From 0ede5f4d457ead4e2152ff593f47fc46ae03b5d9 Mon Sep 17 00:00:00 2001 From: Dirkjan Bussink Date: Wed, 9 Oct 2024 10:53:51 +0200 Subject: [PATCH] Use caching_sha2_password for proxy auth Up until now, mysql_native_password was used for auth. This is however removed in MySQL 9.x and this is the default that Homebrew installs on MacOS. While we can also try to deal with installing older versions on MacOS, alternatively we update the auth for the proxy to caching_sha2_password. The one thing that this breaks is very old MySQL 5.7 clients. Anything older than MySQL 5.7.23 (released 2018-07-27) would break with this. We don't really support 5.7 for the proxy anyway though. Signed-off-by: Dirkjan Bussink --- authserver.go | 43 +++++++++++++++++++++++++++++++++++++++++++ server.go | 2 +- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 authserver.go diff --git a/authserver.go b/authserver.go new file mode 100644 index 0000000..b997c08 --- /dev/null +++ b/authserver.go @@ -0,0 +1,43 @@ +package psdbproxy + +import ( + "net" + + "vitess.io/vitess/go/mysql" + querypb "vitess.io/vitess/go/vt/proto/query" +) + +// authServerNone takes all comers. +type authServerNone struct{} + +type noneGetter struct{} + +func (a *authServerNone) UserEntryWithPassword(conn *mysql.Conn, user string, password string, remoteAddr net.Addr) (mysql.Getter, error) { + return &noneGetter{}, nil +} + +func (a *authServerNone) UserEntryWithCacheHash(conn *mysql.Conn, salt []byte, user string, authResponse []byte, remoteAddr net.Addr) (mysql.Getter, mysql.CacheState, error) { + return &noneGetter{}, mysql.AuthAccepted, nil +} + +// AuthMethods returns the list of registered auth methods +// implemented by this auth server. +func (a *authServerNone) AuthMethods() []mysql.AuthMethod { + return []mysql.AuthMethod{mysql.NewSha2CachingAuthMethod(a, a, a)} +} + +// DefaultAuthMethodDescription returns MysqlNativePassword as the default +// authentication method for the auth server implementation. +func (a *authServerNone) DefaultAuthMethodDescription() mysql.AuthMethodDescription { + return mysql.CachingSha2Password +} + +// HandleUser validates if this user can use this auth method +func (a *authServerNone) HandleUser(user string) bool { + return true +} + +// Get returns the empty string +func (ng *noneGetter) Get() *querypb.VTGateCallerID { + return &querypb.VTGateCallerID{Username: "userData1"} +} diff --git a/server.go b/server.go index d9e2f5a..656e267 100644 --- a/server.go +++ b/server.go @@ -39,7 +39,7 @@ func (s *Server) Serve(l net.Listener) error { listener, err := mysql.NewListenerWithConfig(mysql.ListenerConfig{ Listener: l, - AuthServer: mysql.NewAuthServerNone(), + AuthServer: &authServerNone{}, Handler: handler, ConnReadTimeout: s.ReadTimeout, ConnWriteTimeout: 30 * time.Second,