1 | #pragma once |
2 | |
3 | #include <Core/Types.h> |
4 | |
5 | |
6 | namespace DB |
7 | { |
8 | /// Authentication type and encrypted password for checking when an user logins. |
9 | class Authentication |
10 | { |
11 | public: |
12 | enum Type |
13 | { |
14 | /// User doesn't have to enter password. |
15 | NO_PASSWORD, |
16 | |
17 | /// Password is stored as is. |
18 | PLAINTEXT_PASSWORD, |
19 | |
20 | /// Password is encrypted in SHA256 hash. |
21 | SHA256_PASSWORD, |
22 | |
23 | /// SHA1(SHA1(password)). |
24 | /// This kind of hash is used by the `mysql_native_password` authentication plugin. |
25 | DOUBLE_SHA1_PASSWORD, |
26 | }; |
27 | |
28 | using Digest = std::vector<UInt8>; |
29 | |
30 | Authentication(Authentication::Type type = NO_PASSWORD); |
31 | Authentication(const Authentication & src) = default; |
32 | Authentication & operator =(const Authentication & src) = default; |
33 | Authentication(Authentication && src) = default; |
34 | Authentication & operator =(Authentication && src) = default; |
35 | |
36 | Type getType() const { return type; } |
37 | |
38 | /// Sets the password and encrypt it using the authentication type set in the constructor. |
39 | void setPassword(const String & password); |
40 | |
41 | /// Returns the password. Allowed to use only for Type::PLAINTEXT_PASSWORD. |
42 | String getPassword() const; |
43 | |
44 | /// Sets the password as a string of hexadecimal digits. |
45 | void setPasswordHashHex(const String & hash); |
46 | String getPasswordHashHex() const; |
47 | |
48 | /// Sets the password in binary form. |
49 | void setPasswordHashBinary(const Digest & hash); |
50 | const Digest & getPasswordHashBinary() const { return password_hash; } |
51 | |
52 | /// Returns SHA1(SHA1(password)) used by MySQL compatibility server for authentication. |
53 | /// Allowed to use for Type::NO_PASSWORD, Type::PLAINTEXT_PASSWORD, Type::DOUBLE_SHA1_PASSWORD. |
54 | Digest getPasswordDoubleSHA1() const; |
55 | |
56 | /// Checks if the provided password is correct. Returns false if not. |
57 | bool isCorrectPassword(const String & password) const; |
58 | |
59 | /// Checks if the provided password is correct. Throws an exception if not. |
60 | /// `user_name` is only used for generating an error message if the password is incorrect. |
61 | void checkPassword(const String & password, const String & user_name = String()) const; |
62 | |
63 | friend bool operator ==(const Authentication & lhs, const Authentication & rhs); |
64 | friend bool operator !=(const Authentication & lhs, const Authentication & rhs) { return !(lhs == rhs); } |
65 | |
66 | private: |
67 | Type type = Type::NO_PASSWORD; |
68 | Digest password_hash; |
69 | }; |
70 | } |
71 | |