Drizzled Public API Documentation

auth_test.cc
1 /* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
2  * vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
3  *
4  * Copyright (C) 2010 Rackspace
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; version 2 of the License.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18  */
19 
20 #include <config.h>
21 
22 #include <string>
23 
24 #include <drizzled/plugin/authentication.h>
25 #include <drizzled/identifier.h>
26 #include <drizzled/util/convert.h>
28 
29 using namespace std;
30 using namespace drizzled;
31 
32 namespace auth_test
33 {
34 
35 /* This is the result of MYSQL_PASSWORD("scramble_password"). */
36 static const char *scrambled_password= "2C5A870CEFF02BA3B0A927D7956B3FEB4D59CF21";
37 
38 class AuthTest: public plugin::Authentication
39 {
40 public:
41  AuthTest(string name_arg):
42  plugin::Authentication(name_arg)
43  { }
44 
45  virtual bool authenticate(const identifier::User &sctx, const string &password)
46  {
47  /* The "root" user always succeeds for drizzletest to get in. */
48  if (sctx.username() == "root" && password.empty())
49  return true;
50 
51  /* Any password succeeds. */
52  if (sctx.username() == "password_ok" && !password.empty())
53  return true;
54 
55  /* No password succeeds. */
56  if (sctx.username() == "no_password_ok" && password.empty())
57  return true;
58 
59  /* Check if MySQL password scramble succeeds. */
60  if (sctx.username() == "scramble_ok" &&
61  sctx.getPasswordType() == identifier::User::MYSQL_HASH &&
62  sctx.getPasswordContext().size() == SHA1_DIGEST_LENGTH &&
63  password.size() == SHA1_DIGEST_LENGTH)
64  {
65  SHA1_CTX ctx;
66  uint8_t scrambled_password_hash[SHA1_DIGEST_LENGTH];
67  uint8_t temp_hash[SHA1_DIGEST_LENGTH];
68  uint8_t scrambled_password_check[SHA1_DIGEST_LENGTH];
69 
70  /* Get the double-hashed password from the stored hex string. */
71  drizzled_hex_to_string(reinterpret_cast<char*>(scrambled_password_hash),
72  scrambled_password, SHA1_DIGEST_LENGTH * 2);
73 
74  /* Hash the scramble that was sent to client with the stored password. */
75  SHA1Init(&ctx);
76  SHA1Update(&ctx, reinterpret_cast<const uint8_t*>(sctx.getPasswordContext().c_str()), SHA1_DIGEST_LENGTH);
77  SHA1Update(&ctx, scrambled_password_hash, SHA1_DIGEST_LENGTH);
78  SHA1Final(temp_hash, &ctx);
79 
80  /* Next, XOR the result with what the client sent to get the original
81  single-hashed password. */
82  for (int x= 0; x < SHA1_DIGEST_LENGTH; x++)
83  temp_hash[x]= temp_hash[x] ^ password[x];
84 
85  /* Hash this result once more to get the double-hashed password again. */
86  SHA1Init(&ctx);
87  SHA1Update(&ctx, temp_hash, SHA1_DIGEST_LENGTH);
88  SHA1Final(scrambled_password_check, &ctx);
89 
90  /* These should match for a successful auth. */
91  return memcmp(scrambled_password_hash, scrambled_password_check, SHA1_DIGEST_LENGTH) == 0;
92  }
93 
94  return false;
95  }
96 };
97 
98 AuthTest *auth_test= NULL;
99 
100 static int init(module::Context &context)
101 {
102  auth_test= new AuthTest("auth_test");
103  context.add(auth_test);
104  return 0;
105 }
106 
107 } /* namespace auth_test */
108 
109 DRIZZLE_DECLARE_PLUGIN
110 {
111  DRIZZLE_VERSION_ID,
112  "auth_test",
113  "0.1",
114  "Eric Day",
115  N_("Authentication module for testing"),
116  PLUGIN_LICENSE_GPL,
117  auth_test::init,
118  NULL,
119  NULL,
120 }
121 DRIZZLE_DECLARE_PLUGIN_END;
A set of Session members describing the current authenticated user.
Definition: user.h:34
SHA1 Declarations.
TODO: Rename this file - func.h is stupid.