due to merge

author: Horst.Hunger <horst.hunger@sun.com> 2010-10-20 16:56:09 +0200
committer: Horst.Hunger <horst.hunger@sun.com> 2010-10-20 16:56:09 +0200
commit: d6af9bef7a72f24b05a88b6cd4fd3a69b14cc82d (patch)
tree: 72e585dfcbbc4720d5800aaee874e1695e3351b4 /plugin
parent: 7af5094208edac1dd3af9ba2883f3c91264fbf6a (diff)
download: mariadb-git-d6af9bef7a72f24b05a88b6cd4fd3a69b14cc82d.tar.gz
5 files changed, 489 insertions, 1 deletions
diff --git a/plugin/auth/CMakeLists.txt b/plugin/auth/CMakeLists.txt
index 7d87e151143..6a9c31f82ce 100644
--- a/plugin/auth/CMakeLists.txt
+++ b/plugin/auth/CMakeLists.txt
@@ -18,6 +18,14 @@ MYSQL_ADD_PLUGIN(auth dialog.c
   MODULE_ONLY)
 MYSQL_ADD_PLUGIN(auth_test_plugin test_plugin.c 
   MODULE_ONLY)
+MYSQL_ADD_PLUGIN(qa_auth_interface qa_auth_interface.c
+  MODULE_ONLY)
+
+MYSQL_ADD_PLUGIN(qa_auth_server qa_auth_server.c
+  MODULE_ONLY)
+
+MYSQL_ADD_PLUGIN(qa_auth_client qa_auth_client.c
+  MODULE_ONLY)
 
 CHECK_CXX_SOURCE_COMPILES(
 "#define _GNU_SOURCE
diff --git a/plugin/auth/Makefile.am b/plugin/auth/Makefile.am
index ed459b7b2b1..30e185f36f7 100644
--- a/plugin/auth/Makefile.am
+++ b/plugin/auth/Makefile.am
@@ -3,10 +3,14 @@ pkgplugindir=$(pkglibdir)/plugin
 AM_LDFLAGS=-module -rpath $(pkgplugindir)
 AM_CPPFLAGS=-DMYSQL_DYNAMIC_PLUGIN -Wno-pointer-sign -I$(top_srcdir)/include
 
-pkgplugin_LTLIBRARIES=  auth.la auth_test_plugin.la
+pkgplugin_LTLIBRARIES=  auth.la auth_test_plugin.la qa_auth_interface.la qa_auth_server.la qa_auth_client.la
 auth_la_SOURCES= dialog.c
 auth_test_plugin_la_SOURCES= test_plugin.c
 
+qa_auth_interface_la_SOURCES= qa_auth_interface.c
+qa_auth_server_la_SOURCES= qa_auth_server.c
+qa_auth_client_la_SOURCES= qa_auth_client.c
+
 if HAVE_PEERCRED
 pkgplugin_LTLIBRARIES+= auth_socket.la
 auth_socket_la_SOURCES= auth_socket.c
diff --git a/plugin/auth/qa_auth_client.c b/plugin/auth/qa_auth_client.c
new file mode 100644
index 00000000000..da7bfc14a73
--- /dev/null
+++ b/plugin/auth/qa_auth_client.c
@@ -0,0 +1,127 @@
+/*  Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+    
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; version 2 of the
+    License.
+    
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+    GNU General Public License for more details.
+    
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+#include <my_global.h>
+#include <mysql/plugin_auth.h>
+#include <mysql/client_plugin.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+/**
+  first byte of the question string is the question "type".
+  It can be a "ordinary" or a "password" question.
+  The last bit set marks a last question in the authentication exchange.
+*/
+#define ORDINARY_QUESTION       "\2"
+#define LAST_QUESTION           "\3"
+#define LAST_PASSWORD           "\4"
+#define PASSWORD_QUESTION       "\5"
+
+/********************* CLIENT SIDE ***************************************/
+/*
+  client plugin used for testing the plugin API
+*/
+#include <mysql.h>
+
+/**
+  The main function of the test plugin.
+
+  Reads the prompt, check if the handshake is done and if the prompt is a
+  password request and returns the password. Otherwise return error.
+
+  @note
+   1. this plugin shows how a client authentication plugin
+      may read a MySQL protocol OK packet internally - which is important
+      where a number of packets is not known in advance.
+   2. the first byte of the prompt is special. it is not
+      shown to the user, but signals whether it is the last question
+      (prompt[0] & 1 == 1) or not last (prompt[0] & 1 == 0),
+      and whether the input is a password (not echoed).
