~drizzle-trunk/drizzle/development : contents of plugin/auth_test/auth

~drizzle-trunk/drizzle/development : (revision 2060)

/* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
 *  vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
 *
 *  Copyright (C) 2010 Rackspace
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; version 2 of the License.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

#include "config.h"

#include <string>

#include "drizzled/plugin/authentication.h"
#include "drizzled/identifier.h"
#include "drizzled/util/convert.h"
#include "drizzled/algorithm/sha1.h"

using namespace std;
using namespace drizzled;

namespace auth_test
{

/* This is the result of MYSQL_PASSWORD("scramble_password"). */
static const char *scrambled_password= "2C5A870CEFF02BA3B0A927D7956B3FEB4D59CF21";

class AuthTest: public plugin::Authentication
{
public:
  AuthTest(string name_arg):
    plugin::Authentication(name_arg)
  { }

  virtual bool authenticate(const identifier::User &sctx, const string &password)
  {
    /* The "root" user always succeeds for drizzletest to get in. */
    if (sctx.username() == "root" && password.empty())
      return true;

    /* Any password succeeds. */
    if (sctx.username() == "password_ok" && !password.empty())
      return true;

    /* No password succeeds. */
    if (sctx.username() == "no_password_ok" && password.empty())
      return true;

    /* Check if MySQL password scramble succeeds. */
    if (sctx.username() == "scramble_ok" &&
        sctx.getPasswordType() == identifier::User::MYSQL_HASH &&
        sctx.getPasswordContext().size() == SHA1_DIGEST_LENGTH &&
        password.size() == SHA1_DIGEST_LENGTH)
    {
      SHA1_CTX ctx;
      uint8_t scrambled_password_hash[SHA1_DIGEST_LENGTH];
      uint8_t temp_hash[SHA1_DIGEST_LENGTH];
      uint8_t scrambled_password_check[SHA1_DIGEST_LENGTH];

      /* Get the double-hashed password from the stored hex string. */
      drizzled_hex_to_string(reinterpret_cast<char*>(scrambled_password_hash),
                             scrambled_password, SHA1_DIGEST_LENGTH * 2);

      /* Hash the scramble that was sent to client with the stored password. */
      SHA1Init(&ctx);
      SHA1Update(&ctx, reinterpret_cast<const uint8_t*>(sctx.getPasswordContext().c_str()), SHA1_DIGEST_LENGTH);
      SHA1Update(&ctx, scrambled_password_hash, SHA1_DIGEST_LENGTH);
      SHA1Final(temp_hash, &ctx);

      /* Next, XOR the result with what the client sent to get the original
         single-hashed password. */
      for (int x= 0; x < SHA1_DIGEST_LENGTH; x++)
        temp_hash[x]= temp_hash[x] ^ password[x];

      /* Hash this result once more to get the double-hashed password again. */
      SHA1Init(&ctx);
      SHA1Update(&ctx, temp_hash, SHA1_DIGEST_LENGTH);
      SHA1Final(scrambled_password_check, &ctx);

      /* These should match for a successful auth. */
      return memcmp(scrambled_password_hash, scrambled_password_check, SHA1_DIGEST_LENGTH) == 0;
    }

    return false;
  }
};

AuthTest *auth_test= NULL;

static int init(module::Context &context)
{
  auth_test= new AuthTest("auth_test");
  context.add(auth_test);
  return 0;
}

} /* namespace auth_test */

DRIZZLE_PLUGIN(auth_test::init, NULL, NULL);

