MDEV-12321 authentication plugin: SET PASSWORD support

Support SET PASSWORD for authentication plugins. Authentication plugin API is extended with two optional methods: * hash_password() is used to compute a password hash (or digest) from the plain-text password. This digest will be stored in mysql.user table * preprocess_hash() is used to convert this digest into some memory representation that can be later used to authenticate a user. Build-in plugins convert the hash from hexadecimal or base64 to binary, to avoid doing it on every authentication attempt. Note a change in behavior: when loading privileges (on startup or on FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a warning (e.g. "Plugin 'foo' is not loaded"). But such an account could not be used for authentication until the plugin is installed. Now an account like that will not be loaded at all (with a warning, still). Indeed, without plugin's preprocess_hash() method the server cannot know how to load an account. Thus, if a new authentication plugin is installed run-time, one might need FLUSH PRIVILEGES to activate all existing accounts that were using this new plugin.
2026-05-15 03:17:20 +02:00 · 2018-10-17 12:48:13 +02:00 · 2018-10-17 12:48:13 +02:00 · 7c40996cc8
commit 7c40996cc8
parent 14e181a434
37 changed files with 710 additions and 477 deletions
--- a/plugin/auth_examples/test_plugin.c
+++ b/plugin/auth_examples/test_plugin.c
@ -69,7 +69,8 @@ static struct st_mysql_auth auth_test_handler=
 {
  MYSQL_AUTHENTICATION_INTERFACE_VERSION,
  "auth_test_plugin", /* requires test_plugin client's plugin */
-  auth_test_plugin
+  auth_test_plugin,
+  NULL, NULL /* no PASSWORD() */
 };

 /**
@ -99,7 +100,8 @@ static struct st_mysql_auth auth_cleartext_handler=
 {
  MYSQL_AUTHENTICATION_INTERFACE_VERSION,
  "mysql_clear_password", /* requires the clear text plugin */
-  auth_cleartext_plugin
+  auth_cleartext_plugin,
+  NULL, NULL /* no PASSWORD() */
 };

 mysql_declare_plugin(test_plugin)