241 lines
5.0 KiB
C
241 lines
5.0 KiB
C
/*
|
|
* Copyright (C) 2013 - Alejandro T. Colombini
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <mysql/plugin_auth.h>
|
|
#include <mysql.h>
|
|
|
|
#define MAX_BUFFER_SIZE 256
|
|
#define CONFIG_FILE _CONFIG_DIR"/proxy_auth.cnf"
|
|
#define SQL_FILE _SQL_DIR"/proxy_auth.sql"
|
|
|
|
static char * strcat_quoted (char * query, const char * str, int str_len)
|
|
{
|
|
int quoted_len = str_len + 2;
|
|
char *buff, q[quoted_len];
|
|
|
|
buff = stpcpy (q, "'");
|
|
buff = stpcpy (buff, str);
|
|
buff = stpcpy (buff, "'");
|
|
strcat (query, q);
|
|
return query;
|
|
}
|
|
|
|
static char * get_stmt (const char * user, int user_len, const char * pass, int pass_len)
|
|
{
|
|
long stmt_len, q_len;
|
|
size_t prev;
|
|
char * buffer, * query;
|
|
FILE * file;
|
|
|
|
if (!(file = fopen (SQL_FILE, "r")))
|
|
return NULL;
|
|
|
|
// Get the size of file
|
|
|
|
if (fseek (file, 0, SEEK_END) < 0
|
|
|| (stmt_len = ftell (file)) < 0
|
|
|| fseek (file, 0, SEEK_SET) < 0)
|
|
{
|
|
fclose (file);
|
|
return NULL;
|
|
}
|
|
|
|
char stmt[stmt_len + 1];
|
|
|
|
// Get the contents of file
|
|
|
|
if (fread (stmt, stmt_len, 1, file) < 1)
|
|
{
|
|
fclose (file);
|
|
return NULL;
|
|
}
|
|
|
|
fclose (file);
|
|
stmt[stmt_len] = '\0';
|
|
|
|
q_len = stmt_len + user_len + pass_len + 1;
|
|
query = malloc (q_len);
|
|
strcpy (query, "");
|
|
|
|
// Substitute #user and #pass in stmt by the contents of user and pass
|
|
|
|
buffer = stmt;
|
|
prev = (size_t) stmt;
|
|
|
|
while ((buffer = strstr (buffer, "#")))
|
|
{
|
|
int offset = 1, tok_len = 5;
|
|
char token[tok_len + 1];
|
|
|
|
strncat (query, (char *) prev, (size_t) (buffer - prev));
|
|
strncpy (token, buffer, tok_len);
|
|
token[tok_len] = '\0';
|
|
|
|
if (!strcmp (token, "#user"))
|
|
{
|
|
strcat_quoted (query, user, user_len);
|
|
offset = tok_len;
|
|
}
|
|
else if (!strcmp (token, "#pass"))
|
|
{
|
|
strcat_quoted (query, pass, pass_len);
|
|
offset = tok_len;
|
|
}
|
|
else
|
|
strcat (query, "#");
|
|
|
|
buffer = buffer + offset;
|
|
prev = (size_t) buffer;
|
|
}
|
|
|
|
strncat (query, (char *) prev, prev);
|
|
return query;
|
|
}
|
|
|
|
static int proxy_auth_main (MYSQL_PLUGIN_VIO * vio, MYSQL_SERVER_AUTH_INFO * info)
|
|
{
|
|
int i = 0, res = CR_ERROR;
|
|
int pass_len, name_len = info->user_name_length;
|
|
unsigned char * pkt;
|
|
char buffer[MAX_BUFFER_SIZE], config[3][MAX_BUFFER_SIZE];
|
|
char * query;
|
|
FILE * file;
|
|
MYSQL conn;
|
|
|
|
// Check for the username
|
|
|
|
if (info->user_name == NULL)
|