1337.4.6 by Eric Day Added auth_test module for testing auth interface and MySQL password hashing.	1	/* -- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; --
	2	* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
	3	*
	4	* Copyright (C) 2010 Rackspace
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; version 2 of the License.
	9	*
	10	* This program is distributed in the hope that it will be useful,
	11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	* GNU General Public License for more details.
	14	*
	15	* You should have received a copy of the GNU General Public License
	16	* along with this program; if not, write to the Free Software
	17	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	18	*/
	19
	20	#include "config.h"
	21
	22	#include <string>
	23
	24	#include "drizzled/plugin/authentication.h"
2008.1.1 by Brian Aker Adding user identifier that makes use of a shared ptr to handle concurrency	25	#include "drizzled/identifier.h"
1337.4.6 by Eric Day Added auth_test module for testing auth interface and MySQL password hashing.	26	#include "drizzled/util/convert.h"
1337.4.8 by Eric Day Merged trunk and mysql-protocol-password-udf changes.	27	#include "drizzled/algorithm/sha1.h"
1337.4.6 by Eric Day Added auth_test module for testing auth interface and MySQL password hashing.	28
	29	using namespace std;
	30	using namespace drizzled;
	31
	32	namespace auth_test
	33	{
	34
	35	/* This is the result of MYSQL_PASSWORD("scramble_password"). */
	36	static const char *scrambled_password= "2C5A870CEFF02BA3B0A927D7956B3FEB4D59CF21";
	37
	38	class AuthTest: public plugin::Authentication
	39	{
	40	public:
	41	AuthTest(string name_arg):
	42	plugin::Authentication(name_arg)
	43	{ }
	44
2008.1.1 by Brian Aker Adding user identifier that makes use of a shared ptr to handle concurrency	45	virtual bool authenticate(const identifier::User &sctx, const string &password)
1337.4.6 by Eric Day Added auth_test module for testing auth interface and MySQL password hashing.	46	{
	47	/* The "root" user always succeeds for drizzletest to get in. */
2008.1.1 by Brian Aker Adding user identifier that makes use of a shared ptr to handle concurrency	48	if (sctx.username() == "root" && password.empty())
1337.4.6 by Eric Day Added auth_test module for testing auth interface and MySQL password hashing.	49	return true;
	50
	51	/* Any password succeeds. */
2008.1.1 by Brian Aker Adding user identifier that makes use of a shared ptr to handle concurrency	52	if (sctx.username() == "password_ok" && !password.empty())
1337.4.6 by Eric Day Added auth_test module for testing auth interface and MySQL password hashing.	53	return true;
	54
	55	/* No password succeeds. */
2008.1.1 by Brian Aker Adding user identifier that makes use of a shared ptr to handle concurrency	56	if (sctx.username() == "no_password_ok" && password.empty())
1337.4.6 by Eric Day Added auth_test module for testing auth interface and MySQL password hashing.	57	return true;
	58
	59	/* Check if MySQL password scramble succeeds. */
2008.1.1 by Brian Aker Adding user identifier that makes use of a shared ptr to handle concurrency	60	if (sctx.username() == "scramble_ok" &&
	61	sctx.getPasswordType() == identifier::User::MYSQL_HASH &&
1337.4.6 by Eric Day Added auth_test module for testing auth interface and MySQL password hashing.	62	sctx.getPasswordContext().size() == SHA1_DIGEST_LENGTH &&
	63	password.size() == SHA1_DIGEST_LENGTH)
	64	{
	65	SHA1_CTX ctx;
	66	uint8_t scrambled_password_hash[SHA1_DIGEST_LENGTH];
	67	uint8_t temp_hash[SHA1_DIGEST_LENGTH];
	68	uint8_t scrambled_password_check[SHA1_DIGEST_LENGTH];
	69
	70	/* Get the double-hashed password from the stored hex string. */
	71	drizzled_hex_to_string(reinterpret_cast<char*>(scrambled_password_hash),
	72	scrambled_password, SHA1_DIGEST_LENGTH * 2);
	73
	74	/* Hash the scramble that was sent to client with the stored password. */
	75	SHA1Init(&ctx);
	76	SHA1Update(&ctx, reinterpret_cast<const uint8_t*>(sctx.getPasswordContext().c_str()), SHA1_DIGEST_LENGTH);
	77	SHA1Update(&ctx, scrambled_password_hash, SHA1_DIGEST_LENGTH);
	78	SHA1Final(temp_hash, &ctx);
	79
	80	/* Next, XOR the result with what the client sent to get the original
	81	single-hashed password. */
	82	for (int x= 0; x < SHA1_DIGEST_LENGTH; x++)
	83	temp_hash[x]= temp_hash[x] ^ password[x];
	84
	85	/* Hash this result once more to get the double-hashed password again. */
	86	SHA1Init(&ctx);
	87	SHA1Update(&ctx, temp_hash, SHA1_DIGEST_LENGTH);
	88	SHA1Final(scrambled_password_check, &ctx);
	89
	90	/* These should match for a successful auth. */
	91	return memcmp(scrambled_password_hash, scrambled_password_check, SHA1_DIGEST_LENGTH) == 0;
	92	}
	93
	94	return false;
	95	}
	96	};
	97
	98	AuthTest *auth_test= NULL;
	99
1530.2.6 by Monty Taylor Moved plugin::Context to module::Context.	100	static int init(module::Context &context)
1337.4.6 by Eric Day Added auth_test module for testing auth interface and MySQL password hashing.	101	{
	102	auth_test= new AuthTest("auth_test");
1337.4.10 by Eric Day Merged trunk, rsolved conflicts.	103	context.add(auth_test);
1337.4.6 by Eric Day Added auth_test module for testing auth interface and MySQL password hashing.	104	return 0;
	105	}
	106
	107	} /* namespace auth_test */
	108
1633.6.2 by Vijay Samuel Reverted changes.	109	DRIZZLE_PLUGIN(auth_test::init, NULL, NULL);