mirror of
https://github.com/MariaDB/server.git
synced 2025-07-18 09:18:15 +02:00
125e172a2b
Allow passwordless login in addition to usual login with password, when creating 'root' user during install. The effect of that change is that "local administrators" group are allowed to connect as root user. This is done via gssapi authentication plugin. Clients that are not aware of gssapi client plugin, can still login with password credentials.
53 lines
1.3 KiB
Perl
53 lines
1.3 KiB
Perl
|
|
package My::Suite::AuthGSSAPI;
|
|
|
|
@ISA = qw(My::Suite);
|
|
|
|
return "No AUTH_GSSAPI plugin" unless ($ENV{AUTH_GSSAPI_SO} or $::mysqld_variables{gssapi} eq "ON");
|
|
|
|
return "Not run for embedded server" if $::opt_embedded_server;
|
|
|
|
# Following environment variables may need to be set
|
|
if ($^O eq "MSWin32")
|
|
{
|
|
chomp(my $whoami =`whoami /UPN 2>NUL` || `whoami`);
|
|
my $fullname = $whoami;
|
|
$fullname =~ s/\\/\\\\/; # SQL escaping for backslash
|
|
$ENV{'GSSAPI_FULLNAME'} = $fullname;
|
|
$ENV{'GSSAPI_SHORTNAME'} = $ENV{'USERNAME'};
|
|
chomp(my $sid = `powershell -Command "([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value"`);
|
|
$ENV{'SID'} = $sid;
|
|
|
|
}
|
|
else
|
|
{
|
|
if (!$ENV{'GSSAPI_FULLNAME'})
|
|
{
|
|
my $s = `klist 2>/dev/null |grep 'Default principal: '`;
|
|
if ($s)
|
|
{
|
|
chomp($s);
|
|
my $fullname = substr($s,19);
|
|
$ENV{'GSSAPI_FULLNAME'} = $fullname;
|
|
}
|
|
}
|
|
$ENV{'GSSAPI_SHORTNAME'} = (split /@/, $ENV{'GSSAPI_FULLNAME'}) [0];
|
|
}
|
|
|
|
|
|
if (!$ENV{'GSSAPI_FULLNAME'} || !$ENV{'GSSAPI_SHORTNAME'})
|
|
{
|
|
return "Environment variable GSSAPI_SHORTNAME and GSSAPI_FULLNAME need to be set"
|
|
}
|
|
|
|
if ($::opt_verbose)
|
|
{
|
|
foreach $var ('GSSAPI_SHORTNAME','GSSAPI_FULLNAME','GSSAPI_KEYTAB_PATH','GSSAPI_PRINCIPAL_NAME')
|
|
{
|
|
print "$var=$ENV{$var}\n";
|
|
}
|
|
}
|
|
sub is_default { 1 }
|
|
|
|
bless { };
|
|
|