|
if ((name_len = vio->read_packet(vio, &pkt)) < 0)
|
|
return CR_ERROR;
|
|
|
|
if (name_len > MYSQL_USERNAME_LENGTH)
|
|
return CR_ERROR;
|
|
|
|
// Read the password and check if it's valid
|
|
|
|
if ((pass_len = vio->read_packet (vio, &pkt)) < 0)
|
|
return CR_ERROR;
|
|
|
|
if (!pass_len || *pkt == '\0')
|
|
{
|
|
info->password_used = PASSWORD_USED_NO;
|
|
return CR_ERROR;
|
|
}
|
|
|
|
char pass[pass_len + 1];
|
|
memcpy (pass, pkt, pass_len);
|
|
pass[pass_len] = '\0';
|
|
|
|
info->password_used = PASSWORD_USED_YES;
|
|
|
|
// Get connection data from CONFIG_FILE
|
|
|
|
if (!(file = fopen (CONFIG_FILE, "r")))
|
|
return CR_ERROR;
|
|
|
|
while (i < 3 && fgets (buffer, MAX_BUFFER_SIZE, file))
|
|
if (buffer[0] != '#'
|
|
&& buffer[0] != '\n'
|
|
&& buffer[0] != ' ')
|
|
{
|
|
int len;
|
|
strcpy (config[i], buffer);
|
|
len = strlen (config[i]);
|
|
config[i][len-1] = '\0';
|
|
i++;
|
|
}
|
|
|
|
if (i < 3)
|
|
return CR_ERROR;
|
|
|
|
fclose (file);
|
|
|
|
// Connect to the database
|
|
|
|
mysql_init (&conn);
|
|
|
|
if (!mysql_real_connect (&conn,
|
|
NULL, config[0], config[1], config[2], 0, "/var/run/mysqld/mysqld.sock", 0))
|
|
{
|
|
mysql_close (&conn);
|
|
return CR_ERROR;
|
|
}
|
|
|
|
// Form the query, send it and then set the results on info
|
|
|
|
if (!(query = get_stmt (info->user_name, name_len, pass, pass_len)))
|
|
{
|
|
mysql_close (&conn);
|
|
return CR_ERROR;
|
|
}
|
|
|
|
if (!mysql_query (&conn, query))
|
|
{
|
|
MYSQL_RES * result;
|
|
|
|
if ((result = mysql_store_result (&conn)))
|
|
{
|
|
MYSQL_ROW row = mysql_fetch_row (result);
|
|
|
|
if (row && row[0])
|
|
{
|
|
unsigned long row_len = mysql_fetch_lengths (result)[0];
|
|
|
|
if (row_len > 0 && row_len <= MYSQL_USERNAME_LENGTH)
|
|
{
|
|
strcpy (info->external_user, info->user_name);
|
|
strncpy (info->authenticated_as, row[0], row_len);
|
|
res = CR_OK;
|
|
}
|
|
}
|
|
|
|
mysql_free_result (result);
|
|
}
|
|
}
|
|
|
|
mysql_close (&conn);
|
|
free (query);
|
|
return res;
|
|
}
|
|
|
|
static struct st_mysql_auth proxy_auth_handler =
|
|
{
|
|
MYSQL_AUTHENTICATION_INTERFACE_VERSION
|
|
,"mysql_clear_password" // Cleartext plugin required in the client
|
|
,proxy_auth_main
|
|
};
|
|
|
|
mysql_declare_plugin(proxy_auth)
|
|
{
|
|
MYSQL_AUTHENTICATION_PLUGIN
|
|
,&proxy_auth_handler
|
|
,"proxy_auth"
|
|
,"Alejandro T. Colombini"
|
|
,"Proxy user authentication server-side plugin"
|
|
,PLUGIN_LICENSE_GPL
|
|
,NULL
|
|
,NULL
|
|
,0x0100 // version 1.0
|
|
,NULL
|
|
,NULL
|
|
,NULL
|
|
,0
|
|
}
|
|
mysql_declare_plugin_end;
|