Skip to content

Commit

Permalink
Use caching_sha2_password for proxy auth
Browse files Browse the repository at this point in the history
Up until now, mysql_native_password was used for auth. This is however
removed in MySQL 9.x and this is the default that Homebrew installs on
MacOS.

While we can also try to deal with installing older versions on MacOS,
alternatively we update the auth for the proxy to
caching_sha2_password.

The one thing that this breaks is very old MySQL 5.7 clients. Anything
older than MySQL 5.7.23 (released 2018-07-27) would break with this. We
don't really support 5.7 for the proxy anyway though.

Signed-off-by: Dirkjan Bussink <[email protected]>
  • Loading branch information
dbussink committed Oct 9, 2024
1 parent 61feaf3 commit 0ede5f4
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 1 deletion.
43 changes: 43 additions & 0 deletions authserver.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
package psdbproxy

import (
"net"

"vitess.io/vitess/go/mysql"
querypb "vitess.io/vitess/go/vt/proto/query"
)

// authServerNone takes all comers.
type authServerNone struct{}

type noneGetter struct{}

func (a *authServerNone) UserEntryWithPassword(conn *mysql.Conn, user string, password string, remoteAddr net.Addr) (mysql.Getter, error) {
return &noneGetter{}, nil
}

func (a *authServerNone) UserEntryWithCacheHash(conn *mysql.Conn, salt []byte, user string, authResponse []byte, remoteAddr net.Addr) (mysql.Getter, mysql.CacheState, error) {
return &noneGetter{}, mysql.AuthAccepted, nil
}

// AuthMethods returns the list of registered auth methods
// implemented by this auth server.
func (a *authServerNone) AuthMethods() []mysql.AuthMethod {
return []mysql.AuthMethod{mysql.NewSha2CachingAuthMethod(a, a, a)}
}

// DefaultAuthMethodDescription returns MysqlNativePassword as the default
// authentication method for the auth server implementation.
func (a *authServerNone) DefaultAuthMethodDescription() mysql.AuthMethodDescription {
return mysql.CachingSha2Password
}

// HandleUser validates if this user can use this auth method
func (a *authServerNone) HandleUser(user string) bool {
return true
}

// Get returns the empty string
func (ng *noneGetter) Get() *querypb.VTGateCallerID {
return &querypb.VTGateCallerID{Username: "userData1"}
}
2 changes: 1 addition & 1 deletion server.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ func (s *Server) Serve(l net.Listener) error {

listener, err := mysql.NewListenerWithConfig(mysql.ListenerConfig{
Listener: l,
AuthServer: mysql.NewAuthServerNone(),
AuthServer: &authServerNone{},
Handler: handler,
ConnReadTimeout: s.ReadTimeout,
ConnWriteTimeout: 30 * time.Second,
Expand Down

0 comments on commit 0ede5f4

Please sign in to comment.