[MDEV-28059] COM_CHANGE_USER always responds with an AuthSwitchRequest packet Created: 2022-03-14  Updated: 2023-03-03

Status: Open
Project: MariaDB Server
Component/s: Authentication and Privilege System, Protocol
Affects Version/s: 10.4.24, 10.6.7
Fix Version/s: 10.4, 10.5, 10.6

Type: Bug Priority: Major
Reporter: markus makela Assignee: Oleksandr Byelkin
Resolution: Unresolved Votes: 0
Labels: None

Attachments: File change_user.cc    
Issue Links:
Problem/Incident
causes MXS-4046 Connection recycling is unnecessarily... Closed

 Description   

With 10.3, a successful COM_CHANGE_USER with the same plugin causes an OK packet to be sent. With 10.4, the same request always causes an AuthSwitchRequest to be sent. This causes an extra roundtrip with 10.4 that did not take place with 10.3.

I only tested with the 10.3, 10.4 and 10.6 docker images. I'll attach my test code in the issue.

Here's a network capture of a test run I did with one iteration:

#
 
# Here's the initial connection creation
 
#
 
T 127.0.0.1:3000 -> 127.0.0.1:35924 [AP] #4
 
  71 00 00 00 0a 35 2e 35    2e 35 2d 31 30 2e 36 2e    q....5.5.5-10.6.
 
  35 2d 4d 61 72 69 61 44    42 2d 31 3a 31 30 2e 36    5-MariaDB-1:10.6
 
  2e 35 2b 6d 61 72 69 61    7e 66 6f 63 61 6c 2d 6c    .5+maria~focal-l
 
  6f 67 00 54 00 00 00 5d    37 37 50 6a 46 5e 27 00    og.T...]77PjF^'.
 
  fe f7 2d 02 00 ff 81 15    00 00 00 00 00 00 1d 00    ..-.............
 
  00 00 44 5f 36 2d 7e 57    77 70 4b 67 43 5a 00 6d    ..D_6-~WwpKgCZ.m
 
  79 73 71 6c 5f 6e 61 74    69 76 65 5f 70 61 73 73    ysql_native_pass
 
  77 6f 72 64 00                                        word.           
##
 
T 127.0.0.1:35924 -> 127.0.0.1:3000 [AP] #6
 
  c5 00 00 01 8c a2 be 00    00 00 00 40 2d 00 00 00    ...........@-...
 
  00 00 00 00 00 00 00 00    00 00 00 00 00 00 00 00    ................
 
  1d 00 00 00 6d 61 78 75    73 65 72 00 14 f4 27 a1    ....maxuser...'.
 
  ca 2e 93 89 7c fa e5 d2    97 87 ef 16 cb 9d 8e 5d    ....|..........]
 
  a3 74 65 73 74 00 6d 79    73 71 6c 5f 6e 61 74 69    .test.mysql_nati
 
  76 65 5f 70 61 73 73 77    6f 72 64 00 6c 03 5f 6f    ve_password.l._o
 
  73 05 4c 69 6e 75 78 0c    5f 63 6c 69 65 6e 74 5f    s.Linux._client_
 
  6e 61 6d 65 0a 6c 69 62    6d 61 72 69 61 64 62 04    name.libmariadb.
 
  5f 70 69 64 06 31 34 36    32 30 32 0f 5f 63 6c 69    _pid.146202._cli
 
  65 6e 74 5f 76 65 72 73    69 6f 6e 05 33 2e 32 2e    ent_version.3.2.
 
  35 09 5f 70 6c 61 74 66    6f 72 6d 06 78 38 36 5f    5._platform.x86_
 
  36 34 0c 5f 73 65 72 76    65 72 5f 68 6f 73 74 09    64._server_host.
 
  31 32 37 2e 30 2e 30 2e    31                         127.0.0.1       
##
 
T 127.0.0.1:3000 -> 127.0.0.1:35924 [AP] #8
 
  10 00 00 02 00 00 00 02    40 00 00 00 07 01 05 04    ........@.......
 
  74 65 73 74                                           test            
##
 
#
 
# This is the COM_CHANGE_USER part
 
#
 
T 127.0.0.1:35924 -> 127.0.0.1:3000 [AP] #10
 
  a8 00 00 00 11 6d 61 78    75 73 65 72 00 14 f4 27    .....maxuser...'
 
  a1 ca 2e 93 89 7c fa e5    d2 97 87 ef 16 cb 9d 8e    .....|..........
 
  5d a3 74 65 73 74 00 2d    00 6d 79 73 71 6c 5f 6e    ].test.-.mysql_n
 
  61 74 69 76 65 5f 70 61    73 73 77 6f 72 64 00 6c    ative_password.l
 
  03 5f 6f 73 05 4c 69 6e    75 78 0c 5f 63 6c 69 65    ._os.Linux._clie
 
  6e 74 5f 6e 61 6d 65 0a    6c 69 62 6d 61 72 69 61    nt_name.libmaria
 
  64 62 04 5f 70 69 64 06    31 34 36 32 30 32 0f 5f    db._pid.146202._
 
  63 6c 69 65 6e 74 5f 76    65 72 73 69 6f 6e 05 33    client_version.3
 
  2e 32 2e 35 09 5f 70 6c    61 74 66 6f 72 6d 06 78    .2.5._platform.x
 
  38 36 5f 36 34 0c 5f 73    65 72 76 65 72 5f 68 6f    86_64._server_ho
 
  73 74 09 31 32 37 2e 30    2e 30 2e 31                st.127.0.0.1    
##
 
T 127.0.0.1:3000 -> 127.0.0.1:35924 [AP] #12
 
  2c 00 00 01 fe 6d 79 73    71 6c 5f 6e 61 74 69 76    ,....mysql_nativ
 
  65 5f 70 61 73 73 77 6f    72 64 00 5d 37 37 50 6a    e_password.]77Pj
 
  46 5e 27 44 5f 36 2d 7e    57 77 70 4b 67 43 5a 00    F^'D_6-~WwpKgCZ.
 
##
 
T 127.0.0.1:35924 -> 127.0.0.1:3000 [AP] #14
 
  14 00 00 02 f4 27 a1 ca    2e 93 89 7c fa e5 d2 97    .....'.....|....
 
  87 ef 16 cb 9d 8e 5d a3                               ......].        
##
 
T 127.0.0.1:3000 -> 127.0.0.1:35924 [AP] #16
 
  10 00 00 03 00 00 00 02    40 00 00 00 07 01 05 04    ........@.......
 
  74 65 73 74                                           test            
##
 
#
 
# This is COM_RESET_CONNECTION
 
#
 
T 127.0.0.1:35924 -> 127.0.0.1:3000 [AP] #18
 
  01 00 00 00 1f                                        .....           
##
 
T 127.0.0.1:3000 -> 127.0.0.1:35924 [AP] #20
 
  07 00 00 01 00 00 00 02    00 00 00                   ...........     
##
 
#
 
# Connection is closed with COM_QUIT
 
#
 
T 127.0.0.1:35924 -> 127.0.0.1:3000 [AP] #22
 
  01 00 00 00 01                                        .....

This shows that it ends up using the same scramble for the AuthSwitchRequest.

 Comments   
Comment by Sergei Golubchik [ 2022-03-17 ]

a guess, from looking at the code: it's caused by multi-auth, introduced in 10.4. The server needs an AuthSwitchRequest when switching to the next plugin to try. supposedly that works too eagerly even when it's not needed, in change user and first plugin

Generated at Thu Feb 08 09:57:44 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.