~drizzle-trunk/drizzle/development

1337.4.6 by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing.
1
/* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
2
 *  vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
3
 *
4
 *  Copyright (C) 2010 Rackspace
5
 *
6
 *  This program is free software; you can redistribute it and/or modify
7
 *  it under the terms of the GNU General Public License as published by
8
 *  the Free Software Foundation; version 2 of the License.
9
 *
10
 *  This program is distributed in the hope that it will be useful,
11
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13
 *  GNU General Public License for more details.
14
 *
15
 *  You should have received a copy of the GNU General Public License
16
 *  along with this program; if not, write to the Free Software
17
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
18
 */
19
20
#include "config.h"
21
22
#include <string>
23
24
#include "drizzled/plugin/authentication.h"
2008.1.1 by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency
25
#include "drizzled/identifier.h"
1337.4.6 by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing.
26
#include "drizzled/util/convert.h"
1337.4.8 by Eric Day
Merged trunk and mysql-protocol-password-udf changes.
27
#include "drizzled/algorithm/sha1.h"
1337.4.6 by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing.
28
29
using namespace std;
30
using namespace drizzled;
31
32
namespace auth_test
33
{
34
35
/* This is the result of MYSQL_PASSWORD("scramble_password"). */
36
static const char *scrambled_password= "2C5A870CEFF02BA3B0A927D7956B3FEB4D59CF21";
37
38
class AuthTest: public plugin::Authentication
39
{
40
public:
41
  AuthTest(string name_arg):
42
    plugin::Authentication(name_arg)
43
  { }
44
2008.1.1 by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency
45
  virtual bool authenticate(const identifier::User &sctx, const string &password)
1337.4.6 by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing.
46
  {
47
    /* The "root" user always succeeds for drizzletest to get in. */
2008.1.1 by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency
48
    if (sctx.username() == "root" && password.empty())
1337.4.6 by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing.
49
      return true;
50
51
    /* Any password succeeds. */
2008.1.1 by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency
52
    if (sctx.username() == "password_ok" && !password.empty())
1337.4.6 by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing.
53
      return true;
54
55
    /* No password succeeds. */
2008.1.1 by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency
56
    if (sctx.username() == "no_password_ok" && password.empty())
1337.4.6 by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing.
57
      return true;
58
59
    /* Check if MySQL password scramble succeeds. */
2008.1.1 by Brian Aker
Adding user identifier that makes use of a shared ptr to handle concurrency
60
    if (sctx.username() == "scramble_ok" &&
61
        sctx.getPasswordType() == identifier::User::MYSQL_HASH &&
1337.4.6 by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing.
62
        sctx.getPasswordContext().size() == SHA1_DIGEST_LENGTH &&
63
        password.size() == SHA1_DIGEST_LENGTH)
64
    {
65
      SHA1_CTX ctx;
66
      uint8_t scrambled_password_hash[SHA1_DIGEST_LENGTH];
67
      uint8_t temp_hash[SHA1_DIGEST_LENGTH];
68
      uint8_t scrambled_password_check[SHA1_DIGEST_LENGTH];
69
70
      /* Get the double-hashed password from the stored hex string. */
71
      drizzled_hex_to_string(reinterpret_cast<char*>(scrambled_password_hash),
72
                             scrambled_password, SHA1_DIGEST_LENGTH * 2);
73
74
      /* Hash the scramble that was sent to client with the stored password. */
75
      SHA1Init(&ctx);
76
      SHA1Update(&ctx, reinterpret_cast<const uint8_t*>(sctx.getPasswordContext().c_str()), SHA1_DIGEST_LENGTH);
77
      SHA1Update(&ctx, scrambled_password_hash, SHA1_DIGEST_LENGTH);
78
      SHA1Final(temp_hash, &ctx);
79
80
      /* Next, XOR the result with what the client sent to get the original
81
         single-hashed password. */
82
      for (int x= 0; x < SHA1_DIGEST_LENGTH; x++)
83
        temp_hash[x]= temp_hash[x] ^ password[x];
84
85
      /* Hash this result once more to get the double-hashed password again. */
86
      SHA1Init(&ctx);
87
      SHA1Update(&ctx, temp_hash, SHA1_DIGEST_LENGTH);
88
      SHA1Final(scrambled_password_check, &ctx);
89
90
      /* These should match for a successful auth. */
91
      return memcmp(scrambled_password_hash, scrambled_password_check, SHA1_DIGEST_LENGTH) == 0;
92
    }
93
94
    return false;
95
  }
96
};
97
98
AuthTest *auth_test= NULL;
99
1530.2.6 by Monty Taylor
Moved plugin::Context to module::Context.
100
static int init(module::Context &context)
1337.4.6 by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing.
101
{
102
  auth_test= new AuthTest("auth_test");
1337.4.10 by Eric Day
Merged trunk, rsolved conflicts.
103
  context.add(auth_test);
1337.4.6 by Eric Day
Added auth_test module for testing auth interface and MySQL password hashing.
104
  return 0;
105
}
106
107
} /* namespace auth_test */
108
1633.6.2 by Vijay Samuel
Reverted changes.
109
DRIZZLE_PLUGIN(auth_test::init, NULL, NULL);