MySQL  8.0.22
Source Code Documentation
sql_authentication.h
Go to the documentation of this file.
1 /* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef SQL_AUTHENTICATION_INCLUDED
24 #define SQL_AUTHENTICATION_INCLUDED
25 
26 #include <openssl/rsa.h>
27 #include <stddef.h>
28 #include <sys/types.h>
29 #include "lex_string.h"
30 #include "m_ctype.h"
31 #include "my_thread_local.h" // my_thread_id
32 #include "mysql/plugin_auth.h" // MYSQL_SERVER_AUTH_INFO
34 #include "sql/sql_plugin_ref.h" // plugin_ref
35 
36 class ACL_USER;
37 class Protocol_classic;
38 class THD;
39 class Restrictions;
40 struct MEM_ROOT;
41 struct SHOW_VAR;
42 
43 /* Classes */
44 
46  THD *thd;
47 
48  public:
49  Thd_charset_adapter(THD *thd_arg) : thd(thd_arg) {}
50  bool init_client_charset(uint cs_number);
51 
52  const CHARSET_INFO *charset();
53 };
54 
55 /**
56  The internal version of what plugins know as MYSQL_PLUGIN_VIO,
57  basically the context of the authentication session
58 */
59 struct MPVIO_EXT : public MYSQL_PLUGIN_VIO {
63  plugin_ref plugin; ///< what plugin we're under
64  LEX_STRING db; ///< db name from the handshake packet
65  /** when restarting a plugin this caches the last client reply */
66  struct {
67  const char *plugin, *pkt; ///< pointers into NET::buff
69  } cached_client_reply;
70  /** this caches the first plugin packet for restart request on the client */
71  struct {
72  char *pkt;
73  uint pkt_len;
74  } cached_server_packet;
75  int packets_read, packets_written; ///< counters for send/received packets
76  /** when plugin returns a failure this tells us what really happened */
77  enum { SUCCESS, FAILURE, RESTART } status;
78 
79  /* encapsulation members */
80  char *scramble;
82  struct rand_struct *rand;
87  const char *ip;
88  const char *host;
92  bool can_authenticate();
93 };
94 
95 class String;
96 
97 bool init_rsa_keys(void);
98 void deinit_rsa_keys(void);
99 int show_rsa_public_key(THD *thd, SHOW_VAR *var, char *buff);
100 
101 typedef struct rsa_st RSA;
103  private:
110 
111  void get_key_file_path(char *key, String *key_file_path);
112  bool read_key_file(RSA **key_ptr, bool is_priv_key, char **key_text_buffer);
113 
114  public:
115  Rsa_authentication_keys(char **private_key_path, char **public_key_path)
116  : m_public_key(nullptr),
117  m_private_key(nullptr),
118  m_cipher_len(0),
119  m_pem_public_key(nullptr),
120  m_private_key_path(private_key_path),
121  m_public_key_path(public_key_path) {}
123 
124  void free_memory();
125  void *allocate_pem_buffer(size_t buffer_len);
126  RSA *get_private_key() { return m_private_key; }
127 
128  RSA *get_public_key() { return m_public_key; }
129 
130  int get_cipher_length();
131  bool read_rsa_keys();
132  const char *get_public_key_as_pem(void) { return m_pem_public_key; }
133 };
134 
135 /* Data Structures */
136 
138 
139 extern bool allow_all_hosts;
140 
141 typedef enum {
145  /* Add new plugin before this */
148 
150 
152  public:
153  static const LEX_CSTRING cached_plugins_names[(uint)PLUGIN_LAST];
155 
156  /**
157  Compare given plugin against one of the cached ones
158 
159  @param [in] plugin_index Cached plugin index
160  @param [in] plugin Plugin to be compared
161 
162  @returns status of comparison
163  @retval true Match
164  @retval false Not a match
165  */
166  static bool compare_plugin(cached_plugins_enum plugin_index,
168  if (plugin_index < PLUGIN_LAST && plugin.str) {
170  return (plugin.str == cached_plugins_names[plugin_index].str);
