MDEV-4307 Support at least 48 utf8 characters in username in server and PAM

Extend plugin auth api to support up to 512 bytes in the user names. Use the API versioning to support old auth plugins too!
2013-03-26 19:17:26 +01:00 · 2013-03-26 19:17:26 +01:00 · 102a7a2a76
commit 102a7a2a76
parent 1d46ee77d1
11 changed files with 226 additions and 11 deletions
--- a/include/mysql/plugin_auth.h
+++ b/include/mysql/plugin_auth.h
@ -27,7 +27,7 @@

 #include <mysql/plugin.h>

-#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0100
+#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0200

 #include <mysql/plugin_auth_common.h>

@ -78,7 +78,7 @@ typedef struct st_mysql_server_auth_info
    Not used by the server.
    Available through the @@EXTERNAL_USER variable.
  */  
-  char external_user[512];
+  char external_user[MYSQL_USERNAME_LENGTH+1];

  /**
    This only affects the "Authentication failed. Password used: %s"
--- a/include/mysql/plugin_auth.h.pp
+++ b/include/mysql/plugin_auth.h.pp
@ -266,8 +266,8 @@ typedef struct st_mysql_server_auth_info
  unsigned int user_name_length;
  const char *auth_string;
  unsigned long auth_string_length;
-  char authenticated_as[48 +1];
-  char external_user[512];
+  char authenticated_as[512 +1];
+  char external_user[512 +1];
  int password_used;
  const char *host_or_ip;
  unsigned int host_or_ip_length;
--- a/include/mysql/plugin_auth_common.h
+++ b/include/mysql/plugin_auth_common.h
@ -28,7 +28,7 @@
 #define MYSQL_PLUGIN_AUTH_COMMON_INCLUDED

 /** the max allowed length for a user name */
-#define MYSQL_USERNAME_LENGTH 48
+#define MYSQL_USERNAME_LENGTH 512

 /**
  return values of the plugin authenticate_user() method.
--- a/mysql-test/suite/plugins/r/auth_v0100.result
+++ b/mysql-test/suite/plugins/r/auth_v0100.result
@ -0,0 +1,18 @@
+install soname 'auth_0x0100';
+select plugin_name, plugin_type_version from information_schema.plugins where plugin_type='authentication' order by plugin_name;
+plugin_name	plugin_type_version
+auth_0x0100	1.0
+mysql_native_password	2.0
+mysql_old_password	2.0
+create user tt identified via auth_0x0100;
+grant select on test.* to zzzzzzzzzzzzzzzz;
+connect(localhost,tt,,test,MASTER_MYPORT,MASTER_MYSOCK);
+ERROR 28000: Access denied for user 'tt'@'localhost' (using password: YES)
+grant proxy on zzzzzzzzzzzzzzzz to tt;
+select user(), current_user(), @@external_user;
+user()	tt@localhost
+current_user()	zzzzzzzzzzzzzzzz@%
+@@external_user	oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo.
+drop user tt;
+drop user zzzzzzzzzzzzzzzz;
+uninstall plugin auth_0x0100;
--- a/mysql-test/suite/plugins/t/auth_v0100.test
+++ b/mysql-test/suite/plugins/t/auth_v0100.test
@ -0,0 +1,26 @@
+--source include/not_embedded.inc
+
+if (!$AUTH_0X0100_SO) {
+  skip No auth_0x0100 plugin;
+}
+
+install soname 'auth_0x0100';
+
+select plugin_name, plugin_type_version from information_schema.plugins where plugin_type='authentication' order by plugin_name;
+
+create user tt identified via auth_0x0100;
+grant select on test.* to zzzzzzzzzzzzzzzz;
+
+--replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT
+--error ER_ACCESS_DENIED_ERROR
+connect (c0,localhost,tt);
+
+grant proxy on zzzzzzzzzzzzzzzz to tt;
+connect (c1,localhost,tt);
+connection c1;
+
+--query_vertical select user(), current_user(), @@external_user
+connection default;
+drop user tt;
+drop user zzzzzzzzzzzzzzzz;
+uninstall plugin auth_0x0100;
--- a/plugin/auth_examples/CMakeLists.txt
+++ b/plugin/auth_examples/CMakeLists.txt
@ -27,5 +27,7 @@ MYSQL_ADD_PLUGIN(qa_auth_server qa_auth_server.c
 MYSQL_ADD_PLUGIN(qa_auth_client qa_auth_client.c
  MODULE_ONLY COMPONENT Test)

