Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-663

Implement caching_sha2_password plugin

Details

    Description

      MySQL 8.0 introduced a new authentication plugin "caching_sha2_password" plugin, which is enabled by default and will be used as standard plugin:

      Workflow:

      1) Server sends scramble packet
      2) Clients generates a sha256 hashed authentication string with the following mechanism:

      digest1= sha256(password)
      digest2= sha256(digest1)
      digest3= sha256(digest2, scramble)
      digest4= xor(digest1, digest3)
      3) Client sends digest4 as authentication string

      On success server sends a packet with length=1 and content=3. In case the password was not cached, server requires same authentication mechanism as in sha256_password with a little difference, the padding algorithm is PKCS1 v1.5 padding instead of OAEP.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. CONJ-327 Handle sha256_password plugin

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJS-76 Implement sha256_password support

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJS-77 Implement caching_sha256_password support

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MDEV-9804 Implement a caching_sha256_password plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          New Feature - A new feature of the product, which has yet to be developed. MXS-1325 Add sha256_password authenticator

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Task - A task that needs to be done. ODBC-241 Add parameter that corresponds to MYSQL_SERVER_PUBLIC_KEY option from MariaDB Connector/C

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONC-229 SHA256 authentication plugin

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONC-312 Implement caching_sha2_password plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            View 4 older comments
            quaff Yanming Zhou added a comment -

            mariadb-java-client-2.5.0 and 8.0.17 MySQL Community Server

            Caused by: java.sql.SQLException: Protocol exchange error. Expect login success or RSA login request message
            		 
            	at org.mariadb.jdbc.internal.com.send.authentication.CachingSha2PasswordPlugin.process(CachingSha2PasswordPlugin.java:207)
            		 
            	at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.authenticationHandler(AbstractConnectProtocol.java:703)
            		 
            	at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.createConnection(AbstractConnectProtocol.java:507)
            		 
            	at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1236)
            		 
            	... 6 more

            buffer.getByteAt(1) return unexpected 25

            quaff Yanming Zhou added a comment - mariadb-java-client-2.5.0 and 8.0.17 MySQL Community Server Caused by: java.sql.SQLException: Protocol exchange error. Expect login success or RSA login request message at org.mariadb.jdbc.internal.com.send.authentication.CachingSha2PasswordPlugin.process(CachingSha2PasswordPlugin.java: 207 ) at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.authenticationHandler(AbstractConnectProtocol.java: 703 ) at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.createConnection(AbstractConnectProtocol.java: 507 ) at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java: 1236 ) ... 6 more buffer.getByteAt(1) return unexpected 25
            diego dupin Diego Dupin added a comment -

            Can you provide some other informations? Windows/Linux, connection string ... ?

            diego dupin Diego Dupin added a comment - Can you provide some other informations? Windows/Linux, connection string ... ?
            diego dupin Diego Dupin added a comment - - edited

            And if you can retry with SNAPSHOT repository : 

            <repositories>
            		 
                <repository>
            		 
                    <id>sonatype-nexus-snapshots</id>
            		 
                    <name>Sonatype Nexus Snapshots</name>
            		 
                    <url>https://oss.sonatype.org/content/repositories/snapshots</url>
            		 
                </repository>
            		 
            </repositories>
            		 
             
            		 
            <dependencies>
            		 
                <dependency>
            		 
                    <groupId>org.mariadb.jdbc</groupId>
            		 
                    <artifactId>mariadb-java-client</artifactId>
            		 
                    <version>2.5.1-SNAPSHOT</version>
            		 
                </dependency>
            		 
            </dependencies>

            The error will now log the packet in case of unexpected protocol. That would help a lot

            diego dupin Diego Dupin added a comment - - edited And if you can retry with SNAPSHOT repository : <repositories> <repository> <id>sonatype-nexus-snapshots</id> <name>Sonatype Nexus Snapshots</name> <url>https: //oss.sonatype.org/content/repositories/snapshots</url> </repository> </repositories>   <dependencies> <dependency> <groupId>org.mariadb.jdbc</groupId> <artifactId>mariadb-java-client</artifactId> <version> 2.5 . 1 -SNAPSHOT</version> </dependency> </dependencies> The error will now log the packet in case of unexpected protocol. That would help a lot
            quaff Yanming Zhou added a comment - - edited 

            public class Main {
            		 
             
            		 
            	public static void main(String[] args) throws Exception {
            		 
            		try (Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3307/test?useSSL=false", "root", "")) {
            		 
            			System.out.println(conn.getMetaData().getDatabaseProductName());
            		 
            		}
            		 
            	}
            		 
             
            		 
            }

            Oracle JDK 1.8.0_221, macOS Mojave, mysql 8.0.17 run with docker, works fine with mysql-connector-java.
            Upgrade to 2.5.1-snapshot, same error message.

            quaff Yanming Zhou added a comment - - edited public class Main {   public static void main(String[] args) throws Exception { try (Connection conn = DriverManager.getConnection( "jdbc:mysql://localhost:3307/test?useSSL=false" , "root" , "" )) { System.out.println(conn.getMetaData().getDatabaseProductName()); } }   } Oracle JDK 1.8.0_221, macOS Mojave, mysql 8.0.17 run with docker, works fine with mysql-connector-java. Upgrade to 2.5.1-snapshot, same error message.
            diego dupin Diego Dupin added a comment -

            ok, reproduced.
            Issue https://jira.mariadb.org/browse/CONJ-737 created. Driver doesn't return the server message when fast authentication return an error, but this "Expect login success or RSA login request message"

            diego dupin Diego Dupin added a comment - ok, reproduced. Issue https://jira.mariadb.org/browse/CONJ-737 created. Driver doesn't return the server message when fast authentication return an error, but this "Expect login success or RSA login request message"

            People

              diego dupin Diego Dupin
              ryantheleach Ryan Leach
              Votes:
              4 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.