Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
4b31e6dc
Commit
4b31e6dc
authored
Jan 27, 2016
by
Vladislav Vaintroub
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Address review comments, add unit test
parent
c1bf5ba2
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
55 additions
and
69 deletions
+55
-69
mysql-test/r/auth_named_pipe.result
mysql-test/r/auth_named_pipe.result
+10
-0
mysql-test/t/auth_named_pipe-master.opt
mysql-test/t/auth_named_pipe-master.opt
+1
-0
mysql-test/t/auth_named_pipe.test
mysql-test/t/auth_named_pipe.test
+23
-0
plugin/auth_pipe/CMakeLists.txt
plugin/auth_pipe/CMakeLists.txt
+1
-17
plugin/auth_pipe/auth_pipe.c
plugin/auth_pipe/auth_pipe.c
+20
-52
No files found.
mysql-test/r/auth_named_pipe.result
0 → 100644
View file @
4b31e6dc
INSTALL SONAME 'auth_named_pipe';
CREATE USER USERNAME IDENTIFIED WITH named_pipe;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
USERNAME@localhost USERNAME@%
DROP USER USERNAME;
CREATE USER nosuchuser IDENTIFIED WITH named_pipe;
ERROR 28000: Access denied for user 'nosuchuser'@'localhost'
DROP USER nosuchuser;
UNINSTALL SONAME 'auth_named_pipe';
mysql-test/t/auth_named_pipe-master.opt
0 → 100644
View file @
4b31e6dc
--loose-enable-named-pipe
mysql-test/t/auth_named_pipe.test
0 → 100644
View file @
4b31e6dc
--
source
include
/
windows
.
inc
INSTALL
SONAME
'auth_named_pipe'
;
--
replace_result
$USERNAME
USERNAME
eval
CREATE
USER
$USERNAME
IDENTIFIED
WITH
named_pipe
;
# Connect using named pipe, correct username
connect
(
pipe_con
,
localhost
,
$USERNAME
,,,,,
PIPE
);
--
replace_result
$USERNAME
USERNAME
SELECT
USER
(),
CURRENT_USER
();
disconnect
pipe_con
;
connection
default
;
--
replace_result
$USERNAME
USERNAME
eval
DROP
USER
$USERNAME
;
# test invalid user name
CREATE
USER
nosuchuser
IDENTIFIED
WITH
named_pipe
;
--
disable_query_log
--
error
ER_ACCESS_DENIED_NO_PASSWORD_ERROR
connect
(
pipe_con
,
localhost
,
nosuchuser
,,,,,
PIPE
);
--
enable_query_log
DROP
USER
nosuchuser
;
UNINSTALL
SONAME
'auth_named_pipe'
;
\ No newline at end of file
plugin/auth_pipe/CMakeLists.txt
View file @
4b31e6dc
# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 of the
# License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
IF
(
WIN32
)
IF
(
WIN32
)
MYSQL_ADD_PLUGIN
(
auth_
pipe auth_pipe.c MODULE_ONLY
)
MYSQL_ADD_PLUGIN
(
auth_
named_pipe auth_pipe.c
)
ENDIF
()
ENDIF
()
plugin/auth_pipe/auth_pipe.c
View file @
4b31e6dc
...
@@ -17,44 +17,27 @@
...
@@ -17,44 +17,27 @@
/**
/**
@file
@file
auth_pip
d
authentication plugin.
auth_pip
e
authentication plugin.
Authentication is successful if the connection is done via a named pip and
Authentication is successful if the connection is done via a named pipe
the owner of the client process matches the user name that was used when
pipe peer name matches mysql user name
connecting to mysqld.
*/
*/
#include <mysql/plugin_auth.h>
#include <mysql/plugin_auth.h>
#include <string.h>
#include <string.h>
#include <lmcons.h>
#include <lmcons.h>
/**
/**
perform the named pipe´based authentication
This authentication callback obtains user name using named pipe impersonation
This authentication callback performs a named pipe based authentication -
it gets the uid of the client process and considers the user authenticated
if it uses username of this uid. That is - if the user is already
authenticated to the OS (if she is logged in) - she can use MySQL as herself
*/
*/
static
int
pipe_auth
(
MYSQL_PLUGIN_VIO
*
vio
,
MYSQL_SERVER_AUTH_INFO
*
info
)
static
int
pipe_auth
(
MYSQL_PLUGIN_VIO
*
vio
,
MYSQL_SERVER_AUTH_INFO
*
info
)
{
{
unsigned
char
*
pkt
;
unsigned
char
*
pkt
;
PTOKEN_USER
pTokenUser
=
NULL
;
HANDLE
hToken
;
MYSQL_PLUGIN_VIO_INFO
vio_info
;
MYSQL_PLUGIN_VIO_INFO
vio_info
;
DWORD
dLength
=
0
;
char
username
[
UNLEN
+
1
];
int
Ret
=
CR_ERROR
;
size_t
username_length
;
TCHAR
username
[
UNLEN
+
1
];
int
ret
;
DWORD
username_length
=
UNLEN
+
1
;
char
domainname
[
DNLEN
+
1
];
DWORD
domainsize
=
DNLEN
+
1
;
SID_NAME_USE
sidnameuse
;
/* no user name yet ? read the client handshake packet with the user name */
/* no user name yet ? read the client handshake packet with the user name */
if
(
info
->
user_name
==
0
)
if
(
info
->
user_name
==
0
)
...
