23#ifndef SQL_MFA_INCLUDED
24#define SQL_MFA_INCLUDED
42 std::vector<std::pair<std::string, std::string>>;
108 return down_cast<Multi_factor_auth_list *>(
this);
112 return down_cast<Multi_factor_auth_info *>(
this);
144 const char *h)
override;
183 const char *h)
override;
std::list< random_password_info > Userhostpassword_list
Definition: auth_common.h:1128
An interface to access information about Multi factor authentication methods.
Definition: sql_mfa.h:49
virtual bool finish_registration(THD *, LEX_USER *, uint)=0
virtual bool validate_against_authentication_policy(THD *, const authentication_policy::Factors &)
Helper method to validate Multi factor authentication methods are correct compared to authentication ...
Definition: sql_mfa.h:67
virtual bool is_alter_allowed(THD *, LEX_USER *)
Helper methods to verify and update ALTER USER sql when altering Multi factor authentication methods.
Definition: sql_mfa.h:56
virtual ~I_multi_factor_auth()=default
Multi_factor_auth_info * get_multi_factor_auth_info()
Definition: sql_mfa.h:111
virtual void get_generated_passwords(Userhostpassword_list &gp, const char *u, const char *h)=0
Fill in generated passwords from respective Multi factor authentication methods.
virtual void get_server_challenge_info(server_challenge_info_vector &sc)=0
Fill in server challenge generated as part of initiate registration step.
virtual void alter_mfa(I_multi_factor_auth *)
Definition: sql_mfa.h:57
virtual void add_factor(I_multi_factor_auth *m)
Definition: sql_mfa.h:76
virtual bool validate_plugins_in_auth_chain(THD *thd, const authentication_policy::Factors &policy_factors)=0
Helper method to validate Multi factor authentication methods.
virtual bool init_registration(THD *, uint)=0
Helper methods to do registration step.
virtual bool deserialize(uint f, Json_dom *mfa_dom)=0
virtual bool is_passwordless()=0
virtual void get_info_for_query_rewrite(THD *, LEX_USER *)=0
Fill needed info in LEX_USER::mfa_list for query rewrite.
virtual bool update_user_attributes()=0
method to add/delete Multi factor authentication methods in user_attributes column.
virtual bool serialize(Json_array &mfa_arr)=0
Helper methods to convert this interface into a valid JSON object and vice versa.
Multi_factor_auth_list * get_multi_factor_auth_list()
Get methods.
Definition: sql_mfa.h:107
Represents a JSON array container, i.e.
Definition: json_dom.h:516
JSON DOM abstract base class.
Definition: json_dom.h:173
Definition: sql_mfa.h:159
void set_passwordless(int v)
Definition: sql_mfa.cc:1260
bool is_passwordless() override
Definition: sql_mfa.cc:1212
bool is_modify_factor()
Definition: sql_mfa.cc:1208
bool update_user_attributes() override
Method to update User_attributes column in mysql.user table.
Definition: sql_mfa.cc:710
void set_requires_registration(int v)
Definition: sql_mfa.cc:1272
void get_info_for_query_rewrite(THD *, LEX_USER *) override
This method will fill in missing details like plugin name or authentication string,...
Definition: sql_mfa.cc:1045
size_t get_client_plugin_len()
Definition: sql_mfa.cc:1184
void set_client_plugin(const char *, size_t)
Definition: sql_mfa.cc:1247
void set_finish_registration(bool v)
Definition: sql_mfa.cc:1268
const char * get_auth_str()
Definition: sql_mfa.cc:1157
bool get_unregister()
Definition: sql_mfa.cc:1228
bool validate_plugins_in_auth_chain(THD *thd, const authentication_policy::Factors &policy_factors) override
This method validates nth factor authentication plugin during ALTER/CREATE USER sql.
Definition: sql_mfa.cc:566
void set_init_registration(bool v)
Definition: sql_mfa.cc:1264
bool is_identified_with()
Definition: sql_mfa.cc:1149
void get_server_challenge_info(server_challenge_info_vector &sc) override
This method will return randomly generated server challenge as part of ALTER USER .
Definition: sql_mfa.cc:1119
size_t get_auth_str_len()
Definition: sql_mfa.cc:1161
std::string get_command_string(enum_sql_command sql_command)
Definition: sql_mfa.cc:1276
unsigned int get_nth_factor()
Definition: sql_mfa.cc:1197
bool deserialize(uint f, Json_dom *mfa_dom) override
Helper function to read details from Json object representing Multi factor authentication methods and...
Definition: sql_mfa.cc:766
Multi_factor_auth_info(MEM_ROOT *mem_root)
Definition: sql_mfa.cc:542
bool is_add_factor()
Definition: sql_mfa.cc:1201
size_t get_generated_password_len()
Definition: sql_mfa.cc:1169
bool get_requires_registration()
Definition: sql_mfa.cc:1224
MEM_ROOT * m_mem_root
Definition: sql_mfa.h:161
acl_table::Pod_user_what_to_update m_update
Definition: sql_mfa.h:163
const char * get_client_plugin_str()
Definition: sql_mfa.cc:1180
bool get_finish_registration()
Definition: sql_mfa.cc:1220
bool finish_registration(THD *, LEX_USER *, uint) override
This method reads the credential details received from FIDO device and saves in user_attributes colum...
Definition: sql_mfa.cc:927
bool validate_row()
Interface method to validate the auth plugin chain if user_attributes in mysql.user table is modified...
