Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-21970

Extend socket auth for configurable user name

    XMLWordPrintable

Details

    Description

      Hello,

      (I actually wanted to create a feature proposal/request however JIRA did not offer me to select those)

      I had several occasions where I wanted to use socket auth for different usernames:

      Using authentication_string in the user table to specify the allowed system user name which may authenticate as the corresponding mysql user over socket.

      I already created a patch for this in my own build, which I could contribute if described feature is wanted. Currently my authentication does the following:

      sysuser = get user from socket
      mysqluser = username send by client
      if(authentication_string_len == 0){
          return sysuser == mysqluser;
      }else{
          if(authentication_string starts with '@'){
              groups = get groups of system user
              for(gr of groups){
                  if('@'+gr == authentication_string)
                      return true;
              }
              return false
          }else{
              return sysuser == authentication_string
          }
      }
      

      Another feature idea is to allow a comma seperated list of different groups/users...

      Btw just noticed that mysql supports specifying an alternative user name for the socket_auth plugin, however they accept both:

      if (!strcmp(pwd->pw_name, info->user_name) ||
            !strcmp(pwd->pw_name, info->auth_string))
          return CR_OK;
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            lal12 Luca Lindhorst
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.