Commit 06f6e4fe authored by Georgi Kodinov's avatar Georgi Kodinov

Bug #12998841: libmysql divulges plaintext password upon request in 5.5

1. Clear text password client plugin disabled by default.
2. Added an environment variable LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN, that
when set to something starting with '1', 'Y' or 'y' will enable the clear
text
plugin for all connections.
3. Added a new mysql_options() option : MYSQL_ENABLE_CLEARTEXT_PLUGIN
that takes an my_bool argument. When the value of the argument is non-zero
the clear text plugin is enabled for this connection only.
4. Added an enable-cleartext-plugin config file option that takes a numeric

argument. If the numeric value of the numeric argument is non-zero the
clear
text plugin is enabled for the connection
5. Added a boolean command line option "--enable_cleartext_plugin" to
mysql, mysqlslap and mysqladmin. When specified it will call mysql_options
with the effect of #3
6. Added a new CLEARTEXT option to the connect command in mysqltest.
When specified it will enable the cleartext plugin for usage.
7. Added test cases and updated existing ones that need the clear text
plugin.
parent 9ce35ffc
...@@ -87,6 +87,7 @@ enum options_client ...@@ -87,6 +87,7 @@ enum options_client
OPT_PLUGIN_DIR, OPT_PLUGIN_DIR,
OPT_DEFAULT_AUTH, OPT_DEFAULT_AUTH,
OPT_DEFAULT_PLUGIN, OPT_DEFAULT_PLUGIN,
OPT_ENABLE_CLEARTEXT_PLUGIN,
OPT_MAX_CLIENT_OPTION OPT_MAX_CLIENT_OPTION
}; };
......
...@@ -148,6 +148,8 @@ static my_bool column_types_flag; ...@@ -148,6 +148,8 @@ static my_bool column_types_flag;
static my_bool preserve_comments= 0; static my_bool preserve_comments= 0;
static ulong opt_max_allowed_packet, opt_net_buffer_length; static ulong opt_max_allowed_packet, opt_net_buffer_length;
static uint verbose=0,opt_silent=0,opt_mysql_port=0, opt_local_infile=0; static uint verbose=0,opt_silent=0,opt_mysql_port=0, opt_local_infile=0;
static uint opt_enable_cleartext_plugin= 0;
static my_bool using_opt_enable_cleartext_plugin= 0;
static uint my_end_arg; static uint my_end_arg;
static char * opt_mysql_unix_port=0; static char * opt_mysql_unix_port=0;
static int connect_flag=CLIENT_INTERACTIVE; static int connect_flag=CLIENT_INTERACTIVE;
...@@ -1409,6 +1411,10 @@ static struct my_option my_long_options[] = ...@@ -1409,6 +1411,10 @@ static struct my_option my_long_options[] =
&default_charset, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, &default_charset, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"delimiter", OPT_DELIMITER, "Delimiter to be used.", &delimiter_str, {"delimiter", OPT_DELIMITER, "Delimiter to be used.", &delimiter_str,
&delimiter_str, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, &delimiter_str, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"enable_cleartext_plugin", OPT_ENABLE_CLEARTEXT_PLUGIN,
"Enable/disable the clear text authentication plugin.",
&opt_enable_cleartext_plugin, &opt_enable_cleartext_plugin,
0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
{"execute", 'e', "Execute command and quit. (Disables --force and history file.)", 0, {"execute", 'e', "Execute command and quit. (Disables --force and history file.)", 0,
0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, 0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"vertical", 'E', "Print the output of a query (rows) vertically.", {"vertical", 'E', "Print the output of a query (rows) vertically.",
...@@ -1636,6 +1642,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), ...@@ -1636,6 +1642,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
case OPT_LOCAL_INFILE: case OPT_LOCAL_INFILE:
using_opt_local_infile=1; using_opt_local_infile=1;
break; break;
case OPT_ENABLE_CLEARTEXT_PLUGIN:
using_opt_enable_cleartext_plugin= TRUE;
break;
case OPT_TEE: case OPT_TEE:
if (argument == disabled_my_option) if (argument == disabled_my_option)
{ {
...@@ -4321,6 +4330,10 @@ sql_real_connect(char *host,char *database,char *user,char *password, ...@@ -4321,6 +4330,10 @@ sql_real_connect(char *host,char *database,char *user,char *password,
if (opt_default_auth && *opt_default_auth) if (opt_default_auth && *opt_default_auth)
mysql_options(&mysql, MYSQL_DEFAULT_AUTH, opt_default_auth); mysql_options(&mysql, MYSQL_DEFAULT_AUTH, opt_default_auth);
if (using_opt_enable_cleartext_plugin)
mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN,
(char*) &opt_enable_cleartext_plugin);
if (!mysql_real_connect(&mysql, host, user, password, if (!mysql_real_connect(&mysql, host, user, password,
database, opt_mysql_port, opt_mysql_unix_port, database, opt_mysql_port, opt_mysql_unix_port,
connect_flag | CLIENT_MULTI_STATEMENTS)) connect_flag | CLIENT_MULTI_STATEMENTS))
......
