputs(prompt, stdout);
+  fputc(' ', stdout);
+  if (gets(buf) == 0)
+    return 0;
+
+  return buf;
+}
+
+/**
+  The main function of the dialog plugin.
+
+  Read the prompt, ask the question, send the reply, repeat until
+  the server is satisfied.
+
+  @note
+   1. this plugin shows how a client authentication plugin
+      may read a MySQL protocol OK packet internally - which is important
+      where a number of packets is not known in advance.
+   2. the first byte of the prompt is special. it is not
+      shown to the user, but signals whether it is the last question
+      (prompt[0] & 1 == 1) or not last (prompt[0] & 1 == 0),
+      and whether the input is a password (not echoed).
+   3. the prompt is expected to be sent zero-terminated
+*/
+static int perform_dialog(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
+{
+  unsigned char *pkt, cmd= 0;
+  int pkt_len, res;
+  char reply_buf[1024], *reply;
+
+  do
+  {
+    /* read the prompt */
+    pkt_len= vio->read_packet(vio, &pkt);
+    if (pkt_len < 0)
+      return CR_ERROR;
+
+    if (pkt == 0)
+    {
+      /*
+        in mysql_change_user() the client sends the first packet, so
+        the first vio->read_packet() does nothing (pkt == 0).
+
+        We send the "password", assuming the client knows what its doing.
+        (in other words, the dialog plugin should be only set as a default
+        authentication plugin on the client if the first question
+        asks for a password - which will be sent in clear text, by the way)
+      */
+      reply= mysql->passwd;
+    }
+    else
+    {
+      cmd= *pkt++;
+
+      /* is it MySQL protocol packet ? */
+      if (cmd == 0 || cmd == 254)
+        return CR_OK_HANDSHAKE_COMPLETE; /* yes. we're done */
+
+      /*
+        asking for a password with an empty prompt means mysql->password
+        otherwise we ask the user and read the reply
+      */
+      if ((cmd >> 1) == 2 && *pkt == 0)
+        reply= mysql->passwd;
+      else
+        reply= ask(mysql, cmd >> 1, (const char *) pkt, 
+				   reply_buf, sizeof(reply_buf));
+      if (!reply)
+        return CR_ERROR;
+    }
+    /* send the reply to the server */
+    res= vio->write_packet(vio, (const unsigned char *) reply, 
+						   strlen(reply)+1);
+
+    if (reply != mysql->passwd && reply != reply_buf)
+      free(reply);
+
+    if (res)
+      return CR_ERROR;
+
+    /* repeat unless it was the last question */
+  } while ((cmd & 1) != 1);
+
+  /* the job of reading the ok/error packet is left to the server */
+  return CR_OK;
+}
+
+/**
+  initialization function of the dialog plugin
+
+  Pick up the client's authentication_dialog_ask() function, if exists,
+  or fall back to the default implementation.
+*/
+
+static int init_dialog(char *unused1   __attribute__((unused)), 
+                       size_t unused2  __attribute__((unused)), 
+                       int unused3     __attribute__((unused)), 
+                       va_list unused4 __attribute__((unused)))
+{
+  void *sym= dlsym(RTLD_DEFAULT, "mysql_authentication_dialog_ask");
+  ask= sym ? (mysql_authentication_dialog_ask_t)sym : builtin_ask;
+  return 0;
+}
+
+mysql_declare_client_plugin(AUTHENTICATION)
+  "dialog",
+  "Sergei Golubchik",
+  "Dialog Client Authentication Plugin",
+  {0,1,0},
+  init_dialog,
+  NULL,
+  perform_dialog
+mysql_end_client_plugin;
+
diff --git a/plugin/auth/plug.in b/plugin/auth/plug.in
new file mode 100644
index 00000000000..776367652ab
--- /dev/null
+++ b/plugin/auth/plug.in
@@ -0,0 +1,12 @@
+MYSQL_PLUGIN(auth, [Collection of Authentication Plugins],
+                   [Collection of Authentication Plugins])
+MYSQL_PLUGIN_DYNAMIC(auth, [dialog.la auth_test_plugin.la])
+AC_COMPILE_IFELSE([
+  AC_LANG_PROGRAM([[
+#define _GNU_SOURCE
+#include <sys/socket.h>
+]],[
+  struct ucred cred;
+  getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, 0);
+])],have_peercred=yes)
+AM_CONDITIONAL(HAVE_PEERCRED, test x$have_peercred = xyes)
diff --git a/plugin/auth/test_plugin.c b/plugin/auth/test_plugin.c
new file mode 100644
index 00000000000..ad0fcaca2e1
--- /dev/null
+++ b/plugin/auth/test_plugin.c
@@ -0,0 +1,200 @@
+/* Copyright (C) 2010 Sun Microsystems, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
+
+/**
+  @file
+
+  dialog client authentication plugin with examples
+
+  dialog is a general purpose client authentication plugin, it simply
+  asks the user the question, as provided by the server and reports
+  the answer back to the server. No encryption is involved,
+  the answers are sent in clear text.
+
+  Two examples are provided: two_questions server plugin, that asks
+  the password and an "Are you sure?" question with a reply "yes, of course".
+  It demonstrates the usage of "password" (input is hidden) and "ordinary"
+  (input can be echoed) questions, and how to mark the last question,
+  to avoid an extra roundtrip.