@@ -62,41 +45,26 @@ static int pipe_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
...
@@ -62,41 +45,26 @@ static int pipe_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
if
(
vio
->
read_packet
(
vio
,
&
pkt
)
<
0
)
if
(
vio
->
read_packet
(
vio
,
&
pkt
)
<
0
)
return
CR_ERROR
;
return
CR_ERROR
;
}
}
info
->
password_used
=
PASSWORD_USED_NO_MENTION
;
info
->
password_used
=
PASSWORD_USED_NO_MENTION
;
vio
->
info
(
vio
,
&
vio_info
);
vio
->
info
(
vio
,
&
vio_info
);
if
(
vio_info
.
protocol
!=
MYSQL_VIO_PIPE
)
if
(
vio_info
.
protocol
!=
MYSQL_VIO_PIPE
)
return
CR_ERROR
;
return
CR_ERROR
;
/*
get the UID of the client process
*/
/*
Impersonate the named pipe peer, and retrieve the user name
*/
if
(
!
ImpersonateNamedPipeClient
(
vio_info
.
handle
))
if
(
!
ImpersonateNamedPipeClient
(
vio_info
.
handle
))
return
CR_ERROR
;
return
CR_ERROR
;
if
(
!
OpenThreadToken
(
GetCurrentThread
(),
TOKEN_ALL_ACCESS
,
TRUE
,
&
hToken
))
goto
end
;
/* determine length of TokenUser */
GetTokenInformation
(
hToken
,
TokenUser
,
NULL
,
0
,
&
dLength
);
if
(
!
dLength
)
goto
end
;
if
(
!
(
pTokenUser
=
(
PTOKEN_USER
)
LocalAlloc
(
0
,
dLength
)))
goto
end
;
if
(
!
GetTokenInformation
(
hToken
,
TokenUser
,
(
PVOID
)
pTokenUser
,
dLength
,
&
dLength
))
goto
end
;
if
(
!
LookupAccountSid
(
NULL
,
pTokenUser
->
User
.
Sid
,
username
,
&
username_length
,
domainname
,
&
domainsize
,
&
sidnameuse
))
goto
end
;
Ret
=
strcmp
(
username
,
info
->
user_name
)
?
CR_ERROR
:
CR_OK
;
username_length
=
sizeof
(
username
)
-
1
;
end:
ret
=
CR_ERROR
;
if
(
pTokenUser
)
if
(
GetUserName
(
username
,
&
username_length
))
LocalFree
(
pTokenUser
);
{
/* Always compare names case-insensitive on Windows.*/
if
(
_stricmp
(
username
,
info
->
user_name
)
==
0
)
ret
=
CR_OK
;
}
RevertToSelf
();
RevertToSelf
();
/* now it's simple as that */
return
R
et
;
return
r
et
;
}
}
static
struct
st_mysql_auth
pipe_auth_handler
=
static
struct
st_mysql_auth
pipe_auth_handler
=
...
@@ -106,11 +74,11 @@ static struct st_mysql_auth pipe_auth_handler=
...
@@ -106,11 +74,11 @@ static struct st_mysql_auth pipe_auth_handler=
pipe_auth
pipe_auth
};
};
maria_declare_plugin
(
socket_auth
)
maria_declare_plugin
(
auth_named_pipe
)
{
{
MYSQL_AUTHENTICATION_PLUGIN
,
MYSQL_AUTHENTICATION_PLUGIN
,
&
pipe_auth_handler
,
&
pipe_auth_handler
,
"
windows
_pipe"
,
"
named
_pipe"
,
"Vladislav Vaintroub, Georg Richter"
,
"Vladislav Vaintroub, Georg Richter"
,
"Windows named pipe based authentication"
,
"Windows named pipe based authentication"
,
PLUGIN_LICENSE_GPL
,
PLUGIN_LICENSE_GPL
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment