 |
MySQL 9.7.0
Source Code Documentation
|
|
MySQL 9.7.0
Source Code Documentation
|
Class to handle caching_sha2_authentication Provides methods for: More...
#include <i_sha2_password.h>
Public Member Functions | |
| Caching_sha2_password (MYSQL_PLUGIN plugin_handle, size_t stored_digest_rounds, Stored_digest_info digest_type=Stored_digest_info::CRYPT5, unsigned int fast_digest_rounds=DEFAULT_FAST_DIGEST_ROUNDS, bool enforce_storage_format=false) | |
| Caching_sha2_password constructor - Initializes rw lock. More... | |
| ~Caching_sha2_password () | |
| Caching_sha2_password destructor - destroy rw lock. More... | |
| std::pair< bool, bool > | authenticate (const std::string &authorization_id, const std::string_view *serialized_string, const std::string &plaintext_password, bool &set_password_expired_flag) |
| Perform slow authentication. More... | |
| std::pair< bool, bool > | fast_authenticate (const std::string &authorization_id, const unsigned char *random, unsigned int random_length, const unsigned char *scramble, bool check_second) |
| Perform fast authentication. More... | |
| void | remove_cached_entry (const std::string &authorization_id) |
| Remove an entry from the cache. More... | |
| bool | deserialize (const std::string_view &serialized_string, Stored_digest_info &digest_type, std::string &salt, std::string &digest, size_t &iterations) |
| Deserialize obtained hash and retrieve various parts. More... | |
| bool | serialize (std::string &serialized_string, const Stored_digest_info &digest_type, const std::string &salt, const std::string &digest, size_t iterations) |
| Serialize following: a. More... | |
| bool | generate_fast_digest (const std::string &plaintext_password, sha2_cache_entry &digest, unsigned int loc) |
| Generate digest based on get_fast_digest_rounds() More... | |
| std::pair< bool, bool > | compare_against_stored (const std::string &src, const std::string_view &stored, const std::optional< std::string > &authorization_id, Stored_digest_info &digest_type) |
| bool | generate_stored_digest (const std::string &src, std::string &serialized_string) |
| size_t | get_cache_count () |
| Get cache count. More... | |
| void | clear_cache () |
| Clear the password cache. More... | |
| bool | validate_hash (const std::string &serialized_string) |
| Validate a hash format. More... | |
| Stored_digest_info | get_stored_digest_type () const |
| void | set_stored_digest_type (Stored_digest_info digest_type) |
| size_t | get_stored_digest_rounds () |
| void | set_stored_digest_rounds (size_t stored_digest_rounds) |
| bool | get_enforce_storage_format () |
| void | set_enforce_storage_format (bool value) |
| unsigned int | get_fast_digest_rounds () |
Protected Member Functions | |
| bool | generate_crypt5 (const std::string &source, const std::string &salt, std::string &digest, unsigned int iterations) |
| Generate multi-round sha2 hash using source and random string. More... | |
| bool | generate_pbkdf2 (const std::string &source, const std::string &salt, std::string &digest, unsigned int iterations) |
| Transform given password into PKBDF2 digest. More... | |
Private Attributes | |
| MYSQL_PLUGIN | m_plugin_info |
| Plugin handle. More... | |
| std::atomic< size_t > | m_stored_digest_rounds |
| Number of rounds for stored digest. More... | |
| std::atomic< Stored_digest_info > | m_stored_digest_type |
| Stored digest type. More... | |
| std::atomic_uint | m_fast_digest_rounds |
| Number of rounds for fast digest. More... | |
| mysql_rwlock_t | m_cache_lock |
Lock to protect m_cache. More... | |
| SHA2_password_cache | m_cache |
| user=>password cache More... | |
| std::atomic_bool | m_enforce_storage_format |
Friends | |
| class | sha2_password_unittest::SHA256_digestTest |
Class to handle caching_sha2_authentication Provides methods for:
| sha2_password::Caching_sha2_password::Caching_sha2_password | ( | MYSQL_PLUGIN | plugin_handle, |
| size_t | stored_digest_rounds, | ||
| Stored_digest_info | digest_type = Stored_digest_info::CRYPT5, |
||
| unsigned int | fast_digest_rounds = DEFAULT_FAST_DIGEST_ROUNDS, |
||
| bool | enforce_storage_format = false |
||
| ) |
Caching_sha2_password constructor - Initializes rw lock.
| [in] | plugin_handle | MYSQL_PLUGIN reference |
| [in] | stored_digest_rounds | Number of rounds for stored digest generation |
| [in] | digest_type | SHA2 type to be used |
| [in] | fast_digest_rounds | Number of rounds for fast digest generation |
| [in] | enforce_storage_format | Whether storage format is strictly enforced or not |
| sha2_password::Caching_sha2_password::~Caching_sha2_password | ( | ) |
Caching_sha2_password destructor - destroy rw lock.
| std::pair< bool, bool > sha2_password::Caching_sha2_password::authenticate | ( | const std::string & | authorization_id, |
| const std::string_view * | serialized_string, | ||
| const std::string & | plaintext_password, | ||
| bool & | set_password_expired_flag | ||
| ) |
Perform slow authentication.
