Allow plugin for other auth types

enginetest/enginetests.go

@@ -1200,6 +1200,7 @@ func TestUserAuthentication(t *testing.T, h Harness) {
 			defer engine.Close()
 			engine.Analyzer.Catalog.MySQLDb.AddRootAccount()
 			engine.Analyzer.Catalog.MySQLDb.SetPersister(&mysql_db.NoopPersister{})
+
 			if script.SetUpFunc != nil {
 				script.SetUpFunc(ctx, t, engine)
 			}
@@ -1223,7 +1224,7 @@ func TestUserAuthentication(t *testing.T, h Harness) {
 			}()
 
 			for _, assertion := range script.Assertions {
-				conn, err := dbr.Open("mysql", fmt.Sprintf("%s:%s@tcp(localhost:%d)/",
+				conn, err := dbr.Open("mysql", fmt.Sprintf("%s:%s@tcp(localhost:%d)/?allowCleartextPasswords=true",
 					assertion.Username, assertion.Password, port), nil)
 				require.NoError(t, err)
 				if assertion.ExpectedErr {
@@ -2613,11 +2614,11 @@ func TestCreateDatabase(t *testing.T, harness Harness) {
 
 	t.Run("CREATE DATABASE error handling", func(t *testing.T) {
 		AssertWarningAndTestQuery(t, e, ctx, harness, "CREATE DATABASE newtestdb CHARACTER SET utf8mb4 ENCRYPTION='N'",
-			[]sql.Row{sql.Row{sql.OkResult{RowsAffected: 1, InsertID: 0, Info: nil}}}, nil, mysql.ERNotSupportedYet, 1,
+			[]sql.Row{{sql.OkResult{RowsAffected: 1, InsertID: 0, Info: nil}}}, nil, mysql.ERNotSupportedYet, 1,
 			"", false)
 
 		AssertWarningAndTestQuery(t, e, ctx, harness, "CREATE DATABASE newtest1db DEFAULT COLLATE binary ENCRYPTION='Y'",
-			[]sql.Row{sql.Row{sql.OkResult{RowsAffected: 1, InsertID: 0, Info: nil}}}, nil, mysql.ERNotSupportedYet, 1,
+			[]sql.Row{{sql.OkResult{RowsAffected: 1, InsertID: 0, Info: nil}}}, nil, mysql.ERNotSupportedYet, 1,
 			"", false)
 
 		AssertErr(t, e, harness, "CREATE DATABASE mydb", sql.ErrDatabaseExists)
@@ -4448,7 +4449,7 @@ func TestAddDropPks(t *testing.T, harness Harness) {
 
 	// Assert that the table is insertable
 	TestQueryWithContext(t, ctx, e, `INSERT INTO t1 VALUES ("a1", "a2")`, []sql.Row{
-		sql.Row{sql.OkResult{RowsAffected: 1}},
+		{sql.OkResult{RowsAffected: 1}},
 	}, nil, nil)
 
 	TestQueryWithContext(t, ctx, e, `SELECT * FROM t1 ORDER BY pk`, []sql.Row{
@@ -4459,7 +4460,7 @@ func TestAddDropPks(t *testing.T, harness Harness) {
 	}, nil, nil)
 
 	TestQueryWithContext(t, ctx, e, `DELETE FROM t1 WHERE pk = "a1" LIMIT 1`, []sql.Row{
-		sql.Row{sql.OkResult{RowsAffected: 1}},
+		{sql.OkResult{RowsAffected: 1}},
 	}, nil, nil)
 
 	TestQueryWithContext(t, ctx, e, `SELECT * FROM t1 ORDER BY pk`, []sql.Row{
@@ -4483,7 +4484,7 @@ func TestAddDropPks(t *testing.T, harness Harness) {
 
 	// Assert the table is insertable
 	TestQueryWithContext(t, ctx, e, `INSERT INTO t1 VALUES ("a4", "a3")`, []sql.Row{
-		sql.Row{sql.OkResult{RowsAffected: 1}},
+		{sql.OkResult{RowsAffected: 1}},
 	}, nil, nil)
 
 	// Assert that an indexed based query still functions appropriately
@@ -4496,7 +4497,7 @@ func TestAddDropPks(t *testing.T, harness Harness) {
 
