60 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			C++
		
	
	
	
	
	
			
		
		
	
	
			60 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			C++
		
	
	
	
	
	
| /*
 | |
|  * Copyright (c) 2018 MariaDB Corporation Ab
 | |
|  *
 | |
|  * Use of this software is governed by the Business Source License included
 | |
|  * in the LICENSE.TXT file and at www.mariadb.com/bsl11.
 | |
|  *
 | |
|  * Change Date: 2023-11-12
 | |
|  *
 | |
|  * On the date above, in accordance with the Business Source License, use
 | |
|  * of this software will be governed by version 2 or later of the General
 | |
|  * Public License.
 | |
|  */
 | |
| #pragma once
 | |
| #include "pam_auth.hh"
 | |
| 
 | |
| #include <stdint.h>
 | |
| #include <string>
 | |
| #include <vector>
 | |
| #include <maxscale/sqlite3.h>
 | |
| #include "pam_instance.hh"
 | |
| #include "../pam_auth_common.hh"
 | |
| 
 | |
| /** Client authenticator PAM-specific session data */
 | |
| class PamClientSession
 | |
| {
 | |
| public:
 | |
|     PamClientSession(const PamClientSession& orig) = delete;
 | |
|     PamClientSession& operator=(const PamClientSession&) = delete;
 | |
| 
 | |
|     using StringVector = std::vector<std::string>;
 | |
|     static PamClientSession* create(const PamInstance& inst);
 | |
| 
 | |
|     int  authenticate(DCB* client);
 | |
|     bool extract(DCB* dcb, GWBUF* read_buffer);
 | |
| 
 | |
| private:
 | |
|     PamClientSession(const PamInstance& instance, SQLite::SSQLite sqlite);
 | |
|     void get_pam_user_services(const DCB* dcb,
 | |
|                                const MYSQL_session* session,
 | |
|                                StringVector* services_out);
 | |
|     bool user_can_access_db(const std::string& user, const std::string& host, const std::string& target_db);
 | |
|     bool role_can_access_db(const std::string& role, const std::string& target_db);
 | |
| 
 | |
|     maxscale::Buffer create_auth_change_packet() const;
 | |
| 
 | |
|     enum class State
 | |
|     {
 | |
|         INIT,
 | |
|         ASKED_FOR_PW,
 | |
|         PW_RECEIVED,
 | |
|         DONE
 | |
|     };
 | |
| 
 | |
|     const PamInstance&    m_instance;              /**< Authenticator instance */
 | |
|     SQLite::SSQLite const m_sqlite;                /**< SQLite3 database handle */
 | |
| 
 | |
|     State    m_state {State::INIT};   /**< Authentication state */
 | |
|     uint8_t  m_sequence {0};          /**< The next packet seqence number */
 | |
| };
 | 