171  }
172  return false;
173  }
174 
175  /**
176  Check if given plugin is a builtin
177 
178  @param [in] plugin Plugin name
179 
180  @returns true if builtin, false otherwise
181  */
183  for (uint i = 0; i < (uint)PLUGIN_LAST; ++i) {
184  if (plugin->str == cached_plugins_names[i].str) return true;
185  }
186  return false;
187  }
188 
189  /**
190  Get name of the plugin at given index
191 
192  @param [in] plugin_index Cached plugin index
193 
194  @returns name of the cached plugin at given index
195  */
196  static const char *get_plugin_name(cached_plugins_enum plugin_index) {
197  if (plugin_index < PLUGIN_LAST)
198  return cached_plugins_names[plugin_index].str;
199  return nullptr;
200  }
201 
204 
205  plugin_ref get_cached_plugin_ref(const LEX_CSTRING *plugin);
206 
207  /**
208  Fetch cached plugin handle
209 
210  @param plugin_index Cached plugin index
211 
212  @returns cached plugin_ref if found, 0 otherwise
213  */
215  if (plugin_index < PLUGIN_LAST) return cached_plugins[plugin_index];
216  return nullptr;
217  }
218 
219  plugin_ref cached_plugins[(uint)PLUGIN_LAST];
220  bool is_valid() { return m_valid; }
221 
222  private:
223  bool m_valid;
224 };
225 
227 
228 ACL_USER *decoy_user(const LEX_CSTRING &username, const LEX_CSTRING &hostname,
229  MEM_ROOT *mem, struct rand_struct *rand,
230  bool is_initialized);
231 #define AUTH_DEFAULT_RSA_PRIVATE_KEY "private_key.pem"
232 #define AUTH_DEFAULT_RSA_PUBLIC_KEY "public_key.pem"
233 
234 #endif /* SQL_AUTHENTICATION_INCLUDED */
char * scramble
Definition: sql_authentication.h:80
Definition: sql_plugin_ref.h:44
Definition: sql_authentication.h:146
void deinit_rsa_keys(void)
Definition: sql_authentication.cc:4026
Definition: mysql_lex_string.h:34
~Rsa_authentication_keys()
Definition: sql_authentication.h:122
Definition: sql_authentication.h:102
Definition: mysql_com.h:1044
char ** m_private_key_path
Definition: sql_authentication.h:108
Thd_charset_adapter(THD *thd_arg)
Definition: sql_authentication.h:49
uint * server_status
Definition: sql_authentication.h:84
The internal version of what plugins know as MYSQL_PLUGIN_VIO, basically the context of the authentic...
Definition: sql_authentication.h:59
Authentication Plugin API.
Definition: protocol_classic.h:51
const char * str
Definition: mysql_lex_string.h:40
bool init_client_charset(uint cs_number)
Definition: sql_authentication.cc:924
THD * thd
Definition: sql_authentication.h:46
uint pkt_len
Definition: sql_authentication.h:68
static bool auth_plugin_is_built_in(LEX_CSTRING *plugin)
Check if given plugin is a builtin.
Definition: sql_authentication.h:182
int vio_is_encrypted
Definition: sql_authentication.h:91
Definition: mysql_lex_string.h:39
Container of all restrictions for a given user.
Definition: partial_revokes.h:123
static bool compare_plugin(cached_plugins_enum plugin_index, LEX_CSTRING plugin)
Compare given plugin against one of the cached ones.
Definition: sql_authentication.h:166
static struct st_mysql_daemon plugin
Definition: test_services_host_application_signal.cc:130
Definition: sql_authentication.h:144
Definition: sql_authentication.h:45
char * pkt
Definition: sql_authentication.h:72
const char * get_public_key_as_pem(void)
Definition: sql_authentication.h:132
Cached_authentication_plugins * g_cached_authentication_plugins
Definition: sql_authentication.cc:896
const char * plugin
Definition: sql_authentication.h:67
Using this class is fraught with peril, and you need to be very careful when doing so...