...@@ -43,6 +43,8 @@ static uint opt_count_iterations= 0, my_end_arg; ...@@ -43,6 +43,8 @@ static uint opt_count_iterations= 0, my_end_arg;
static ulong opt_connect_timeout, opt_shutdown_timeout; static ulong opt_connect_timeout, opt_shutdown_timeout;
static char * unix_port=0; static char * unix_port=0;
static char *opt_plugin_dir= 0, *opt_default_auth= 0; static char *opt_plugin_dir= 0, *opt_default_auth= 0;
static uint opt_enable_cleartext_plugin= 0;
static my_bool using_opt_enable_cleartext_plugin= 0;
#ifdef HAVE_SMEM #ifdef HAVE_SMEM
static char *shared_memory_base_name=0; static char *shared_memory_base_name=0;
...@@ -212,6 +214,10 @@ static struct my_option my_long_options[] = ...@@ -212,6 +214,10 @@ static struct my_option my_long_options[] =
"Default authentication client-side plugin to use.", "Default authentication client-side plugin to use.",
&opt_default_auth, &opt_default_auth, 0, &opt_default_auth, &opt_default_auth, 0,
GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"enable_cleartext_plugin", OPT_ENABLE_CLEARTEXT_PLUGIN,
"Enable/disable the clear text authentication plugin.",
&opt_enable_cleartext_plugin, &opt_enable_cleartext_plugin,
0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
{ 0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0} { 0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
}; };
...@@ -282,6 +288,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), ...@@ -282,6 +288,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
opt_protocol= find_type_or_exit(argument, &sql_protocol_typelib, opt_protocol= find_type_or_exit(argument, &sql_protocol_typelib,
opt->name); opt->name);
break; break;
case OPT_ENABLE_CLEARTEXT_PLUGIN:
using_opt_enable_cleartext_plugin= TRUE;
break;
} }
if (error) if (error)
{ {
...@@ -354,6 +363,10 @@ int main(int argc,char *argv[]) ...@@ -354,6 +363,10 @@ int main(int argc,char *argv[])
if (opt_default_auth && *opt_default_auth) if (opt_default_auth && *opt_default_auth)
mysql_options(&mysql, MYSQL_DEFAULT_AUTH, opt_default_auth); mysql_options(&mysql, MYSQL_DEFAULT_AUTH, opt_default_auth);
if (using_opt_enable_cleartext_plugin)
mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN,
(char*) &opt_enable_cleartext_plugin);
if (sql_connect(&mysql, option_wait)) if (sql_connect(&mysql, option_wait))
{ {
/* /*
......