+MYSQL_ADD_PLUGIN(auth_0x0100 auth_0x0100.c MODULE_ONLY COMPONENT Test)
+
 MYSQL_ADD_PLUGIN(mysql_clear_password clear_password_client.c
  MODULE_ONLY COMPONENT SharedLibraries)
--- a/plugin/auth_examples/auth_0x0100.c
+++ b/plugin/auth_examples/auth_0x0100.c
@ -0,0 +1,91 @@
+/* Copyright (C) 2013 Sergei Golubchik and Monty Program Ab
+
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; version 2 of the
+    License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+/**
+  @file
+
+  auth plugin that uses old structures as of
+  MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0100
+
+  To test the old version support.
+  It intentionally uses no constants like CR_OK ok PASSWORD_USED_YES.
+*/
+
+#include <mysql/plugin.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#if 0
+#include <mysql/plugin_auth.h>
+#else
+#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0100
+typedef void MYSQL_PLUGIN_VIO; /* we don't use it here */
+
+typedef struct st_mysql_server_auth_info
+{
+  char *user_name;
+  unsigned int user_name_length;
+  const char *auth_string;
+  unsigned long auth_string_length;
+  char authenticated_as[49]; 
+  char external_user[512];
+  int  password_used;
+  const char *host_or_ip;
+  unsigned int host_or_ip_length;
+} MYSQL_SERVER_AUTH_INFO;
+
+struct st_mysql_auth
+{
+  int interface_version;
+  const char *client_auth_plugin;
+  int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info);
+};
+#endif
+
+static int do_auth_0x0100(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
+{
+  info->password_used= 1;
+  strcpy(info->authenticated_as, "zzzzzzzzzzzzzzzz");
+  memset(info->external_user, 'o', 510);
+  info->external_user[510]='.';
+  info->external_user[511]=0;
+  return vio ? -1 : 0; /* use vio to avoid the 'unused' warning */
+}
+
+static struct st_mysql_auth auth_0x0100_struct=
+{
+  MYSQL_AUTHENTICATION_INTERFACE_VERSION, 0, do_auth_0x0100
+};
+
+maria_declare_plugin(auth_0x0100)
+{
+  MYSQL_AUTHENTICATION_PLUGIN,
+  &auth_0x0100_struct,
+  "auth_0x0100",
+  "Sergei Golubchik",
+  "Test for API 0x0100 support",
+  PLUGIN_LICENSE_GPL,
+  NULL,
+  NULL,
+  0x0100,
+  NULL,
+  NULL,
+  "1.0",
+  MariaDB_PLUGIN_MATURITY_EXPERIMENTAL,
+}
+maria_declare_plugin_end;
+
--- a/sql-common/client.c
+++ b/sql-common/client.c
@ -2572,8 +2572,6 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
 		     mysql->server_version, mysql->server_capabilities,
 		     mysql->server_status, mysql->client_flag));

-  compile_time_assert(MYSQL_USERNAME_LENGTH == USERNAME_LENGTH);
-
  /* This needs to be changed as it's not useful with big packets */
  if (mysql->user[0])
    strmake(end, mysql->user, USERNAME_LENGTH);
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -52,6 +52,8 @@
 #include "sql_db.h"
 #include "sql_array.h"

