Public Types | |
|
typedef std::pair< const std::string, const std::string > | map_key |
|
typedef std::map< const map_key, plugin::Plugin * > | map |
| typedef std::vector< Plugin * > | vector |
Public Member Functions | |
| AuthSchema (bool enabled) | |
| bool | setTable (const string &table) |
| Set the authentication table. | |
| virtual bool | authenticate (const identifier::User &, const std::string &passwd)=0 |
| virtual void | shutdownPlugin () |
| virtual void | prime () |
| virtual void | startup (drizzled::Session &) |
| void | activate () |
| void | deactivate () |
| bool | isActive () const |
| const std::string & | getName () const |
| void | setModule (module::Module *module) |
| const std::string & | getTypeName () const |
| virtual bool | removeLast () const |
| const std::string & | getModuleName () const |
Static Public Member Functions | |
| static bool | addPlugin (plugin::Authentication *) |
| static void | removePlugin (plugin::Authentication *) |
| static bool | isAuthenticated (const drizzled::identifier::User &, const std::string &password) |
Public Attributes | |
| bool | sysvar_enabled |
| string | sysvar_table |
Private Member Functions | |
| bool | authenticate (const identifier::User &sctx, const string &password) |
| bool | verifyMySQLPassword (const string &real_password, const string &scramble_bytes, const string &client_password) |
| Verify that the client password matches the real password. | |
| string | escapeQuoteAuthTable (const string &table) |
| Split, escape, and quote the auth table name. | |
| string | escapeQuoteIdentifier (const string &input) |
| Escape and quote an identifier. | |
| string | escapeString (const string &input) |
| Escape a string for use as a single-quoted string value. | |
Private Attributes | |
| pcre * | _ident_re |
| Session::shared_ptr | _session |
| Internal session for querying auth table. | |
Definition at line 31 of file auth_schema.h.
| bool drizzle_plugin::auth_schema::AuthSchema::authenticate | ( | const identifier::User & | sctx, |
| const string & | password | ||
| ) | [private] |
Base class method to check authentication for a user.
Definition at line 104 of file auth_schema.cc.
| string drizzle_plugin::auth_schema::AuthSchema::escapeQuoteAuthTable | ( | const string & | table | ) | [private] |
Split, escape, and quote the auth table name.
This function is called by setTable(). The auth table name must be schema-qualified, so it should have the form schema.table or `schema`.`table`, etc. This function splits the table name on the period, checks each half (the schema name and the table name), and escapes and backtick quotes each if necessary. The result is that the auth table name is always finally of the form `schema`.`table`.
| [in] | table | Schema-qualified auth table name |
Definition at line 162 of file auth_schema.cc.
| string drizzle_plugin::auth_schema::AuthSchema::escapeQuoteIdentifier | ( | const string & | input | ) | [private] |
Escape and quote an identifier.
| [in] | input | Identifer, possibly already quoted |
The input may already be a quoted ident with no extra backticks. If so, return it.
Definition at line 170 of file auth_schema.cc.
| string drizzle_plugin::auth_schema::AuthSchema::escapeString | ( | const string & | input | ) | [private] |
Escape a string for use as a single-quoted string value.
The string is escaped so that it can be used as a value in single quotes, like: col='untrusted value'. Therefore, double quotes are not escaped because they're valid inside single-quoted values. Escaping helps avoid SQL injections.
| [in] | input | Untrusted string |
Definition at line 210 of file auth_schema.cc.
| bool drizzle_plugin::auth_schema::AuthSchema::setTable | ( | const string & | table | ) |
Set the authentication table.
| [in] | table | Schema-qualified table name. |
| false | Success, new auth table set |
| true | Failure, auth table not changed |
Definition at line 48 of file auth_schema.cc.
| bool drizzle_plugin::auth_schema::AuthSchema::verifyMySQLPassword | ( | const string & | real_password, |
| const string & | scramble_bytes, | ||
| const string & | client_password | ||
| ) | [private] |
Verify that the client password matches the real password.
This method compares two MySQL hashed passwords: one from the client who is trying to authenticate, and the other from an auth table with the real password. The client's password is hashed with the scramble bytes that Drizzle sent when the client connected, so we hash the real password with these bytes, too. This method is a modified copy of auth_file::verifyMySQLHash(), written by Eric Day, so credit the credit is his for the algos.
| [in] | real_password | Real password, double-hashed but not yet scrambled with the scramble bytes. |
| [in] | scramble_bytes | Random bytes sent by Drizzle to client. |
| [in] | client_password | Password sent by client, double-hashed and scrambled with the scramble bytes. |
Definition at line 67 of file auth_schema.cc.
These are the query_log system variables. So sysvar_enabled is auth_schema_enabled in SHOW VARIABLES, etc. They are all global and dynamic.
Definition at line 53 of file auth_schema.h.