Skip to content

/ mysql

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth refactoring and bug fixes #807

Merged
merged 20 commits into from May 29, 2018
Merged

Auth refactoring and bug fixes #807

merged 20 commits into from May 29, 2018
+1,294 −461

Conversation

@julienschmidt
Copy link
Member

@julienschmidt julienschmidt commented May 24, 2018
edited

Description

This PR refactors the existing auth code and separates it from other code (currently the auth code is spread over driver.go, utils.go and packets.go. This refactoring also serves as a preparation for adding more auth plugins, such as sha256_password (#625) or dialog (#803) and an exported interface for adding custom auth plugins, as proposed in #552.

It further fixes many bugs: the following new tests fail when backported to the old code (see https://travis-ci.org/go-sql-driver/mysql/jobs/383270883):

--- FAIL: TestAuthFastCachingSHA256PasswordEmpty (0.00s)
	auth_test.go:118: got error: malformed packet
--- FAIL: TestAuthFastCleartextPasswordNotAllowed (0.00s)
	auth_test.go:235: expected ErrCleartextPassword, got unknown authentication plugin name 'mysql_clear_password'
--- FAIL: TestAuthFastCleartextPassword (0.00s)
	auth_test.go:251: unknown authentication plugin name 'mysql_clear_password'
--- FAIL: TestAuthFastCleartextPasswordEmpty (0.00s)
	auth_test.go:289: unknown authentication plugin name 'mysql_clear_password'
--- FAIL: TestAuthFastNativePasswordNotAllowed (0.00s)
	auth_test.go:328: expected ErrNativePassword, got <nil>
--- FAIL: TestAuthSwitchCachingSHA256PasswordCached (0.00s)
	auth_test.go:428: got error: this authentication plugin is not supported
	auth_test.go:438: got unexpected data: []
--- FAIL: TestAuthSwitchCachingSHA256PasswordEmpty (0.00s)
	auth_test.go:461: got error: this authentication plugin is not supported
	auth_test.go:466: got unexpected data: []
--- FAIL: TestAuthSwitchCachingSHA256PasswordFullRSA (0.00s)
	auth_test.go:497: got error: this authentication plugin is not supported
	auth_test.go:513: got unexpected data: []
--- FAIL: TestAuthSwitchCachingSHA256PasswordFullSecure (0.00s)
	auth_test.go:543: got error: this authentication plugin is not supported
	auth_test.go:556: got unexpected data: []

This PR is partially based on the work done in #552.

Fixes #806

Checklist

  • Code compiles correctly
  • Created tests which fail without the change (if possible)
  • All tests passing
  • Extended the README / documentation, if necessary
  • Added myself / the copyright holder to the AUTHORS file
julienschmidt added 18 commits May 21, 2018
@julienschmidt
log missing auth plugin name
d6fe90f 
Updates #795
@julienschmidt
refactor auth handling
36c70eb
@julienschmidt
auth: fix AllowNativePasswords
cf52770
@julienschmidt
auth: remove plugin name print
f3b65ae
@julienschmidt
packets: attempt to fix writePublicKeyAuthPacket
eb54ab9
@julienschmidt
packets: do not NUL-terminate auth switch packets
86adb9b
@julienschmidt
move handleAuthResult to auth
ceb1236
@julienschmidt
add old_password auth tests
fa931ce
@julienschmidt
auth: add empty old_password test
66f8d59
@julienschmidt
auth: add cleartext auth tests
de51fdd
@julienschmidt
auth: add native auth tests
Loading status checks…
d0d482d
@julienschmidt
auth: add caching_sha2 tests
Loading status checks…
9be743a
@julienschmidt
rename init and auth packets to documented names
Loading status checks…
7242d1e
@julienschmidt
auth: fix plugin name for switched auth methods
d09ac83
@julienschmidt
buffer: optimize default branches
fba0ad9
@julienschmidt
auth: add tests for switch to caching sha2
Loading status checks…
f252087
@julienschmidt
auth: add tests for switch to cleartext password
a27458c
@julienschmidt
auth: add tests for switch to native password
Loading status checks…
caae030
@julienschmidt julienschmidt added this to the v1.4.0 milestone May 24, 2018
@julienschmidt julienschmidt requested a review from methane May 24, 2018
@julienschmidt julienschmidt mentioned this pull request May 24, 2018
Closed
@julienschmidt
auth: sync NUL termination with official connectors
Loading status checks…
8985303
@julienschmidt julienschmidt force-pushed the auth_refactoring branch from 0dcbff2 to 8985303 May 25, 2018
@julienschmidt julienschmidt mentioned this pull request May 25, 2018
Merged
5 of 5 tasks complete
@julienschmidt julienschmidt changed the title Auth refactoring Auth refactoring and bug fixes May 25, 2018
@julienschmidt
Copy link
Member Author

