Drizzled Public API Documentation

drizzle_plugin::auth_schema::AuthSchema Class Reference
Inheritance diagram for drizzle_plugin::auth_schema::AuthSchema:
drizzled::plugin::Authentication drizzled::plugin::Plugin

Public Types

typedef std::pair< const
std::string, const std::string > 
map_key
typedef std::map< const
map_key, plugin::Plugin * > 
map
typedef std::vector< Plugin * > vector

Public Member Functions

 AuthSchema (bool enabled)
bool setTable (const string &table)
 Set the authentication table.
virtual bool authenticate (const identifier::User &, const std::string &passwd)=0
virtual void shutdownPlugin ()
virtual void prime ()
virtual void startup (drizzled::Session &)
void activate ()
void deactivate ()
bool isActive () const
const std::string & getName () const
void setModule (module::Module *module)
const std::string & getTypeName () const
virtual bool removeLast () const
const std::string & getModuleName () const

Static Public Member Functions

static bool addPlugin (plugin::Authentication *)
static void removePlugin (plugin::Authentication *)
static bool isAuthenticated (const drizzled::identifier::User &, const std::string &password)

Public Attributes

bool sysvar_enabled
string sysvar_table

Private Member Functions

bool authenticate (const identifier::User &sctx, const string &password)
bool verifyMySQLPassword (const string &real_password, const string &scramble_bytes, const string &client_password)
 Verify that the client password matches the real password.
string escapeQuoteAuthTable (const string &table)
 Split, escape, and quote the auth table name.
string escapeQuoteIdentifier (const string &input)
 Escape and quote an identifier.
string escapeString (const string &input)
 Escape a string for use as a single-quoted string value.

Private Attributes

pcre * _ident_re
Session::shared_ptr _session
 Internal session for querying auth table.

Detailed Description

Definition at line 31 of file auth_schema.h.

Member Function Documentation

bool drizzle_plugin::auth_schema::AuthSchema::authenticate ( const identifier::User sctx,
const string &  password 
)
private

Base class method to check authentication for a user.

Definition at line 104 of file auth_schema.cc.

string drizzle_plugin::auth_schema::AuthSchema::escapeQuoteAuthTable ( const string &  table)
private

Split, escape, and quote the auth table name.

This function is called by setTable(). The auth table name must be schema-qualified, so it should have the form schema.table or schema.table, etc. This function splits the table name on the period, checks each half (the schema name and the table name), and escapes and backtick quotes each if necessary. The result is that the auth table name is always finally of the form schema.table.

Parameters
[in]tableSchema-qualified auth table name
Returns
Escaped and backtick-quoted auth table name

Definition at line 162 of file auth_schema.cc.

string drizzle_plugin::auth_schema::AuthSchema::escapeQuoteIdentifier ( const string &  input)
private

Escape and quote an identifier.

Parameters
[in]inputIdentifer, possibly already quoted
Returns
Escaped and backtick-quoted identifier

The input may already be a quoted ident with no extra backticks. If so, return it.

Definition at line 170 of file auth_schema.cc.

string drizzle_plugin::auth_schema::AuthSchema::escapeString ( const string &  input)
private

Escape a string for use as a single-quoted string value.

The string is escaped so that it can be used as a value in single quotes, like: col='untrusted value'. Therefore, double quotes are not escaped because they're valid inside single-quoted values. Escaping helps avoid SQL injections.

Parameters
[in]inputUntrusted string
Returns
Escaped string

Definition at line 210 of file auth_schema.cc.

bool drizzle_plugin::auth_schema::AuthSchema::setTable ( const string &  table)

Set the authentication table.

Parameters
[in]tableSchema-qualified table name.
Return values
falseSuccess, new auth table set
trueFailure, auth table not changed

Definition at line 48 of file auth_schema.cc.

bool drizzle_plugin::auth_schema::AuthSchema::verifyMySQLPassword ( const string &  real_password,
const string &  scramble_bytes,
const string &  client_password 
)
private

Verify that the client password matches the real password.

This method compares two MySQL hashed passwords: one from the client who is trying to authenticate, and the other from an auth table with the real password. The client's password is hashed with the scramble bytes that Drizzle sent when the client connected, so we hash the real password with these bytes, too. This method is a modified copy of auth_file::verifyMySQLHash(), written by Eric Day, so credit the credit is his for the algos.

Parameters
[in]real_passwordReal password, double-hashed but not yet scrambled with the scramble bytes.
[in]scramble_bytesRandom bytes sent by Drizzle to client.
[in]client_passwordPassword sent by client, double-hashed and scrambled with the scramble bytes.
Returns
True if the passwords match, else false.

Definition at line 67 of file auth_schema.cc.

Member Data Documentation

bool drizzle_plugin::auth_schema::AuthSchema::sysvar_enabled

These are the query_log system variables. So sysvar_enabled is auth_schema_enabled in SHOW VARIABLES, etc. They are all global and dynamic.

Definition at line 53 of file auth_schema.h.


The documentation for this class was generated from the following files: