diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2019-01-10 13:51:51 +0100 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2019-02-04 16:06:57 +0100 |
| commit | 5b15cc613ec60f44003dd7d2fdb6421d220b6ee9 (patch) | |
| tree | 149c4a8b020c5fc7494044e3a812c1b8db19b302 /sql/structs.h | |
| parent | 798d1a9ddf159941228ac9c452c1384197d1aef0 (diff) | |
| download | mariadb-git-5b15cc613ec60f44003dd7d2fdb6421d220b6ee9.tar.gz | |
MDEV-11340 Allow multiple alternative authentication methods for the same user
introduce the syntax
... IDENTIFIED { WITH | VIA }
plugin [ { USING | AS } auth ]
[ OR plugin [ { USING | AS } auth ]
[ OR ... ]]
Server will try auth plugins in the specified order until the first
success. No protocol changes, server uses the existing "switch plugin"
packet.
The auth chain is stored in json as
"auth_or":[{"plugin":"xxx","authentication_string":"yyy"},
{},
{"plugin":"foo","authentication_string":"bar"},
...],
"plugin":"aaa", "authentication_string":"bbb"
Note:
* "auth_or" implies that there might be "auth_and" someday;
* one entry in the array is an empty object, meaning to take plugin/auth
from the main json object. This preserves compatibility with
the existing mysql.global_priv table and with the mysql.user view.
This entry is preferrably a mysql_native_password plugin for a
non-empty mysql.user.password column.
SET PASSWORD is supported and changes the password for the *first*
plugin in the chain that has a notion of a "password"
Diffstat (limited to 'sql/structs.h')
| -rw-r--r-- | sql/structs.h | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/sql/structs.h b/sql/structs.h index 3e29e137376..4c4cf137bc5 100644 --- a/sql/structs.h +++ b/sql/structs.h @@ -1,8 +1,8 @@ #ifndef STRUCTS_INCLUDED #define STRUCTS_INCLUDED -/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. - Copyright (c) 2017, MariaDB Corporation. +/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. + Copyright (c) 2009, 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -203,6 +203,17 @@ extern const char *show_comp_option_name[]; typedef int *(*update_var)(THD *, struct st_mysql_show_var *); +struct USER_AUTH : public Sql_alloc +{ + LEX_CSTRING plugin, auth_str, pwtext; + USER_AUTH *next; + USER_AUTH() : next(NULL) + { + plugin.str= auth_str.str= ""; + pwtext.str= NULL; + plugin.length= auth_str.length= pwtext.length= 0; + } +}; struct AUTHID { @@ -227,12 +238,10 @@ struct AUTHID struct LEX_USER: public AUTHID { - LEX_CSTRING plugin, auth, pwtext; - void reset_auth() + USER_AUTH *auth; + bool has_auth() { - pwtext.length= plugin.length= auth.length= 0; - pwtext.str= 0; - plugin.str= auth.str= ""; + return auth && (auth->plugin.length || auth->auth_str.length || auth->pwtext.length); } }; |