summaryrefslogtreecommitdiffstats
path: root/plugin/auth_pipe
diff options
context:
space:
mode:
Diffstat (limited to 'plugin/auth_pipe')
-rw-r--r--plugin/auth_pipe/CMakeLists.txt3
-rw-r--r--plugin/auth_pipe/auth_pipe.c94
2 files changed, 97 insertions, 0 deletions
diff --git a/plugin/auth_pipe/CMakeLists.txt b/plugin/auth_pipe/CMakeLists.txt
new file mode 100644
index 00000000..bbc44d0f
--- /dev/null
+++ b/plugin/auth_pipe/CMakeLists.txt
@@ -0,0 +1,3 @@
+IF(WIN32)
+ MYSQL_ADD_PLUGIN(auth_named_pipe auth_pipe.c)
+ENDIF()
diff --git a/plugin/auth_pipe/auth_pipe.c b/plugin/auth_pipe/auth_pipe.c
new file mode 100644
index 00000000..902add44
--- /dev/null
+++ b/plugin/auth_pipe/auth_pipe.c
@@ -0,0 +1,94 @@
+/* Copyright (C) 2015 Vladislav Vaintroub, Georg Richter and Monty Program Ab
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; version 2 of the
+ License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */
+
+/**
+ @file
+
+ auth_pipe authentication plugin.
+
+ Authentication is successful if the connection is done via a named pipe
+ pipe peer name matches mysql user name
+*/
+
+#include <mysql/plugin_auth.h>
+#include <string.h>
+#include <lmcons.h>
+
+
+/**
+ This authentication callback obtains user name using named pipe impersonation
+*/
+static int pipe_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
+{
+ unsigned char *pkt;
+ MYSQL_PLUGIN_VIO_INFO vio_info;
+ char username[UNLEN + 1];
+ DWORD username_length;
+ int ret;
+
+ /* no user name yet ? read the client handshake packet with the user name */
+ if (info->user_name == 0)
+ {
+ if (vio->read_packet(vio, &pkt) < 0)
+ return CR_ERROR;
+ }
+ info->password_used= PASSWORD_USED_NO_MENTION;
+ vio->info(vio, &vio_info);
+ if (vio_info.protocol != MYSQL_VIO_PIPE)
+ return CR_ERROR;
+
+ /* Impersonate the named pipe peer, and retrieve the user name */
+ if (!ImpersonateNamedPipeClient(vio_info.handle))
+ return CR_ERROR;
+
+ username_length=UNLEN;
+ ret= CR_ERROR;
+ if (GetUserName(username, &username_length))
+ {
+ /* Always compare names case-insensitive on Windows.*/
+ if (_stricmp(username, info->user_name) == 0)
+ ret= CR_OK;
+ }
+ RevertToSelf();
+
+ return ret;
+}
+
+static struct st_mysql_auth pipe_auth_handler=
+{
+ MYSQL_AUTHENTICATION_INTERFACE_VERSION,
+ 0,
+ pipe_auth
+};
+
+maria_declare_plugin(auth_named_pipe)
+{
+ MYSQL_AUTHENTICATION_PLUGIN,
+ &pipe_auth_handler,
+ "named_pipe",
+ "Vladislav Vaintroub, Georg Richter",
+ "Windows named pipe based authentication",
+ PLUGIN_LICENSE_GPL,
+ NULL,
+ NULL,
+ 0x0100,
+ NULL,
+ NULL,
+ "1.0",
+ MariaDB_PLUGIN_MATURITY_STABLE
+}
+maria_declare_plugin_end;
+