[MDEV-4574] Missing connection option MYSQL_ENABLE_CLEARTEXT_PLUGIN Created: 2013-05-24 Updated: 2013-06-13 Resolved: 2013-06-13 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | None |
| Affects Version/s: | 5.5.31 |
| Fix Version/s: | 5.5.32 |
| Type: | Bug | Priority: | Major |
| Reporter: | Honza Horak | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Environment: |
Linux |
||
| Issue Links: |
|
||||||||||||
| Description |
|
MySQL includes a connection option MYSQL_ENABLE_CLEARTEXT_PLUGIN since 5.5.27. The problem is that some other projects does quite dummy check at a time they want to use it, like mysql-connector-odbc-5.2.5-src/driver/connect.c:259 does:
MariaDB-5.5.31 doesn't include such connection option in its header file, which makes it incompatible from the mysql-connector-odbc-5.2.5 POV – the connector basically does not compile with mariadb-5.5.x. If there is a reason why mariadb doesn't include MYSQL_ENABLE_CLEARTEXT_PLUGIN, it should be at least properly documented in the header file. |
| Comments |
| Comment by Sergei Golubchik [ 2013-05-24 ] |
|
Okay, let's add it for compatibility reasons, but it won't do anything. The reason is — but we don't use MySQL's "cleartext" plugin. It is only useful for MySQL closed source PAM plugin. And that plugin has incomplete PAM implementation, that only allows pam modules to ask for a password. Our PAM plugin uses "dialog" plugin, and implements PAM fully, supporting any number of arbitrary prompts and questions. See https://kb.askmonty.org/en/pam-authentication-plugin/ and http://blog.mariadb.org/security-with-two-step-verification/ |
| Comment by Honza Horak [ 2013-05-24 ] |
|
I understand the reason and agree with including it just for compatibility reasons. The question is if it really is a NOP – we should just ensure that specifying it during connection won't break anything. |