Add authentication plugin name to authenticator API

The authenticators can now declare the authentication plugin name. Right now this is only relevant for MySQL authentication but for example the HTTP module could implement both Basic and Digest authentication.
2016-09-14 14:19:44 +03:00 · 2016-09-14 14:19:44 +03:00 · 0ab4f04d7b
commit 0ab4f04d7b
parent 4d1eb6fe85
9 changed files with 23 additions and 9 deletions
--- a/server/include/gw_authenticator.h
+++ b/server/include/gw_authenticator.h
@ -47,6 +47,7 @@ struct servlistener;
 *      authenticate    Carry out the authentication
 *      free            Free extracted data
 *      loadusers       Load or update authenticator user data
+ *      plugin_name     The protocol specific name of the authentication plugin.
 * @endverbatim
 *
 * This forms the "module object" for authenticator modules within the gateway.
@ -60,6 +61,7 @@ typedef struct gw_authenticator
    int (*authenticate)(struct dcb *);
    void (*free)(struct dcb *);
    int (*loadusers)(struct servlistener *);
+    const char* plugin_name;
 } GWAUTHENTICATOR;

 /** Return values for the loadusers entry point */
--- a/server/modules/authenticator/cdc_plain_auth.c
+++ b/server/modules/authenticator/cdc_plain_auth.c
@ -71,7 +71,8 @@ static GWAUTHENTICATOR MyObject =
    cdc_auth_is_client_ssl_capable,       /* Check if client supports SSL  */
    cdc_auth_authenticate,                /* Authenticate user credentials */
    cdc_auth_free_client_data,            /* Free the client data held in DCB */
-    cdc_replace_users
+    cdc_replace_users,
+    NULL
 };

 static int cdc_auth_check(
--- a/server/modules/authenticator/http_auth.c
+++ b/server/modules/authenticator/http_auth.c
@ -63,7 +63,8 @@ static GWAUTHENTICATOR MyObject =
    http_auth_is_client_ssl_capable,       /* Check if client supports SSL  */
    http_auth_authenticate,                /* Authenticate user credentials */
    http_auth_free_client_data,            /* Free the client data held in DCB */
-    users_default_loadusers
+    users_default_loadusers,
+    NULL
 };

 typedef struct http_auth
--- a/server/modules/authenticator/max_admin_auth.c
+++ b/server/modules/authenticator/max_admin_auth.c
@ -63,7 +63,8 @@ static GWAUTHENTICATOR MyObject =
    max_admin_auth_is_client_ssl_capable,       /* Check if client supports SSL  */
    max_admin_auth_authenticate,                /* Authenticate user credentials */
    max_admin_auth_free_client_data,            /* Free the client data held in DCB */
-    users_default_loadusers
+    users_default_loadusers,
+    NULL
 };

 /**
--- a/server/modules/authenticator/mysql_auth.c
+++ b/server/modules/authenticator/mysql_auth.c
@ -66,7 +66,8 @@ static GWAUTHENTICATOR MyObject =
    mysql_auth_is_client_ssl_capable,       /* Check if client supports SSL  */
    mysql_auth_authenticate,                /* Authenticate user credentials */
    mysql_auth_free_client_data,            /* Free the client data held in DCB */
-    mysql_auth_load_users                   /* Load users from backend databases */
+    mysql_auth_load_users,                  /* Load users from backend databases */
+    "mysql_native_password"
 };

 static int combined_auth_check(
--- a/server/modules/authenticator/null_auth_allow.c
+++ b/server/modules/authenticator/null_auth_allow.c
@ -62,7 +62,8 @@ static GWAUTHENTICATOR MyObject =
    null_auth_is_client_ssl_capable,       /* Check if client supports SSL  */
    null_auth_authenticate,                /* Authenticate user credentials */
    null_auth_free_client_data,            /* Free the client data held in DCB */
-    users_default_loadusers
+    users_default_loadusers,
+    NULL
 };

 /**
--- a/server/modules/authenticator/null_auth_deny.c
+++ b/server/modules/authenticator/null_auth_deny.c
@ -62,7 +62,8 @@ static GWAUTHENTICATOR MyObject =
    null_auth_is_client_ssl_capable,       /* Check if client supports SSL  */
    null_auth_authenticate,                /* Authenticate user credentials */
    null_auth_free_client_data,            /* Free the client data held in DCB */
-    users_default_loadusers
+    users_default_loadusers,
+    NULL
 };

 /**
--- a/server/modules/include/mysql_client_server_protocol.h
+++ b/server/modules/include/mysql_client_server_protocol.h
@ -79,6 +79,8 @@
 #define GW_MYSQL_SCRAMBLE_SIZE 20
 #define GW_SCRAMBLE_LENGTH_323 8

+#define DEFAULT_AUTH_PLUGIN_NAME "mysql_native_password"
+
 /** Maximum length of a MySQL packet */
 #define MYSQL_PACKET_LENGTH_MAX 0x00ffffff

--- a/server/modules/protocol/MySQLClient/mysql_client.c
+++ b/server/modules/protocol/MySQLClient/mysql_client.c
@ -311,11 +311,15 @@ int MySQLSendHandshake(DCB* dcb)

    memcpy(mysql_plugin_data, server_scramble + 8, 12);

+    const char* plugin_name = dcb->authfunc.plugin_name ?
+        dcb->authfunc.plugin_name : DEFAULT_AUTH_PLUGIN_NAME;
+    int plugin_name_len = strlen(plugin_name);
+
    mysql_payload_size =
        sizeof(mysql_protocol_version) + (len_version_string + 1) + sizeof(mysql_thread_id_num) + 8 +
        sizeof(/* mysql_filler */ uint8_t) + sizeof(mysql_server_capabilities_one) + sizeof(mysql_server_language) +
        sizeof(mysql_server_status) + sizeof(mysql_server_capabilities_two) + sizeof(mysql_scramble_len) +
-        sizeof(mysql_filler_ten) + 12 + sizeof(/* mysql_last_byte */ uint8_t) + strlen("mysql_native_password") +
+        sizeof(mysql_filler_ten) + 12 + sizeof(/* mysql_last_byte */ uint8_t) + plugin_name_len +
        sizeof(/* mysql_last_byte */ uint8_t);

    // allocate memory for packet header + payload
@ -407,8 +411,8 @@ int MySQLSendHandshake(DCB* dcb)
    mysql_handshake_payload++;

    // to be understanded ????
-    memcpy(mysql_handshake_payload, "mysql_native_password", strlen("mysql_native_password"));
-    mysql_handshake_payload = mysql_handshake_payload + strlen("mysql_native_password");
+    memcpy(mysql_handshake_payload, plugin_name, plugin_name_len);
+    mysql_handshake_payload = mysql_handshake_payload + plugin_name_len;

    //write last byte, 0
    *mysql_handshake_payload = 0x00;