maria-developers team mailing list archive
-
maria-developers team
-
Mailing list archive
-
Message #05009
Re: (MDEV-3949) OTP authenticator plugins
Hi, Roberto!
On Dec 19, Roberto Spadim wrote:
> hi sergei! sorry about wrong place, i'm new in mariadb and i bit lost,
> since i changed from mysql development and error correction to mysql user
> and now mariadb user
> i will add my email to list and start asking there
>
> about s/key, shure! if you could send and maybe put in mariadb by default
> could be very nice! i'm using some windows and some linux server, in this
> case i can't use only pam.d, and some linux servers don't give me a unix
> user to use it :/ that's why i'm trying to find a OTP solution to mariadb,
> and if not try to develop one (when i have time)
Unfortunately, I couldn't find the complete plugins sources :(
I wrote this plugin for a conference, about two years ago, and now all
what's left of it, is the main plugin function:
static int skey_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
{
unsigned char *pkt;
int pkt_len;
struct skey mp;
char buf[SKEY_MAX_CHALLENGE+3];
buf[0] = ECHO_ON;
if (skeychallenge(&mp, info->user_name, buf+1, SKEY_MAX_CHALLENGE) < 0)
return CR_ERROR;
strcat(buf, ":");
if (vio->write_packet(vio, buf, strlen(buf)))
return CR_ERROR;
if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
return CR_ERROR;
info->password_used = 1;
return skeyverify(&mp, pkt) ? CR_ERROR : CR_OK;
}
But this is, basically, all. One only needs to add the standard plugin
declaration structure (which wasn't on the slides for brevity). And link
the plugin with the libskey.
For a more convenient solution, you might want to link with it
statically (and, perhaps, change a hard-coded location for a
/etc/skeykeys file).
> well if you could send your solution we could develop some more ideas for
> sure, i'will not use it to make money, just to secure my self
>
Regards,
Sergei
References