In case of successful authentication, update password cache.
| [in] | authorization_id | User information |
| [in] | serialized_string | Information retrieved from mysql.authentication_string column |
| [in] | plaintext_password | Password as received from client |
| [out] | set_password_expired_flag | Whether to suggest server to set password expired flag |
| void sha2_password::Caching_sha2_password::clear_cache | ( | ) |
Clear the password cache.
| std::pair< bool, bool > sha2_password::Caching_sha2_password::compare_against_stored | ( | const std::string & | src, |
| const std::string_view & | stored, | ||
| const std::optional< std::string > & | authorization_id, | ||
| Stored_digest_info & | digest_type | ||
| ) |
| bool sha2_password::Caching_sha2_password::deserialize | ( | const std::string_view & | serialized_string, |
| Stored_digest_info & | digest_type, | ||
| std::string & | salt, | ||
| std::string & | digest, | ||
| size_t & | iterations | ||
| ) |
Deserialize obtained hash and retrieve various parts.
From stored string, following parts are retrieved: Digest type Salt Iteration count hash
Expected format DELIMITER[digest_type]DELIMITER[iterations]DELIMITER[salt][digest]
digest_type: A => SHA256
iterations: 005 => 5*ITERATION_MULTIPLIER
salt: Random string. Length SALT_LENGTH
digest: SHA2 digest. Length STORED_SHA256_DIGEST_LENGTH
| [in] | serialized_string | serialized string |
| [out] | digest_type | Digest algorithm |
| [out] | salt | Random string used for hashing |
| [out] | digest | Digest stored |
| [out] | iterations | Number of hash iterations |
| false. | Success. out variables updated. |
| true. | Failure. out variables should not be used. |
| std::pair< bool, bool > sha2_password::Caching_sha2_password::fast_authenticate | ( | const std::string & | authorization_id, |
| const unsigned char * | random, | ||
| unsigned int | random_length, | ||
| const unsigned char * | scramble, | ||
| bool | check_second | ||
| ) |
Perform fast authentication.
| [in] | authorization_id | User information |
| [in] | random | Per session random number |
| [in] | random_length | Length of the random number |
| [in] | scramble | Scramble received from the client |
| [in] | check_second | Check secondary credentials |
|
protected |
Generate multi-round sha2 hash using source and random string.
This is a wrapper around my_crypt_genhash
| [in] | source | Source text |
| [in] | salt | Random text |
| [out] | digest | Generated sha2 digest |
| [in] | iterations | Number of hash iterations |
| false | Success |
| true | Error |
| bool sha2_password::Caching_sha2_password::generate_fast_digest | ( | const std::string & | plaintext_password, |
| sha2_cache_entry & | digest, | ||
| unsigned int | pos | ||
| ) |
Generate digest based on get_fast_digest_rounds()
| [out] | digest | Digest output buffer |
| [in] | plaintext_password | Source text |
| [in] | pos | Position of the digest |
| false | Success. |
| true | Error. Don't rely on digest. |
|
protected |
Transform given password into PKBDF2 digest.
| [in] | source | Source text |
| [in] | salt | Random text |
| [out] | digest | Generated PBKDF2 digest |
| [in] | iterations | Number of iterations |
| false | Success |
| true | Error |
| bool sha2_password::Caching_sha2_password::generate_stored_digest | ( | const std::string & | src, |
| std::string & | serialized_string | ||
| ) |
| size_t sha2_password::Caching_sha2_password::get_cache_count | ( | ) |
Get cache count.
|
inline |
|
inline |
|
inline |
|
inline |
| void sha2_password::Caching_sha2_password::remove_cached_entry | ( | const std::string & | authorization_id | ) |
Remove an entry from the cache.
This can happen due to one of the following: a. DROP USER b. RENAME USER
| [in] | authorization_id | User name |
| bool sha2_password::Caching_sha2_password::serialize | ( | std::string & | serialized_string, |
| const Stored_digest_info & | digest_type, | ||
| const std::string & | salt, | ||
| const std::string & | digest, | ||
| size_t | iterations | ||
| ) |
Serialize following: a.
Digest type b. Iteration count c. Salt d. Hash Expected output format: DELIMITER[digest_type]DELIMITER[iterations]DELIMITER[salt][digest]
digest_type: A => CRYPT5 B => PBKDF2
iterations: 3 digit hex * 1000 E.g. For 5000 => 005
salt: Random string. Length CRYPT_SALT_LENGTH
digest: SHA2 digest. Length STORED_SHA256_DIGEST_LENGTH
| [out] | serialized_string | String to be stored |
| [in] | digest_type | Digest algorithm |
| [in] | salt | Random string used for hashing |
| [in] | digest | Generated Digest |
| [in] | iterations | Number of hash iterations |
|
inline |
|
inline |
|
inline |
| bool sha2_password::Caching_sha2_password::validate_hash | ( | const std::string & | serialized_string | ) |
Validate a hash format.
| [in] | serialized_string | Supplied hash |
| false | Valid hash |
| true | Invalid hash |
|
friend |
|
private |
user=>password cache
|
private |
Lock to protect m_cache.
|
private |
|
private |
Number of rounds for fast digest.
|
private |
Plugin handle.
|
private |
Number of rounds for stored digest.
|
private |
Stored digest type.
1.9.2