MySQL 8.4.3
Source Code Documentation
|
#include <string.h>
#include <sys/types.h>
#include <algorithm>
#include <iomanip>
#include <iostream>
#include <string>
#include <unordered_map>
#include <utility>
#include "crypt_genhash_impl.h"
#include "lex_string.h"
#include "m_string.h"
#include "my_compiler.h"
#include "my_dbug.h"
#include "my_inttypes.h"
#include "my_macros.h"
#include "mysql/components/my_service.h"
#include "mysql/components/services/bits/psi_bits.h"
#include "mysql/components/services/bits/psi_rwlock_bits.h"
#include "mysql/components/services/log_builtins.h"
#include "mysql/mysql_lex_string.h"
#include "mysql/plugin.h"
#include "mysql/plugin_audit.h"
#include "mysql/plugin_auth.h"
#include "mysql/plugin_auth_common.h"
#include "mysql/psi/mysql_rwlock.h"
#include "mysql/service_my_plugin_log.h"
#include "mysql/service_mysql_password_policy.h"
#include "mysql_com.h"
#include "mysqld_error.h"
#include "rwlock_scoped_lock.h"
#include "sql/auth/auth_common.h"
#include "sql/auth/i_sha2_password.h"
#include "sql/auth/i_sha2_password_common.h"
#include "sql/auth/sql_auth_cache.h"
#include "sql/auth/sql_authentication.h"
#include "sql/debug_sync.h"
#include "sql/protocol_classic.h"
#include "sql/sql_class.h"
#include "sql/sql_const.h"
#include "violite.h"
#include <openssl/ssl.h>
Classes | |
struct | caching_sha2_auth_handler |
st_mysql_auth for caching_sha2_password plugin More... | |
Namespaces | |
namespace | sha2_password |
Macros | |
#define | LOG_COMPONENT_TAG "caching_sha2_password" |
Functions | |
static int | my_vio_is_secure (MYSQL_PLUGIN_VIO *vio) |
Interface for querying the MYSQL_PUBLIC_VIO about encryption state. More... | |
static void | auth_save_scramble (MYSQL_PLUGIN_VIO *vio, const char *scramble) |
Save the scramble in mpvio for future re-use. More... | |
static void | make_hash_key (const char *username, const char *hostname, std::string &key) |
Make hash key. More... | |
static int | caching_sha2_password_authenticate (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) |
Authentication routine for caching_sha2_password. More... | |
static int | caching_sha2_password_generate (char *outbuf, unsigned int *buflen, const char *inbuf, unsigned int inbuflen) |
Generate hash for caching_sha2_password plugin. More... | |
static int | caching_sha2_password_validate (char *const inbuf, unsigned int buflen) |
Validate a hash against caching_sha2_password plugin's hash format. More... | |
static int | caching_sha2_password_salt (const char *password, unsigned int password_len, unsigned char *salt, unsigned char *salt_len) |
NoOp - Salt generation for cachhing_sha2_password plugin. More... | |
static int | caching_sha2_authentication_init (MYSQL_PLUGIN plugin_ref) |
static int | caching_sha2_authentication_deinit (void *arg) |
Deinitialize caching_sha2_password plugin. More... | |
static int | compare_caching_sha2_password_with_hash (const char *hash, unsigned long hash_length, const char *cleartext, unsigned long cleartext_length, int *is_error) |
Compare a clear text password with a stored hash. More... | |
static int | show_caching_sha2_password_rsa_public_key (MYSQL_THD thd, SHOW_VAR *var, char *buff) |
Function to display value for status variable : Caching_sha2_password_rsa_public_key. More... | |
static | MYSQL_SYSVAR_STR (private_key_path, caching_sha2_rsa_private_key_path, PLUGIN_VAR_READONLY|PLUGIN_VAR_NOPERSIST, "A fully qualified path to the private RSA key used for authentication.", nullptr, nullptr, AUTH_DEFAULT_RSA_PRIVATE_KEY) |
static | MYSQL_SYSVAR_STR (public_key_path, caching_sha2_rsa_public_key_path, PLUGIN_VAR_READONLY|PLUGIN_VAR_NOPERSIST, "A fully qualified path to the public RSA key used for authentication.", nullptr, nullptr, AUTH_DEFAULT_RSA_PUBLIC_KEY) |
static | MYSQL_SYSVAR_BOOL (auto_generate_rsa_keys, caching_sha2_auto_generate_rsa_keys, PLUGIN_VAR_READONLY|PLUGIN_VAR_OPCMDARG|PLUGIN_VAR_NOPERSIST, "Auto generate RSA keys at server startup if corresponding " "system variables are not specified and key files are not present " "at the default location.", nullptr, nullptr, true) |
static | MYSQL_SYSVAR_INT (digest_rounds, caching_sha2_digest_rounds, PLUGIN_VAR_READONLY, "Number of SHA2 rounds to be done when storing a password hash onto disk.", nullptr, nullptr, sha2_password::DEFAULT_STORED_DIGEST_ROUNDS, sha2_password::MIN_STORED_DIGEST_ROUNDS, sha2_password::MAX_STORED_DIGEST_ROUNDS, 1) |
static int | sha2_cache_cleaner_notify (MYSQL_THD, mysql_event_class_t event_class, const void *event) |
Handle an authentication audit event. More... | |
static int | caching_sha2_cache_cleaner_init (MYSQL_PLUGIN plugin_info) |
Init function for sha2_cache_cleaner. More... | |
static int | caching_sha2_cache_cleaner_deinit (void *arg) |
Deinit function for sha2_cache_cleaner. More... | |
mysql_declare_plugin (caching_sha2_password) | |
#define LOG_COMPONENT_TAG "caching_sha2_password" |
|
inlinestatic |
Save the scramble in mpvio for future re-use.
