[#MXS-4758] COM_CHANGE_USER between different authenticators fail if done right after login

[MXS-4758] COM_CHANGE_USER between different authenticators fail if done right after login Created: 2023-09-13 Updated: 2023-09-13
Status:	Open
Project:	MariaDB MaxScale
Component/s:	Authenticator
Affects Version/s:	23.08.1
Fix Version/s:	None

Type:

Bug

Priority:

Minor

Reporter:

Esa Korhonen

Assignee:

Unassigned

Resolution:

Unresolved

Votes:

Labels:

None

Issue Links:

Relates
relates to	~~MXS-4731~~	COM_CHANGE_USER support for all authe...	Closed

Description

If client performs COM_CHANGE_USER quickly after login the MaxScale backend protocol may use the wrong authenticator module if the COM_CHANGE_USER changes authenticator.

This happens because client protocol completes COM_CHANGE_USER and modifies session-global authentication data (new username & pw) while backend is still initiating tcp connection to server. The backend authenticator module (m_authenticator-field) has already been generated and is for the original module. Next, backend protocol will generate handshake response with the new username & pw, and these only work with the new authenticator module.

To fix this, backend protocol will need to "save" authentication data when generating m_authenticator so that the two are always in sync. How this is exactly implemented is left for later.

Generated at Thu Feb 08 04:30:56 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-4758] COM_CHANGE_USER between different authenticators fail if done right after login Created: 2023-09-13 Updated: 2023-09-13