...@@ -125,6 +125,8 @@ static char *host= NULL, *opt_password= NULL, *user= NULL, ...@@ -125,6 +125,8 @@ static char *host= NULL, *opt_password= NULL, *user= NULL,
*post_system= NULL, *post_system= NULL,
*opt_mysql_unix_port= NULL; *opt_mysql_unix_port= NULL;
static char *opt_plugin_dir= 0, *opt_default_auth= 0; static char *opt_plugin_dir= 0, *opt_default_auth= 0;
static uint opt_enable_cleartext_plugin= 0;
static my_bool using_opt_enable_cleartext_plugin= 0;
const char *delimiter= "\n"; const char *delimiter= "\n";
...@@ -348,6 +350,9 @@ int main(int argc, char **argv) ...@@ -348,6 +350,9 @@ int main(int argc, char **argv)
if (opt_default_auth && *opt_default_auth) if (opt_default_auth && *opt_default_auth)
mysql_options(&mysql, MYSQL_DEFAULT_AUTH, opt_default_auth); mysql_options(&mysql, MYSQL_DEFAULT_AUTH, opt_default_auth);
if (using_opt_enable_cleartext_plugin)
mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN,
(char*) &opt_enable_cleartext_plugin);
if (!opt_only_print) if (!opt_only_print)
{ {
if (!(mysql_real_connect(&mysql, host, user, opt_password, if (!(mysql_real_connect(&mysql, host, user, opt_password,
...@@ -603,6 +608,10 @@ static struct my_option my_long_options[] = ...@@ -603,6 +608,10 @@ static struct my_option my_long_options[] =
"Detach (close and reopen) connections after X number of requests.", "Detach (close and reopen) connections after X number of requests.",
&detach_rate, &detach_rate, 0, GET_UINT, REQUIRED_ARG, &detach_rate, &detach_rate, 0, GET_UINT, REQUIRED_ARG,
0, 0, 0, 0, 0, 0}, 0, 0, 0, 0, 0, 0},
{"enable_cleartext_plugin", OPT_ENABLE_CLEARTEXT_PLUGIN,
"Enable/disable the clear text authentication plugin.",
&opt_enable_cleartext_plugin, &opt_enable_cleartext_plugin,
0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
{"engine", 'e', "Storage engine to use for creating the table.", {"engine", 'e', "Storage engine to use for creating the table.",
&default_engine, &default_engine, 0, &default_engine, &default_engine, 0,
GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
...@@ -761,6 +770,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), ...@@ -761,6 +770,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
case 'I': /* Info */ case 'I': /* Info */
usage(); usage();
exit(0); exit(0);
case OPT_ENABLE_CLEARTEXT_PLUGIN:
using_opt_enable_cleartext_plugin= TRUE;
break;
} }
DBUG_RETURN(0); DBUG_RETURN(0);
} }
......
...@@ -5456,7 +5456,7 @@ void do_connect(struct st_command *command) ...@@ -5456,7 +5456,7 @@ void do_connect(struct st_command *command)
int con_port= opt_port; int con_port= opt_port;
char *con_options; char *con_options;
my_bool con_ssl= 0, con_compress= 0; my_bool con_ssl= 0, con_compress= 0;
my_bool con_pipe= 0, con_shm= 0; my_bool con_pipe= 0, con_shm= 0, con_cleartext_enable= 0;
struct st_connection* con_slot; struct st_connection* con_slot;
static DYNAMIC_STRING ds_connection_name; static DYNAMIC_STRING ds_connection_name;
...@@ -5546,6 +5546,8 @@ void do_connect(struct st_command *command) ...@@ -5546,6 +5546,8 @@ void do_connect(struct st_command *command)
con_pipe= 1; con_pipe= 1;
else if (!strncmp(con_options, "SHM", 3)) else if (!strncmp(con_options, "SHM", 3))
con_shm= 1; con_shm= 1;
else if (!strncmp(con_options, "CLEARTEXT", 9))
con_cleartext_enable= 1;
else else
die("Illegal option to connect: %.*s", die("Illegal option to connect: %.*s",
(int) (end - con_options), con_options); (int) (end - con_options), con_options);
...@@ -5642,6 +5644,10 @@ void do_connect(struct st_command *command) ...@@ -5642,6 +5644,10 @@ void do_connect(struct st_command *command)
if (ds_default_auth.length) if (ds_default_auth.length)
mysql_options(&con_slot->mysql, MYSQL_DEFAULT_AUTH, ds_default_auth.str); mysql_options(&con_slot->mysql, MYSQL_DEFAULT_AUTH, ds_default_auth.str);
if (con_cleartext_enable)
mysql_options(&con_slot->mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN,
(char*) &con_cleartext_enable);
/* Special database to allow one to connect without a database name */ /* Special database to allow one to connect without a database name */
if (ds_database.length && !strcmp(ds_database.str,"*NO-ONE*")) if (ds_database.length && !strcmp(ds_database.str,"*NO-ONE*"))
dynstr_set(&ds_database, ""); dynstr_set(&ds_database, "");
......
