Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth refactoring and bug fixes #807

Merged
merged 20 commits into from
May 29, 2018
Merged

Auth refactoring and bug fixes #807

merged 20 commits into from
May 29, 2018

Conversation

julienschmidt
Copy link
Member

@julienschmidt julienschmidt commented May 24, 2018
edited
Loading

Description

This PR refactors the existing auth code and separates it from other code (currently the auth code is spread over driver.go, utils.go and packets.go. This refactoring also serves as a preparation for adding more auth plugins, such as sha256_password (#625) or dialog (#803) and an exported interface for adding custom auth plugins, as proposed in #552.

It further fixes many bugs: the following new tests fail when backported to the old code (see https://travis-ci.org/go-sql-driver/mysql/jobs/383270883):

--- FAIL: TestAuthFastCachingSHA256PasswordEmpty (0.00s)
	auth_test.go:118: got error: malformed packet
--- FAIL: TestAuthFastCleartextPasswordNotAllowed (0.00s)
	auth_test.go:235: expected ErrCleartextPassword, got unknown authentication plugin name 'mysql_clear_password'
--- FAIL: TestAuthFastCleartextPassword (0.00s)
	auth_test.go:251: unknown authentication plugin name 'mysql_clear_password'
--- FAIL: TestAuthFastCleartextPasswordEmpty (0.00s)
	auth_test.go:289: unknown authentication plugin name 'mysql_clear_password'
--- FAIL: TestAuthFastNativePasswordNotAllowed (0.00s)
	auth_test.go:328: expected ErrNativePassword, got <nil>
--- FAIL: TestAuthSwitchCachingSHA256PasswordCached (0.00s)
	auth_test.go:428: got error: this authentication plugin is not supported
	auth_test.go:438: got unexpected data: []
--- FAIL: TestAuthSwitchCachingSHA256PasswordEmpty (0.00s)
	auth_test.go:461: got error: this authentication plugin is not supported
	auth_test.go:466: got unexpected data: []
--- FAIL: TestAuthSwitchCachingSHA256PasswordFullRSA (0.00s)
	auth_test.go:497: got error: this authentication plugin is not supported
	auth_test.go:513: got unexpected data: []
--- FAIL: TestAuthSwitchCachingSHA256PasswordFullSecure (0.00s)
	auth_test.go:543: got error: this authentication plugin is not supported
	auth_test.go:556: got unexpected data: []

This PR is partially based on the work done in #552.

Fixes #806

Checklist

  • Code compiles correctly
  • Created tests which fail without the change (if possible)
  • All tests passing
  • Extended the README / documentation, if necessary
  • Added myself / the copyright holder to the AUTHORS file

@julienschmidt
log missing auth plugin name
d6fe90f 
Updates #795
@julienschmidt
refactor auth handling
36c70eb
@julienschmidt
auth: fix AllowNativePasswords
cf52770
@julienschmidt
auth: remove plugin name print
f3b65ae
@julienschmidt
packets: attempt to fix writePublicKeyAuthPacket
eb54ab9
@julienschmidt
packets: do not NUL-terminate auth switch packets
86adb9b
@julienschmidt
move handleAuthResult to auth
ceb1236
@julienschmidt
add old_password auth tests
fa931ce
@julienschmidt
auth: add empty old_password test
66f8d59
@julienschmidt
auth: add cleartext auth tests
de51fdd
@julienschmidt
auth: add native auth tests
d0d482d
@julienschmidt
auth: add caching_sha2 tests
9be743a
@julienschmidt
rename init and auth packets to documented names
7242d1e
@julienschmidt
auth: fix plugin name for switched auth methods
d09ac83
@julienschmidt
buffer: optimize default branches
fba0ad9
@julienschmidt
auth: add tests for switch to caching sha2
f252087
@julienschmidt
auth: add tests for switch to cleartext password
a27458c
@julienschmidt
auth: add tests for switch to native password
caae030
@julienschmidt julienschmidt added this to the v1.4.0 milestone May 24, 2018
@julienschmidt julienschmidt requested a review from methane May 24, 2018 16:17
@julienschmidt julienschmidt mentioned this pull request May 24, 2018
Closed
@julienschmidt julienschmidt mentioned this pull request May 25, 2018
Merged
5 tasks
@julienschmidt julienschmidt changed the title Auth refactoring Auth refactoring and bug fixes May 25, 2018
@julienschmidt
Copy link
Member Author

julienschmidt commented May 26, 2018
edited
Loading

@arnehormann @methane I know this is a huge changeset to review, but it would be great if you would find time to do so soon. Much of it is just moved code and very similar tests anyway. This PR and the follow-up PR #808 should make the auth system much more stable and fix several currently existing bugs.
These two PRs are the only remaining planned changes before the v1.4.0 release (except the changelog itself).

julienschmidt
julienschmidt commented May 26, 2018
View reviewed changes
auth.go
return message1
}

func (mc *mysqlConn) auth(authData []byte, plugin string) ([]byte, bool, error) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The actual changes start here. The code above was moved from utils.go

@julienschmidt julienschmidt mentioned this pull request May 27, 2018
Merged
2 tasks
arvenil added a commit to percona/qan-agent that referenced this pull request May 28, 2018
@arvenil
Let's try go-sql-driver/mysql#807
e2ad82f
methane
methane requested changes May 29, 2018
View reviewed changes
packets.go Outdated
return readAuthSwitch(data)
if len(data) > 1 {
pluginEndIndex := bytes.IndexByte(data, 0x00)
plugin := string(data[1:pluginEndIndex])
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

if pluginEndIndex < 0 {
    return nil, "", errors.New("invalid AuthSwitchRequest packet")
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PTAL

packets.go
copy(b[:], cipher)
return b[:], pluginName, nil
copy(b[:], authData)
return b[:], plugin, nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

b instead of b[:]. (While old code was same...)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

copy requires slices as parameters but b is an array and not a slice.

@arvenil
Copy link
Contributor

arvenil commented May 29, 2018

Just FYI. I've used master and this PR in one of our repos and some tests on master failed with malformed packet but this PR seems to fix the issues and now tests pass. I didn't dig what really in this PR fixed it but clearly for us it works ;) Thanks for great work.

@julienschmidt julienschmidt merged commit affd4c9 into master May 29, 2018
@zwpaper zwpaper mentioned this pull request May 30, 2018
Closed
julienschmidt added a commit that referenced this pull request May 31, 2018
@julienschmidt
Auth refactoring and bug fixes (#807)
6780ecf 
* log missing auth plugin name

* refactor auth handling

* auth: fix AllowNativePasswords

* auth: remove plugin name print

* packets: attempt to fix writePublicKeyAuthPacket

* packets: do not NUL-terminate auth switch packets

* move handleAuthResult to auth

* add old_password auth tests

* auth: add empty old_password test

* auth: add cleartext auth tests

* auth: add native auth tests

* auth: add caching_sha2 tests

* rename init and auth packets to documented names

* auth: fix plugin name for switched auth methods

* buffer: optimize default branches

* auth: add tests for switch to caching sha2

* auth: add tests for switch to cleartext password

* auth: add tests for switch to native password

* auth: sync NUL termination with official connectors

* packets: handle missing NUL bytes in AuthSwitchRequests

Updates #795
@julienschmidt julienschmidt deleted the auth_refactoring branch October 2, 2018 18:42
This was referenced Mar 8, 2019
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@methane methane methane approved these changes

Assignees
No one assigned
Labels
bug enhancement
Projects
None yet
Milestone
v1.4.0
Development

Successfully merging this pull request may close these issues.

Missing plugin name leads to panic
3 participants
@julienschmidt @arvenil @methane