Commit Graph

454 Commits

Author SHA1 Message Date
a2a8562c39 MXS-862: Implement GSSAPI backend authentication
The GSSAPI backend authentication is based on tokens.  The server first
sends the service principal name which is used for token generation. The
client then retrieves a token from the GSSAPI server which it sends to the
backend server. If the server can verify the authenticity of the token,
authentication is successful.

This module can be used with both GSSAPIAuth and MySQLAuth modules.
2016-10-13 15:51:54 +03:00
5d96faedd8 MXS-862: Move sending of OK packet to mysql_client
Moving the sending of the final OK packet of the authentication process to
the client protocol plugin makes the authentication plugins simpler.

By reading the client's sequence and incrementing that by one, the client
protocol module will always send the correct sequence byte in the final OK
packet.
2016-10-13 15:51:53 +03:00
239b53e156 MXS-862: Do first part of authentication in MySQLBackend
The first message exchange between the server and the client will almost
always contain the same data. If the server is going to change
authentication methods, it will send an AuthSwitchRequest packet instead
of the OK/ERR packet that it would normally send. Only after this point
the authenticator modules actually need to do something.

In the case of the default 'mysql_native_password' plugin, the only thing
that the plugin needs to do is to check whether the server responded with
an OK packet.
2016-10-13 15:51:53 +03:00
cb7c112764 MXS-862: Create common MySQL library
The MySQLCommon library contains functions used by both the protocol and
authenticator modules. The contents of the modutil.c file could also be
moved to this file if the functions in that file are only used by modules
and not the core.
2016-10-13 15:51:52 +03:00