It is useful when we need to pass the scramble to another plugin. Especially in case when old 5.1 client with no CLIENT_PLUGIN_AUTH capability tries to connect to server with default 1FA set to caching_sha2_password
vio | Virtual Input-Output interface |
scramble | Scramble to be saved |
|
static |
Deinitialize caching_sha2_password plugin.
[in] | arg | Unused |
|
static |
|
static |
Deinit function for sha2_cache_cleaner.
|
static |
Init function for sha2_cache_cleaner.
|
static |
Authentication routine for caching_sha2_password.
[in] | vio | Virtual I/O interface |
[in] | info | Connection information |
Refer to Caching_sha2_password information for server-client communication in various cases
CR_OK | Successful authentication |
CR_ERROR | Authentication failure |
|
static |
Generate hash for caching_sha2_password plugin.
[out] | outbuf | Hash output buffer |
[out] | buflen | Length of hash in output buffer |
[in] | inbuf | Plaintext password |
[in] | inbuflen | Input password length |
0 | Successful hash generation |
1 | Error generating hash. Don't reply on outbuf/buflen |
|
static |
NoOp - Salt generation for cachhing_sha2_password plugin.
[in] | password | Unused |
[in] | password_len | Unused |
[out] | salt | Unused |
[out] | salt_len | Length of the salt buffer |
|
static |
Validate a hash against caching_sha2_password plugin's hash format.
[in] | inbuf | Hash to be validated |
[in] | buflen | Length of the hash |
0 | Hash is according to caching_sha2_password's expected format |
1 | Hash does not match caching_sha2_password's requirement |
|
static |
Compare a clear text password with a stored hash.
Check if stored hash is produced using a clear text password. To do that, first extra scrmable from the hash. Then calculate a new hash using extracted scramble and the supplied password. And finally compare the two hashes.
0 | the hash was created with that password |
non-zero | the hash was created with a different password |
|
static |
Make hash key.
[in] | username | User part of the key |
[in] | hostname | Host part of the key |
[out] | key | Generated hash key |
|
static |
Interface for querying the MYSQL_PUBLIC_VIO about encryption state.
mysql_declare_plugin | ( | caching_sha2_password | ) |
|
static |
|
static |
|
static |
|
static |
|
static |
Handle an authentication audit event.
[in] | event_class | Event class information |
[in] | event | Event structure |
|
static |
Function to display value for status variable : Caching_sha2_password_rsa_public_key.
[in] | thd | MYSQL_THD handle. Unused. |
[out] | var | Status variable structure |
[in] | buff | Value buffer |
|
static |
caching_sha2_password plugin handle - Mostly used for logging
bool caching_sha2_auto_generate_rsa_keys = true |
int caching_sha2_digest_rounds = 0 |
|
static |
Array of status variables.
Used in plugin declaration.
|
static |
Array of system variables.
Used in plugin declaration.
char* caching_sha2_rsa_private_key_path |
char* caching_sha2_rsa_public_key_path |
|
static |
sha2_password::Caching_sha2_password* g_caching_sha2_password = nullptr |
Caching_sha2_password handle.
Rsa_authentication_keys* g_caching_sha2_rsa_keys = nullptr |
const int MAX_CIPHER_LENGTH = 1024 |
Length of encrypted packet.
|
static |
|
static |
struct st_mysql_audit sha2_cache_cleaner |
st_mysql_audit for sha2_cache_cleaner plugin