1
/* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
2
* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
4
* Copyright (C) 2010 Rackspace
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; version 2 of the License.
10
* This program is distributed in the hope that it will be useful,
11
* but WITHOUT ANY WARRANTY; without even the implied warranty of
12
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
* GNU General Public License for more details.
15
* You should have received a copy of the GNU General Public License
16
* along with this program; if not, write to the Free Software
17
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24
#include "drizzled/plugin/authentication.h"
25
#include "drizzled/security_context.h"
26
#include "drizzled/util/convert.h"
27
#include "drizzled/util/sha1.h"
30
using namespace drizzled;
35
/* This is the result of MYSQL_PASSWORD("scramble_password"). */
36
static const char *scrambled_password= "2C5A870CEFF02BA3B0A927D7956B3FEB4D59CF21";
38
class AuthTest: public plugin::Authentication
41
AuthTest(string name_arg):
42
plugin::Authentication(name_arg)
45
virtual bool authenticate(const SecurityContext &sctx, const string &password)
47
/* The "root" user always succeeds for drizzletest to get in. */
48
if (sctx.getUser() == "root" && password.empty())
51
/* Any password succeeds. */
52
if (sctx.getUser() == "password_ok" && !password.empty())
55
/* No password succeeds. */
56
if (sctx.getUser() == "no_password_ok" && password.empty())
59
/* Check if MySQL password scramble succeeds. */
60
if (sctx.getUser() == "scramble_ok" &&
61
sctx.getPasswordType() == SecurityContext::MYSQL_HASH &&
62
sctx.getPasswordContext().size() == SHA1_DIGEST_LENGTH &&
63
password.size() == SHA1_DIGEST_LENGTH)
66
uint8_t scrambled_password_hash[SHA1_DIGEST_LENGTH];
67
uint8_t temp_hash[SHA1_DIGEST_LENGTH];
68
uint8_t scrambled_password_check[SHA1_DIGEST_LENGTH];
70
/* Get the double-hashed password from the stored hex string. */
71
drizzled_hex_to_string(reinterpret_cast<char*>(scrambled_password_hash),
72
scrambled_password, SHA1_DIGEST_LENGTH * 2);
74
/* Hash the scramble that was sent to client with the stored password. */
76
SHA1Update(&ctx, reinterpret_cast<const uint8_t*>(sctx.getPasswordContext().c_str()), SHA1_DIGEST_LENGTH);
77
SHA1Update(&ctx, scrambled_password_hash, SHA1_DIGEST_LENGTH);
78
SHA1Final(temp_hash, &ctx);
80
/* Next, XOR the result with what the client sent to get the original
81
single-hashed password. */
82
for (int x= 0; x < SHA1_DIGEST_LENGTH; x++)
83
temp_hash[x]= temp_hash[x] ^ password[x];
85
/* Hash this result once more to get the double-hashed password again. */
87
SHA1Update(&ctx, temp_hash, SHA1_DIGEST_LENGTH);
88
SHA1Final(scrambled_password_check, &ctx);
90
/* These should match for a successful auth. */
91
return memcmp(scrambled_password_hash, scrambled_password_check, SHA1_DIGEST_LENGTH) == 0;
98
AuthTest *auth_test= NULL;
100
static int init(plugin::Registry ®istry)
102
auth_test= new AuthTest("auth_test");
103
registry.add(auth_test);
107
static int deinit(plugin::Registry ®istry)
109
registry.remove(auth_test);
114
} /* namespace auth_test */
116
DRIZZLE_PLUGIN(auth_test::init, auth_test::deinit, NULL);