Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix connection procedure auth-switch wrong plugin auth method. #582

Merged
merged 2 commits into from
Jun 21, 2017
Merged

Fix connection procedure auth-switch wrong plugin auth method. #582

merged 2 commits into from
Jun 21, 2017

Conversation

elemount
Copy link
Contributor

For AuthSwitch feature, mysql_native_password and mysql_old_password
should reply only 8-byte or 20-byte scrambled password without '\0'. Use '\0' will let MySQL server reply Error Code 1043 which means Bad HandShake.
Please see the https://web.archive.org/web/20170405005641/https://dev.mysql.com/doc/internals/en/secure-password-authentication.html .
Also see connections.py line 11130, which also responsed with no '\0'.

@elemount
Fix connection procedure auth-switch password.
f371dd5 
For AuthSwitch feature, mysql_native_password and mysql_old_password
should reply only 8-byte or 20-byte scrambled password without \0. So
fixed it.
@methane
Copy link
Member

methane commented Jun 20, 2017

Could you write test case for it?

@elemount
Copy link
Contributor Author

Hi @methane , I can not write a unit test for this scenario.
This is because the default auth plugin is only mysql_native_password and sha256_password, PyMySQL is not support sha256_password now. And auth switch took place when default auth plugin is not match the users. So I need start a new MySQL with default sha256, then create a native user. So the server say SHA256 then the client say SHA256, after that the server say native, then the client say native.

You may notice me that I recall the change of Old Passwrod plugin. This is for the code https://github.com/mysql/mysql-server/blob/5.6/sql/sql_acl.cc#L12129 which means the change is useless. But for Native Password Plugin, this change is needed. For https://github.com/mysql/mysql-server/blob/5.6/sql/sql_acl.cc#L12088

Also, in fact, we already have a UT which contains a path native_password switch to old_password during method testMySQLOldPasswordAuth.
My scenario is that I use a MySQL Proxy which have a native_password switch again native_password. But this fix is need when PyMySQL support SHA256. This is a real bug fix not a work around.

@methane methane merged commit ef91351 into PyMySQL:master Jun 21, 2017
@artparks
Copy link

artparks commented Nov 8, 2017

Can this be released? It seems to prevent this library connecting to Azure's hosted MySQL over SSL.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 2, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@elemount @methane @artparks