Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
2.1.3
-
Mac OS Mojave
NodeJS
MongoDB
MongoDB BI Connector
Description
I have a pretty interesting edge case. Please don't write me off right away 
MongoDb has a plugin called "MongoDB BI Connector". It's used for a variety of reasons, but one reason is that when you enable this feature, you can connect to mongo using a MySql client. The only caveat is that you have to have the ClearText Plugin enabled.
I've gone through the mariadb code, and it seems to handle the scenario mostly correctly with the "AuthSwitchRequest" when connecting then sending the password in using the ClearTextAuth module. But without the following fix, it dies with this:
node_modules/mariadb/lib/cmd/handshake/handshake.js:110 |
'Unexpected type of packet during handshake phase : ' + packet.log(), |
^
|
TypeError: packet.log is not a function
|
at Handshake.handshakeResult (/Users/timliu/development/hull-sql/node_modules/mariadb/lib/cmd/handshake/handshake.js:110:74) |
at PacketInputStream.receivePacketDebug (/Users/timliu/development/hull-sql/node_modules/mariadb/lib/io/packet-input-stream.js:93:9) |
Which is a slightly different issue, but the point is, as is, the current implementation doesn't handle the case.
I think there's an issue with how the "pluginName" is returned in the handshake: https://github.com/MariaDB/mariadb-connector-nodejs/blob/master/lib/cmd/handshake/client-handshake-response.js#L67
I'm not a MySql protocol expert, but the "pluginName" that's passed in is the one that the server responded with. Even though when responding to the server on https://github.com/MariaDB/mariadb-connector-nodejs/blob/master/lib/cmd/handshake/client-handshake-response.js#L35
it does this: authToken = Buffer.alloc(0);
The spec reads here: https://dev.mysql.com/doc/internals/en/connection-phase-packets.html
"auth plugin name (string.NUL) – the Authentication Method used by the client to generate auth-response value in this packet. This is an UTF-8 string."
So I would think that if there wasn't an explicit plugin match, that we should NOT write the pluginName back in the "Auth plugin name" field. What's happening now is that we're writing the pluginName that the server originally gave to us, and so the server thinks we're trying to do what it wants to do I think....
Basically, if you don't write the pluginName back. Then the server responds with an AuthSwitchRequest and everything works great.
The dumb fix I guess is to NOT do this:
if (info.clientCapabilities & Capabilities.PLUGIN_AUTH)
If there wasn't a clear pluginName found up at the switch statement. I commented those lines out in my case, and it worked fine.
There's probably other ways of fixing this, but like I said I'm not an expert here... Only spent a few hours debugging. So any help would be appreciated.
Thanks!