Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication rework - draft2 - DONOTMERGE #4220

Draft
wants to merge 1 commit into
base: v2.x
Choose a base branch
from
Draft

Authentication rework - draft2 - DONOTMERGE #4220

wants to merge 1 commit into from

Conversation

renecannao
Copy link
Contributor

Support for caching_sha2_password .
New variable mysql-default_authentication_plugin .
Deprecate variable admin-hash_passwords #4218 .

Although fully functional, it is still a work in progress.

It also deprecate PR #4136

This was referenced May 14, 2023
Closed
Draft
@renecannao renecannao marked this pull request as draft May 14, 2023 21:48
github-advanced-security[bot]
github-advanced-security bot found potential problems May 14, 2023
View reviewed changes
lib/sha256crypt.cpp
sha256_init_ctx (&alt_ctx);

/* For every character in the password add the entire password. */
for (unsigned char cnta = 0; cnta < 16 + alt_result[0]; ++cnta)

Check failure

Code scanning / CodeQL

Comparison of narrow type with wide type in loop condition

Comparison between [cnta](1) of type unsigned char and [... + ...](2) of wider type int.
@renecannao
Copy link
Contributor Author

retest this please

1 similar comment
@renecannao
Copy link
Contributor Author

retest this please

@yakirgb
Copy link
Contributor

yakirgb commented Feb 15, 2024

@renecannao Is it will be global variable or per user ?
Because if doing migration of users from mysql_native_password to caching_sha2_password , we will do it user by user and not for all users together .

@renecannao
Copy link
Contributor Author

@yakirgb : the new variable MUST be global , not just because it is the "default" plugin, but because in MySQL protocol authentication, the server (proxysql in this case) is the first that specifies the default authentication method, even before the client sends its username.
That said, depending from how passwords are stored in mysql_users.password , user can use either mysql_native_password or caching_sha2_password . And proxysql can use the same or a different authentication method when connecting to the backend.

@yakirgb
Copy link
Contributor

yakirgb commented Feb 15, 2024

Thank you for the explain.

@mirostauder
Copy link
Collaborator

Can one of the admins verify this patch?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@renecannao @yakirgb @mirostauder