 	// Assert that the table is insertable
 	TestQueryWithContext(t, ctx, e, `INSERT INTO t1 VALUES ("a1", "a2")`, []sql.Row{
-		sql.Row{sql.OkResult{RowsAffected: 1}},
+		{sql.OkResult{RowsAffected: 1}},
 	}, nil, nil)
 
 	TestQueryWithContext(t, ctx, e, `SELECT * FROM t1 ORDER BY pk`, []sql.Row{

enginetest/queries/priv_auth_queries.go

@@ -22,6 +22,7 @@ import (
 
 	sqle "github.com/dolthub/go-mysql-server"
 	"github.com/dolthub/go-mysql-server/sql"
+	"github.com/dolthub/go-mysql-server/sql/mysql_db"
 	"github.com/dolthub/go-mysql-server/sql/plan"
 )
 
@@ -360,6 +361,7 @@ var UserPrivTests = []UserPrivilegeTest{
 						nil,                     // Password_reuse_time
 						nil,                     // Password_require_current
 						nil,                     // User_attributes
+						"",                      // identity
 					},
 				},
 			},
@@ -1032,6 +1034,68 @@ var ServerAuthTests = []ServerAuthenticationTest{
 			},
 		},
 	},
+	{
+		Name: "Create User with mysql_clear_password plugin specification",
+		SetUpScript: []string{
+			"CREATE USER ctpuse@localhost IDENTIFIED WITH mysql_clear_password",
+			"GRANT ALL ON *.* TO ctpuse@localhost WITH GRANT OPTION;",
+		},
+		Assertions: []ServerAuthenticationTestAssertion{
+			{
+				Username:    "ctpuse",
+				Password:    "",
+				Query:       "SELECT * FROM mysql.user;",
+				ExpectedErr: true,
+			},
+			{
+				Username:    "ctpuse",
+				Password:    "rightpassword",
+				Query:       "SELECT * FROM mysql.user;",
+				ExpectedErr: false,
+			},
+		},
+	},
+	{
+		Name: "Create User with jwt plugin specification",
+		SetUpScript: []string{
+			"CREATE USER `test-user`@localhost IDENTIFIED WITH authentication_dolt_jwt AS 'jwks=testing,sub=test-user,iss=dolthub.com,aud=some_id';",
+			"GRANT ALL ON *.* TO `test-user`@localhost WITH GRANT OPTION;",
+		},
+		SetUpFunc: func(ctx *sql.Context, t *testing.T, engine *sqle.Engine) {
+			engine.Analyzer.Catalog.MySQLDb.SetJwksConfig([]mysql_db.JwksConfig{
+				{
+					Name:   "testing",
+					Source: "testdata/test_jwks_keys.json", // TODO: Use url only?
+					Claims: map[string]string{
+						"alg": "RS256",
+						"aud": "some_id",
+						"iss": "dolthub.com",
+					},
+					FieldsToLog: []string{"id", "on_behalf_of"},
+				},
+			})
+		},
+		Assertions: []ServerAuthenticationTestAssertion{
+			{
+				Username:    "test-user",
+				Password:    "what",
+				Query:       "SELECT * FROM mysql.user;",
+				ExpectedErr: true,
+			},
+			{
+				Username:    "test-user",
+				Password:    "",
+				Query:       "SELECT * FROM mysql.user;",
+				ExpectedErr: true,
+			},
+			{
+				Username:    "test-user",
+				Password:    "eyJhbGciOiJSUzI1NiIsImtpZCI6IjNlMTZkY2NmLTI0YmYtNDQ3Yi04ZDcyLTI5NTAwNDJiNDM1ZiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic29tZV9pZCJdLCJpYXQiOjE2NTgxOTIwNzcsImlzcyI6ImRvbHRodWIuY29tIiwianRpIjoiM2UxNmRjY2YtMjRiZi00NDdiLThkNzItMjk1MDA0MmI0MzVmIiwib25fYmVoYWxmX29mIjoibXktdXNlcm5hbWUiLCJzdWIiOiJ0ZXN0LXVzZXIifQ.DNEexsNM5GVZfnZ7peaiaOuSL_0wDv7Ooa_7fp4ag1ZbzbXpglLYi2ZP1aJnPBlJ32U9i4gyydMBr5eMrs0A-WvLUMw5ZDTJK2nEOriorVFVVUzD6--r9FURSfHrXpnSzHuYbsKDMTMZ6RuU0jzNrBc_k2fMEUhDyYOlIUmx71YdNIYTQ5MOHqTZ9dR78YBELWKv2HnMvMUm7m5IieoRSnxvQ3Fu9R3q2fEKgW_KPUcxZ9cwA_6XNFkHxIQMueh66_D_VZhZHcfZG6oYa255ejqYwNQwD6Hx2F_pvF96GvqLdl8NUOZra5VEDXA20WmslktKvgdr-1SZKsrd1Na-aA",
+				Query:       "SELECT * FROM mysql.user;",
+				ExpectedErr: false,
+			},
+		},
+	},
 	{
 		Name: "Adding a Super User directly",
 		SetUpFunc: func(ctx *sql.Context, t *testing.T, engine *sqle.Engine) {