...@@ -166,7 +166,8 @@ enum mysql_option ...@@ -166,7 +166,8 @@ enum mysql_option
MYSQL_OPT_USE_REMOTE_CONNECTION, MYSQL_OPT_USE_EMBEDDED_CONNECTION, MYSQL_OPT_USE_REMOTE_CONNECTION, MYSQL_OPT_USE_EMBEDDED_CONNECTION,
MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH, MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH,
MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT, MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT,
MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MYSQL_PLUGIN_DIR, MYSQL_DEFAULT_AUTH MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MYSQL_PLUGIN_DIR, MYSQL_DEFAULT_AUTH,
MYSQL_ENABLE_CLEARTEXT_PLUGIN
}; };
/** /**
......
...@@ -262,7 +262,8 @@ enum mysql_option ...@@ -262,7 +262,8 @@ enum mysql_option
MYSQL_OPT_USE_REMOTE_CONNECTION, MYSQL_OPT_USE_EMBEDDED_CONNECTION, MYSQL_OPT_USE_REMOTE_CONNECTION, MYSQL_OPT_USE_EMBEDDED_CONNECTION,
MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH, MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH,
MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT, MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT,
MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MYSQL_PLUGIN_DIR, MYSQL_DEFAULT_AUTH MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MYSQL_PLUGIN_DIR, MYSQL_DEFAULT_AUTH,
MYSQL_ENABLE_CLEARTEXT_PLUGIN
}; };
struct st_mysql_options_extention; struct st_mysql_options_extention;
struct st_mysql_options { struct st_mysql_options {
......
...@@ -31,6 +31,7 @@ extern const char *not_error_sqlstate; ...@@ -31,6 +31,7 @@ extern const char *not_error_sqlstate;
struct st_mysql_options_extention { struct st_mysql_options_extention {
char *plugin_dir; char *plugin_dir;
char *default_auth; char *default_auth;
my_bool enable_cleartext_plugin;
}; };
typedef struct st_mysql_methods typedef struct st_mysql_methods
...@@ -104,6 +105,7 @@ int mysql_client_plugin_init(); ...@@ -104,6 +105,7 @@ int mysql_client_plugin_init();
void mysql_client_plugin_deinit(); void mysql_client_plugin_deinit();
struct st_mysql_client_plugin; struct st_mysql_client_plugin;
extern struct st_mysql_client_plugin *mysql_client_builtins[]; extern struct st_mysql_client_plugin *mysql_client_builtins[];
extern my_bool libmysql_cleartext_plugin_enabled;
#ifdef __cplusplus #ifdef __cplusplus
} }
......
...@@ -422,10 +422,10 @@ CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server' ...@@ -422,10 +422,10 @@ CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
--echo ## test plugin auth --echo ## test plugin auth
--disable_query_log --disable_query_log
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant --error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(cleartext_fail_con,localhost,uplain,cleartext_test2); connect(cleartext_fail_con,localhost,uplain,cleartext_test2,,,,CLEARTEXT);
--enable_query_log --enable_query_log
connect(cleartext_con,localhost,uplain,cleartext_test); connect(cleartext_con,localhost,uplain,cleartext_test,,,,CLEARTEXT);
connection cleartext_con; connection cleartext_con;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
......
