Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-312

Implement caching_sha2_password plugin

Details

    • Task
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • None
    • 3.0.8, 3.1.0
    • None
    • None

    Description

      MySQL 8.0 introduced a new authentication plugin "caching_sha2_password" plugin, which is enabled by default and will be used as standard plugin:

      Workflow:

      1) Server sends scramble packet
      2) Clients generates a sha256 hashed authentication string with the following mechanism:

        digest1= sha256(password)
      		 
        digest2= sha256(digest1)
      		 
        digest3= sha256(digest2, scramble)
      		 
        digest4= xor(digest1, digest3)

      3) Client sends digest4 as authentication string

      On success server sends a packet with length=1 and content=3. In case the password was not cached, server requires same authentication mechanism as in sha256_password with a little difference, the padding algorithm is PKCS1 v1.5 padding instead of OAEP.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. CONC-229 SHA256 authentication plugin

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJ-327 Handle sha256_password plugin

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJ-663 Implement caching_sha2_password plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Task - A task that needs to be done. CONJS-76 Implement sha256_password support

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJS-77 Implement caching_sha256_password support

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MDEV-9804 Implement a sha256_password / caching_sha256_password plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          New Feature - A new feature of the product, which has yet to be developed. MXS-1325 Add sha256_password authenticator

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Task - A task that needs to be done. ODBC-241 Add parameter that corresponds to MYSQL_SERVER_PUBLIC_KEY option from MariaDB Connector/C

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            georg Georg Richter added a comment -

            https://github.com/9EOR9/mariadb-connector-c/commit/aeb411107797179f2a725362ba86ab48665230fd

            georg Georg Richter added a comment - https://github.com/9EOR9/mariadb-connector-c/commit/aeb411107797179f2a725362ba86ab48665230fd
            georg Georg Richter added a comment -

            commit: https://github.com/9EOR9/mariadb-connector-c/commit/aeb411107797179f2a725362ba86ab48665230fd

            georg Georg Richter added a comment - commit: https://github.com/9EOR9/mariadb-connector-c/commit/aeb411107797179f2a725362ba86ab48665230fd
            hhorak Honza Horak added a comment -

            Georg, I'm wondering what was the reason to close this issue as WONTFIX. It would make sense to me to have this capability in the mariadb connector. This way, the mariadb connector cannot connect to the MySQL that is run with the default configuration.

            hhorak Honza Horak added a comment - Georg, I'm wondering what was the reason to close this issue as WONTFIX. It would make sense to me to have this capability in the mariadb connector. This way, the mariadb connector cannot connect to the MySQL that is run with the default configuration.
            serg Sergei Golubchik added a comment -

            Reopened. Let's have caching_sha2_password plugin for compatibility reasons

            serg Sergei Golubchik added a comment - Reopened. Let's have caching_sha2_password plugin for compatibility reasons
            georg Georg Richter added a comment -

            The caching_sha2_plugin doesn't work with GnuTLS, since neither GnuTLS nor libnettle provide the required rsa encryption with OAEP padding functionality.

            georg Georg Richter added a comment - The caching_sha2_plugin doesn't work with GnuTLS, since neither GnuTLS nor libnettle provide the required rsa encryption with OAEP padding functionality.
            georg Georg Richter added a comment -

            Pushed into 3.0 branch (will be available in C/C 3.0.8)

            georg Georg Richter added a comment - Pushed into 3.0 branch (will be available in C/C 3.0.8)

            People

              georg Georg Richter
              georg Georg Richter
              Votes:
              3 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.