WL#15239: Add WebAuthn_Callback class and other refinements.

An optimization is added to set/reset callback function registered with
auth plugin only when needed.

Change-Id: Idc6e2a5c0f8a6dc6bb3f9f61aff7aa66ab40772f

Author: rsomla1

jdbc/cppconn/callback.h

@@ -45,11 +45,103 @@ class MySQL_Connection;
 class MySQL_Driver;
 }
 
+
+/*
+  A callback to be used with `Driver::setCallback()` to define reaction
+  to the user action request during WebAuthn authentication handshake.
+
+  The client library defines default reaction which prints message on stderr.
+  This callback can be used to change it.
+
+  Example usage:
+
+    // Use lambda
+
+    driver->setCallback(WebAuthn_Callback{[](SQLString msg){
+      cerr << "User action request: " << msg << endl;
+    }});
+
+    // Disable default behavior (and do nothing upon action request)
+
+    driver->setCallback(WebAuthn_Callback{});
+
+    // Return to default behavior
+
+    driver->setCallbacak(WebAuthn_Callback{nullptr});
+
+    // User defined callback
+
+    struct My_Callback : WebAuthn_Callback
+    {
+      void ActionRequested(SQLString) override;
+    } 
+    cb;
+
+    driver->setCallback(cb);
+*/
+
+class WebAuthn_Callback
+{
+  std::function<void(SQLString)> callback_func;
+
+public:
+
+  /*
+    Create a callback that will call given lambda upon user action request.
+  */
+
+  WebAuthn_Callback(std::function<void(SQLString)>&& cb)
+    : callback_func{std::move(cb)}
+  {}
+
+  /*
+    Create an empty callback that will do nothing upon user action request.
+    This disables the default callback defined by the client library.
+  */
+
+  WebAuthn_Callback()
+    : callback_func{[](SQLString){}}
+  {}
+
+  /*
+    Create a null callback. Setting such callback has the effect of using
+    the default callback defined by the client library.
+  */
+
+  WebAuthn_Callback(std::nullptr_t)
+  {}
+
+  /*
+    Derived class can override this method to react to user action request.
+  */
+
+  virtual void ActionRequested(sql::SQLString msg)
+  {
+    if (callback_func)
+      callback_func(msg);
+  }
+
+  // Returns true if this callback is not null.
+
+  operator bool() const
+  {
+    return (bool)callback_func;
+  }
+
+  void operator()(sql::SQLString msg)
+  {
+    ActionRequested(msg);
+  }
+
+};
+
+
 /*
  * Class that provides functionality allowing user code to set the
  * callback functions through inheriting, passing the callback as
  * constructor parameters or using lambdas.
  */
+
 class Fido_Callback
 {
   std::function<void(SQLString)> callback_func = nullptr;
@@ -97,6 +189,7 @@ class Fido_Callback
   friend class mysql::MySQL_Driver;
 };
 
+
 } /* namespace sql */
 
 #endif // _SQL_CONNECTION_H_

jdbc/cppconn/driver.h

@@ -60,12 +60,14 @@ class CPPCONN_PUBLIC_FUNC Driver
   virtual const sql::SQLString & getName() = 0;
 
   virtual void setCallBack(sql::Fido_Callback &cb) = 0;
-
   virtual void setCallBack(sql::Fido_Callback &&cb) = 0;
 
   virtual void threadInit() = 0;
 
   virtual void threadEnd() = 0;
+
+  virtual void setCallBack(sql::WebAuthn_Callback &cb) = 0;
+  virtual void setCallBack(sql::WebAuthn_Callback &&cb) = 0;
 };
 
 } /* namespace sql */

jdbc/driver/mysql_connection.cpp

@@ -95,19 +95,9 @@
 # define ER_MUST_CHANGE_PASSWORD_LOGIN 1820
 #endif
 
-std::mutex callback_mutex;
-
-sql::Fido_Callback * fido_callback_instance = nullptr;
 
 bool oci_plugin_is_loaded = false;
 
-static void fido_callback_func(const char* msg)
-{
-  if (!fido_callback_instance)
-    return;
-  (*fido_callback_instance)(msg);
-}
-
 
 namespace sql
 {
@@ -414,6 +404,7 @@ bool get_connection_option(const sql::SQLString optionName,
   return false;
 }
 
+
 struct Prio
 {
   uint16_t prio;
@@ -429,6 +420,133 @@ struct Prio
   }
 };
 
