ClickHouse/dbms/Access/Authentication.cpp

#include <Access/Authentication.h>
#include <Common/Exception.h>
#include <Poco/SHA1Engine.h>


namespace DB
{
namespace ErrorCodes
{
    extern const int LOGICAL_ERROR;
    extern const int BAD_ARGUMENTS;
}


Authentication::Digest Authentication::getPasswordDoubleSHA1() const
{
    switch (type)
    {
        case NO_PASSWORD:
        {
            Poco::SHA1Engine engine;
            return engine.digest();
        }

        case PLAINTEXT_PASSWORD:
        {
            Poco::SHA1Engine engine;
            engine.update(getPassword());
            const Digest & first_sha1 = engine.digest();
            engine.update(first_sha1.data(), first_sha1.size());
            return engine.digest();
        }

        case SHA256_PASSWORD:
            throw Exception("Cannot get password double SHA1 for user with 'SHA256_PASSWORD' authentication.", ErrorCodes::BAD_ARGUMENTS);

        case DOUBLE_SHA1_PASSWORD:
            return password_hash;
    }
    throw Exception("Unknown authentication type: " + std::to_string(static_cast<int>(type)), ErrorCodes::LOGICAL_ERROR);
}


bool Authentication::isCorrectPassword(const String & password_) const
{
    switch (type)
    {
        case NO_PASSWORD:
            return true;

        case PLAINTEXT_PASSWORD:
        {
            if (password_ == std::string_view{reinterpret_cast<const char *>(password_hash.data()), password_hash.size()})
                return true;

            // For compatibility with MySQL clients which support only native authentication plugin, SHA1 can be passed instead of password.
            auto password_sha1 = encodeSHA1(password_hash);
            return password_ == std::string_view{reinterpret_cast<const char *>(password_sha1.data()), password_sha1.size()};
        }

        case SHA256_PASSWORD:
            return encodeSHA256(password_) == password_hash;

        case DOUBLE_SHA1_PASSWORD:
        {
            auto first_sha1 = encodeSHA1(password_);

            /// If it was MySQL compatibility server, then first_sha1 already contains double SHA1.
            if (first_sha1 == password_hash)
                return true;

            return encodeSHA1(first_sha1) == password_hash;
        }
    }
    throw Exception("Unknown authentication type: " + std::to_string(static_cast<int>(type)), ErrorCodes::LOGICAL_ERROR);
}

}
Move authentication code to a separate class. 2019-10-08 13:44:44 +00:00			`#include <Access/Authentication.h>`
			`#include <Common/Exception.h>`
			`#include <Poco/SHA1Engine.h>`


			`namespace DB`
			`{`
			`namespace ErrorCodes`
			`{`
Added some missing ErrorCodes 2020-02-25 18:02:41 +00:00			`extern const int LOGICAL_ERROR;`
			`extern const int BAD_ARGUMENTS;`
Move authentication code to a separate class. 2019-10-08 13:44:44 +00:00			`}`


Move some part of the Authentication class to header to allow using in the parser. 2020-02-06 01:48:14 +00:00			`Authentication::Digest Authentication::getPasswordDoubleSHA1() const`
fixed getting double SHA1 in mysql_native_password auth plugin 2019-12-06 01:30:01 +00:00			`{`
			`switch (type)`
			`{`
			`case NO_PASSWORD:`
			`{`
			`Poco::SHA1Engine engine;`
			`return engine.digest();`
			`}`

			`case PLAINTEXT_PASSWORD:`
			`{`
			`Poco::SHA1Engine engine;`
			`engine.update(getPassword());`
			`const Digest & first_sha1 = engine.digest();`
			`engine.update(first_sha1.data(), first_sha1.size());`
			`return engine.digest();`
			`}`

			`case SHA256_PASSWORD:`
			`throw Exception("Cannot get password double SHA1 for user with 'SHA256_PASSWORD' authentication.", ErrorCodes::BAD_ARGUMENTS);`

			`case DOUBLE_SHA1_PASSWORD:`
			`return password_hash;`
			`}`
			`throw Exception("Unknown authentication type: " + std::to_string(static_cast<int>(type)), ErrorCodes::LOGICAL_ERROR);`
			`}`


Move authentication code to a separate class. 2019-10-08 13:44:44 +00:00			`bool Authentication::isCorrectPassword(const String & password_) const`
			`{`
			`switch (type)`
			`{`
			`case NO_PASSWORD:`
			`return true;`

			`case PLAINTEXT_PASSWORD:`
fixed compilation error 2019-12-05 00:19:36 +00:00			`{`
Move some part of the Authentication class to header to allow using in the parser. 2020-02-06 01:48:14 +00:00			`if (password_ == std::string_view{reinterpret_cast<const char *>(password_hash.data()), password_hash.size()})`
using SHA1 MySQL auth plugin for plaintext passwords 2019-12-04 23:16:11 +00:00			`return true;`
Move authentication code to a separate class. 2019-10-08 13:44:44 +00:00
fixed compilation error 2019-12-05 00:19:36 +00:00			`// For compatibility with MySQL clients which support only native authentication plugin, SHA1 can be passed instead of password.`
			`auto password_sha1 = encodeSHA1(password_hash);`
Move some part of the Authentication class to header to allow using in the parser. 2020-02-06 01:48:14 +00:00			`return password_ == std::string_view{reinterpret_cast<const char *>(password_sha1.data()), password_sha1.size()};`
fixed compilation error 2019-12-05 00:19:36 +00:00			`}`
Update Authentication.cpp 2019-12-05 00:35:52 +00:00
Move authentication code to a separate class. 2019-10-08 13:44:44 +00:00			`case SHA256_PASSWORD:`
			`return encodeSHA256(password_) == password_hash;`

			`case DOUBLE_SHA1_PASSWORD:`
			`{`
			`auto first_sha1 = encodeSHA1(password_);`

			`/// If it was MySQL compatibility server, then first_sha1 already contains double SHA1.`
			`if (first_sha1 == password_hash)`
			`return true;`

			`return encodeSHA1(first_sha1) == password_hash;`
			`}`
			`}`
			`throw Exception("Unknown authentication type: " + std::to_string(static_cast<int>(type)), ErrorCodes::LOGICAL_ERROR);`
			`}`

			`}`