Definition: sql_string.h:164
MEM_ROOT * mem_root
Definition: sql_authentication.h:81
static MEM_ROOT mem
Definition: sql_servers.cc:98
Definition: sql_authentication.h:77
const ACL_USER * acl_user
Definition: sql_authentication.h:61
bool m_valid
Definition: sql_authentication.h:223
Definition: sql_auth_cache.h:146
RSA * m_public_key
Definition: sql_authentication.h:104
int m_cipher_len
Definition: sql_authentication.h:106
cached_plugins_enum
Definition: sql_authentication.h:141
Protocol_classic * protocol
Definition: sql_authentication.h:85
char ** m_public_key_path
Definition: sql_authentication.h:109
RSA * get_public_key()
Definition: sql_authentication.h:128
char * m_pem_public_key
Definition: sql_authentication.h:107
SHOW STATUS Server status variable.
Definition: status_var.h:78
unsigned int uint
Definition: uca-dump.cc:29
plugin_ref plugin
what plugin we&#39;re under
Definition: sql_authentication.h:63
int packets_written
counters for send/received packets
Definition: sql_authentication.h:75
void optimize_plugin_compare_by_pointer(LEX_CSTRING *plugin_name)
Definition: sql_authentication.cc:1119
Definition: m_ctype.h:359
LEX_STRING db
db name from the handshake packet
Definition: sql_authentication.h:64
const char * ip
Definition: sql_authentication.h:87
Definition: sql_authentication.h:143
std::atomic< bool > is_initialized(false)
static const char * key
Definition: suite_stubs.c:14
This file defines constants and data structures that are the same for both client- and server-side au...
LEX_CSTRING default_auth_plugin_name
Definition: sql_authentication.cc:814
uint32 my_thread_id
Definition: my_thread_local.h:33
LEX_CSTRING validate_password_plugin_name
Definition: sql_authentication.cc:811
MYSQL_SERVER_AUTH_INFO auth_info
Definition: sql_authentication.h:60
struct rand_struct * rand
Definition: sql_authentication.h:82
#define FAILURE
Definition: completion_hash.h:27
Provides server plugin access to authentication information.
Definition: plugin_auth.h:54
Definition: sql_authentication.h:142
RSA * m_private_key
Definition: sql_authentication.h:105
LEX_CSTRING acl_user_plugin
Definition: sql_authentication.h:90
const char * host
Definition: sql_authentication.h:88
plugin_ref get_cached_plugin_ref(cached_plugins_enum plugin_index)
Fetch cached plugin handle.
Definition: sql_authentication.h:214
int show_rsa_public_key(THD *thd, SHOW_VAR *var, char *buff)
Definition: sql_authentication.cc:4020
RSA * get_private_key()
Definition: sql_authentication.h:126
ulong max_client_packet_length
Definition: sql_authentication.h:86
Rsa_authentication_keys(char **private_key_path, char **public_key_path)
Definition: sql_authentication.h:115
bool is_valid()
Definition: sql_authentication.h:220
static const char * get_plugin_name(cached_plugins_enum plugin_index)
Get name of the plugin at given index.
Definition: sql_authentication.h:196
A better implementation of the UNIX ctype(3) library.
bool init_rsa_keys(void)
Loads the RSA key pair from disk and store them in a global variable.
Definition: sql_authentication.cc:4060
static STATUS status
Definition: mysql.cc:199
struct rsa_st RSA
Definition: sql_authentication.h:101
Restrictions * restrictions
Definition: sql_authentication.h:62
Provides plugin access to communication channel.
Definition: plugin_auth_common.h:140
The MEM_ROOT is a simple arena, where allocations are carved out of larger blocks.
Definition: my_alloc.h:77
Definition: sql_authentication.h:151
ACL_USER * decoy_user(const LEX_CSTRING &username, const LEX_CSTRING &hostname, MEM_ROOT *mem, struct rand_struct *rand, bool is_initialized)
When authentication is attempted using an unknown username a dummy user account with no authenticatio...
Definition: sql_authentication.cc:1723
const CHARSET_INFO * charset()
Definition: sql_authentication.cc:930
bool allow_all_hosts
Definition: sql_auth_cache.cc:161
my_thread_id thread_id
Definition: sql_authentication.h:83
Thd_charset_adapter * charset_adapter
Definition: sql_authentication.h:89
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:803
Dialog Client Authentication nullptr
Definition: dialog.cc:353