Definition: sql_mfa.cc:672
const char * get_plugin_str()
Definition: sql_mfa.cc:1173
void set_plugin_str(const char *, size_t)
Definition: sql_mfa.cc:1238
LEX_CSTRING & plugin_name()
Definition: sql_mfa.cc:1153
LEX_MFA * m_multi_factor_auth
Definition: sql_mfa.h:162
const char * get_generated_password_str()
Definition: sql_mfa.cc:1165
bool get_init_registration()
Definition: sql_mfa.cc:1216
void set_auth_str(const char *, size_t)
Definition: sql_mfa.cc:1234
size_t get_plugin_str_len()
Definition: sql_mfa.cc:1176
~Multi_factor_auth_info() override
Definition: sql_mfa.h:168
bool is_identified_by()
Definition: sql_mfa.cc:1146
bool init_registration(THD *, uint) override
This method initiates registration step.
Definition: sql_mfa.cc:818
nthfactor get_factor()
Definition: sql_mfa.cc:1188
bool serialize(Json_array &mfa_arr) override
Helper function to convert an instance of Multi_factor_auth_info into a JSON object.
Definition: sql_mfa.cc:731
bool is_drop_factor()
Definition: sql_mfa.cc:1205
void set_generated_password(const char *, size_t)
Definition: sql_mfa.cc:1242
Multi_factor_auth_info & operator=(Multi_factor_auth_info &new_af)
Definition: sql_mfa.cc:1129
LEX_MFA * get_lex_mfa()
Definition: sql_mfa.cc:1232
void set_factor(nthfactor f)
Definition: sql_mfa.cc:1251
void get_generated_passwords(Userhostpassword_list &gp, const char *u, const char *h) override
This method will return randomly generated passwords as part of IDENTIFIED BY RANDOM PASSWORD clause,...
Definition: sql_mfa.cc:1099
Definition: sql_mfa.h:119
bool validate_against_authentication_policy(THD *thd, const authentication_policy::Factors &policy_factors) override
This method checks the modified Multi factor authentication interface methods based on ALTER USER sql...
Definition: sql_mfa.cc:318
void get_server_challenge_info(server_challenge_info_vector &sc) override
Interface method to fill in generated server challenge from init registration step.
Definition: sql_mfa.cc:529
void alter_mfa(I_multi_factor_auth *) override
This method modifies the Multi factor authentication interface based on ALTER USER sql.
Definition: sql_mfa.cc:206
void add_factor(I_multi_factor_auth *m) override
Definition: sql_mfa.cc:1142
bool update_user_attributes() override
Interface method to update user_attributes.
Definition: sql_mfa.cc:400
bool validate_plugins_in_auth_chain(THD *thd, const authentication_policy::Factors &policy_factors) override
Interface method to validate the auth plugin chain before updating the user_attributes in mysql....
Definition: sql_mfa.cc:385
Multi_factor_auth_list(MEM_ROOT *)
Definition: sql_mfa.cc:46
void get_info_for_query_rewrite(THD *, LEX_USER *) override
Interface method to fill in Multi factor authentication method details during query rewrite.
Definition: sql_mfa.cc:498
bool deserialize(uint f, Json_dom *mfa_dom) override
Interface method to convert a valid JSON object into this interface.
Definition: sql_mfa.cc:435
bool is_alter_allowed(THD *, LEX_USER *) override
This method checks MFA methods present in ACL_USER against new factor specified as part of ALTER USER...
Definition: sql_mfa.cc:63
bool serialize(Json_array &mfa_arr) override
Interface method to convert this interface into a valid JSON object.
Definition: sql_mfa.cc:418
bool is_passwordless() override
Interface method to check if registration step in for passwordless authentication method.
Definition: sql_mfa.cc:483
my_vector< I_multi_factor_auth * > m_factor
Definition: sql_mfa.h:122
void sort_mfa()
Helper method to sort nth factor methods in multi-factor authentication interface such that 2nd facto...
Definition: sql_mfa.cc:363
my_vector< I_multi_factor_auth * > & get_mfa_list()
Definition: sql_mfa.cc:536
bool init_registration(THD *, uint) override
Interface method to initiate registration.
Definition: sql_mfa.cc:450
void get_generated_passwords(Userhostpassword_list &gp, const char *u, const char *h) override
Interface method to fill in generated passwords from Multi factor authentication methods.
Definition: sql_mfa.cc:514
size_t get_mfa_list_size()
Definition: sql_mfa.cc:540
bool finish_registration(THD *, LEX_USER *, uint) override
Interface method to finish registration step.
Definition: sql_mfa.cc:468
~Multi_factor_auth_list() override
Definition: sql_mfa.cc:49
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_lexer_thd.h:36
Definition: user_table.h:47
static MEM_ROOT mem_root
Definition: client_plugin.cc:114
enum_sql_command
Definition: my_sqlcommand.h:46
std::vector< Factor > Factors
Type of container with authentication policy factors.
Definition: authentication_policy.h:135
std::vector< std::pair< std::string, std::string > > server_challenge_info_vector
Definition: sql_mfa.h:42
std::vector< T, Mem_root_allocator< T > > my_vector
Definition: sql_mfa.h:117
nthfactor
Definition: sql_mfa.h:36
The MEM_ROOT is a simple arena, where allocations are carved out of larger blocks.
Definition: my_alloc.h:83
Definition: mysql_lex_string.h:40