1#pragma once
2
3#include <Core/Types.h>
4
5
6namespace DB
7{
8/// Authentication type and encrypted password for checking when an user logins.
9class Authentication
10{
11public:
12 enum Type
13 {
14 /// User doesn't have to enter password.
15 NO_PASSWORD,
16
17 /// Password is stored as is.
18 PLAINTEXT_PASSWORD,
19
20 /// Password is encrypted in SHA256 hash.
21 SHA256_PASSWORD,
22
23 /// SHA1(SHA1(password)).
24 /// This kind of hash is used by the `mysql_native_password` authentication plugin.
25 DOUBLE_SHA1_PASSWORD,
26 };
27
28 using Digest = std::vector<UInt8>;
29
30 Authentication(Authentication::Type type = NO_PASSWORD);
31 Authentication(const Authentication & src) = default;
32 Authentication & operator =(const Authentication & src) = default;
33 Authentication(Authentication && src) = default;
34 Authentication & operator =(Authentication && src) = default;
35
36 Type getType() const { return type; }
37
38 /// Sets the password and encrypt it using the authentication type set in the constructor.
39 void setPassword(const String & password);
40
41 /// Returns the password. Allowed to use only for Type::PLAINTEXT_PASSWORD.
42 String getPassword() const;
43
44 /// Sets the password as a string of hexadecimal digits.
45 void setPasswordHashHex(const String & hash);
46 String getPasswordHashHex() const;
47
48 /// Sets the password in binary form.
49 void setPasswordHashBinary(const Digest & hash);
50 const Digest & getPasswordHashBinary() const { return password_hash; }
51
52 /// Returns SHA1(SHA1(password)) used by MySQL compatibility server for authentication.
53 /// Allowed to use for Type::NO_PASSWORD, Type::PLAINTEXT_PASSWORD, Type::DOUBLE_SHA1_PASSWORD.
54 Digest getPasswordDoubleSHA1() const;
55
56 /// Checks if the provided password is correct. Returns false if not.
57 bool isCorrectPassword(const String & password) const;
58
59 /// Checks if the provided password is correct. Throws an exception if not.
60 /// `user_name` is only used for generating an error message if the password is incorrect.
61 void checkPassword(const String & password, const String & user_name = String()) const;
62
63 friend bool operator ==(const Authentication & lhs, const Authentication & rhs);
64 friend bool operator !=(const Authentication & lhs, const Authentication & rhs) { return !(lhs == rhs); }
65
66private:
67 Type type = Type::NO_PASSWORD;
68 Digest password_hash;
69};
70}
71