Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-663

Implement caching_sha2_password plugin

Details

    Description

      MySQL 8.0 introduced a new authentication plugin "caching_sha2_password" plugin, which is enabled by default and will be used as standard plugin:

      Workflow:

      1) Server sends scramble packet
      2) Clients generates a sha256 hashed authentication string with the following mechanism:

      digest1= sha256(password)
      digest2= sha256(digest1)
      digest3= sha256(digest2, scramble)
      digest4= xor(digest1, digest3)
      3) Client sends digest4 as authentication string

      On success server sends a packet with length=1 and content=3. In case the password was not cached, server requires same authentication mechanism as in sha256_password with a little difference, the padding algorithm is PKCS1 v1.5 padding instead of OAEP.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. CONJ-327 Handle sha256_password plugin

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJS-76 Implement sha256_password support

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJS-77 Implement caching_sha256_password support

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MDEV-9804 Implement a caching_sha256_password plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          New Feature - A new feature of the product, which has yet to be developed. MXS-1325 Add sha256_password authenticator

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Task - A task that needs to be done. ODBC-241 Add parameter that corresponds to MYSQL_SERVER_PUBLIC_KEY option from MariaDB Connector/C

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONC-229 SHA256 authentication plugin

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONC-312 Implement caching_sha2_password plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Descending order - Click to sort in ascending order
            diego dupin Diego Dupin added a comment -

            ok, reproduced.
            Issue https://jira.mariadb.org/browse/CONJ-737 created. Driver doesn't return the server message when fast authentication return an error, but this "Expect login success or RSA login request message"

            diego dupin Diego Dupin added a comment - ok, reproduced. Issue https://jira.mariadb.org/browse/CONJ-737 created. Driver doesn't return the server message when fast authentication return an error, but this "Expect login success or RSA login request message"
            quaff Yanming Zhou added a comment - - edited 

            public class Main {
            		 
             
            		 
            	public static void main(String[] args) throws Exception {
            		 
            		try (Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3307/test?useSSL=false", "root", "")) {
            		 
            			System.out.println(conn.getMetaData().getDatabaseProductName());
            		 
            		}
            		 
            	}
            		 
             
            		 
            }

            Oracle JDK 1.8.0_221, macOS Mojave, mysql 8.0.17 run with docker, works fine with mysql-connector-java.
            Upgrade to 2.5.1-snapshot, same error message.

            quaff Yanming Zhou added a comment - - edited public class Main {   public static void main(String[] args) throws Exception { try (Connection conn = DriverManager.getConnection( "jdbc:mysql://localhost:3307/test?useSSL=false" , "root" , "" )) { System.out.println(conn.getMetaData().getDatabaseProductName()); } }   } Oracle JDK 1.8.0_221, macOS Mojave, mysql 8.0.17 run with docker, works fine with mysql-connector-java. Upgrade to 2.5.1-snapshot, same error message.
            diego dupin Diego Dupin added a comment - - edited

            And if you can retry with SNAPSHOT repository : 

            <repositories>
            		 
                <repository>
            		 
                    <id>sonatype-nexus-snapshots</id>
            		 
                    <name>Sonatype Nexus Snapshots</name>
            		 
                    <url>https://oss.sonatype.org/content/repositories/snapshots</url>
            		 
                </repository>
            		 
            </repositories>
            		 
             
            		 
            <dependencies>
            		 
                <dependency>
            		 
                    <groupId>org.mariadb.jdbc</groupId>
            		 
                    <artifactId>mariadb-java-client</artifactId>
            		 
                    <version>2.5.1-SNAPSHOT</version>
            		 
                </dependency>
            		 
            </dependencies>

            The error will now log the packet in case of unexpected protocol. That would help a lot

            diego dupin Diego Dupin added a comment - - edited And if you can retry with SNAPSHOT repository : <repositories> <repository> <id>sonatype-nexus-snapshots</id> <name>Sonatype Nexus Snapshots</name> <url>https: //oss.sonatype.org/content/repositories/snapshots</url> </repository> </repositories>   <dependencies> <dependency> <groupId>org.mariadb.jdbc</groupId> <artifactId>mariadb-java-client</artifactId> <version> 2.5 . 1 -SNAPSHOT</version> </dependency> </dependencies> The error will now log the packet in case of unexpected protocol. That would help a lot
            diego dupin Diego Dupin added a comment -

            Can you provide some other informations? Windows/Linux, connection string ... ?

            diego dupin Diego Dupin added a comment - Can you provide some other informations? Windows/Linux, connection string ... ?
            quaff Yanming Zhou added a comment -

            mariadb-java-client-2.5.0 and 8.0.17 MySQL Community Server

            Caused by: java.sql.SQLException: Protocol exchange error. Expect login success or RSA login request message
            		 
            	at org.mariadb.jdbc.internal.com.send.authentication.CachingSha2PasswordPlugin.process(CachingSha2PasswordPlugin.java:207)
            		 
            	at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.authenticationHandler(AbstractConnectProtocol.java:703)
            		 
            	at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.createConnection(AbstractConnectProtocol.java:507)
            		 
            	at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1236)
            		 
            	... 6 more

            buffer.getByteAt(1) return unexpected 25

            quaff Yanming Zhou added a comment - mariadb-java-client-2.5.0 and 8.0.17 MySQL Community Server Caused by: java.sql.SQLException: Protocol exchange error. Expect login success or RSA login request message at org.mariadb.jdbc.internal.com.send.authentication.CachingSha2PasswordPlugin.process(CachingSha2PasswordPlugin.java: 207 ) at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.authenticationHandler(AbstractConnectProtocol.java: 703 ) at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.createConnection(AbstractConnectProtocol.java: 507 ) at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java: 1236 ) ... 6 more buffer.getByteAt(1) return unexpected 25
            View 4 older comments

            People

              diego dupin Diego Dupin
              ryantheleach Ryan Leach
              Votes:
              4 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.