[MXS-3160] PLUGIN_AUTH_LENENC_CLIENT_DATA capability not set Created: 2020-09-07  Updated: 2020-09-08  Resolved: 2020-09-08

Status: Closed
Project: MariaDB MaxScale
Component/s: Authenticator
Affects Version/s: None
Fix Version/s: 2.5.4

Type: Bug Priority: Major
Reporter: Diego Dupin Assignee: markus makela
Resolution: Fixed Votes: 1
Labels: None

Attachments: PNG File greetings.png    

 Description   

hanshake response has different way to send password depending on capability 

if (server_capabilities & PLUGIN_AUTH_LENENC_CLIENT_DATA)
 
*  string<lenenc> authentication data
 
else if (server_capabilities & CLIENT_SECURE_CONNECTION)
 
*  int<1> length of authentication response
 
*  string<fix> authentication response (length is indicated by previous field)
 
else
 
*  string<NUL> authentication response null ended

Maxscale doesn't seem to set PLUGIN_AUTH_LENENC_CLIENT_DATA capability. this might prevent using password with size > 256 if SSL is set.

In addition, this can permit using MySQL java connector, because it doesn't even follow it own protocol, but using : 

if (server_capabilities & PLUGIN_AUTH_LENENC_CLIENT_DATA)
 
*  string<lenenc> authentication data
 
else 
*  int<1> length of authentication response
 
*  string<fix> authentication response (length is indicated by previous field)

so not setting PLUGIN_AUTH_LENENC_CLIENT_DATA results in sending length + password when maxscale expect password null ended.



 Comments   
Comment by markus makela [ 2020-09-08 ]

This should be fixed in 2.5.0.

Comment by Diego Dupin [ 2020-09-08 ]

it is not using 2.5.3 :

Comment by markus makela [ 2020-09-08 ]

My apologies, I didn't think to check what the capabilities that MaxScale sends were. I assumed the problem was in the code that processed the client capabilities.

Generated at Thu Feb 08 04:19:23 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.