Hi Serg,
-----Original Message----- From: sergii@pisem.net [mailto:sergii@pisem.net] Sent: Freitag, 30. Dezember 2011 21:03 To: wlad@montyprogram.com Cc: maria-developers@lists.launchpad.net Subject: win auth plugin
Hi.
Attached is the patch for the windows authentication plugin.
To avoid code duplication I've reused MySQL's windows authentication plugin and only wrote the server part.
This plugin is different from MySQL's, because (as all our plugins) it does not do user name mapping and only preforms the authentication - that is, only verifies that the user really is who he says he is.
Hmm:) Supplying user name and verifying is sort of duplicating information. Server knows exactly who's connecting anyway, after the handshake is performed. So - is that providing user name really required? I would understand providing extra name information if it would help to resolve some ambiguity. For example, it addition to user name it could be a group name. Given a token, checking that supplied string is either user name or one of the groups he belongs to, is simple.. From my point of view, allowing groups could make it more useful in practice ,allowing many different users/applications act as the single MySQL user, reducing the need of one-to-one mapping for every single OS user on MySQL level. I'm afraid .Net connector does not work without mapping, or are things have changed in the last months? That would be pity, and greatly reduce the utility . Does any connector apart from .NET support authentication yet? Ok, to the itself. I do not think comparing usernames as strings is the correct way to go + if (!client_sid.is_valid() || + !client_sid.make_username(buf, sizeof(buf)) || + stricmp(info->user_name, buf)) The problem with it is that usernames can be really specified in multitude of different ways (name, .\name, machine\name are different names for the same local user for example). A more robust comparison would be retrieving SID for info->user_name, and comparing it with client_sid using e.g EqualSid(). Could you understand a strange dance around 254 bytes in Rafals code (Handshake_client::write_packet)? I do not get it. Did he fix a real problem, or problem that would not exist, or did he redefine protocol in his own way ? Wlad