Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-4758

COM_CHANGE_USER between different authenticators fail if done right after login

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • 23.08.1
    • 24.08.0
    • Authenticator
    • None
    • MXS-SPRINT-211

    Description

      If client performs COM_CHANGE_USER quickly after login the MaxScale backend protocol may use the wrong authenticator module if the COM_CHANGE_USER changes authenticator.

      This happens because client protocol completes COM_CHANGE_USER and modifies session-global authentication data (new username & pw) while backend is still initiating tcp connection to server. The backend authenticator module (m_authenticator-field) has already been generated and is for the original module. Next, backend protocol will generate handshake response with the new username & pw, and these only work with the new authenticator module.

      To fix this, backend protocol will need to "save" authentication data when generating m_authenticator so that the two are always in sync. How this is exactly implemented is left for later.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MXS-4731 COM_CHANGE_USER support for all authenticators

          • Major - Major loss of function.
          • Closed

          Activity

            People

              markus makela markus makela
              esa.korhonen Esa Korhonen
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.