MySQL 9.0.0
Source Code Documentation
plugin_auth.h File Reference

Authentication Plugin API. More...

#include <mysql/plugin.h>
#include "plugin_auth_common.h"

Go to the source code of this file.

Classes

struct  auth_factor_desc
 
struct  MYSQL_SERVER_AUTH_INFO
 Provides server plugin access to authentication information. More...
 
struct  st_mysql_auth
 Server authentication plugin descriptor. More...
 

Macros

#define MYSQL_PLUGIN_AUTH_INCLUDED
 
#define MYSQL_AUTHENTICATION_INTERFACE_VERSION   0x0201
 
#define PASSWORD_USED_NO   0
 
#define PASSWORD_USED_YES   1
 
#define PASSWORD_USED_NO_MENTION   2
 
#define AUTH_FLAG_PRIVILEGED_USER_FOR_PASSWORD_CHANGE   (1L << 0)
 
#define AUTH_FLAG_USES_INTERNAL_STORAGE   (1L << 1)
 
#define AUTH_FLAG_REQUIRES_REGISTRATION   (1L << 2)
 

Typedefs

typedef int(* authenticate_user_t) (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
 Function provided by the plugin which should perform authentication (using the vio functions if necessary) and return 0 if successful. More...
 
typedef int(* generate_authentication_string_t) (char *outbuf, unsigned int *outbuflen, const char *inbuf, unsigned int inbuflen)
 New plugin API to generate password digest out of authentication string. More...
 
typedef int(* validate_authentication_string_t) (char *const inbuf, unsigned int buflen)
 Plugin API to validate password digest. More...
 
typedef int(* set_salt_t) (const char *password, unsigned int password_len, unsigned char *salt, unsigned char *salt_len)
 Plugin API to convert scrambled password to binary form based on scramble type. More...
 
typedef int(* compare_password_with_hash_t) (const char *hash, unsigned long hash_length, const char *cleartext, unsigned long cleartext_length, int *is_error)
 Plugin API to compare a clear text password with a stored hash. More...
 

Detailed Description

Authentication Plugin API.

This file defines the API for server authentication plugins.

Macro Definition Documentation

◆ AUTH_FLAG_PRIVILEGED_USER_FOR_PASSWORD_CHANGE

#define AUTH_FLAG_PRIVILEGED_USER_FOR_PASSWORD_CHANGE   (1L << 0)

◆ AUTH_FLAG_REQUIRES_REGISTRATION

#define AUTH_FLAG_REQUIRES_REGISTRATION   (1L << 2)

◆ AUTH_FLAG_USES_INTERNAL_STORAGE

#define AUTH_FLAG_USES_INTERNAL_STORAGE   (1L << 1)

◆ MYSQL_AUTHENTICATION_INTERFACE_VERSION

#define MYSQL_AUTHENTICATION_INTERFACE_VERSION   0x0201

◆ MYSQL_PLUGIN_AUTH_INCLUDED

#define MYSQL_PLUGIN_AUTH_INCLUDED

◆ PASSWORD_USED_NO

#define PASSWORD_USED_NO   0

◆ PASSWORD_USED_NO_MENTION

#define PASSWORD_USED_NO_MENTION   2

◆ PASSWORD_USED_YES

#define PASSWORD_USED_YES   1

Typedef Documentation

◆ authenticate_user_t

typedef int(* authenticate_user_t) (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)

Function provided by the plugin which should perform authentication (using the vio functions if necessary) and return 0 if successful.

The plugin can also fill the info.authenticated_as field if a different username should be used for authorization.

◆ compare_password_with_hash_t

typedef int(* compare_password_with_hash_t) (const char *hash, unsigned long hash_length, const char *cleartext, unsigned long cleartext_length, int *is_error)

Plugin API to compare a clear text password with a stored hash.

  • hash pointer to the hashed data
  • hash_length length of the hashed data
  • cleartext pointer to the clear text password
  • cleartext_length length of the cleat text password
  • [out] is_error non-zero in case of error extracting the salt
    Return values
    0the hash was created with that password
    non-zerothe hash was created with a different password

◆ generate_authentication_string_t

typedef int(* generate_authentication_string_t) (char *outbuf, unsigned int *outbuflen, const char *inbuf, unsigned int inbuflen)

New plugin API to generate password digest out of authentication string.

This function will first invoke a service to check for validity of the password based on the policies defined and then generate encrypted hash

Parameters
[out]outbufA buffer provided by server which will hold the authentication string generated by plugin.
[in,out]outbuflenLength of server provided buffer as IN param and length of plugin generated string as OUT param.
[in]inbufauth string provided by user.
[in]inbuflenauth string length.
Return values
0OK
1ERROR

◆ set_salt_t

typedef int(* set_salt_t) (const char *password, unsigned int password_len, unsigned char *salt, unsigned char *salt_len)

Plugin API to convert scrambled password to binary form based on scramble type.

Parameters
[in]passwordThe password hash containing the salt.
[in]password_lenThe length of the password hash.
[in,out]saltUsed as password hash based on the authentication plugin.
[in,out]salt_lenThe length of salt.
Return values
0OK
1ERROR

◆ validate_authentication_string_t

typedef int(* validate_authentication_string_t) (char *const inbuf, unsigned int buflen)

Plugin API to validate password digest.

Parameters
[in]inbufhash string to be validated.
[in]buflenhash string length.
Return values
0OK
1ERROR