// Copyright (c) 2012, 2020, Oracle and/or its affiliates.
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License, version 2.0, as
// published by the Free Software Foundation.
//
// This program is also distributed with certain software (including
// but not limited to OpenSSL) that is licensed under separate terms,
// as designated in a particular file or component or in included license
// documentation. The authors of MySQL hereby grant you an
// additional permission to link the program and your derivative works
// with the separately licensed software that they have included with
// MySQL.
//
// Without limiting anything contained in the foregoing, this file,
// which is part of MySQL Connector/NET, is also subject to the
// Universal FOSS Exception, version 1.0, a copy of which can be found at
// http://oss.oracle.com/licenses/universal-foss-exception.
//
// This program is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU General Public License, version 2.0, for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
using System;
using System.Diagnostics;
using System.Text;
using Sog.Properties;
namespace MySql.Data.MySqlClient.Authentication
{
///
/// Defines the default behavior for an authentication plugin.
///
public abstract class MySqlAuthenticationPlugin
{
private NativeDriver _driver;
///
/// Gets or sets the authentication data returned by the server.
///
protected byte[] AuthenticationData;
///
/// This is a factory method that is used only internally. It creates an auth plugin based on the method type
///
///
///
///
///
internal static MySqlAuthenticationPlugin GetPlugin(string method, NativeDriver driver, byte[] authData)
{
if (method == "mysql_old_password")
{
driver.Close(true);
throw new MySqlException(Resources.OldPasswordsNotSupported);
}
MySqlAuthenticationPlugin plugin = AuthenticationPluginManager.GetPlugin(method);
if (plugin == null)
{
throw new MySqlException(String.Format(Resources.UnknownAuthenticationMethod, method));
}
plugin._driver = driver;
plugin.SetAuthData(authData);
return plugin;
}
///
/// Gets the connection option settings.
///
protected MySqlConnectionStringBuilder Settings => this._driver.Settings;
///
/// Gets the server version associated with this authentication plugin.
///
protected Version ServerVersion => new Version(this._driver.Version.Major, this._driver.Version.Minor, this._driver.Version.Build);
internal ClientFlags Flags => this._driver.Flags;
///
/// Gets the encoding assigned to the native driver.
///
protected Encoding Encoding => this._driver.Encoding;
///
/// Sets the authentication data required to encode, encrypt, or convert the password of the user.
///
/// A byte array containing the authentication data provided by the server.
/// This method may be overriden based on the requirements by the implementing authentication plugin.
protected virtual void SetAuthData(byte[] data)
{
this.AuthenticationData = data;
}
///
/// Defines the behavior when checking for constraints.
///
/// This method is intended to be overriden.
protected virtual void CheckConstraints()
{
}
///
/// Throws a that encapsulates the original exception.
///
/// The exception to encapsulate.
protected virtual void AuthenticationFailed(Exception ex)
{
// Resources.AuthenticationFailed 这里有问题,String.Format时获取不到 Mysql.Data.Resources.resource
//string msg = String.Format(Resources.AuthenticationFailed, this.Settings.Server, this.GetUsername(), this.PluginName, ex.Message);
string msg = String.Format("Authentication to host '{0}' for user '{1}' using method '{2}' failed with message: {3}", this.Settings.Server, this.GetUsername(), this.PluginName, ex.Message);
throw new MySqlException(msg, ex);
}
///
/// Defines the behavior when authentication is successful.
///
/// This method is intended to be overriden.
protected virtual void AuthenticationSuccessful()
{
}
///
/// Defines the behavior when more data is required from the server.
///
/// The data returned by the server.
/// The data to return to the server.
/// This method is intended to be overriden.
protected virtual byte[] MoreData(byte[] data)
{
return null;
}
internal void Authenticate(bool reset)
{
this.CheckConstraints();
MySqlPacket packet = this._driver.Packet;
// send auth response
packet.WriteString(this.GetUsername());
// now write the password
this.WritePassword(packet);
if ((this.Flags & ClientFlags.CONNECT_WITH_DB) != 0 || reset)
{
if (!String.IsNullOrEmpty(this.Settings.Database))
{
packet.WriteString(this.Settings.Database);
}
}
if (reset)
{
packet.WriteInteger(8, 2);
}
if ((this.Flags & ClientFlags.PLUGIN_AUTH) != 0)
{
packet.WriteString(this.PluginName);
}
this._driver.SetConnectAttrs();
this._driver.SendPacket(packet);
// Read server response.
packet = this.ReadPacket();
byte[] b = packet.Buffer;
if (this.PluginName == "caching_sha2_password" && b[0] == 0x01)
{
// React to the authentication type set by server: FAST, FULL.
this.ContinueAuthentication(new byte[] { b[1] });
}
// Auth switch request Protocol::AuthSwitchRequest.
if (b[0] == 0xfe)
{
if (packet.IsLastPacket)
{
this._driver.Close(true);
throw new MySqlException(Resources.OldPasswordsNotSupported);
}
else
{
this.HandleAuthChange(packet);
}
}
this._driver.ReadOk(false);
this.AuthenticationSuccessful();
}
private void WritePassword(MySqlPacket packet)
{
bool secure = (this.Flags & ClientFlags.SECURE_CONNECTION) != 0;
object password = this.GetPassword();
if (password is string)
{
if (secure)
{
packet.WriteLenString((string)password);
}
else
{
packet.WriteString((string)password);
}
}
else if (password == null)
{
packet.WriteByte(0);
}
else if (password is byte[])
{
packet.Write(password as byte[]);
}
else
{
throw new MySqlException("Unexpected password format: " + password.GetType());
}
}
private MySqlPacket ReadPacket()
{
try
{
MySqlPacket p = this._driver.ReadPacket();
return p;
}
catch (MySqlException ex)
{
// Make sure this is an auth failed ex
this.AuthenticationFailed(ex);
return null;
}
}
private void HandleAuthChange(MySqlPacket packet)
{
byte b = packet.ReadByte();
Debug.Assert(b == 0xfe);
string method = packet.ReadString();
byte[] authData = new byte[packet.Length - packet.Position];
Array.Copy(packet.Buffer, packet.Position, authData, 0, authData.Length);
MySqlAuthenticationPlugin plugin = GetPlugin(method, this._driver, authData);
plugin.ContinueAuthentication();
}
private void ContinueAuthentication(byte[] data = null)
{
MySqlPacket packet = this._driver.Packet;
packet.Clear();
byte[] moreData = this.MoreData(data);
while (moreData != null)
{
packet.Clear();
packet.Write(moreData);
this._driver.SendPacket(packet);
packet = this.ReadPacket();
byte prefixByte = packet.Buffer[0];
if (prefixByte != 1)
{
return;
}
// A prefix of 0x01 means need more auth data.
byte[] responseData = new byte[packet.Length - 1];
Array.Copy(packet.Buffer, 1, responseData, 0, responseData.Length);
moreData = this.MoreData(responseData);
}
// We get here if MoreData returned null but the last packet read was a more data packet.
this.ReadPacket();
}
///
/// Gets the plugin name based on the authentication plugin type defined during the creation of this object.
///
public abstract string PluginName { get; }
///
/// Gets the user name associated to the connection settings.
///
/// The user name associated to the connection settings.
public virtual string GetUsername()
{
return this.Settings.UserID;
}
///
/// Gets the encoded, encrypted, or converted password based on the authentication plugin type defined during the creation of this object.
/// This method is intended to be overriden.
///
/// An object containing the encoded, encrypted, or converted password.
public virtual object GetPassword()
{
return null;
}
}
}