 |
MySQL 9.0.0
Source Code Documentation
|
|
MySQL 9.0.0
Source Code Documentation
|
#include <string.h>#include <sys/types.h>#include <algorithm>#include <iomanip>#include <iostream>#include <string>#include <unordered_map>#include <utility>#include "crypt_genhash_impl.h"#include "lex_string.h"#include "m_string.h"#include "my_compiler.h"#include "my_dbug.h"#include "my_inttypes.h"#include "my_macros.h"#include "mysql/components/my_service.h"#include "mysql/components/services/bits/psi_bits.h"#include "mysql/components/services/bits/psi_rwlock_bits.h"#include "mysql/components/services/log_builtins.h"#include "mysql/mysql_lex_string.h"#include "mysql/plugin.h"#include "mysql/plugin_audit.h"#include "mysql/plugin_auth.h"#include "mysql/plugin_auth_common.h"#include "mysql/psi/mysql_rwlock.h"#include "mysql/service_my_plugin_log.h"#include "mysql/service_mysql_password_policy.h"#include "mysql_com.h"#include "mysqld_error.h"#include "rwlock_scoped_lock.h"#include "sql/auth/auth_common.h"#include "sql/auth/i_sha2_password.h"#include "sql/auth/i_sha2_password_common.h"#include "sql/auth/sql_auth_cache.h"#include "sql/auth/sql_authentication.h"#include "sql/debug_sync.h"#include "sql/protocol_classic.h"#include "sql/sql_class.h"#include "sql/sql_const.h"#include "violite.h"#include <openssl/ssl.h>Classes | |
| struct | caching_sha2_auth_handler |
| st_mysql_auth for caching_sha2_password plugin More... | |
Namespaces | |
| namespace | sha2_password |
Macros | |
| #define | LOG_COMPONENT_TAG "caching_sha2_password" |
Functions | |
| static int | my_vio_is_secure (MYSQL_PLUGIN_VIO *vio) |
| Interface for querying the MYSQL_PUBLIC_VIO about encryption state. More... | |
| static void | auth_save_scramble (MYSQL_PLUGIN_VIO *vio, const char *scramble) |
| Save the scramble in mpvio for future re-use. More... | |
| static void | make_hash_key (const char *username, const char *hostname, std::string &key) |
| Make hash key. More... | |
| static int | caching_sha2_password_authenticate (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) |
| Authentication routine for caching_sha2_password. More... | |
| static int | caching_sha2_password_generate (char *outbuf, unsigned int *buflen, const char *inbuf, unsigned int inbuflen) |
| Generate hash for caching_sha2_password plugin. More... | |
| static int | caching_sha2_password_validate (char *const inbuf, unsigned int buflen) |
| Validate a hash against caching_sha2_password plugin's hash format. More... | |
| static int | caching_sha2_password_salt (const char *password, unsigned int password_len, unsigned char *salt, unsigned char *salt_len) |
| NoOp - Salt generation for cachhing_sha2_password plugin. More... | |
| static int | caching_sha2_authentication_init (MYSQL_PLUGIN plugin_ref) |
| static int | caching_sha2_authentication_deinit (void *arg) |
| Deinitialize caching_sha2_password plugin. More... | |
| static int | compare_caching_sha2_password_with_hash (const char *hash, unsigned long hash_length, const char *cleartext, unsigned long cleartext_length, int *is_error) |
| Compare a clear text password with a stored hash. More... | |
| static int | show_caching_sha2_password_rsa_public_key (MYSQL_THD thd, SHOW_VAR *var, char *buff) |
| Function to display value for status variable : Caching_sha2_password_rsa_public_key. More... | |
| static | MYSQL_SYSVAR_STR (private_key_path, caching_sha2_rsa_private_key_path, PLUGIN_VAR_READONLY|PLUGIN_VAR_NOPERSIST, "A fully qualified path to the private RSA key used for authentication.", nullptr, nullptr, AUTH_DEFAULT_RSA_PRIVATE_KEY) |
| static | MYSQL_SYSVAR_STR (public_key_path, caching_sha2_rsa_public_key_path, PLUGIN_VAR_READONLY|PLUGIN_VAR_NOPERSIST, "A fully qualified path to the public RSA key used for authentication.", nullptr, nullptr, AUTH_DEFAULT_RSA_PUBLIC_KEY) |
| static | MYSQL_SYSVAR_BOOL (auto_generate_rsa_keys, caching_sha2_auto_generate_rsa_keys, PLUGIN_VAR_READONLY|PLUGIN_VAR_OPCMDARG|PLUGIN_VAR_NOPERSIST, "Auto generate RSA keys at server startup if corresponding " "system variables are not specified and key files are not present " "at the default location.", nullptr, nullptr, true) |
| static | MYSQL_SYSVAR_INT (digest_rounds, caching_sha2_digest_rounds, PLUGIN_VAR_READONLY, "Number of SHA2 rounds to be done when storing a password hash onto disk.", nullptr, nullptr, sha2_password::DEFAULT_STORED_DIGEST_ROUNDS, sha2_password::MIN_STORED_DIGEST_ROUNDS, sha2_password::MAX_STORED_DIGEST_ROUNDS, 1) |
| static int | sha2_cache_cleaner_notify (MYSQL_THD, mysql_event_class_t event_class, const void *event) |
| Handle an authentication audit event. More... | |
| static int | caching_sha2_cache_cleaner_init (MYSQL_PLUGIN plugin_info) |
| Init function for sha2_cache_cleaner. More... | |
| static int | caching_sha2_cache_cleaner_deinit (void *arg) |
| Deinit function for sha2_cache_cleaner. More... | |
| mysql_declare_plugin (caching_sha2_password) | |
| #define LOG_COMPONENT_TAG "caching_sha2_password" |
|
inlinestatic |
Save the scramble in mpvio for future re-use.
