diff options
Diffstat (limited to 'include/mysql/plugin_auth.h')
-rw-r--r-- | include/mysql/plugin_auth.h | 46 |
1 files changed, 44 insertions, 2 deletions
diff --git a/include/mysql/plugin_auth.h b/include/mysql/plugin_auth.h index 6741283d5bd..ae9c9368f15 100644 --- a/include/mysql/plugin_auth.h +++ b/include/mysql/plugin_auth.h @@ -27,7 +27,7 @@ #include <mysql/plugin.h> -#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0201 +#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0202 #include <mysql/plugin_auth_common.h> @@ -60,7 +60,8 @@ typedef struct st_mysql_server_auth_info /** A corresponding column value from the mysql.user table for the - matching account name + matching account name or the preprocessed value, if preprocess_hash + method is not NULL */ const char *auth_string; @@ -130,6 +131,47 @@ struct st_mysql_auth used for authorization. */ int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info); + /** + Create a password hash (or digest) out of a plain-text password + + Used in SET PASSWORD, GRANT, and CREATE USER to convert user specified + plain-text password into a value that will be stored in mysql.user table. + + @see preprocess_hash + + @param password plain-text password + @param password_length plain-text password length + @param hash the digest will be stored there + @param hash_length in: hash buffer size + out: the actual length of the hash + + @return 0 for ok, 1 for error + + Can be NULL. + */ + int (*hash_password)(const char *password, size_t password_length, + char *hash, size_t *hash_length); + + /** + Prepare the password hash for authentication. + + Password hash is stored in the authentication_string column of the + mysql.user table in a text form. If a plugin needs to preprocess the + value somehow before the authentication (e.g. convert from hex or base64 + to binary), it can do it in this method. This way the conversion + will happen only once, not for every authentication attempt. + + The value written to the out buffer will be cached and later made + available to the authenticate_user() method in the + MYSQL_SERVER_AUTH_INFO::auth_string[] buffer. + + @return 0 for ok, 1 for error + + Can be NULL, in this case the mysql.user.authentication_string value will + be given to the authenticate_user() method as is, unconverted. + */ + int (*preprocess_hash)(const char *hash, size_t hash_length, + unsigned char *out, size_t *out_length); }; #ifdef __cplusplus |