...@@ -1137,6 +1137,7 @@ static const char *default_options[]= ...@@ -1137,6 +1137,7 @@ static const char *default_options[]=
"ssl-cipher", "max-allowed-packet", "protocol", "shared-memory-base-name", "ssl-cipher", "max-allowed-packet", "protocol", "shared-memory-base-name",
"multi-results", "multi-statements", "multi-queries", "secure-auth", "multi-results", "multi-statements", "multi-queries", "secure-auth",
"report-data-truncation", "plugin-dir", "default-auth", "report-data-truncation", "plugin-dir", "default-auth",
"enable-cleartext-plugin",
NullS NullS
}; };
enum option_id { enum option_id {
...@@ -1148,6 +1149,7 @@ enum option_id { ...@@ -1148,6 +1149,7 @@ enum option_id {
OPT_ssl_cipher, OPT_max_allowed_packet, OPT_protocol, OPT_shared_memory_base_name, OPT_ssl_cipher, OPT_max_allowed_packet, OPT_protocol, OPT_shared_memory_base_name,
OPT_multi_results, OPT_multi_statements, OPT_multi_queries, OPT_secure_auth, OPT_multi_results, OPT_multi_statements, OPT_multi_queries, OPT_secure_auth,
OPT_report_data_truncation, OPT_plugin_dir, OPT_default_auth, OPT_report_data_truncation, OPT_plugin_dir, OPT_default_auth,
OPT_enable_cleartext_plugin,
OPT_keep_this_one_last OPT_keep_this_one_last
}; };
...@@ -1180,14 +1182,27 @@ static int add_init_command(struct st_mysql_options *options, const char *cmd) ...@@ -1180,14 +1182,27 @@ static int add_init_command(struct st_mysql_options *options, const char *cmd)
return 0; return 0;
} }
#define ALLOCATE_EXTENSIONS(OPTS) \
(OPTS)->extension= (struct st_mysql_options_extention *) \
my_malloc(sizeof(struct st_mysql_options_extention), \
MYF(MY_WME | MY_ZEROFILL)) \
#define ENSURE_EXTENSIONS_PRESENT(OPTS) \
do { \
if (!(OPTS)->extension) \
ALLOCATE_EXTENSIONS(OPTS); \
} while (0)
#define EXTENSION_SET_STRING(OPTS, X, STR) \ #define EXTENSION_SET_STRING(OPTS, X, STR) \
do { \
if ((OPTS)->extension) \ if ((OPTS)->extension) \
my_free((OPTS)->extension->X); \ my_free((OPTS)->extension->X); \
else \ else \
(OPTS)->extension= (struct st_mysql_options_extention *) \ ALLOCATE_EXTENSIONS(OPTS); \
my_malloc(sizeof(struct st_mysql_options_extention), \ (OPTS)->extension->X= ((STR) != NULL) ? \
MYF(MY_WME | MY_ZEROFILL)); \ my_strdup((STR), MYF(MY_WME)) : NULL; \
(OPTS)->extension->X= my_strdup((STR), MYF(MY_WME)); } while (0)
void mysql_read_default_options(struct st_mysql_options *options, void mysql_read_default_options(struct st_mysql_options *options,
const char *filename,const char *group) const char *filename,const char *group)
...@@ -1386,6 +1401,12 @@ void mysql_read_default_options(struct st_mysql_options *options, ...@@ -1386,6 +1401,12 @@ void mysql_read_default_options(struct st_mysql_options *options,
case OPT_default_auth: case OPT_default_auth:
EXTENSION_SET_STRING(options, default_auth, opt_arg); EXTENSION_SET_STRING(options, default_auth, opt_arg);
break; break;
case OPT_enable_cleartext_plugin:
ENSURE_EXTENSIONS_PRESENT(options);
options->extension->enable_cleartext_plugin=
(!opt_arg || atoi(opt_arg) != 0) ? TRUE : FALSE;
default: default:
DBUG_PRINT("warning",("unknown option: %s",option[0])); DBUG_PRINT("warning",("unknown option: %s",option[0]));
} }
...@@ -2782,6 +2803,27 @@ static void client_mpvio_info(MYSQL_PLUGIN_VIO *vio, ...@@ -2782,6 +2803,27 @@ static void client_mpvio_info(MYSQL_PLUGIN_VIO *vio,
mpvio_info(mpvio->mysql->net.vio, info); mpvio_info(mpvio->mysql->net.vio, info);
} }
my_bool libmysql_cleartext_plugin_enabled= 0;
static my_bool check_plugin_enabled(MYSQL *mysql, auth_plugin_t *plugin)
{
if (plugin == &clear_password_client_plugin &&
(!libmysql_cleartext_plugin_enabled &&
(!mysql->options.extension ||
!mysql->options.extension->enable_cleartext_plugin)))
{
set_mysql_extended_error(mysql, CR_AUTH_PLUGIN_CANNOT_LOAD,
unknown_sqlstate,
ER(CR_AUTH_PLUGIN_CANNOT_LOAD),
clear_password_client_plugin.name,
"plugin not enabled");
return TRUE;
}
return FALSE;
}
/** /**
Client side of the plugin driver authentication. Client side of the plugin driver authentication.
