Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4574

Missing connection option MYSQL_ENABLE_CLEARTEXT_PLUGIN

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 5.5.31
    • 5.5.32
    • None
    • None
    • Linux

    Description

      MySQL includes a connection option MYSQL_ENABLE_CLEARTEXT_PLUGIN since 5.5.27. The problem is that some other projects does quite dummy check at a time they want to use it, like mysql-connector-odbc-5.2.5-src/driver/connect.c:259 does:

      #if (MYSQL_VERSION_ID >= 50527 && MYSQL_VERSION_ID < 50600) || MYSQL_VERSION_ID >= 50607

      MariaDB-5.5.31 doesn't include such connection option in its header file, which makes it incompatible from the mysql-connector-odbc-5.2.5 POV – the connector basically does not compile with mariadb-5.5.x.

      If there is a reason why mariadb doesn't include MYSQL_ENABLE_CLEARTEXT_PLUGIN, it should be at least properly documented in the header file.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONC-25 support for mysql cleartext plugin

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-4636 use mysql_cleartext_plugin from auth_pam

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            serg Sergei Golubchik added a comment -

            Okay, let's add it for compatibility reasons, but it won't do anything.

            The reason is — but we don't use MySQL's "cleartext" plugin. It is only useful for MySQL closed source PAM plugin. And that plugin has incomplete PAM implementation, that only allows pam modules to ask for a password.

            Our PAM plugin uses "dialog" plugin, and implements PAM fully, supporting any number of arbitrary prompts and questions. See https://kb.askmonty.org/en/pam-authentication-plugin/ and http://blog.mariadb.org/security-with-two-step-verification/

            serg Sergei Golubchik added a comment - Okay, let's add it for compatibility reasons, but it won't do anything. The reason is — but we don't use MySQL's "cleartext" plugin. It is only useful for MySQL closed source PAM plugin. And that plugin has incomplete PAM implementation, that only allows pam modules to ask for a password. Our PAM plugin uses "dialog" plugin, and implements PAM fully, supporting any number of arbitrary prompts and questions. See https://kb.askmonty.org/en/pam-authentication-plugin/ and http://blog.mariadb.org/security-with-two-step-verification/
            hhorak Honza Horak added a comment -

            I understand the reason and agree with including it just for compatibility reasons. The question is if it really is a NOP – we should just ensure that specifying it during connection won't break anything.

            hhorak Honza Horak added a comment - I understand the reason and agree with including it just for compatibility reasons. The question is if it really is a NOP – we should just ensure that specifying it during connection won't break anything.

            People

              serg Sergei Golubchik
              hhorak Honza Horak
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.