+
+/*
+  A callback setter object arranges for correct WebAuthn/Fido authentication
+  callbacks to be used by the correpsonding clientlib authentication plugin.
+
+  If a user has registered a callback with a driver that creates a connection
+  then a callback function is registered with authentication plugins which will
+  call the callback stored in the driver.
+
+  The callback function registered with authentication plugins must be changed
+  depending on which driver is used to create a connection. A callback setter
+  object makes necessary changes when it detects that the current driver passed
+  to its ctor is different from the one used last time. 
+  
+  While exists, callback setter also prevents modification of authentication
+  plugin callbacks by concurrent threads.
+*/
+
+struct MySQL_Driver::WebAuthn_Callback_Setter
+{
+  using Proxy = NativeAPI::NativeConnectionWrapper;
+
+  WebAuthn_Callback_Setter(MySQL_Driver &drv, Proxy *prx) 
+    : lock{mutex}
+  {
+    /*
+      Note: Meaning of callback type value:
+
+      0 or 3 = no callback
+      1 or 4 = webauthn only callback
+      2 or 5 = webauthn and fido callback
+
+      Values 3,4,5 indicate that the callback function has been already
+      (de-)registered with the plugin(s).
+    */
+
+    auto callback_type = reinterpret_cast<intptr_t>(drv.fido_callback);
+
+    /*
+      Do nothing if we use the same driver as last time nad (de-)registration
+      was already done.
+    */
+
+    if ((2 < callback_type) && (driver == &drv))
+      return;
+
+    driver = &drv;  // Set current driver.
+
+    register_callback(prx, "fido", callback_type % 3 > 1);
+    register_callback(prx, "webauthn", callback_type % 3 > 0);
+
+    /*
+      Note: This will be reset to value 0-2 when user deregisters
+      the callback or registers a new one.
+    */
+   
+    drv.fido_callback = reinterpret_cast<Fido_Callback*>(callback_type + 3);
+  }
+
+ private:
+
+  // The driver whose callback will be called by authentication plugins.
+
+  static sql::mysql::MySQL_Driver * driver;
+
+  /*
+    Callback function to be registered with authentication plugins.
+    If the current driver has a stored callback then it is being called.
+  */
+
+  static void callback_func(const char* msg)
+  {
+    if (!driver || !driver->fido_callback)
+      return;
+    driver->webauthn_callback(msg);
+  }
+
+  static std::mutex mutex;
+  std::lock_guard<std::mutex> lock;
+
+  static
+  void register_callback(Proxy *proxy, std::string which, bool set_or_reset)
+  {
+    std::string plugin = "authentication_" + which + "_client";
+    std::string opt = which + "_messages_callback";
+
+    try
+    {
+      proxy->plugin_option(MYSQL_CLIENT_AUTHENTICATION_PLUGIN,
+        plugin.c_str(), opt.c_str(),
+        set_or_reset ? (const void*)callback_func : nullptr
+      );
+    }
+    catch (sql::MethodNotImplementedException &)
+    {
+      // Note: Ignore errors when re-setting the callback
+      
+      if(!set_or_reset) 
+        return;
+
+      /*
+        If failed, plugin is not present, we ignore this fact for deprected
+        fido plugin.
+      */
+      
+      if ("fido" != which)
+        throw;
+    }
+    catch (sql::InvalidArgumentException &e) 
+    {
+      if(!set_or_reset) 
+        return;
+
+      throw ::sql::SQLException(
+          "Failed to set fido message callback for "
+          + plugin + " plugin");
+    }
+  };        
+
+};
+
+
+std::mutex MySQL_Driver::WebAuthn_Callback_Setter::mutex;
+sql::mysql::MySQL_Driver *MySQL_Driver::WebAuthn_Callback_Setter::driver
+  = nullptr;
+
+
 /*
   We support :
   - hostName
@@ -1412,75 +1530,14 @@ void MySQL_Connection::init(ConnectOptionsMap & properties)
     }
 
     /*
-    * Helper class to simplify setting and resetting of the plugin callback.
+      Note: If needed the setter will update callback functions registered with
+      webauthn/fido authentication plugins to call the callback stored
+      in the driver. It also protects the callbacks from being modified while
+      connection is being made.
     */
-    struct Fido_Callback_Setter
-    {
-      NativeAPI::NativeConnectionWrapper *proxy = nullptr;
-
-      /*
-      * Construct the setter using the callback and proxy.
-      */
-      Fido_Callback_Setter(Fido_Callback *callback,
-        NativeAPI::NativeConnectionWrapper *_proxy) :
-          proxy(_proxy)
-      {
-        if (proxy && callback && *callback)
-        {
-          callback_mutex.lock();
-          try
-          {
-            fido_callback_instance = callback;
-            proxy->plugin_option(MYSQL_CLIENT_AUTHENTICATION_PLUGIN,
-              "authentication_fido_client",
-              "fido_messages_callback",
-              (const void*)fido_callback_func
-            );
-        } catch (sql::MethodNotImplementedException &) {
-          // If failed, authentication_fido_client is no longer present... skip
-        } catch (sql::InvalidArgumentException &e) {
-          throw ::sql::SQLException(
-              "Failed to set fido message callback for "
-              "authentication_fido_client plugin");
-        }
-
-        try
-        {
-          fido_callback_instance = callback;
-          proxy->plugin_option(MYSQL_CLIENT_AUTHENTICATION_PLUGIN,
-                               "authentication_webauthn_client",
-                               "webauthn_messages_callback",
-                               (const void *)fido_callback_func);
-
-          }
-          catch (sql::InvalidArgumentException& e) {
-          throw ::sql::SQLException(
-              "Failed to set webauthn message callback for "
-              "authentication_webauthn_client plugin");
-          }
-        }
-      }
-
-    ~Fido_Callback_Setter()
-    {
-      if(fido_callback_instance && proxy)
-      {
-        try
-        {
-          proxy->plugin_option(MYSQL_CLIENT_AUTHENTICATION_PLUGIN,
-                               "authentication_webauthn_client",
-                               "webauthn_messages_callback", nullptr);
-          }
-          catch(...) {}
-          fido_callback_instance = nullptr;
-          callback_mutex.unlock();
-        }
-      }
-    };
 
-    Fido_Callback_Setter setter(
-      static_cast<MySQL_Driver*>(driver)->fido_callback,
-      proxy.get());
+    MySQL_Driver::WebAuthn_Callback_Setter
+    setter{*static_cast<MySQL_Driver*>(driver), proxy.get()};
 
     //Connect loop
     {