Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2.5.4
-
Component/s: Authenticator
-
Labels:None
Description
hanshake response has different way to send password depending on capability
if (server_capabilities & PLUGIN_AUTH_LENENC_CLIENT_DATA)
|
* string<lenenc> authentication data
|
else if (server_capabilities & CLIENT_SECURE_CONNECTION)
|
* int<1> length of authentication response
|
* string<fix> authentication response (length is indicated by previous field)
|
else
|
* string<NUL> authentication response null ended
|
|
Maxscale doesn't seem to set PLUGIN_AUTH_LENENC_CLIENT_DATA capability. this might prevent using password with size > 256 if SSL is set.
In addition, this can permit using MySQL java connector, because it doesn't even follow it own protocol, but using :
if (server_capabilities & PLUGIN_AUTH_LENENC_CLIENT_DATA)
|
* string<lenenc> authentication data
|
else
|
* int<1> length of authentication response
|
* string<fix> authentication response (length is indicated by previous field)
|
|
so not setting PLUGIN_AUTH_LENENC_CLIENT_DATA results in sending length + password when maxscale expect password null ended.