@julienschmidt julienschmidt commented May 26, 2018
edited

@arnehormann @methane I know this is a huge changeset to review, but it would be great if you would find time to do so soon. Much of it is just moved code and very similar tests anyway. This PR and the follow-up PR #808 should make the auth system much more stable and fix several currently existing bugs.
These two PRs are the only remaining planned changes before the v1.4.0 release (except the changelog itself).
@julienschmidt
julienschmidt reviewed May 26, 2018
View changes
auth.go
return message1
}

func (mc *mysqlConn) auth(authData []byte, plugin string) ([]byte, bool, error) {

This comment has been minimized.

Sign in to view
@julienschmidt

julienschmidt May 26, 2018
Author Member

The actual changes start here. The code above was moved from utils.go
@julienschmidt julienschmidt mentioned this pull request May 27, 2018
Merged
2 of 2 tasks complete
arvenil added a commit to percona/qan-agent that referenced this pull request May 28, 2018
@arvenil
Let's try go-sql-driver/mysql#807
Verified
This commit was signed with a verified signature.
arvenil Kamil Dziedzic
GPG key ID: 9B2A8BE32C07EA6C Learn about signing commits
Loading status checks…
e2ad82f
@methane
methane requested changes May 29, 2018
View changes
packets.go Outdated
return readAuthSwitch(data)
if len(data) > 1 {
pluginEndIndex := bytes.IndexByte(data, 0x00)
plugin := string(data[1:pluginEndIndex])

This comment has been minimized.

Sign in to view
@methane

methane May 29, 2018
Member 

if pluginEndIndex < 0 {
    return nil, "", errors.New("invalid AuthSwitchRequest packet")
}

This comment has been minimized.

Sign in to view
@julienschmidt

julienschmidt May 29, 2018
Author Member

PTAL
packets.go
copy(b[:], cipher)
return b[:], pluginName, nil
copy(b[:], authData)
return b[:], plugin, nil

This comment has been minimized.

Sign in to view
@methane

methane May 29, 2018
Member

b instead of b[:]. (While old code was same...)

This comment has been minimized.

Sign in to view
@julienschmidt

julienschmidt May 29, 2018
Author Member

copy requires slices as parameters but b is an array and not a slice.
@arvenil
Copy link
Contributor

@arvenil arvenil commented May 29, 2018

Just FYI. I've used master and this PR in one of our repos and some tests on master failed with malformed packet but this PR seems to fix the issues and now tests pass. I didn't dig what really in this PR fixed it but clearly for us it works ;) Thanks for great work.
@julienschmidt
packets: handle missing NUL bytes in AuthSwitchRequests
Loading status checks…
2846c61
@methane
methane approved these changes May 29, 2018
View changes
@julienschmidt julienschmidt merged commit affd4c9 into master May 29, 2018
4 checks passed
4 checks passed
WIP ready for review
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
coverage/coveralls Coverage increased (+2.2%) to 79.21%
Details
@zwpaper zwpaper mentioned this pull request May 30, 2018
Closed
julienschmidt added a commit that referenced this pull request May 31, 2018
@julienschmidt
Auth refactoring and bug fixes (#807)
6780ecf 
* log missing auth plugin name

* refactor auth handling

* auth: fix AllowNativePasswords

* auth: remove plugin name print

* packets: attempt to fix writePublicKeyAuthPacket

* packets: do not NUL-terminate auth switch packets

* move handleAuthResult to auth

* add old_password auth tests

* auth: add empty old_password test

* auth: add cleartext auth tests

* auth: add native auth tests

* auth: add caching_sha2 tests

* rename init and auth packets to documented names

* auth: fix plugin name for switched auth methods

* buffer: optimize default branches

* auth: add tests for switch to caching sha2

* auth: add tests for switch to cleartext password

* auth: add tests for switch to native password

* auth: sync NUL termination with official connectors

* packets: handle missing NUL bytes in AuthSwitchRequests

Updates #795
@julienschmidt julienschmidt deleted the auth_refactoring branch Oct 2, 2018
This was referenced Mar 8, 2019
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@methane methane

Assignees
No one assigned
Labels
bug enhancement
Projects
None yet
Milestone
v1.4.0
Linked issues

Successfully merging this pull request may close these issues.

Missing plugin name leads to panic
3 participants
@julienschmidt @arvenil @methane