+   3. the prompt is expected to be sent zero-terminated
+*/
+static int test_plugin_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
+{
+  unsigned char *pkt, cmd= 0;
+  int pkt_len, res;
+  char *reply;
+
+  do
+  {
+    /* read the prompt */
+    pkt_len= vio->read_packet(vio, &pkt);
+    if (pkt_len < 0)
+      return CR_ERROR;
+
+    if (pkt == 0)
+    {
+      /*
+        in mysql_change_user() the client sends the first packet, so
+        the first vio->read_packet() does nothing (pkt == 0).
+
+        We send the "password", assuming the client knows what its doing.
+        (in other words, the dialog plugin should be only set as a default
+        authentication plugin on the client if the first question
+        asks for a password - which will be sent in cleat text, by the way)
+      */
+      reply= mysql->passwd;
+    }
+    else
+    {
+      cmd= *pkt++;
+
+      /* is it MySQL protocol (0=OK or 254=need old password) packet ? */
+      if (cmd == 0 || cmd == 254)
+        return CR_OK_HANDSHAKE_COMPLETE; /* yes. we're done */
+
+      /*
+        asking for a password with an empty prompt means mysql->password
+        otherwise return an error
+      */
+      if ((cmd == LAST_PASSWORD[0] || cmd == PASSWORD_QUESTION[0]) && *pkt == 0)
+        reply= mysql->passwd;
+      else
+        return CR_ERROR;
+    }
+    if (!reply)
+      return CR_ERROR;
+    /* send the reply to the server */
+    res= vio->write_packet(vio, (const unsigned char *) reply, 
+                           strlen(reply) + 1);
+
+    if (res)
+      return CR_ERROR;
+
+    /* repeat unless it was the last question */
+  } while (cmd != LAST_QUESTION[0] && cmd != PASSWORD_QUESTION[0]);
+
+  /* the job of reading the ok/error packet is left to the server */
+  return CR_OK;
+}
+
+
+mysql_declare_client_plugin(AUTHENTICATION)
+  "qa_auth_client",
+  "Horst Hunger",
+  "Dialog Client Authentication Plugin",
+  {0,1,0},
+  "GPL",
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  test_plugin_client
+mysql_end_client_plugin;
diff --git a/plugin/auth/qa_auth_interface.c b/plugin/auth/qa_auth_interface.c
new file mode 100644
index 00000000000..0aa6c9ce20c
--- /dev/null
+++ b/plugin/auth/qa_auth_interface.c
@@ -0,0 +1,262 @@
+/*  Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+    
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; version 2 of the
+    License.
+    
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+    GNU General Public License for more details.
+    
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+#include <my_global.h>
+#include <mysql/plugin_auth.h>
+#include <mysql/client_plugin.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+/**
+  first byte of the question string is the question "type".
+  It can be a "ordinary" or a "password" question.
+  The last bit set marks a last question in the authentication exchange.
+*/
+#define ORDINARY_QUESTION       "\2"
+#define LAST_QUESTION           "\3"
+#define LAST_PASSWORD           "\4"
+#define PASSWORD_QUESTION       "\5"
+
+/********************* SERVER SIDE ****************************************/
+
+static int qa_auth_interface (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
+{
+  unsigned char *pkt;
+  int pkt_len, err= CR_OK;
+
+  /* send a password question */
+  if (vio->write_packet(vio, (const unsigned char *) PASSWORD_QUESTION, 1))
+    return CR_ERROR;
+
+  /* read the answer */
+  if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
+    return CR_ERROR;
+
+  info->password_used= PASSWORD_USED_YES;
+
+  /* fail if the password is wrong */
+  if (strcmp((const char *) pkt, info->auth_string))
+    return CR_ERROR;
+
+/* Check the contens of components of info */
+  if (strcmp(info->user_name, "qa_test_1_user")== 0)
+  {
+    if (info->user_name_length != 14)
+       err= CR_ERROR;
+    if (strcmp(info->auth_string, "qa_test_1_dest"))
+       err= CR_ERROR;
+    if (info->auth_string_length != 14)
+       err= CR_ERROR;
+/* To be set by the plugin */
+//    if (strcmp(info->authenticated_as, "qa_test_1_user"))
+//       err= CR_ERROR;
+/* To be set by the plugin */
+//    if (strcmp(info->external_user, ""))
+//       err= CR_ERROR;
+    if (info->password_used != PASSWORD_USED_YES)
+       err= CR_ERROR;
+    if (strcmp(info->host_or_ip, "localhost"))
+       err= CR_ERROR;
+    if (info->host_or_ip_length != 9)
+       err= CR_ERROR;
+  }