...@@ -2824,6 +2866,9 @@ int run_plugin_auth(MYSQL *mysql, char *data, uint data_len, ...@@ -2824,6 +2866,9 @@ int run_plugin_auth(MYSQL *mysql, char *data, uint data_len,
auth_plugin_name= auth_plugin->name; auth_plugin_name= auth_plugin->name;
} }
if (check_plugin_enabled(mysql, auth_plugin))
DBUG_RETURN(1);
DBUG_PRINT ("info", ("using plugin %s", auth_plugin_name)); DBUG_PRINT ("info", ("using plugin %s", auth_plugin_name));
mysql->net.last_errno= 0; /* just in case */ mysql->net.last_errno= 0; /* just in case */
...@@ -2915,6 +2960,9 @@ int run_plugin_auth(MYSQL *mysql, char *data, uint data_len, ...@@ -2915,6 +2960,9 @@ int run_plugin_auth(MYSQL *mysql, char *data, uint data_len,
auth_plugin_name, MYSQL_CLIENT_AUTHENTICATION_PLUGIN))) auth_plugin_name, MYSQL_CLIENT_AUTHENTICATION_PLUGIN)))
DBUG_RETURN (1); DBUG_RETURN (1);
if (check_plugin_enabled(mysql, auth_plugin))
DBUG_RETURN(1);
mpvio.plugin= auth_plugin; mpvio.plugin= auth_plugin;
res= auth_plugin->authenticate_user((struct st_plugin_vio *)&mpvio, mysql); res= auth_plugin->authenticate_user((struct st_plugin_vio *)&mpvio, mysql);
...@@ -4117,6 +4165,11 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const void *arg) ...@@ -4117,6 +4165,11 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const void *arg)
case MYSQL_DEFAULT_AUTH: case MYSQL_DEFAULT_AUTH:
EXTENSION_SET_STRING(&mysql->options, default_auth, arg); EXTENSION_SET_STRING(&mysql->options, default_auth, arg);
break; break;
case MYSQL_ENABLE_CLEARTEXT_PLUGIN:
ENSURE_EXTENSIONS_PRESENT(&mysql->options);
mysql->options.extension->enable_cleartext_plugin=
(*(my_bool*) arg) ? TRUE : FALSE;
break;
default: default:
DBUG_RETURN(1); DBUG_RETURN(1);
} }
...@@ -4336,5 +4389,3 @@ static int clear_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql) ...@@ -4336,5 +4389,3 @@ static int clear_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
return res ? CR_ERROR : CR_OK; return res ? CR_ERROR : CR_OK;
} }
...@@ -197,6 +197,10 @@ add_plugin(MYSQL *mysql, struct st_mysql_client_plugin *plugin, void *dlhandle, ...@@ -197,6 +197,10 @@ add_plugin(MYSQL *mysql, struct st_mysql_client_plugin *plugin, void *dlhandle,
static void load_env_plugins(MYSQL *mysql) static void load_env_plugins(MYSQL *mysql)
{ {
char *plugs, *free_env, *s= getenv("LIBMYSQL_PLUGINS"); char *plugs, *free_env, *s= getenv("LIBMYSQL_PLUGINS");
char *enable_cleartext_plugin= getenv("LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN");
if (enable_cleartext_plugin && strchr("1Yy", enable_cleartext_plugin[0]))
libmysql_cleartext_plugin_enabled= 1;
/* no plugins to load */ /* no plugins to load */
if(!s) if(!s)
...@@ -212,6 +216,7 @@ static void load_env_plugins(MYSQL *mysql) ...@@ -212,6 +216,7 @@ static void load_env_plugins(MYSQL *mysql)
} while (s); } while (s);
my_free(free_env); my_free(free_env);
} }
/********** extern functions to be used by libmysql *********************/ /********** extern functions to be used by libmysql *********************/
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment