1 files changed, 182 insertions, 0 deletions
diff --git a/include/mysql/plugin_auth.h b/include/mysql/plugin_auth.h
new file mode 100644
index 00000000..ae9c9368
--- /dev/null
+++ b/include/mysql/plugin_auth.h
@@ -0,0 +1,182 @@
+#ifndef MYSQL_PLUGIN_AUTH_INCLUDED
+/* Copyright (C) 2010 Sergei Golubchik and Monty Program Ab
+   Copyright (c) 2010, Oracle and/or its affiliates.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335  USA */
+
+/**
+  @file
+
+  Authentication Plugin API.
+
+  This file defines the API for server authentication plugins.
+*/
+
+#define MYSQL_PLUGIN_AUTH_INCLUDED
+
+#include <mysql/plugin.h>
+
+#define MYSQL_AUTHENTICATION_INTERFACE_VERSION 0x0202
+
+#include <mysql/plugin_auth_common.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* defines for MYSQL_SERVER_AUTH_INFO.password_used */
+
+#define PASSWORD_USED_NO         0
+#define PASSWORD_USED_YES        1
+#define PASSWORD_USED_NO_MENTION 2
+
+
+/**
+  Provides server plugin access to authentication information
+*/
+typedef struct st_mysql_server_auth_info
+{
+  /**
+    User name as sent by the client and shown in USER().
+    NULL if the client packet with the user name was not received yet.
+  */
+  const char *user_name;
+
+  /**
+    Length of user_name
+  */
+  unsigned int user_name_length;
+
+  /**
+    A corresponding column value from the mysql.user table for the
+    matching account name or the preprocessed value, if preprocess_hash
+    method is not NULL
+  */
+  const char *auth_string;
+
+  /**
+    Length of auth_string
+  */
+  unsigned long auth_string_length;
+
+  /**
+    Matching account name as found in the mysql.user table.
+    A plugin can override it with another name that will be
+    used by MySQL for authorization, and shown in CURRENT_USER()
+  */
+  char authenticated_as[MYSQL_USERNAME_LENGTH+1]; 
+
+
+  /**
+    The unique user name that was used by the plugin to authenticate.
+    Not used by the server.
+    Available through the @@EXTERNAL_USER variable.
+  */  
+  char external_user[MYSQL_USERNAME_LENGTH+1];
+
+  /**
+    This only affects the "Authentication failed. Password used: %s"
+    error message. has the following values : 
+    0 : %s will be NO.
+    1 : %s will be YES.
+    2 : there will be no %s.
+    Set it as appropriate or ignore at will.
+  */
+  int  password_used;
+
+  /**
+    Set to the name of the connected client host, if it can be resolved, 
+    or to its IP address otherwise.
+  */
+  const char *host_or_ip;
+
+  /**
+    Length of host_or_ip
+  */
+  unsigned int host_or_ip_length;
+
+  /**
+    Current THD pointer (to use with various services)
+  */
+  MYSQL_THD thd;
+
+} MYSQL_SERVER_AUTH_INFO;
+
+/**
+  Server authentication plugin descriptor
+*/
+struct st_mysql_auth
+{
+  int interface_version;                        /**< version plugin uses */
+  /**
+    A plugin that a client must use for authentication with this server
+    plugin. Can be NULL to mean "any plugin".
+  */
+  const char *client_auth_plugin;
+  /**
+    Function provided by the plugin which should perform authentication (using
+    the vio functions if necessary) and return 0 if successful. The plugin can
+    also fill the info.authenticated_as field if a different username should be
+    used for authorization.
+  */
+  int (*authenticate_user)(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info);
+  /**
+    Create a password hash (or digest) out of a plain-text password
+
+    Used in SET PASSWORD, GRANT, and CREATE USER to convert user specified
+    plain-text password into a value that will be stored in mysql.user table.
+
+    @see preprocess_hash
+
+    @param password        plain-text password
+    @param password_length plain-text password length
+    @param hash            the digest will be stored there
+    @param hash_length     in: hash buffer size
+                           out: the actual length of the hash
+
+    @return 0 for ok, 1 for error
+
+    Can be NULL.
+  */
+  int (*hash_password)(const char *password, size_t password_length,
+                       char *hash, size_t *hash_length);
+
+  /**
+    Prepare the password hash for authentication.
+
+    Password hash is stored in the authentication_string column of the
+    mysql.user table in a text form. If a plugin needs to preprocess the
+    value somehow before the authentication (e.g. convert from hex or base64
+    to binary), it can do it in this method. This way the conversion
+    will happen only once, not for every authentication attempt.
+
+    The value written to the out buffer will be cached and later made
+    available to the authenticate_user() method in the
+    MYSQL_SERVER_AUTH_INFO::auth_string[] buffer.
+
+    @return 0 for ok, 1 for error
+
+    Can be NULL, in this case the mysql.user.authentication_string value will
+    be given to the authenticate_user() method as is, unconverted.
+  */
+  int (*preprocess_hash)(const char *hash, size_t hash_length,
+                         unsigned char *out, size_t *out_length);
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+