New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix handle AuthSwitch packet bug. #585
Conversation
MySQL documents annouce the AuthSwitch packet is contains with two component `auth_plugin_name` and `auth_data`, which `auth_data` is a string[EOF] string. But in fact it will return a string[NUL] string or can also say the string[EOF] is consist of a 20bytes string and a '\0' byte. Now we just follow the document which use those 21bytes as salt and that is not correct.
This fix is related with issue #584 . This is the auth switch error. conn = pymysql.connect(host='shuodlclient.mysql.database.azure.com', port=3306, user='mysqlaas@shuodlclient', passwd='test_PyMySQL', db='mysql') |
And this is also captured by mysqljs/mysql#1730 . @bgrainger notice that. |
Do you mean
|
I'm sorry, |
No, Azure just send the packet which MySQL server sent on auth switch stage.
No, do not use old_password
Not for azure, it is the fix for MySQL. Our PyMySQL do not even response correct AuthSwitch packet. All the default drivers like libmysqlclient and libmariadbclient will response correctly. A node-mysql2 and go-sql-driver/mysql also response correctly. I provide a Azure MySQL server for test because it is easy to repo by it. I can not just provide my local MySQL for you to repo it. It do something tricky by use native password and auth switch and use native password auth again, so it repo easily, but MySQL native server, start with sha256 and create a user with native password can repo it. |
Both MySQL and MariaDB has this document and behavior mismatch. mpvio->write_packet(mpvio, (uchar*)thd->scramble, SCRAMBLE_LENGTH + 1) So the response will contains string[NUL]. |
I have a way to repo.
CREATE USER 'nativeuser'@'localhost' IDENTIFIED WITH mysql_native_password;
SET old_passwords = 0;
SET PASSWORD FOR 'nativeuser'@'localhost' = PASSWORD('test');
GRANT ALL PRIVILEGES ON *.* TO 'nativeuser'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES
|
I don't want to pay my time for test it. |
You can notice old password encrypt use the scream length because it hint the error by auth switch. Or you can remove the length split of old password and run the tests. |
It's not good evidence, because two are different. |
MySQL documents annouce the AuthSwitch packet is contains with two
component
auth_plugin_name
andauth_data
, whichauth_data
isa string[EOF] string. But in fact it will return a string[NUL] string
or can also say the string[EOF] is consist of a 20bytes string and a '\0'
byte. Now we just follow the document which use those 21bytes as salt
and that is not correct.