MySQL 8.0.39
Source Code Documentation
auth_ldap_sasl_client.h
Go to the documentation of this file.
1/* Copyright (c) 2016, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef AUTH_LDAP_SASL_CLIENT_H_
25#define AUTH_LDAP_SASL_CLIENT_H_
26
27#include "my_config.h"
28
30
31#include <mysql.h>
32#include <mysql/client_plugin.h>
33#include <mysql/plugin.h>
35#include <sasl/sasl.h>
36#include <stdio.h>
37#include <stdlib.h>
38#include <string.h>
39#include "log_client.h"
40
41#define SASL_MAX_STR_SIZE 1024
42#define SASL_BUFFER_SIZE 9000
43#define SASL_SERVICE_NAME "ldap"
44
45static const sasl_callback_t callbacks[] = {
46#ifdef SASL_CB_GETREALM
47 {SASL_CB_GETREALM, nullptr, nullptr},
48#endif
49 {SASL_CB_USER, nullptr, nullptr},
50 {SASL_CB_AUTHNAME, nullptr, nullptr},
51 {SASL_CB_PASS, nullptr, nullptr},
52 {SASL_CB_ECHOPROMPT, nullptr, nullptr},
53 {SASL_CB_NOECHOPROMPT, nullptr, nullptr},
54 {SASL_CB_LIST_END, nullptr, nullptr}};
55
56/*
57 MAX SSF - The maximum Security Strength Factor supported by the mechanism
58 (roughly the number of bits of encryption provided, but may have other
59 meanings, for example an SSF of 1 indicates integrity protection only, no
60 encryption). SECURITY PROPERTIES are: NOPLAIN, NOACTIVE, NODICT, FORWARD,
61 NOANON, CRED, MUTUAL. More details are in:
62 https://www.sendmail.org/~ca/email/cyrus2/mechanisms.html
63*/
64sasl_security_properties_t security_properties = {
65 /** Minimum acceptable final level. (min_ssf) */
66 56,
67 /** Maximum acceptable final level. (max_ssf) */
68 0,
69 /** Maximum security layer receive buffer size. */
70 0,
71 /** security flags (security_flags) */
72 0,
73 /** Property names. (property_names) */
74 nullptr,
75 /** Property values. (property_values)*/
76 nullptr,
77};
78
80 public:
83 int initilize();
85 void interact(sasl_interact_t *ilist);
87 int sasl_start(char **client_output, int *client_output_length);
88 int sasl_step(char *server_in, int server_in_length, char **client_out,
89 int *client_out_length);
90 int send_sasl_request_to_server(const unsigned char *request, int request_len,
91 unsigned char **reponse, int *response_len);
92 void set_user_info(std::string name, std::string pwd);
93 std::string get_method();
94#if defined(KERBEROS_LIB_CONFIGURED)
96#endif
97
98 protected:
104 sasl_conn_t *m_connection;
108};
109
110#endif // AUTH_LDAP_SASL_CLIENT_H_
sasl_security_properties_t security_properties
Definition: auth_ldap_sasl_client.h:64
#define SASL_MAX_STR_SIZE
Definition: auth_ldap_sasl_client.h:41
static const sasl_callback_t callbacks[]
Definition: auth_ldap_sasl_client.h:45
Definition: auth_ldap_sasl_client.h:79
void set_user_info(std::string name, std::string pwd)
Definition: auth_ldap_sasl_client.cc:355
char m_user_pwd[SASL_MAX_STR_SIZE]
Definition: auth_ldap_sasl_client.h:100
void read_kerberos_user_name()
Definition: auth_ldap_sasl_client.cc:334
int initilize()
Definition: auth_ldap_sasl_client.cc:161
int send_sasl_request_to_server(const unsigned char *request, int request_len, unsigned char **reponse, int *response_len)
send SASL request to the server and read the servers reply.
Definition: auth_ldap_sasl_client.cc:236
char m_user_name[SASL_MAX_STR_SIZE]
Definition: auth_ldap_sasl_client.h:99
MYSQL * m_mysql
Definition: auth_ldap_sasl_client.h:106
MYSQL_PLUGIN_VIO * m_vio
Definition: auth_ldap_sasl_client.h:105
std::string get_method()
Definition: auth_ldap_sasl_client.cc:331
int sasl_step(char *server_in, int server_in_length, char **client_out, int *client_out_length)
Definition: auth_ldap_sasl_client.cc:307
std::string m_ldap_server_host
Definition: auth_ldap_sasl_client.h:103
Sasl_client()
Definition: auth_ldap_sasl_client.cc:154
void interact(sasl_interact_t *ilist)
Definition: auth_ldap_sasl_client.cc:53
int read_method_name_from_server()
SASL method is send from the Mysql server, and this is set by the client.
Definition: auth_ldap_sasl_client.cc:93
void set_plugin_info(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
Definition: auth_ldap_sasl_client.cc:82
char m_mechanism[SASL_MAX_STR_SIZE]
Definition: auth_ldap_sasl_client.h:101
int sasl_start(char **client_output, int *client_output_length)
Definition: auth_ldap_sasl_client.cc:272
sasl_conn_t * m_connection
Definition: auth_ldap_sasl_client.h:104
char m_service_name[SASL_MAX_STR_SIZE]
Definition: auth_ldap_sasl_client.h:102
~Sasl_client()
Definition: auth_ldap_sasl_client.cc:209
Sasl_mechanism * m_sasl_mechanism
Definition: auth_ldap_sasl_client.h:107
Definition: auth_ldap_sasl_mechanism.h:43
MySQL Client Plugin API.
This file defines the client API to MySQL and also the ABI of the dynamically linked libmysqlclient.
Definition: instrumented_condition_variable.h:32
This file defines constants and data structures that are the same for both client- and server-side au...
case opt name
Definition: sslopt-case.h:33
Provides plugin access to communication channel.
Definition: plugin_auth_common.h:146
Definition: mysql.h:299