enginetest/testdata/test_jwks_keys.json

@@ -0,0 +1,10 @@
+[
+  {
+    "id": "0387f1a8-29c7-4732-8ed0-3a5787c9b91a",
+    "key_bytes": "GCBAJPQCAEADADIGBEVIMSEG64GQCAIBAUAAJAQEVAYIEBFEAIAQAAUCAEAQBRX7GWIAURSBXCYHKZ2UGCQMNJSJRJ7LOECLBG6RYVBGSSB66IBSRTACPLASLJKC5RBWA7KYSWYD65MVHZTDQKMWAYG6LKZ6GN7ZQQQN3ZXFOSLLP2Y7MVUPI4WQ5ZCVPPPVLEZGIPM7OAF5VXYUKMNRUO4Y5XH4QQGTSG3746PBPXNXCIWY62B2474TZ4ACXLYR27QRXOWYZMLK5VDOHZPGARW6XNZXV7QWK62FVZW7J4BFWTWJKNPSARHUMCB6UEA76OCSMIA5HPXMDX4SCQ2YLUJMJNQBPHZRXYZLA4DG7SYGNM4GJUO726AY2N4P45O6AI6C4OHH4EEWMJ3A3A5HQYFSWIUABVWLKE7QKVNGQN4MPKTYHIXZEYXT5IU2M7GJ6XXTLLWWF3E2DV2QNWXS6AICAMAQAAICQIAQCAEYKCY3XXORM3XKTSSDLPZJRLKURSD4A47YXGTOXJBKLEMWMXX3EMLA5YUO27AWEHBFXVAYHVON36OE2ODF5ELQNNHZSBMJNRR5RLZ7FACHAKWJTTEO4CFCXKVH2N473A5KO6EF3BGSSIPB4RG2NFQS6JUGEWESS6E27YK5IYVJAHFONU4TDPCJZCCNJBRLEO55SYD4UWYCJJ5NODH7DZLTIB6QCLHFJJQFEBWGZVL65HP4CJI7SR3NSMVPJVPIBCYN7ZIZ5ZFHVE6NNMNIQTBOIAAG67WKIU5TLFGRGRTJVLYLJFH74BMVPSPRZ5ZPQLWT24DCET2WHBPSREB5RG4VNE3GDYOSOG6AFQRQQQAKDRKIIUOEY6ZF7O4TDO34TLUEQBKP5IBXTVW27LVHHOFRPFQRAKAYCAHB4JJJZCRLBE4LSJC5OKFLDWTJFWPIRDA2UKQCA2DEQUR5V7SLEQ7BB3JPUTEE742FYNWAIS7HHNL3BAA5BQQ6OML44YDA5LJXERG5E7WHJTEGT7FG7PSDH3RWDQUQLOYCATJQSJK5S7C2BZ346S5N7KTJ45S4VPD34Z45CLJJSYVR2XO7P44A2XK4FIVVAKMO33CNZVF7QGOQFAMBADQYOMUNJ7S2YAK4DDPAYHNZVAMW6T5JBS3QVAWQLARPBMZOYHXY72JV6M3TTQALGH64RJUQTYU5SJHSKTYGW4D4UMI7GJ7FXJJUDELU6JPW4RZ27URWMRPWHMIV344SJC5BPQ4TLYVHLRFV27HOJUI4MNCF774GEER7QTWKM2WVI4REPNR7A2VHZQMSCMIOCMK2RKCSFXHEPNICQGAAJO3WDGNXO3KZA7P7AKJ7FCOLPSLB4HQHLCTEVJUSK6PYS5KO5BAS3TG6WSU3PO4VAA6ZCZ47JHJUVAMPOAWTB4A6K2HYIWCHC7CMHEK3RXJN6GZH4WIWTXJ6NRCOIO2XQRC3TN6HD2UFCRVOKHSHN75CJ76ZBULUPTJ3JYNZCHDZJDBTPNDVTMVBFDJ3TUIVDUPO6PSW2INNAKAYCAFM23REKLUAIQGF5OVIEH6P35PYLA4GFRC53NXFTIOSKVE53AN7ZE4N7IPAE4QCR5CNDTRZUXN4SCYCEEB2TD6IE2FPF36NVMFLOHFLUJ5OH5R5HL4A3O3K46FCLSYHRYOHZTBJIRCMUIUPS66FCHJ3RP6S7UDWLERMOD3GCY6DL27IG6YVEKAXVS4OJ3B3XF5AW65RQEAG2EUQFAMANKDGGDJSCMT5IIFI64UMCW7GJJ4JKIZM3FYSD43UYRRNIFXVQLFZCJOFJ3LMDIUPUBTU4OF3ZNZL26QKU2NGJJUZOJKOMM7NNKXMLQ3BRG6WCTJRZHA3FWTL76QJESML5L5IABMWF2LQNPHTEP5Z2Y4QOHEHITOR5SU7FV5NEXF4TIDR5M6FU267IAFKYGZTIRXJG5C3BFKMK==="