It is useful when we need to pass the scramble to another plugin. Especially in case when old 5.1 client with no CLIENT_PLUGIN_AUTH capability tries to connect to server with default 1FA set to caching_sha2_password
| vio | Virtual Input-Output interface |
| scramble | Scramble to be saved |
|
static |
Deinitialize caching_sha2_password plugin.
| [in] | arg | Unused |
|
static |
|
static |
Deinit function for sha2_cache_cleaner.
|
static |
Init function for sha2_cache_cleaner.
|
static |
Authentication routine for caching_sha2_password.
| [in] | vio | Virtual I/O interface |
| [in] | info | Connection information |
Refer to Caching_sha2_password information for server-client communication in various cases
| CR_OK | Successful authentication |
| CR_ERROR | Authentication failure |
|
static |
Generate hash for caching_sha2_password plugin.
| [out] | outbuf | Hash output buffer |
| [out] | buflen | Length of hash in output buffer |
| [in] | inbuf | Plaintext password |
| [in] | inbuflen | Input password length |
| 0 | Successful hash generation |
| 1 | Error generating hash. Don't reply on outbuf/buflen |
|
static |
NoOp - Salt generation for cachhing_sha2_password plugin.
| [in] | password | Unused |
| [in] | password_len | Unused |
| [out] | salt | Unused |
| [out] | salt_len | Length of the salt buffer |
|
static |
Validate a hash against caching_sha2_password plugin's hash format.
| [in] | inbuf | Hash to be validated |
| [in] | buflen | Length of the hash |
| 0 | Hash is according to caching_sha2_password's expected format |
| 1 | Hash does not match caching_sha2_password's requirement |
|
static |
Compare a clear text password with a stored hash.
Check if stored hash is produced using a clear text password. To do that, first extra scrmable from the hash. Then calculate a new hash using extracted scramble and the supplied password. And finally compare the two hashes.
| 0 | the hash was created with that password |
| non-zero | the hash was created with a different password |
|
static |
Make hash key.
| [in] | username | User part of the key |
| [in] | hostname | Host part of the key |
| [out] | key | Generated hash key |
|
static |
Interface for querying the MYSQL_PUBLIC_VIO about encryption state.
| mysql_declare_plugin | ( | caching_sha2_password | ) |
|
static |
|
static |
|
static |
|
static |
|
static |
Handle an authentication audit event.
| [in] | event_class | Event class information |
| [in] | event | Event structure |
|
static |
Function to display value for status variable : Caching_sha2_password_rsa_public_key.
| [in] | thd | MYSQL_THD handle. Unused. |
| [out] | var | Status variable structure |
| [in] | buff | Value buffer |
|
static |
caching_sha2_password plugin handle - Mostly used for logging
| bool caching_sha2_auto_generate_rsa_keys = true |
| int caching_sha2_digest_rounds = 0 |
|
static |
Array of status variables.
Used in plugin declaration.
|
static |
Array of system variables.
Used in plugin declaration.
| char* caching_sha2_rsa_private_key_path |
| char* caching_sha2_rsa_public_key_path |
|
static |
| sha2_password::Caching_sha2_password* g_caching_sha2_password = nullptr |
Caching_sha2_password handle.
| Rsa_authentication_keys* g_caching_sha2_rsa_keys = nullptr |
| const int MAX_CIPHER_LENGTH = 1024 |
Length of encrypted packet.
|
static |
|
static |
| struct st_mysql_audit sha2_cache_cleaner |
st_mysql_audit for sha2_cache_cleaner plugin
1.9.2