+/* Assign values to the components of info even if not intended and watch the effect */
+  else if (strcmp(info->user_name, "qa_test_2_user")== 0)
+  {
+    /* Overwriting not intended, but with effect on USER() */
+     strcpy(info->user_name, "user_name");
+     info->user_name_length= 9;
+    /* Overwriting not intended, effect not visible */
+     strcpy((char *)info->auth_string, "auth_string");
+     info->auth_string_length= 11;
+    /* Assign with account for authorization, effect on CURRENT_USER() */
+     strcpy(info->authenticated_as, "authenticated_as");
+    /* Assign with an external account, effect on @@local.EXTERNAL_USER */
+     strcpy(info->external_user, "externaluser");
+    /* Overwriting will cause a core dump */
+//     strcpy(info->host_or_ip, "host_or_ip");
+//     info->host_or_ip_length= 10;
+  }
+/* Invalid, means too high values for length */
+  else if (strcmp(info->user_name, "qa_test_3_user")== 0)
+  {
+/* Original value is 14. Test runs also with higher value. Changes have no effect.*/
+     info->user_name_length= 28;
+     strcpy((char *)info->auth_string, "qa_test_3_dest");
+/* Original value is 14. Test runs also with higher value. Changes have no effect.*/
+     info->auth_string_length= 28;
+     strcpy(info->authenticated_as, info->auth_string);
+     strcpy(info->external_user, info->auth_string);
+  }
+/* Invalid, means too low values for length */
+  else if (strcmp(info->user_name, "qa_test_4_user")== 0)
+  {
+/* Original value is 14. Test runs also with lower value. Changes have no effect.*/
+     info->user_name_length= 8;
+     strcpy((char *)info->auth_string, "qa_test_4_dest");
+/* Original value is 14. Test runs also with lower value. Changes have no effect.*/
+     info->auth_string_length= 8;
+     strcpy(info->authenticated_as, info->auth_string);
+     strcpy(info->external_user, info->auth_string);
+  }
+/* Overwrite with empty values */
+  else if (strcmp(info->user_name, "qa_test_5_user")== 0)  
+  {
+/* This assignment has no effect.*/
+     strcpy(info->user_name, "");
+     info->user_name_length= 0;
+/* This assignment has no effect.*/
+     strcpy((char *)info->auth_string, "");
+     info->auth_string_length= 0;
+/* This assignment caused an error or an "empty" user */
+     strcpy(info->authenticated_as, "");
+/* This assignment has no effect.*/
+     strcpy(info->external_user, "");
+    /* Overwriting will cause a core dump */
+//     strcpy(info->host_or_ip, "");
+//     info->host_or_ip_length= 0;
+  }
+/* Set to 'root' */
+  else if (strcmp(info->user_name, "qa_test_6_user")== 0)
+  {
+     strcpy(info->authenticated_as, "root");
+  }
+  else
+  {
+     err= CR_ERROR;
+  }
+  return err;
+}
+
+static struct st_mysql_auth qa_auth_test_handler=
+{
+  MYSQL_AUTHENTICATION_INTERFACE_VERSION,
+  "qa_auth_interface", /* requires test_plugin client's plugin */
+  qa_auth_interface
+};
+
+mysql_declare_plugin(test_plugin)
+{
+  MYSQL_AUTHENTICATION_PLUGIN,
+  &qa_auth_test_handler,
+  "qa_auth_interface",
+  "Horst Hunger",
+  "plugin API test plugin",
+  PLUGIN_LICENSE_GPL,
+  NULL,
+  NULL,
+  0x0100,
+  NULL,
+  NULL,
+  NULL
+}
+mysql_declare_plugin_end;
+
+/********************* CLIENT SIDE ***************************************/
+/*
+  client plugin used for testing the plugin API
+*/
+#include <mysql.h>
+
+/**
+  The main function of the test plugin.
+
+  Reads the prompt, check if the handshake is done and if the prompt is a
+  password request and returns the password. Otherwise return error.
+
+  @note
+   1. this plugin shows how a client authentication plugin
+      may read a MySQL protocol OK packet internally - which is important
+      where a number of packets is not known in advance.
+   2. the first byte of the prompt is special. it is not
+      shown to the user, but signals whether it is the last question
+      (prompt[0] & 1 == 1) or not last (prompt[0] & 1 == 0),
+      and whether the input is a password (not echoed).
+   3. the prompt is expected to be sent zero-terminated
+*/
+static int test_plugin_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
+{
+  unsigned char *pkt, cmd= 0;
+  int pkt_len, res;
+  char *reply;
+
+  do
+  {
+    /* read the prompt */
+    pkt_len= vio->read_packet(vio, &pkt);
+    if (pkt_len < 0)
+      return CR_ERROR;
+
+    if (pkt == 0)
+    {
+      /*
+        in mysql_change_user() the client sends the first packet, so
+        the first vio->read_packet() does nothing (pkt == 0).
