Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V2.x sha2pass draft3 #4258

Merged
merged 42 commits into from
Feb 26, 2024
Merged

V2.x sha2pass draft3 #4258

merged 42 commits into from
Feb 26, 2024

Conversation

renecannao
Copy link
Contributor

No description provided.

@renecannao
Refactoring of process_pkt_handshake_response
5091edc 
1st commit for refactoring the authentication module
@renecannao
Cleanup on MySQL_Protocol.h
1b3ee81
@renecannao
2nd refactoring of process_pkt_handshake_response
d23b286
@renecannao
Fix clickhouse compiling
5c40ee5 
Previous commit (2nd refactoring of process_pkt_handshake_response) didn't compile with clickhouse
@renecannao
3rd refactoring of process_pkt_handshake_response
1fa074a 
Bug fixes
@renecannao
Deprecate SHA1_* also in this branch
b9473aa 
This branch has code where SHA1_ functions were still used.
@renecannao
Temporary commit 01 for caching_sha2_password
094f77a
@renecannao
New variable mysql-default_authentication_plugin
76bb204 
New MySQL variable default_authentication_plugin accepting two possible values:
* mysql_native_password
* caching_sha2_password
@renecannao
caching_sha2_password automatically enables SSL
117b9d3
@renecannao
enum proxysql_auth_plugins for mysql plugin ids
29da662 
Using `enum proxysql_auth_plugins` to define mysql authentication plugins.

Also fixed few bugs introduced in previous commits.
@renecannao
First implementation of caching_sha2_password
e7745fe 
Implementation not completed yet, but functional.
It allows connections in which the user password is saved in clear password.
@renecannao
Adding sha256crypt.cpp
e6e6bb0
@renecannao
Working prototype of caching_sha2_password
cf6f4f7 
Now mysql_users.password can store the authentication_string as
in MySQL's mysql.user table.

Note: this commit also changes SALT_LEN_MAX in SHA-crypt code from
16 to 20 because MySQL caching_sha2_password uses 20 bytes salt
@renecannao
Deprecate admin-hash_passwords #4218
4c704e2
@renecannao
Adding warning for deprecated admin-hash_passwords #4218
52052de
@renecannao
Stop dumping the list of cipher avaiable in DEBUG
1799f7a
@renecannao
Deprecate admin-hash_passwords in TAP tests #4218
7690798
@renecannao
Rememeber clear text password if provided by client
7e5b3e8 
Extended account_details_t to also store clear_text_password if client
provides it during a full authentication in caching_sha2_password .

De facto, this implements the "caching" part of caching_sha2_password .
@renecannao
Fixed length of hash + salt
08cc2f0
@renecannao
Removing commented code used for POC
a593407
@renecannao
Fix TAP reg_test_3504-change_user-t for new values of switching_auth_…
33b4f30 
…type

Because of the implementation of caching_sha2_password, values of switching_auth_type
are shifted by 1
@renecannao
Drafting TAP test_change_user-t
629aa3d
@renecannao
Further testing in TAP test_change_user-t
36183a4
@renecannao
Merge branch 'v2.x' into v2.x_sha2pass_draft3
8106ae5
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 14, 2023
View reviewed changes
lib/sha256crypt.cpp Fixed Show fixed Hide fixed
@mirostauder
Copy link
Collaborator

retest this please

2 similar comments
@mirostauder
Copy link
Collaborator

retest this please

@mirostauder
Copy link
Collaborator

retest this please

@renecannao
Minor changes in branches
e3865be 
Also added few FIXME to review part of the code
@renecannao
Merge branch 'v2.x_sha2pass_draft3' of https://github.com/sysown/prox…
636d81e 
…ysql into v2.x_sha2pass_draft3
@mirostauder
Copy link
Collaborator

retest this please

@renecannao
Merge branch 'v2.x' into v2.x_sha2pass_draft3
3c24182
@renecannao
Merge branch 'v2.x' into v2.x_sha2pass_draft3
c3c9746
@renecannao
Modify generate_one_byte_pkt()
29b7cd0 
Modified generate_one_byte_pkt() to prefix the data with 1 byte.

This is the "equivalent" of what MySQL performs in
wrap_plguin_data_into_proper_command() , prefixing the data with
a command
@renecannao renecannao mentioned this pull request Jan 18, 2024
Closed
@renecannao
Copy link
Contributor Author

Retest this please

@JavierJF
Fix empty passwords handling for 'caching_sha2_password'
bd7ab0d
@JavierJF
Fix missing update for session 'clear_text_password'
ce67a50 
During first 'caching_sha2_password' login, 'clear_text_password' is
unknown until authentication is completed. Info previously fetched from
'MySQL_Authentication' should be amended with the received password.
@JavierJF
Fix memory issues during 'chaching_sha2' auth
3f2a7aa 
Auth 'caching_sha2_password' imposses and async flow on several
previously sync functions. This new async flow needs to take into
account the potential allocations for 'MySQL_Session' attributes and
client connection userinfo.
@JavierJF
Add 'switching_auth_sent' to 'PROXYSQL INTERNAL SESSION'
ab8af07 
Improved observability for auth switch performed during authentication.
The new field 'switching_auth_sent' is only updated when an actual auth
switch requested to the client.
@JavierJF
Add doc for 'switching_auth_type' in SHA2 full
ed3a5d7
@JavierJF
Fix buffer over-read on concurrent SHA2 auths
1bc309b 
During an full 'caching_sha2_password' auth, it's possible that the pass
has been updated in 'GloMyAuth'. If this possibility is not taking into
account buffer over-read could take place and valid auth attempts
denied.
@JavierJF
Add new test for supported authentication methods
355d002 
Added test aims to check the correctness and completion of the currently
supported authentication methods. In this initial version checks:

- clear_text_pass
- mysql_native_password
- caching_sha2_password
@JavierJF
Make 'tap' library counting multi-thread resilient
ab39679
@JavierJF
Merge branch 'v2.x' of github.com:sysown/proxysql into v2.x_sha2pass_…
caed360 
…draft3
@JavierJF
Fix env vars support for 'test_auth_methods-t'
ab741ee 
- Changed several hardcoded variables in favor of env vars.
- Adopted 'TAP_' convention for env vars.
- Added new file 'test_auth_methods-t.env'.
@renecannao renecannao merged commit b7f53c1 into v2.x Feb 26, 2024
320 of 321 checks passed
@renecannao renecannao mentioned this pull request Feb 26, 2024
Closed
@thiborgesnvs thiborgesnvs mentioned this pull request Mar 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@renecannao @mirostauder @JavierJF