+#include "sql_plugin_compat.h"
+
 bool mysql_user_table_is_in_short_password_format= false;

 static const
@ -9027,7 +9029,20 @@ static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name,
  if (plugin)
  {
    st_mysql_auth *auth= (st_mysql_auth *) plugin_decl(plugin)->info;
-    res= auth->authenticate_user(mpvio, &mpvio->auth_info);
+    switch (auth->interface_version) {
+    case 0x0200:
+      res= auth->authenticate_user(mpvio, &mpvio->auth_info);
+      break;
+    case 0x0100:
+      {
+        MYSQL_SERVER_AUTH_INFO_0x0100 compat;
+        compat.downgrade(&mpvio->auth_info);
+        res= auth->authenticate_user(mpvio, (MYSQL_SERVER_AUTH_INFO *)&compat);
+        compat.upgrade(&mpvio->auth_info);
+      }
+      break;
+    default: DBUG_ASSERT(0);
+    }

    if (unlock_plugin)
      plugin_unlock(thd, plugin);
@ -9078,8 +9093,6 @@ bool acl_authenticate(THD *thd, uint connect_errors,
                                                             : COM_CONNECT;
  DBUG_ENTER("acl_authenticate");

-  compile_time_assert(MYSQL_USERNAME_LENGTH == USERNAME_LENGTH);
-
  bzero(&mpvio, sizeof(mpvio));
  mpvio.read_packet= server_mpvio_read_packet;
  mpvio.write_packet= server_mpvio_write_packet;
--- a/sql/sql_plugin.cc
+++ b/sql/sql_plugin.cc
@ -35,6 +35,8 @@
 #include <mysql/plugin_auth.h>
 #include "lock.h"                               // MYSQL_LOCK_IGNORE_TIMEOUT
 #include <mysql/plugin_auth.h>
+#include "sql_plugin_compat.h"
+
 #define REPORT_TO_LOG  1
 #define REPORT_TO_USER 2

@ -135,7 +137,7 @@ static int min_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]=
  MYSQL_INFORMATION_SCHEMA_INTERFACE_VERSION,
  MYSQL_AUDIT_INTERFACE_VERSION,
  MYSQL_REPLICATION_INTERFACE_VERSION,
-  MYSQL_AUTHENTICATION_INTERFACE_VERSION
+  MIN_AUTHENTICATION_INTERFACE_VERSION
 };
 static int cur_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]=
 {
--- a/sql/sql_plugin_compat.h
+++ b/sql/sql_plugin_compat.h
@ -0,0 +1,65 @@
+/* Copyright (C) 2013 Sergei Golubchik and Monty Program Ab
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+/* old plugin api structures, used for backward compatibility */
+
+#define upgrade_var(X) latest->X= X
+#define upgrade_str(X) strmake(latest->X, X, sizeof(X))
+#define downgrade_var(X) X= latest->X
+#define downgrade_str(X) strmake(X, latest->X, sizeof(X)-1)
+
+/**************************************************************/
+/* Authentication API, version 0x0100 *************************/
+#define MIN_AUTHENTICATION_INTERFACE_VERSION 0x0100
+
+struct MYSQL_SERVER_AUTH_INFO_0x0100 {
+  char *user_name;
+  unsigned int user_name_length;
+  const char *auth_string;
+  unsigned long auth_string_length;
+  char authenticated_as[49]; 
+  char external_user[512];
+  int  password_used;
+  const char *host_or_ip;
+  unsigned int host_or_ip_length;
+
+  void upgrade(MYSQL_SERVER_AUTH_INFO *latest)
+  {
+    upgrade_var(user_name);
+    upgrade_var(user_name_length);
+    upgrade_var(auth_string);
+    upgrade_var(auth_string_length);
+    upgrade_str(authenticated_as);
+    upgrade_str(external_user);
+    upgrade_var(password_used);
+    upgrade_var(host_or_ip);
+    upgrade_var(host_or_ip_length);
+  }
+  void downgrade(MYSQL_SERVER_AUTH_INFO *latest)
+  {
+    downgrade_var(user_name);
+    downgrade_var(user_name_length);
+    downgrade_var(auth_string);
+    downgrade_var(auth_string_length);
+    downgrade_str(authenticated_as);
+    downgrade_str(external_user);
+    downgrade_var(password_used);
+    downgrade_var(host_or_ip);
+    downgrade_var(host_or_ip_length);
+  }
+};
+
+/**************************************************************/
+