Add clear text password authentication

Author: desdic

client/auth.go

@@ -15,7 +15,7 @@ import (
 const defaultAuthPluginName = mysql.AUTH_NATIVE_PASSWORD
 
 // defines the supported auth plugins
-var supportedAuthPlugins = []string{mysql.AUTH_NATIVE_PASSWORD, mysql.AUTH_SHA256_PASSWORD, mysql.AUTH_CACHING_SHA2_PASSWORD, mysql.AUTH_MARIADB_ED25519}
+var supportedAuthPlugins = []string{mysql.AUTH_CLEAR_PASSWORD, mysql.AUTH_NATIVE_PASSWORD, mysql.AUTH_SHA256_PASSWORD, mysql.AUTH_CACHING_SHA2_PASSWORD, mysql.AUTH_MARIADB_ED25519}
 
 // helper function to determine what auth methods are allowed by this client
 func authPluginAllowed(pluginName string) bool {

server/auth.go

@@ -27,6 +27,13 @@ func (c *Conn) compareAuthData(authPluginName string, clientAuthData []byte) err
 		return c.handleAuthSwitchResponse()
 	}
 
+	if c.authenticationProvider != nil {
+		handled, err := c.authenticationProvider.Authenticate(authPluginName, clientAuthData)
+		if handled {
+			return err
+		}
+	}
+
 	switch authPluginName {
 	case mysql.AUTH_NATIVE_PASSWORD:
 		return c.compareNativePasswordAuthData(clientAuthData, c.credential)

server/authentication_provider.go

@@ -0,0 +1,5 @@
+package server
+
+type AuthenticationProvider interface{
+	Authenticate(authPluginName string, clientAuthData []byte) (bool, error)
+}

server/conn.go

@@ -29,6 +29,8 @@ type Conn struct {
 	credential          Credential
 	cachingSha2FullAuth bool
 
+	authenticationProvider AuthenticationProvider
+
 	h Handler
 
 	stmts  map[uint32]*Stmt
@@ -68,8 +70,8 @@ func (s *Server) NewConn(conn net.Conn, user string, password string, h Handler)
 	return s.NewCustomizedConn(conn, p, h)
 }
 
-// NewCustomizedConn: create connection with customized server settings
-func (s *Server) NewCustomizedConn(conn net.Conn, p CredentialProvider, h Handler) (*Conn, error) {
+
+func (s *Server) NewCustomizedConnWithAuth(conn net.Conn, p CredentialProvider, h Handler, a AuthenticationProvider) (*Conn, error) {
 	var packetConn *packet.Conn
 	if s.tlsConfig != nil {
 		packetConn = packet.NewTLSConn(conn)
@@ -81,6 +83,7 @@ func (s *Server) NewCustomizedConn(conn net.Conn, p CredentialProvider, h Handle
 		Conn:               packetConn,
 		serverConf:         s,
 		credentialProvider: p,
+		authenticationProvider: a,
 		h:                  h,
 		connectionID:       atomic.AddUint32(&baseConnID, 1),
 		stmts:              make(map[uint32]*Stmt),
@@ -96,6 +99,11 @@ func (s *Server) NewCustomizedConn(conn net.Conn, p CredentialProvider, h Handle
 	return c, nil
 }
 
+// NewCustomizedConn: create connection with customized server settings
+func (s *Server) NewCustomizedConn(conn net.Conn, p CredentialProvider, h Handler) (*Conn, error) {
+	return s.NewCustomizedConnWithAuth(conn, p, h, nil)
+}
+
 func (c *Conn) handshake() error {
 	if err := c.writeInitialHandshake(); err != nil {
 		return err

server/server_conf.go

@@ -69,7 +69,15 @@ func NewDefaultServer() *Server {
 // And for TLS support, you can specify self-signed or CA-signed certificates and decide whether the client needs to provide
 // a signed or unsigned certificate to provide different level of security.
 func NewServer(serverVersion string, collationId uint8, defaultAuthMethod string, pubKey []byte, tlsConfig *tls.Config) *Server {
-	if !isAuthMethodSupported(defaultAuthMethod) {
+	return NewServerWrapper(serverVersion, collationId, defaultAuthMethod, pubKey, tlsConfig, true)
+}
+
+func NewServerNoAuthMethodCheck(serverVersion string, collationId uint8, defaultAuthMethod string, pubKey []byte, tlsConfig *tls.Config) *Server {
+	return NewServerWrapper(serverVersion, collationId, defaultAuthMethod, pubKey, tlsConfig, false)
+}
+
+func NewServerWrapper(serverVersion string, collationId uint8, defaultAuthMethod string, pubKey []byte, tlsConfig *tls.Config, checkAuthMethod bool) *Server {
+	if checkAuthMethod && !isAuthMethodSupported(defaultAuthMethod) {
 		panic(fmt.Sprintf("server authentication method '%s' is not supported", defaultAuthMethod))
 	}