MySQL 8.4.2
Source Code Documentation
auth_ldap_sasl_client.h
Go to the documentation of this file.
1/* Copyright (c) 2016, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef AUTH_LDAP_SASL_CLIENT_H_
25#define AUTH_LDAP_SASL_CLIENT_H_
26
27#include "my_config.h"
28
29#ifdef HAVE_SASL_SASL_H
30#include <sys/types.h>
31#endif
32
33#include <assert.h>
34#include <mysql/client_plugin.h>
35#include <sasl/sasl.h>
36
38
39#define SASL_MAX_STR_SIZE 1024
40#define SASL_SERVICE_NAME "ldap"
41
42namespace auth_ldap_sasl_client {
43
44/**
45 Class representing SASL client
46*/
48 public:
49 /**
50 Constructor
51
52 @param vio [in] pointer to server communication channel
53 @param mysql [in] pointer to MYSQL structure
54 */
56
57 /**
58 Default constructor -not wanted.
59 */
60 Sasl_client() = delete;
61
62 /**
63 Destructor
64 */
66
67 /**
68 Perform preauthentication step if needed, specific to the SASL mechanism e.g.
69 obtaining Kerberos ticket for GSSAPI.
70
71 @retval true success
72 @retval false failure
73 */
74 bool preauthenticate();
75
76 /**
77 Initializes SASL client exchange.
78
79 @retval true success
80 @retval false failure
81 */
83
84 /**
85 Perform SASL interaction, callled as SASL callback.
86
87 @param ilist [in] list of interaction ids to be served
88 */
89 void interact(sasl_interact_t *ilist);
90
91 /**
92 Decides and sets SASL mechanism to be used for authentication.
93
94 @retval true success
95 @retval false failure
96 */
97 bool set_mechanism();
98
99 /**
100 Starts SASL client exchange.
101
102 @param client_output [out] buffer with the initial client message to be
103 sent to server
104 @param client_output_length [out] length of client_output
105
106 @return SASL result code
107 */
108 int sasl_start(const char **client_output, int *client_output_length);
109
110 /**
111 Perform a step of SASL client exchange.
112
113 @param server_input [in] buffer with message from the server
114 @param server_input_length [in] length of server_input
115 @param client_output [out] buffer with the client message to be
116 sent to server
117 @param client_output_length [out] length of client_output
118
119 @return SASL result code
120 */
121 int sasl_step(char *server_input, int server_input_length,
122 const char **client_output, int *client_output_length);
123
124 /**
125 Sends SASL message to server and receive an response.
126 SASL message is wrapped in a MySQL packet before sending.
127
128 @param request [in] pointer to the SASL request
129 @param request_len [in] length of request
130 @param reponse [out] pointer to received SASL response
131 @param response_len [out] length of reponse or 0 on reading failure
132
133 @retval 1 write failed
134 @retval 0 write succeeded
135 */
136 int send_sasl_request_to_server(const char *request, int request_len,
137 char **reponse, int *response_len);
138
139 /**
140 Check if the authentication method requires conclusion message from the
141 server.
142
143 @retval true conclusion required
144 @retval false conclusion not required
145 */
147 assert(m_sasl_mechanism);
149 }
150
151 private:
152 /**
153 If an empty original user name was given as client parameter and passed to
154 the plugin via MYSQL structure, this function is used to determine the name
155 for authentication and set this user name to the MYSQL structure. For proper
156 memory management (string allocated by the plugin should not be freed by the
157 main client module and vice versa), the original user name from MYSQL is
158 stored to m_mysql_user and on destructing the object the original name is
159 set back to MYSQL and m_mysql_user is freed.
160
161 @retval true success
162 @retval false failure
163 */
164 bool set_user();
165
166 /**
167 Sets (copies) user name and password to the members.
168
169 @param name [in] user name
170 @param pwd [in] user password
171 */
172 void set_user_info(const char *name, const char *pwd);
173
174 /** user name used for authentication */
176
177 /** user password used for authentication */
179
180 /** SASL connection data */
181 sasl_conn_t *m_connection;
182
183 /** pointer to server communication channel */
185
186 /** pointer to MYSQL structure */
188
189 /** the original user name, @see set_user() */
191
192 /** the SASL mechanism used for authentication */
194};
195} // namespace auth_ldap_sasl_client
196#endif // AUTH_LDAP_SASL_CLIENT_H_
#define SASL_MAX_STR_SIZE
Definition: auth_ldap_sasl_client.h:39
Class representing SASL client.
Definition: auth_ldap_sasl_client.h:47
int sasl_step(char *server_input, int server_input_length, const char **client_output, int *client_output_length)
Perform a step of SASL client exchange.
Definition: auth_ldap_sasl_client.cc:256
Sasl_client()=delete
Default constructor -not wanted.
char m_user_pwd[SASL_MAX_STR_SIZE]
user password used for authentication
Definition: auth_ldap_sasl_client.h:178
MYSQL_PLUGIN_VIO * m_vio
pointer to server communication channel
Definition: auth_ldap_sasl_client.h:184
bool require_conclude_by_server()
Check if the authentication method requires conclusion message from the server.
Definition: auth_ldap_sasl_client.h:146
MYSQL * m_mysql
pointer to MYSQL structure
Definition: auth_ldap_sasl_client.h:187
void interact(sasl_interact_t *ilist)
Perform SASL interaction, callled as SASL callback.
Definition: auth_ldap_sasl_client.cc:71
char m_user_name[SASL_MAX_STR_SIZE]
user name used for authentication
Definition: auth_ldap_sasl_client.h:175
void set_user_info(const char *name, const char *pwd)
Sets (copies) user name and password to the members.
Definition: auth_ldap_sasl_client.cc:302
bool set_mechanism()
Decides and sets SASL mechanism to be used for authentication.
Definition: auth_ldap_sasl_client.cc:100
Sasl_mechanism * m_sasl_mechanism
the SASL mechanism used for authentication
Definition: auth_ldap_sasl_client.h:193
int sasl_start(const char **client_output, int *client_output_length)
Starts SASL client exchange.
Definition: auth_ldap_sasl_client.cc:226
sasl_conn_t * m_connection
SASL connection data.
Definition: auth_ldap_sasl_client.h:181
bool initilize_connection()
Initializes SASL client exchange.
Definition: auth_ldap_sasl_client.cc:156
char * m_mysql_user
the original user name,
Definition: auth_ldap_sasl_client.h:190
bool set_user()
If an empty original user name was given as client parameter and passed to the plugin via MYSQL struc...
Definition: auth_ldap_sasl_client.cc:278
bool preauthenticate()
Perform preauthentication step if needed, specific to the SASL mechanism e.g.
Definition: auth_ldap_sasl_client.cc:151
int send_sasl_request_to_server(const char *request, int request_len, char **reponse, int *response_len)
Sends SASL message to server and receive an response.
Definition: auth_ldap_sasl_client.cc:187
~Sasl_client()
Destructor.
Definition: auth_ldap_sasl_client.cc:173
Base class representing SASL mechanism.
Definition: auth_ldap_sasl_mechanism.h:48
virtual bool require_conclude_by_server()
Check if the authentication method requires conclusion message from the server.
Definition: auth_ldap_sasl_mechanism.h:113
MySQL Client Plugin API.
Definition: auth_ldap_kerberos.cc:30
Definition: instrumented_condition_variable.h:32
case opt name
Definition: sslopt-case.h:29
Provides plugin access to communication channel.
Definition: plugin_auth_common.h:146
Definition: mysql.h:300