← Back to team overview

maria-developers team mailing list archive

Re: (MDEV-3949) OTP authenticator plugins


Hi, Roberto!

On Dec 19, Roberto Spadim wrote:
> hi sergei! sorry about wrong place, i'm new in mariadb and i bit lost,
> since i changed from mysql development and error correction to mysql user
> and now mariadb user
> i will add my email to list and start asking there
> about s/key, shure! if you could send and maybe put in mariadb by default
> could be very nice! i'm using some windows and some linux server, in this
> case i can't use only pam.d, and some linux servers don't give me a unix
> user to use it :/ that's why i'm trying to find a OTP solution to mariadb,
> and if not try to develop one (when i have time)

Unfortunately, I couldn't find the complete plugins sources :(
I wrote this plugin for a conference, about two years ago, and now all
what's left of it, is the main plugin function:

  static int skey_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
    unsigned char *pkt;
    int pkt_len;
    struct skey mp;
    char buf[SKEY_MAX_CHALLENGE+3];

    buf[0] = ECHO_ON;
    if (skeychallenge(&mp, info->user_name, buf+1, SKEY_MAX_CHALLENGE) < 0)
      return CR_ERROR;
    strcat(buf, ":");
    if (vio->write_packet(vio, buf, strlen(buf)))
      return CR_ERROR;
    if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
      return CR_ERROR;
    info->password_used = 1;
    return skeyverify(&mp, pkt) ? CR_ERROR : CR_OK;

But this is, basically, all. One only needs to add the standard plugin
declaration structure (which wasn't on the slides for brevity). And link
the plugin with the libskey.

For a more convenient solution, you might want to link with it
statically (and, perhaps, change a hard-coded location for a
/etc/skeykeys file).

> well if you could send your solution we could develop some more ideas for
> sure, i'will not use it to make money, just to secure my self