+
+  And three_attempts plugin that gives the user three attempts to enter
+  a correct password. It shows the situation when a number of questions
+  is not known in advance.
+*/
+
+#include <my_global.h>
+#include <mysql/plugin_auth.h>
+#include <mysql/client_plugin.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+/**
+  first byte of the question string is the question "type".
+  It can be a "ordinary" or a "password" question.
+  The last bit set marks a last question in the authentication exchange.
+*/
+#define ORDINARY_QUESTION       "\2"
+#define LAST_QUESTION           "\3"
+#define LAST_PASSWORD           "\4"
+#define PASSWORD_QUESTION       "\5"
+
+/********************* SERVER SIDE ****************************************/
+
+/**
+  dialog test plugin mimicing the ordinary auth mechanism. Used to test the auth plugin API
+*/
+static int auth_test_plugin(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
+{
+  unsigned char *pkt;
+  int pkt_len;
+
+  /* send a password question */
+  if (vio->write_packet(vio, (const unsigned char *) PASSWORD_QUESTION, 1))
+    return CR_ERROR;
+
+  /* read the answer */
+  if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
+    return CR_ERROR;
+
+  info->password_used = 1;
+
+  /* fail if the password is wrong */
+  if (strcmp((const char *) pkt, info->auth_string))
+    return CR_ERROR;
+
+  /* copy auth string as a destination name to check it */
+  strcpy (info->authenticated_as, info->auth_string);
+
+  /* copy something into the external user name */
+  strcpy (info->external_user, info->auth_string);
+
+  return CR_OK;
+}
+
+static struct st_mysql_auth auth_test_handler=
+{
+  MYSQL_AUTHENTICATION_INTERFACE_VERSION,
+  "auth_test_plugin", /* requires test_plugin client's plugin */
+  auth_test_plugin
+};
+
+mysql_declare_plugin(test_plugin)
+{
+  MYSQL_AUTHENTICATION_PLUGIN,
+  &auth_test_handler,
+  "test_plugin_server",
+  "Georgi Kodinov",
+  "plugin API test plugin",
+  PLUGIN_LICENSE_GPL,
+  NULL,
+  NULL,
+  0x0100,
+  NULL,
+  NULL,
+  NULL
+}
+mysql_declare_plugin_end;
+
+/********************* CLIENT SIDE ***************************************/
+/*
+  client plugin used for testing the plugin API
+*/
+#include <mysql.h>
+
+/**
+  The main function of the test plugin.
+
+  Reads the prompt, check if the handshake is done and if the prompt is a
+  password request and returns the password. Otherwise return error.
+
+  @note
+   1. this plugin shows how a client authentication plugin
+      may read a MySQL protocol OK packet internally - which is important
+      where a number of packets is not known in advance.
+   2. the first byte of the prompt is special. it is not
+      shown to the user, but signals whether it is the last question
+      (prompt[0] & 1 == 1) or not last (prompt[0] & 1 == 0),
+      and whether the input is a password (not echoed).
+   3. the prompt is expected to be sent zero-terminated
+*/
+static int test_plugin_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
+{
+  unsigned char *pkt, cmd= 0;
+  int pkt_len, res;
+  char *reply;
+
+  do
+  {
+    /* read the prompt */
+    pkt_len= vio->read_packet(vio, &pkt);
+    if (pkt_len < 0)
+      return CR_ERROR;
+
+    if (pkt == 0)
+    {
+      /*
+        in mysql_change_user() the client sends the first packet, so
+        the first vio->read_packet() does nothing (pkt == 0).
+
+        We send the "password", assuming the client knows what its doing.
+        (in other words, the dialog plugin should be only set as a default
+        authentication plugin on the client if the first question
+        asks for a password - which will be sent in cleat text, by the way)
+      */
+      reply= mysql->passwd;
+    }
+    else
+    {
+      cmd= *pkt++;
+
+      /* is it MySQL protocol (0=OK or 254=need old password) packet ? */
+      if (cmd == 0 || cmd == 254)
+        return CR_OK_HANDSHAKE_COMPLETE; /* yes. we're done */
+
+      /*
+        asking for a password with an empty prompt means mysql->password
+        otherwise return an error
+      */
+      if ((cmd == LAST_PASSWORD[0] || cmd == PASSWORD_QUESTION[0]) && *pkt == 0)
+        reply= mysql->passwd;
+      else
+        return CR_ERROR;
+    }
+    if (!reply)
+      return CR_ERROR;
+    /* send the reply to the server */
+    res= vio->write_packet(vio, (const unsigned char *)reply, strlen(reply)+1);
+
+    if (res)
+      return CR_ERROR;
+
+    /* repeat unless it was the last question */
+  } while (cmd != LAST_QUESTION[0] && cmd != PASSWORD_QUESTION[0]);
+
+  /* the job of reading the ok/error packet is left to the server */
+  return CR_OK;
+}
+
+
+mysql_declare_client_plugin(AUTHENTICATION)
+  "auth_test_plugin",
+  "Georgi Kodinov",
+  "Dialog Client Authentication Plugin",
+  {0,1,0},
+  NULL,
+  NULL,
+  test_plugin_client
+mysql_end_client_plugin;