mariadb/include/mysql/plugin_auth.h

184 lines
5.3 KiB
C
Raw Normal View History

#ifndef MYSQL_PLUGIN_AUTH_INCLUDED
/* Copyright (C) 2010 Sergei Golubchik and Monty Program Ab
2011-11-03 19:17:05 +01:00
Copyright (c) 2010, Oracle and/or its affiliates.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */
/**
@file
Authentication Plugin API.
This file defines the API for server authentication plugins.
*/
#define MYSQL_PLUGIN_AUTH_INCLUDED
#include <mysql/plugin.h>
#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0202
#include <mysql/plugin_auth_common.h>
#ifdef __cplusplus
extern "C" {
#endif
2010-09-20 19:38:27 +03:00
/* defines for MYSQL_SERVER_AUTH_INFO.password_used */
#define PASSWORD_USED_NO 0
#define PASSWORD_USED_YES 1
#define PASSWORD_USED_NO_MENTION 2
/**
Provides server plugin access to authentication information
*/
typedef struct st_mysql_server_auth_info
{
/**
User name as sent by the client and shown in USER().
NULL if the client packet with the user name was not received yet.
*/
Changing field::field_name and Item::name to LEX_CSTRING Benefits of this patch: - Removed a lot of calls to strlen(), especially for field_string - Strings generated by parser are now const strings, less chance of accidently changing a string - Removed a lot of calls with LEX_STRING as parameter (changed to pointer) - More uniform code - Item::name_length was not kept up to date. Now fixed - Several bugs found and fixed (Access to null pointers, access of freed memory, wrong arguments to printf like functions) - Removed a lot of casts from (const char*) to (char*) Changes: - This caused some ABI changes - lex_string_set now uses LEX_CSTRING - Some fucntions are now taking const char* instead of char* - Create_field::change and after changed to LEX_CSTRING - handler::connect_string, comment and engine_name() changed to LEX_CSTRING - Checked printf() related calls to find bugs. Found and fixed several errors in old code. - A lot of changes from LEX_STRING to LEX_CSTRING, especially related to parsing and events. - Some changes from LEX_STRING and LEX_STRING & to LEX_CSTRING* - Some changes for char* to const char* - Added printf argument checking for my_snprintf() - Introduced null_clex_str, star_clex_string, temp_lex_str to simplify code - Added item_empty_name and item_used_name to be able to distingush between items that was given an empty name and items that was not given a name This is used in sql_yacc.yy to know when to give an item a name. - select table_name."*' is not anymore same as table_name.* - removed not used function Item::rename() - Added comparision of item->name_length before some calls to my_strcasecmp() to speed up comparison - Moved Item_sp_variable::make_field() from item.h to item.cc - Some minimal code changes to avoid copying to const char * - Fixed wrong error message in wsrep_mysql_parse() - Fixed wrong code in find_field_in_natural_join() where real_item() was set when it shouldn't - ER_ERROR_ON_RENAME was used with extra arguments. - Removed some (wrong) ER_OUTOFMEMORY, as alloc_root will already give the error. TODO: - Check possible unsafe casts in plugin/auth_examples/qa_auth_interface.c - Change code to not modify LEX_CSTRING for database name (as part of lower_case_table_names)
2017-04-23 19:39:57 +03:00
const char *user_name;
/**
Length of user_name
*/
unsigned int user_name_length;
/**
A corresponding column value from the mysql.user table for the
matching account name or the preprocessed value, if preprocess_hash
method is not NULL
*/
const char *auth_string;
/**
Length of auth_string
*/
unsigned long auth_string_length;
/**
Matching account name as found in the mysql.user table.
A plugin can override it with another name that will be
used by MySQL for authorization, and shown in CURRENT_USER()
*/
char authenticated_as[MYSQL_USERNAME_LENGTH+1];
/**
The unique user name that was used by the plugin to authenticate.
2011-07-02 22:08:51 +02:00
Not used by the server.
Available through the @@EXTERNAL_USER variable.
*/
char external_user[MYSQL_USERNAME_LENGTH+1];
/**
This only affects the "Authentication failed. Password used: %s"
error message. has the following values :
0 : %s will be NO.
1 : %s will be YES.
2 : there will be no %s.
Set it as appropriate or ignore at will.
*/
int password_used;
/**
Set to the name of the connected client host, if it can be resolved,
or to its IP address otherwise.
*/
const char *host_or_ip;
/**
Length of host_or_ip
*/
unsigned int host_or_ip_length;
/**
Current THD pointer (to use with various services)
*/
MYSQL_THD thd;
} MYSQL_SERVER_AUTH_INFO;
/**
Server authentication plugin descriptor
*/
struct st_mysql_auth
{
int interface_version; /**< version plugin uses */
/**
A plugin that a client must use for authentication with this server
plugin. Can be NULL to mean "any plugin".
*/
const char *client_auth_plugin;
/**
Function provided by the plugin which should perform authentication (using
the vio functions if necessary) and return 0 if successful. The plugin can
also fill the info.authenticated_as field if a different username should be
used for authorization.
*/
int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info);
/**
Create a password hash (or digest) out of a plain-text password
Used in SET PASSWORD, GRANT, and CREATE USER to convert user specified
plain-text password into a value that will be stored in mysql.user table.
@see preprocess_hash
@param password plain-text password
@param password_length plain-text password length
@param hash the digest will be stored there
@param hash_length in: hash buffer size
out: the actual length of the hash
@return 0 for ok, 1 for error
Can be NULL, in this case one will not be able to use SET PASSWORD or
PASSWORD('...') in GRANT, CREATE USER, ALTER USER.
*/
int (*hash_password)(const char *password, size_t password_length,
char *hash, size_t *hash_length);
/**
Prepare the password hash for authentication.
Password hash is stored in the authentication_string column of the
mysql.user table in a text form. If a plugin needs to preprocess the
value somehow before the authentication (e.g. convert from hex or base64
to binary), it can do it in this method. This way the conversion
will happen only once, not for every authentication attempt.
The value written to the out buffer will be cached and later made
available to the authenticate_user() method in the
MYSQL_SERVER_AUTH_INFO::auth_string[] buffer.
@return 0 for ok, 1 for error
Can be NULL, in this case the mysql.user.authentication_string value will
be given to the authenticate_user() method as is, unconverted.
*/
int (*preprocess_hash)(const char *hash, size_t hash_length,
unsigned char *out, size_t *out_length);
};
#ifdef __cplusplus
}
#endif
#endif