cherry pick #27931 to release-5.2

Signed-off-by: ti-srebot <[email protected]>
pingcap · Oct 12, 2021 · 2b6ba0a · 2b6ba0a
1 parent 5db6f20
commit 2b6ba0a
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 16 deletions.
diff --git a/server/conn.go b/server/conn.go
@@ -679,23 +679,9 @@ func (cc *clientConn) readOptionalSSLRequestAndHandshakeResponse(ctx context.Con
 	cc.collation = resp.Collation
 	cc.attrs = resp.Attrs
 
-	newAuth, err := cc.checkAuthPlugin(ctx, &resp.AuthPlugin)
+	err = cc.handleAuthPlugin(ctx, &resp)
 	if err != nil {
-		logutil.Logger(ctx).Warn("failed to check the user authplugin", zap.Error(err))
-	}
-	if len(newAuth) > 0 {
-		resp.Auth = newAuth
-	}
-
-	switch resp.AuthPlugin {
-	case mysql.AuthCachingSha2Password:
-		resp.Auth, err = cc.authSha(ctx)
-		if err != nil {
-			return err
-		}
-	case mysql.AuthNativePassword:
-	default:
-		return errors.New("Unknown auth plugin")
+		return err
 	}
 
 	err = cc.openSessionAndDoAuth(resp.Auth)
@@ -705,6 +691,32 @@ func (cc *clientConn) readOptionalSSLRequestAndHandshakeResponse(ctx context.Con
 	return err
 }
 
+func (cc *clientConn) handleAuthPlugin(ctx context.Context, resp *handshakeResponse41) error {
+	if resp.Capability&mysql.ClientPluginAuth > 0 {
+		newAuth, err := cc.checkAuthPlugin(ctx, &resp.AuthPlugin)
+		if err != nil {
+			logutil.Logger(ctx).Warn("failed to check the user authplugin", zap.Error(err))
+		}
+		if len(newAuth) > 0 {
+			resp.Auth = newAuth
+		}
+
+		switch resp.AuthPlugin {
+		case mysql.AuthCachingSha2Password:
+			resp.Auth, err = cc.authSha(ctx)
+			if err != nil {
+				return err
+			}
+		case mysql.AuthNativePassword:
+		default:
+			logutil.Logger(ctx).Warn("Unknown Auth Plugin", zap.String("plugin", resp.AuthPlugin))
+		}
+	} else {
+		logutil.Logger(ctx).Warn("Client without Auth Plugin support; Please upgrade client")
+	}
+	return nil
+}
+
 func (cc *clientConn) authSha(ctx context.Context) ([]byte, error) {
 
 	const (

diff --git a/server/conn_test.go b/server/conn_test.go
@@ -879,3 +879,36 @@ func (ts *ConnTestSuite) TestShowErrors(c *C) {
 	c.Assert(err, NotNil)
 	tk.MustQuery("show errors").Check(testkit.Rows("Error 1051 Unknown table 'test.idontexist'"))
 }
+
+func TestHandleAuthPlugin(t *testing.T) {
+	t.Parallel()
+
+	store, clean := testkit.CreateMockStore(t)
+	defer clean()
+
+	cfg := newTestConfig()
+	cfg.Port = 0
+	cfg.Status.StatusPort = 0
+	drv := NewTiDBDriver(store)
+	srv, err := NewServer(cfg, drv)
+	require.NoError(t, err)
+
+	cc := &clientConn{
+		connectionID: 1,
+		alloc:        arena.NewAllocator(1024),
+		pkt: &packetIO{
+			bufWriter: bufio.NewWriter(bytes.NewBuffer(nil)),
+		},
+		server: srv,
+	}
+	ctx := context.Background()
+	resp := handshakeResponse41{
+		Capability: mysql.ClientProtocol41 | mysql.ClientPluginAuth,
+	}
+	err = cc.handleAuthPlugin(ctx, &resp)
+	require.NoError(t, err)
+
+	resp.Capability = mysql.ClientProtocol41
+	err = cc.handleAuthPlugin(ctx, &resp)
+	require.NoError(t, err)
+}