MySQL 8.4.2
Source Code Documentation
client_authentication.cc File Reference
#include "my_config.h"
#include <stdarg.h>
#include <string.h>
#include "my_dbug.h"
#include "my_inttypes.h"
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include "crypt_genhash_impl.h"
#include "errmsg.h"
#include "mysql/client_authentication.h"
#include "mysql/psi/mysql_mutex.h"
#include "mysql/strings/m_ctype.h"
#include "mysys_err.h"
#include "sql_common.h"
#include "sql_string.h"
#include "client_async_authentication.h"
#include "mysql/plugin.h"
#include "sha2.h"
#include "violite.h"

Macros

#define MAX_CIPHER_LENGTH   1024
 
#define PASSWORD_SCRAMBLE_LENGTH   512
 
#define SHA2_SCRAMBLE_LENGTH   SHA256_DIGEST_LENGTH
 

Functions

int sha256_password_init (char *, size_t, int, va_list)
 
int sha256_password_deinit (void)
 
static RSArsa_init (MYSQL *mysql)
 Reads and parse RSA public key data from a file. More...
 
static bool encrypt_RSA_public_key (const unsigned char *password, int password_len, unsigned char *to, RSA *public_key)
 
int sha256_password_auth_client (MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
 Authenticate the client using the RSA or TLS and a SHA256 salted password. More...
 
static bool read_public_key_nonblocking (MYSQL_PLUGIN_VIO *vio, mysql_async_auth *ctx, int *result, bool &got_public_key_from_server, net_async_status &status)
 Read RSA public key sent by server - used by nonblocking version of caching_sha2_password and sha256_password plugins. More...
 
void free_rsa_key (mysql_async_auth *ctx)
 Helper function to free RSA key. More...
 
static bool process_public_key_and_prepare_scramble_nonblocking (mysql_async_auth *ctx, char *passwd_scramble, size_t scramble_length, const char *passwd, unsigned int passwd_len)
 Prepare public key and password for encryption. More...
 
net_async_status sha256_password_auth_client_nonblocking (MYSQL_PLUGIN_VIO *vio, MYSQL *mysql, int *result)
 Non blocking version of sha256_password_auth_client. More...
 
int caching_sha2_password_init (char *, size_t, int, va_list)
 
int caching_sha2_password_deinit (void)
 
static bool is_secure_transport (MYSQL *mysql)
 
int caching_sha2_password_auth_client (MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
 Authenticate the client using the RSA or TLS and a SHA2 salted password. More...
 
net_async_status caching_sha2_password_auth_client_nonblocking (MYSQL_PLUGIN_VIO *vio, MYSQL *mysql, int *result)
 non blocking version of caching_sha2_password_auth_client More...
 
void STDCALL mysql_reset_server_public_key (void)
 

Variables

mysql_mutex_t g_public_key_mutex
 
static RSAg_public_key = nullptr
 
static char request_public_key = '\2'
 
static char fast_auth_success = '\3'
 
static char perform_full_authentication = '\4'
 

Macro Definition Documentation

◆ MAX_CIPHER_LENGTH

#define MAX_CIPHER_LENGTH   1024

◆ PASSWORD_SCRAMBLE_LENGTH

#define PASSWORD_SCRAMBLE_LENGTH   512

◆ SHA2_SCRAMBLE_LENGTH

#define SHA2_SCRAMBLE_LENGTH   SHA256_DIGEST_LENGTH

Function Documentation

◆ caching_sha2_password_auth_client()

int caching_sha2_password_auth_client ( MYSQL_PLUGIN_VIO vio,
MYSQL mysql 
)

Authenticate the client using the RSA or TLS and a SHA2 salted password.

Parameters
vioProvides plugin access to communication channel
mysqlClient connection handler
Returns
Error status
Return values
CR_ERRORAn error occurred.
CR_OKAuthentication succeeded.

◆ caching_sha2_password_auth_client_nonblocking()

net_async_status caching_sha2_password_auth_client_nonblocking ( MYSQL_PLUGIN_VIO vio,
MYSQL mysql,
int *  result 
)

non blocking version of caching_sha2_password_auth_client

◆ caching_sha2_password_deinit()

int caching_sha2_password_deinit ( void  )

◆ caching_sha2_password_init()

int caching_sha2_password_init ( char *  ,
size_t  ,
int  ,
va_list   
)

◆ encrypt_RSA_public_key()

static bool encrypt_RSA_public_key ( const unsigned char *  password,
int  password_len,
unsigned char *  to,
RSA public_key 
)
static

◆ free_rsa_key()

void free_rsa_key ( mysql_async_auth ctx)

Helper function to free RSA key.

◆ is_secure_transport()

static bool is_secure_transport ( MYSQL mysql)
static

◆ mysql_reset_server_public_key()

void STDCALL mysql_reset_server_public_key ( void  )

◆ process_public_key_and_prepare_scramble_nonblocking()

static bool process_public_key_and_prepare_scramble_nonblocking ( mysql_async_auth ctx,
char *  passwd_scramble,
size_t  scramble_length,
const char *  passwd,
unsigned int  passwd_len 
)
static

Prepare public key and password for encryption.

Parameters
[in]ctxAsync authentication context to retrieve data
[out]passwd_scrambleBuffer to store scramble. Must be allocated
[in]scramble_lengthLength of the out buffer
[in]passwdPassword
[in]passwd_lenLength of password
Returns
Result of the processing
Return values
falseSuccess
trueFailure

◆ read_public_key_nonblocking()

static bool read_public_key_nonblocking ( MYSQL_PLUGIN_VIO vio,
mysql_async_auth ctx,
int *  result,
bool &  got_public_key_from_server,
net_async_status status 
)
static

Read RSA public key sent by server - used by nonblocking version of caching_sha2_password and sha256_password plugins.

Parameters
[in]vioVIO handle to read data from server
[in,out]ctxAsync authentication context to store data
[out]resultAuthentication process result
[out]got_public_key_from_serverFlag to be used for cleanup
[out]statusAsync status
Returns
status of read operation
Return values
falseSuccess
trueFailure

◆ rsa_init()

static RSA * rsa_init ( MYSQL mysql)
static

Reads and parse RSA public key data from a file.

Parameters
mysqlconnection handle with file path data
Returns
Pointer to the RSA public key storage buffer

◆ sha256_password_auth_client()

int sha256_password_auth_client ( MYSQL_PLUGIN_VIO vio,
MYSQL mysql 
)

Authenticate the client using the RSA or TLS and a SHA256 salted password.

Parameters
vioProvides plugin access to communication channel
mysqlClient connection handler
Returns
Error status
Return values
CR_ERRORAn error occurred.
CR_OKAuthentication succeeded.

◆ sha256_password_auth_client_nonblocking()

net_async_status sha256_password_auth_client_nonblocking ( MYSQL_PLUGIN_VIO vio,
MYSQL mysql,
int *  result 
)

Non blocking version of sha256_password_auth_client.

◆ sha256_password_deinit()

int sha256_password_deinit ( void  )

◆ sha256_password_init()

int sha256_password_init ( char *  ,
size_t  ,
int  ,
va_list   
)

Variable Documentation

◆ fast_auth_success

char fast_auth_success = '\3'
static

◆ g_public_key

RSA* g_public_key = nullptr
static

◆ g_public_key_mutex

mysql_mutex_t g_public_key_mutex

◆ perform_full_authentication

char perform_full_authentication = '\4'
static

◆ request_public_key

char request_public_key = '\2'
static