Support caching_sha2_password authentication mode
#358
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
b68c826 to
8ac79ea
Compare
8ac79ea to
6873171
Compare
KarboniteKream
commented
Jan 15, 2023
...c/src/main/java/com/github/jasync/sql/db/mysql/decoder/AuthenticationSwitchRequestDecoder.kt
Outdated
Show resolved
Hide resolved
mysql-async/src/main/java/com/github/jasync/sql/db/mysql/codec/MySQLFrameDecoder.kt
Show resolved
Hide resolved
There was a problem hiding this comment.
Workaround for a breaking change in MySQL 8.0. Reference
|
@oshai Ready for review. Please take a look when you have time. |
oshai
reviewed
Jan 15, 2023
mysql-async/src/main/java/com/github/jasync/sql/db/mysql/codec/MySQLFrameDecoder.kt
Show resolved
Hide resolved
...nc/src/main/java/com/github/jasync/sql/db/mysql/encoder/auth/Sha256PasswordAuthentication.kt
Outdated
Show resolved
Hide resolved
I'll try to add something to cover all of them. 👍 |
KarboniteKream
commented
Jan 15, 2023
Comment on lines
+17
to
+23
| // The native authentication handshake will provide a 20-byte challenge. | ||
| // Use the first 8 bytes as the old password authentication challenge. | ||
| val challenge = if (seed.length == 20) { | ||
| seed.copyOf(8) | ||
| } else { | ||
| seed | ||
| } |
There was a problem hiding this comment.
Without this, a "bad handshake" error is thrown. Reference
If the server announces Native Authentication in the
Protocol::Handshakepacket the client may use the first 8 bytes of its 20-byte auth_plugin_data as input.
|
Let me know once it's ready, thanks! |
|
Ready for another review! I've added a TODO, which I'll resolve in the next PR. |
|
LGTM! |
|
Thanks for the effort! Released 2.1.12 with the PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR implements partial support for
caching_sha2_passwordmode. Closes #297.Specifically, it supports the fast authentication path, while the full authentication path is over SSL only.
See
priority #1described on this page. This should hopefully cover the majority of cases using this authentication mode. I'll try to implement the rest in a separate PR.Detailed changes
CachingSha2PasswordAuthenticationandSha256PasswordAuthentication.AuthMoreDataMessageand the necessary decoders. This is required to switch from fast to full authentication mode when the password is not cached yet on the server.AuthenticationSwitchRequestto consume all bytes.OldPasswordAuthenticationto handle native authentication handshakes.