Details
-
Task
-
Status: Open (View Workflow)
-
Trivial
-
Resolution: Unresolved
-
None
Description
Hello,
(I actually wanted to create a feature proposal/request however JIRA did not offer me to select those)
I had several occasions where I wanted to use socket auth for different usernames:
Using authentication_string in the user table to specify the allowed system user name which may authenticate as the corresponding mysql user over socket.
I already created a patch for this in my own build, which I could contribute if described feature is wanted. Currently my authentication does the following:
sysuser = get user from socket
|
mysqluser = username send by client
|
if(authentication_string_len == 0){
|
return sysuser == mysqluser;
|
}else{
|
if(authentication_string starts with '@'){
|
groups = get groups of system user
|
for(gr of groups){
|
if('@'+gr == authentication_string)
|
return true;
|
}
|
return false
|
}else{
|
return sysuser == authentication_string
|
}
|
}
|
Another feature idea is to allow a comma seperated list of different groups/users...
Btw just noticed that mysql supports specifying an alternative user name for the socket_auth plugin, however they accept both:
if (!strcmp(pwd->pw_name, info->user_name) ||
|
!strcmp(pwd->pw_name, info->auth_string))
|
return CR_OK;
|