+
+        We send the "password", assuming the client knows what its doing.
+        (in other words, the dialog plugin should be only set as a default
+        authentication plugin on the client if the first question
+        asks for a password - which will be sent in cleat text, by the way)
+      */
+      reply= mysql->passwd;
+    }
+    else
+    {
+      cmd= *pkt++;
+
+      /* is it MySQL protocol (0=OK or 254=need old password) packet ? */
+      if (cmd == 0 || cmd == 254)
+        return CR_OK_HANDSHAKE_COMPLETE; /* yes. we're done */
+
+      /*
+        asking for a password with an empty prompt means mysql->password
+        otherwise return an error
+      */
+      if ((cmd == LAST_PASSWORD[0] || cmd == PASSWORD_QUESTION[0]) && *pkt == 0)
+        reply= mysql->passwd;
+      else
+        return CR_ERROR;
+    }
+    if (!reply)
+      return CR_ERROR;
+    /* send the reply to the server */
+    res= vio->write_packet(vio, (const unsigned char *) reply, 
+                           strlen(reply) + 1);
+
+    if (res)
+      return CR_ERROR;
+
+    /* repeat unless it was the last question */
+  } while (cmd != LAST_QUESTION[0] && cmd != PASSWORD_QUESTION[0]);
+
+  /* the job of reading the ok/error packet is left to the server */
+  return CR_OK;
+}
+
+
+mysql_declare_client_plugin(AUTHENTICATION)
+  "qa_auth_interface",
+  "Horst Hunger",
+  "Dialog Client Authentication Plugin",
+  {0,1,0},
+  "GPL",
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  test_plugin_client
+mysql_end_client_plugin;
diff --git a/plugin/auth/qa_auth_server.c b/plugin/auth/qa_auth_server.c
new file mode 100644
index 00000000000..17171610200
--- /dev/null
+++ b/plugin/auth/qa_auth_server.c
@@ -0,0 +1,87 @@
+/*  Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+    
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; version 2 of the
+    License.
+    
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+    GNU General Public License for more details.
+    
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+#include <my_global.h>
+#include <mysql/plugin_auth.h>
+#include <mysql/client_plugin.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+/**
+  first byte of the question string is the question "type".
+  It can be a "ordinary" or a "password" question.
+  The last bit set marks a last question in the authentication exchange.
+*/
+#define ORDINARY_QUESTION       "\2"
+#define LAST_QUESTION           "\3"
+#define LAST_PASSWORD           "\4"
+#define PASSWORD_QUESTION       "\5"
+
+/********************* SERVER SIDE ****************************************/
+
+static int qa_auth_interface (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
+{
+  unsigned char *pkt;
+  int pkt_len, err= CR_OK;
+
+  /* send a password question */
+  if (vio->write_packet(vio, (const unsigned char *) PASSWORD_QUESTION, 1))
+    return CR_ERROR;
+
+  /* read the answer */
+  if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
+    return CR_ERROR;
+
+  info->password_used= PASSWORD_USED_YES;
+
+  /* fail if the password is wrong */
+  if (strcmp((const char *) pkt, info->auth_string))
+    return CR_ERROR;
+
+/* Test of default_auth */
+  if (strcmp(info->user_name, "qa_test_11_user")== 0)
+  {
+     strcpy(info->authenticated_as, "qa_test_11_dest");
+  }
+  else
+     err= CR_ERROR;
+  return err;
+}
+
+static struct st_mysql_auth qa_auth_test_handler=
+{
+  MYSQL_AUTHENTICATION_INTERFACE_VERSION,
+  "qa_auth_interface", /* requires test_plugin client's plugin */
+  qa_auth_interface
+};
+
+mysql_declare_plugin(test_plugin)
+{
+  MYSQL_AUTHENTICATION_PLUGIN,
+  &qa_auth_test_handler,
+  "qa_auth_server",
+  "Horst Hunger",
+  "plugin API test plugin",
+  PLUGIN_LICENSE_GPL,
+  NULL,
+  NULL,
+  0x0100,
+  NULL,
+  NULL,
+  NULL
+}
+mysql_declare_plugin_end;
author	Horst.Hunger <horst.hunger@sun.com>	2010-10-20 16:56:09 +0200
committer	Horst.Hunger <horst.hunger@sun.com>	2010-10-20 16:56:09 +0200
commit	d6af9bef7a72f24b05a88b6cd4fd3a69b14cc82d (patch)
tree	72e585dfcbbc4720d5800aaee874e1695e3351b4 /plugin
parent	7af5094208edac1dd3af9ba2883f3c91264fbf6a (diff)
download	mariadb-git-d6af9bef7a72f24b05a88b6cd4fd3a69b14cc82d.tar.gz