Skip to content

Commit 93d20e6

Browse files
fulghumfulghum
committed
Adding back the ValidateHash method since "dolt sql" utils relies on it to connect to a local sql-server
1 parent 9faa7d6 commit 93d20e6

File tree

1 file changed

+34
-0
lines changed

1 file changed

+34
-0
lines changed

sql/mysql_db/mysql_db.go

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ import (
1919
"encoding/hex"
2020
"encoding/json"
2121
"fmt"
22+
"net"
2223
"sort"
2324
"strings"
2425
"sync"
@@ -758,6 +759,39 @@ func (db *MySQLDb) GetTableNames(ctx *sql.Context) ([]string, error) {
758759
}, nil
759760
}
760761

762+
// ValidateHash was previously used as part of authentication, but is no longer used by the Vitess authentication
763+
// logic. This method is still used by the sql util class in Dolt to authenticate a user connecting to a local
764+
// Dolt sql-server by running a "dolt sql" command.
765+
// TODO: The dolt sql utils.go code should be refactored to use a different API, so that we can delete this method.
766+
func (db *MySQLDb) ValidateHash(salt []byte, user string, authResponse []byte, addr net.Addr) (mysql.Getter, error) {
767+
host, err := extractHostAddress(addr)
768+
if err != nil {
769+
return nil, err
770+
}
771+
772+
rd := db.Reader()
773+
defer rd.Close()
774+
775+
if !db.Enabled() {
776+
return sql.MysqlConnectionUser{User: user, Host: host}, nil
777+
}
778+
779+
userEntry := db.GetUser(rd, user, host, false)
780+
if userEntry == nil || userEntry.Locked {
781+
return nil, mysql.NewSQLError(mysql.ERAccessDeniedError, mysql.SSAccessDeniedError, "Access denied for user '%v'", user)
782+
}
783+
if len(userEntry.Password) > 0 {
784+
if !validateMysqlNativePassword(authResponse, salt, userEntry.Password) {
785+
return nil, mysql.NewSQLError(mysql.ERAccessDeniedError, mysql.SSAccessDeniedError, "Access denied for user '%v'", user)
786+
}
787+
} else if len(authResponse) > 0 { // password is nil or empty, therefore no password is set
788+
// a password was given and the account has no password set, therefore access is denied
789+
return nil, mysql.NewSQLError(mysql.ERAccessDeniedError, mysql.SSAccessDeniedError, "Access denied for user '%v'", user)
790+
}
791+
792+
return sql.MysqlConnectionUser{User: userEntry.User, Host: userEntry.Host}, nil
793+
}
794+
761795
// Persist passes along all changes to the integrator.
762796
//
763797
// This takes an Editor, instead of a Reader, since presumably we have just

0 commit comments

Comments
 (0)