+  },
+  {
+    "id": "3e16dccf-24bf-447b-8d72-2950042b435f",
+    "key_bytes": "GCBAJPICAEADADIGBEVIMSEG64GQCAIBAUAAJAQEU4YIEBFDAIAQAAUCAEAQBPL6FCNE23EQ3L5AE4JXNFWZZ47HVYDQZHQK7KE7BMGUVCGJB75ZVXTSBXQZQ7JPVELTVMPV27HWTSRHD72ZYQTX6QL4CCVHSL3MGQLQRFAITBZ4NNDGWNFUH3JRUZ3TZZJE6OVRP6MGZNCFOD7HMYNZ2LCLCLTTV4QXHQ5SCYFGE7UKNHEU4L73XD3RNQDYXK2PKZZQLSBORGL2NIF6TC76YFGIDA3WXCZGZGP54F3JHKCXTXUCDWUBFTBXXRMMPUVUHER3CCVPCRODNICL2HQO45VXCON5FXLR6LZENDL6W7T4LJEXAH2GWVUMQI47USM2IZP7VXM53I56VYSJSCMLMMUKJ3Y222QG52OSOO4P2AACZOPKRDPXLCN5MNHBQLBJV2DQXOHWCHH5MVBFAEFQHLICAMAQAAICQIAQAOSNJKUM6EMMGAJ2IFFZPPJKD26ZNCG7VL6VVDUDACPYEQZ3XGJSYPZM2BQIZTSXR6VPUABPE7FUKPKRORP5SSAKFAV7NVIUMH7VE3A367PMO4NYQE4RKWYN5ILIDFJ25BGCFXDIFBO7S5BNXFVFC6QX6ZSVMLTYUF22K3E4VJZV7AUXROOMQVNTDFQ4ZOSDNMHKUQVJPKGTZAYZFYXGYCP5IDKMWR7WEVAESLLLD7P56JF5HFNRKMPKEEBUD5GY4PXEUGZ5ZJJZGC2R37DVENJB4R2VC3I4OA4AQO6X4OCL7KC6TAVZKK2GBXANRZXQSMELPXEPZ4OSJZT6EO3JQ3IFQSZWCF3LSSKEHG66ZGZTLFNGZ3SR5UEFCDRQIVFSZDQPN5B5H2CEDEON5M2VTBBA34ICQGAQB4Y7XI24POJJV4KSC4KGSZFRTP2NKBKQT4JMSOTUCNJ5JXXIJWTGVI7NHTSZ6X7C4C7LZW4QZIS2IE7RNAQ2O6I7ZXY57TPHULSWTSAHSNAIEW6JAOD53INMYXAGN7RKSSUV4INLRHB3SQ5MDDGNHB2I77H7CISQ53OCU2GN4XUERTOBJZCFAWEYUSUBYWRV3JCCH4GWE5FHG4BIDAIAY6DUZ7VQ6L7PPPRXCCN2KMKSTDMTZMOEPVC6RVGBXSUIHCRM3PGTQRB22I6OTW3ORFR3ZP24PTCL2UVCVNMCLFV5VX4QEQDNN7MQ6Q3IUJ5UDMKKSCMVMMXXRPPCMVWKA4BC5ABLWRQKY4YKTXCOYSFE7P7JWRR33AK7P5IPMHK5M24LW5MQ2LXATISLZVIMG53NIFPF4RLDWAUBQA7LQYNGPQTNLDIYNNXTRIMPGBHDZWGLQ5WBG3XIBALX6AB225CSZFJA5YWV5YPKG7QNK3KWD3PUOX3LWIL5AURGORIO6AEMHCBPTTYYBGWJLKL6SLFDAFLTGJRU6OOQASJHYRR7KR7ODE7E6CD223NSBRXV2MSGEMVM2O4AHXQ24WSUOCBU6FYVTN5IWLP4NYWPB5RJGLGBWUYCQGAD32B67VXQ3FQKNQOE3LG5FZLIAURWYC4UIXJCQ2IK3ZTDDHDB2VFJG2JEDFHAYJJKHERMQ75TYQYWWLBQEAWRO3M5OVWBLIMBU4PQRBV3RLRBRXHKFWWQUHZ2RE76WVBO3NOBSPDPXKS3C47J4AHRQ4AJTJZ7VISPWQFFWSCVOR5PYWRI36VVLJWBTJ3YM5U6R44XRZF4X4XNAKAYCAGRME63SJDUJITIABBMSMEKBFBEW3PA3Y5XTJZYDF3RXWTAJKTFMEDRVDJHKGDOJUDJOP34UOQMNOWATHZCF4QJOX433EFXE7OFAMG5I7IPKUXQFXDNOFY3CYZ2SYNZN4ZIYKACXT3PZLUE7VSZK3QKF5OVKVC6L6XGZMMMFQXY3J6NEYEXS2MZKLDF5UTHGASQ62G2ZYCQWJ4Q===="
+  }
+]

