List:Commits« Previous MessageNext Message »
From:Georgi Kodinov Date:October 27 2010 8:41am
Subject:bzr commit into mysql-5.5-bugteam branch (Georgi.Kodinov:3101) Bug#57689
View as plain text  
#At file:///Users/kgeorge/mysql/work/B57689-5.5-bugteam/ based on revid:gkodinov@stripped

 3101 Georgi Kodinov	2010-10-25
      Bug #57689: mysql_change_user() breaks user connection on older clients
      
      COM_CHANGE_USER was always handled like an implicit request to change the
      client plugin, so that the client can re-use the same code path for both normal 
      login and COM_CHANGE_USER. However this doesn't really work well with old 
      clients because they don't understand the request to change a client plugin.
      
      Fixed by implementing a special state in the code (and old client issuing 
      COM_CHANGE_USER). In this state the server parses the COM_CHANGE_USER 
      package and pushes back the password hash, the user name and the database 
      to the input stream in the same order that the native password server side plugin 
      expects. As a result it replies with an OK/FAIL just like the old server does thus
      making the new server compatible with older clients.
      
      No test case added, since it would requre an old client binary. Tested using 
      accounts with and without passwords. Tested with a correct and incorrect 
      password.

    modified:
      sql/sql_acl.cc
=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc	2010-10-20 19:02:59 +0000
+++ b/sql/sql_acl.cc	2010-10-25 15:11:58 +0000
@@ -8091,6 +8091,24 @@ static bool send_plugin_request_packet(M
     DBUG_RETURN (1);
   }
 
+  /*
+    If we're dealing with an older client we can't just send a change plugin
+    packet to re-initiate the authentication handshake, because the client 
+    won't understand it. The good thing is that we don't need to : the old client
+    expects us to just check the user credentials here, which we can do by just reading
+    the cached data that are placed there by parse_com_change_user_packet() 
+    In this case we just do nothing and behave as if normal authentication
+    should continue.
+  */
+  if (!(mpvio->client_capabilities & CLIENT_PLUGIN_AUTH))
+  {
+    DBUG_PRINT("info", ("old client sent a COM_CHANGE_USER"));
+    DBUG_ASSERT(mpvio->cached_client_reply.pkt);
+    /* get the status back so the read can process the cached result */
+    mpvio->status= MPVIO_EXT::RESTART; 
+    DBUG_RETURN(0);
+  }
+
   DBUG_PRINT("info", ("requesting client to use the %s plugin", 
                       client_auth_plugin));
   DBUG_RETURN(net_write_command(net, switch_plugin_request_buf[0],
@@ -8574,8 +8592,16 @@ static int server_mpvio_write_packet(MYS
   int res;
 
   DBUG_ENTER("server_mpvio_write_packet");
-  /* reset cached_client_reply */
-  mpvio->cached_client_reply.pkt= 0;
+  /* 
+    Reset cached_client_reply if not an old client doing mysql_change_user, 
+    as this is where the password from COM_CHANGE_USER is stored.
+  */
+  if (!((!(mpvio->client_capabilities & CLIENT_PLUGIN_AUTH)) && 
+        mpvio->status == MPVIO_EXT::RESTART &&
+        mpvio->cached_client_reply.plugin == 
+        ((st_mysql_auth *) (plugin_decl(mpvio->plugin)->info))->client_auth_plugin
+        ))
+    mpvio->cached_client_reply.pkt= 0;
   /* for the 1st packet we wrap plugin data into the handshake packet */
   if (mpvio->packets_written == 0)
     res= send_server_handshake_packet(mpvio, (char*) packet, packet_len);
@@ -8641,6 +8667,15 @@ static int server_mpvio_read_packet(MYSQ
       mpvio->packets_read++;
       DBUG_RETURN ((int) mpvio->cached_client_reply.pkt_len);
     }
+
+    /* older clients don't support change of client plugin request */
+    if (!(mpvio->client_capabilities & CLIENT_PLUGIN_AUTH))
+    {
+      mpvio->status= MPVIO_EXT::FAILURE;
+      pkt_len= packet_error;
+      goto err;
+    }
+
     /*
       But if the client has used the wrong plugin, the cached data are
       useless. Furthermore, we have to send a "change plugin" request


Attachment: [text/bzr-bundle] bzr/georgi.kodinov@oracle.com-20101025151158-2vo6z5jcpdnzes7m.bundle
Thread
bzr commit into mysql-5.5-bugteam branch (Georgi.Kodinov:3101) Bug#57689Georgi Kodinov27 Oct