Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
3.0 (EOL)
-
None
-
None
Description
We have developed our own database system that uses the Handshake V10 protocol. When using MariaDB Connector/J, we construct the initial handshake packet according to the format provided on the official website, filling the authenticationPluginType field with 'auth_gssapi_client'. However, MariaDB Connector/J incorrectly resets this field to 'mysql_native_password' in the handshakeResponse method, causing the server to fail to correctly parse the authentication module field in the returned handshake response.
//authenticationPluginType here is 'auth_gssapi_client'
|
new HandshakeResponse( |
credential,
|
authenticationPluginType,
|
context.getSeed(),
|
conf,
|
host,
|
clientCapabilities,
|
exchangeCharset)
|
.encode(writer, context);
|
writer.flush();
|
 |
//the authenticationPluginType is reset to 'mysql_native_password' incorrectly.
|
@Override |
public int encode(Writer writer, Context context) throws IOException { |
final byte[] authData; |
if ("mysql_clear_password".equals(authenticationPluginType)) { |
if (!context.hasClientCapability(SSL)) { |
throw new IllegalStateException("Cannot send password in clear if SSL is not enabled."); |
}
|
authData =
|
(password == null) ? new byte[0] : password.toString().getBytes(StandardCharsets.UTF_8); |
} else { |
authenticationPluginType = "mysql_native_password"; |
authData = NativePasswordPlugin.encryptPassword(password, seed);
|
}
|
...
|
}
|