go.mod

@@ -27,6 +27,8 @@ require (
 	gopkg.in/src-d/go-errors.v1 v1.0.0
 )
 
+require golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
+
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
@@ -39,6 +41,7 @@ require (
 	google.golang.org/grpc v1.37.0 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0
 	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
 )
 

go.sum

@@ -339,6 +339,7 @@ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -486,6 +487,8 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
+gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
+gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/src-d/go-errors.v1 v1.0.0 h1:cooGdZnCjYbeS1zb1s6pVAAimTdKceRrpn7aKOnNIfc=
 gopkg.in/src-d/go-errors.v1 v1.0.0/go.mod h1:q1cBlomlw2FnDBDNGlnh6X0jPihy+QxZfMMNxPCbdYg=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=

server/server.go

@@ -76,13 +76,14 @@ func NewServer(cfg Config, e *sqle.Engine, sb SessionBuilder, listener ServerEve
 	}
 
 	listenerCfg := mysql.ListenerConfig{
-		Listener:           l,
-		AuthServer:         e.Analyzer.Catalog.MySQLDb,
-		Handler:            handler,
-		ConnReadTimeout:    cfg.ConnReadTimeout,
-		ConnWriteTimeout:   cfg.ConnWriteTimeout,
-		MaxConns:           cfg.MaxConnections,
-		ConnReadBufferSize: mysql.DefaultConnBufferSize,
+		Listener:                 l,
+		AuthServer:               e.Analyzer.Catalog.MySQLDb,
+		Handler:                  handler,
+		ConnReadTimeout:          cfg.ConnReadTimeout,
+		ConnWriteTimeout:         cfg.ConnWriteTimeout,
+		MaxConns:                 cfg.MaxConnections,
+		ConnReadBufferSize:       mysql.DefaultConnBufferSize,
+		AllowClearTextWithoutTLS: true,
 	}
 	vtListnr, err := mysql.NewListenerWithConfig(listenerCfg)
 	if err != nil {

sql/mysql_db/fbs/mysql_db.fbs

@@ -45,6 +45,7 @@ table User {
     password_last_changed:int64; // represents time.Time
     locked:bool;
     attributes:string; // represents *string
+    identity:string;
 }
 
 // Entries in the role_edges table