MySQL 8.4.3
Source Code Documentation
mysql_native_authentication_client.cc File Reference
#include "mysql_native_authentication_client.h"
#include "client_async_authentication.h"
#include "crypt_genhash_impl.h"
#include "my_compiler.h"
#include "my_config.h"
#include "my_dbug.h"
#include "my_inttypes.h"
#include "mysql.h"
#include "mysql/plugin_auth_common.h"
#include "sha1.h"
#include "sql_common.h"

Macros

#define PVERSION41_CHAR   '*'
 

Functions

static uint8 char_val (uint8 X)
 
static void hex2octet (uint8 *to, const char *str, uint len)
 
static void my_crypt (char *to, const uchar *s1, const uchar *s2, uint len)
 
static void compute_two_stage_sha1_hash (const char *password, size_t pass_len, uint8 *hash_stage1, uint8 *hash_stage2)
 Compute two stage SHA1 hash of the password : More...
 
void my_make_scrambled_password_sha1 (char *to, const char *password, size_t pass_len)
 
void make_scrambled_password (char *to, const char *password)
 
void scramble (char *to, const char *message, const char *password)
 Produce an obscure octet sequence from password and random string, received from the server. More...
 
static bool check_scramble_sha1 (const uchar *scramble_arg, const char *message, const uint8 *hash_stage2)
 Check that scrambled message corresponds to the password. More...
 
bool check_scramble (const uchar *scramble_arg, const char *message, const uint8 *hash_stage2)
 
void get_salt_from_password (uint8 *hash_stage2, const char *password)
 
void make_password_from_salt (char *to, const uint8 *hash_stage2)
 Convert scrambled password from binary form to asciiz hex string. More...
 
static int native_password_auth_client (MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
 Client authentication plugin that does native MySQL authentication using a 20-byte (4.1+) scramble. More...
 
static net_async_status native_password_auth_client_nonblocking (MYSQL_PLUGIN_VIO *vio, MYSQL *mysql, int *result)
 Client authentication plugin that does native MySQL authentication in a nonblocking way. More...
 

Variables

auth_plugin_t native_password_client_plugin
 

Macro Definition Documentation

◆ PVERSION41_CHAR

#define PVERSION41_CHAR   '*'

Function Documentation

◆ char_val()

static uint8 char_val ( uint8  X)
inlinestatic

◆ check_scramble()

bool check_scramble ( const uchar scramble_arg,
const char *  message,
const uint8 hash_stage2 
)

◆ check_scramble_sha1()

static bool check_scramble_sha1 ( const uchar scramble_arg,
const char *  message,
const uint8 hash_stage2 
)
static

Check that scrambled message corresponds to the password.

The function is used by server to check that received reply is authentic. This function does not check lengths of given strings: message must be null-terminated, reply and hash_stage2 must be at least SHA1_HASH_SIZE long (if not, something fishy is going on).

Parameters
scramble_argclients' reply, presumably produced by scramble()
messageoriginal random string, previously sent to client (presumably second argument of scramble()), must be exactly SCRAMBLE_LENGTH long and NULL-terminated.
hash_stage2hex2octet-decoded database entry
Return values
falsepassword is correct Wretval true password is invalid

◆ compute_two_stage_sha1_hash()

static void compute_two_stage_sha1_hash ( const char *  password,
size_t  pass_len,
uint8 hash_stage1,
uint8 hash_stage2 
)
inlinestatic

Compute two stage SHA1 hash of the password :

hash_stage1=sha1("password") hash_stage2=sha1(hash_stage1)

Parameters
[in]passwordPassword string.
[in]pass_lenLength of the password.
[out]hash_stage1sha1(password)
[out]hash_stage2sha1(hash_stage1)

◆ get_salt_from_password()

void get_salt_from_password ( uint8 hash_stage2,
const char *  password 
)

◆ hex2octet()

static void hex2octet ( uint8 to,
const char *  str,
uint  len 
)
static

◆ make_password_from_salt()

void make_password_from_salt ( char *  to,
const uint8 hash_stage2 
)

Convert scrambled password from binary form to asciiz hex string.

Parameters
[out]tostore resulting string here, 2*SHA1_HASH_SIZE+2 bytes
hash_stage2password in salt format

◆ make_scrambled_password()

void make_scrambled_password ( char *  to,
const char *  password 
)

◆ my_crypt()

static void my_crypt ( char *  to,
const uchar s1,
const uchar s2,
uint  len 
)
static

◆ my_make_scrambled_password_sha1()

void my_make_scrambled_password_sha1 ( char *  to,
const char *  password,
size_t  pass_len 
)

◆ native_password_auth_client()

static int native_password_auth_client ( MYSQL_PLUGIN_VIO vio,
MYSQL mysql 
)
static

Client authentication plugin that does native MySQL authentication using a 20-byte (4.1+) scramble.

Parameters
viothe channel to operate on
mysqlthe MYSQL structure to operate on
Return values
-1CR_OK : Success
1CR_ERROR : error reading
2012CR_SERVER_HANDSHAKE_ERR : malformed handshake data

◆ native_password_auth_client_nonblocking()

static net_async_status native_password_auth_client_nonblocking ( MYSQL_PLUGIN_VIO vio,
MYSQL mysql,
int *  result 
)
static

Client authentication plugin that does native MySQL authentication in a nonblocking way.

Parameters
[in]viothe channel to operate on
[in]mysqlthe MYSQL structure to operate on
[out]resultCR_OK : Success, CR_ERROR : error reading, CR_SERVER_HANDSHAKE_ERR : malformed handshake data
Return values
NET_ASYNC_NOT_READYauthentication not yet complete
NET_ASYNC_COMPLETEauthentication done

◆ scramble()

void scramble ( char *  to,
const char *  message,
const char *  password 
)

Produce an obscure octet sequence from password and random string, received from the server.

This sequence corresponds to the password, but password can not be easily restored from it. The sequence is then sent to the server for validation. Trailing zero is not stored in the buf as it is not needed. This function is used by client to create authenticated reply to the server's greeting.

Parameters
[out]tostore scrambled string here. The buf must be at least SHA1_HASH_SIZE bytes long.
messagerandom message, must be exactly SCRAMBLE_LENGTH long and NULL-terminated.
passwordusers' password, NULL-terminated

Variable Documentation

◆ native_password_client_plugin

auth_plugin_t native_password_client_plugin
Initial value:
= {
"mysql_native_password",
"Native MySQL authentication",
{1, 0, 0},
"GPL",
nullptr,
nullptr,
nullptr,
nullptr,
nullptr,
#define MYSQL_CLIENT_AUTHENTICATION_PLUGIN_INTERFACE_VERSION
Definition: client_plugin.h:84
#define MYSQL_CLIENT_PLUGIN_AUTHOR_ORACLE
Definition: client_plugin.h:90
#define MYSQL_CLIENT_AUTHENTICATION_PLUGIN
Definition: client_plugin.h:80
static int native_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
Client authentication plugin that does native MySQL authentication using a 20-byte (4....
Definition: mysql_native_authentication_client.cc:304
static net_async_status native_password_auth_client_nonblocking(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql, int *result)
Client authentication plugin that does native MySQL authentication in a nonblocking way.
Definition: mysql_native_authentication_client.cc:346