Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30840

"Auth Switch Request" is sent with a specific user

    XMLWordPrintable

Details

    Description

      Hello, in an absurdly strange way, depending on the username sent by the package, the server sends an Auth Switch Request to another plugin.

      For example, suppose I send a request with the following format:

      {{0000 62 00 00 01 08 82 28 01 ff ff ff ff 2d 00 00 00
      0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0020 00 00 00 00 72 61 6e 64 6f 6d 2d 75 73 65 72 2d
      0030 30 2e 35 33 31 38 35 32 39 39 39 37 38 38 32 32
      0040 39 32 00 00 6d 61 72 69 61 64 62 5f 61 6c 74 00
      0050 6d 79 73 71 6c 5f 6e 61 74 69 76 65 5f 70 61 73
      0060 73 77 6f 72 64 00}}

      • Capabilities base: 0x8209 (connect with database, speaks 4.1 protocol, can do 4.1 authentication)
      • Capabilities extended: 0x0128 (plugin auth, plugin auth LENENC client data, deprecate EOF)
      • Capabilities MariaDB: 0.
      • Max packet: 0xFFFFFFFF
      • Charset: 0x2D (utf8mb4_general_ci)
      • Username: random-user-0.5318529997882292
      • Schema: mariadb_alt
      • Client Auth Plugin: mysql_native_password

      In this case, the user submitted is "random-user-0.5318529997882292". And it works perfectly and I get an intentional ERR Packet saying the user doesn't exist:

      {{0000 61 00 00 02 ff 15 04 23 32 38 30 30 30 41 63 63
      0010 65 73 73 20 64 65 6e 69 65 64 20 66 6f 72 20 75
      0020 73 65 72 20 27 72 61 6e 64 6f 6d 2d 75 73 65 72
      0030 2d 30 2e 35 33 31 38 35 32 39 39 39 37 38 38 32
      0040 32 39 32 27 40 27 6c 6f 63 61 6c 68 6f 73 74 27
      0050 20 28 75 73 69 6e 67 20 70 61 73 73 77 6f 72 64
      0060 3y 20 4e 4f 29}}

      • Packet: ERR Packet (0xFF)
      • Error: 1045
      • SQL State: 28000
      • Message: Access denied for user 'random-user-0.5318529997882292'@'localhost' (using password: NO)

      However, if I send the user "random-user-0.5318529997882291" (same amount of data, I just changed the "2" at the end to "1"), the response is:

      {{0000 30 00 00 02 fe 63 6c 69 65 6e 74 5f 65 64 32 35
      0010 35 31 39 00 fa f4 86 95 e5 17 39 c6 c9 bd 66 b6
      0020 c4 34 08 32 4e f5 d5 1a a1 db 8b db bb fe 4c b5
      0030 1d 82 02 6a}}

      • Packet: EOF Packet (0xFE)
      • Auth Method Name: client_ed25519
      • Auth Method Data: (...)

      For some reason I don't know what it is, some usernames will request a different protocol than the required one, which in this case would be "mysql_native_password".

      Attachments

        Activity

          People

            serg Sergei Golubchik
            rentalhost David Rodrigues
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.