1337.4.6
by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing. |
1 |
/* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
|
2 |
* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
|
|
3 |
*
|
|
4 |
* Copyright (C) 2010 Rackspace
|
|
5 |
*
|
|
6 |
* This program is free software; you can redistribute it and/or modify
|
|
7 |
* it under the terms of the GNU General Public License as published by
|
|
8 |
* the Free Software Foundation; version 2 of the License.
|
|
9 |
*
|
|
10 |
* This program is distributed in the hope that it will be useful,
|
|
11 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
12 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
13 |
* GNU General Public License for more details.
|
|
14 |
*
|
|
15 |
* You should have received a copy of the GNU General Public License
|
|
16 |
* along with this program; if not, write to the Free Software
|
|
17 |
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
18 |
*/
|
|
19 |
||
20 |
#include "config.h" |
|
21 |
||
22 |
#include <string> |
|
23 |
||
24 |
#include "drizzled/plugin/authentication.h" |
|
2008.1.1
by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency |
25 |
#include "drizzled/identifier.h" |
1337.4.6
by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing. |
26 |
#include "drizzled/util/convert.h" |
1337.4.8
by Eric Day
Merged trunk and mysql-protocol-password-udf changes. |
27 |
#include "drizzled/algorithm/sha1.h" |
1337.4.6
by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing. |
28 |
|
29 |
using namespace std; |
|
30 |
using namespace drizzled; |
|
31 |
||
32 |
namespace auth_test |
|
33 |
{
|
|
34 |
||
35 |
/* This is the result of MYSQL_PASSWORD("scramble_password"). */
|
|
36 |
static const char *scrambled_password= "2C5A870CEFF02BA3B0A927D7956B3FEB4D59CF21"; |
|
37 |
||
38 |
class AuthTest: public plugin::Authentication |
|
39 |
{
|
|
40 |
public: |
|
41 |
AuthTest(string name_arg): |
|
42 |
plugin::Authentication(name_arg) |
|
43 |
{ } |
|
44 |
||
2008.1.1
by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency |
45 |
virtual bool authenticate(const identifier::User &sctx, const string &password) |
1337.4.6
by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing. |
46 |
{
|
47 |
/* The "root" user always succeeds for drizzletest to get in. */
|
|
2008.1.1
by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency |
48 |
if (sctx.username() == "root" && password.empty()) |
1337.4.6
by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing. |
49 |
return true; |
50 |
||
51 |
/* Any password succeeds. */
|
|
2008.1.1
by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency |
52 |
if (sctx.username() == "password_ok" && !password.empty()) |
1337.4.6
by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing. |
53 |
return true; |
54 |
||
55 |
/* No password succeeds. */
|
|
2008.1.1
by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency |
56 |
if (sctx.username() == "no_password_ok" && password.empty()) |
1337.4.6
by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing. |
57 |
return true; |
58 |
||
59 |
/* Check if MySQL password scramble succeeds. */
|
|
2008.1.1
by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency |
60 |
if (sctx.username() == "scramble_ok" && |
61 |
sctx.getPasswordType() == identifier::User::MYSQL_HASH && |
|
1337.4.6
by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing. |
62 |
sctx.getPasswordContext().size() == SHA1_DIGEST_LENGTH && |
63 |
password.size() == SHA1_DIGEST_LENGTH) |
|
64 |
{
|
|
65 |
SHA1_CTX ctx; |
|
66 |
uint8_t scrambled_password_hash[SHA1_DIGEST_LENGTH]; |
|
67 |
uint8_t temp_hash[SHA1_DIGEST_LENGTH]; |
|
68 |
uint8_t scrambled_password_check[SHA1_DIGEST_LENGTH]; |
|
69 |
||
70 |
/* Get the double-hashed password from the stored hex string. */
|
|
71 |
drizzled_hex_to_string(reinterpret_cast<char*>(scrambled_password_hash), |
|
72 |
scrambled_password, SHA1_DIGEST_LENGTH * 2); |
|
73 |
||
74 |
/* Hash the scramble that was sent to client with the stored password. */
|
|
75 |
SHA1Init(&ctx); |
|
76 |
SHA1Update(&ctx, reinterpret_cast<const uint8_t*>(sctx.getPasswordContext().c_str()), SHA1_DIGEST_LENGTH); |
|
77 |
SHA1Update(&ctx, scrambled_password_hash, SHA1_DIGEST_LENGTH); |
|
78 |
SHA1Final(temp_hash, &ctx); |
|
79 |
||
80 |
/* Next, XOR the result with what the client sent to get the original
|
|
81 |
single-hashed password. */
|
|
82 |
for (int x= 0; x < SHA1_DIGEST_LENGTH; x++) |
|
83 |
temp_hash[x]= temp_hash[x] ^ password[x]; |
|
84 |
||
85 |
/* Hash this result once more to get the double-hashed password again. */
|
|
86 |
SHA1Init(&ctx); |
|
87 |
SHA1Update(&ctx, temp_hash, SHA1_DIGEST_LENGTH); |
|
88 |
SHA1Final(scrambled_password_check, &ctx); |
|
89 |
||
90 |
/* These should match for a successful auth. */
|
|
91 |
return memcmp(scrambled_password_hash, scrambled_password_check, SHA1_DIGEST_LENGTH) == 0; |
|
92 |
}
|
|
93 |
||
94 |
return false; |
|
95 |
}
|
|
96 |
};
|
|
97 |
||
98 |
AuthTest *auth_test= NULL; |
|
99 |
||
1530.2.6
by Monty Taylor
Moved plugin::Context to module::Context. |
100 |
static int init(module::Context &context) |
1337.4.6
by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing. |
101 |
{
|
102 |
auth_test= new AuthTest("auth_test"); |
|
1337.4.10
by Eric Day
Merged trunk, rsolved conflicts. |
103 |
context.add(auth_test); |
1337.4.6
by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing. |
104 |
return 0; |
105 |
}
|
|
106 |
||
107 |
} /* namespace auth_test */ |
|
108 |
||
1633.6.2
by Vijay Samuel
Reverted changes. |
109 |
DRIZZLE_PLUGIN(auth_test::init, NULL, NULL); |