clarify CR_OK_HANDSHAKE_COMPLETE

it's for client auth plugins only, server auth plugin should never return it, because they cannot send a correct OK packet. (OK packet is quite complex and carries a lot of information that only the server knows)
MariaDB · Feb 3, 2024 · ec5403f · ec5403f
1 parent 75bfb4b
commit ec5403f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 4 deletions.
diff --git a/include/mysql/plugin_auth_common.h b/include/mysql/plugin_auth_common.h
@@ -85,6 +85,8 @@
   authentication protocol is not known in advance, and the client plugin
   needs to read one packet more to determine if the authentication is finished
   or not.
+
+  Server plugins should not return this value.
 */
 #define CR_OK_HANDSHAKE_COMPLETE -2
 

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
@@ -14844,10 +14844,7 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
     sctx->external_user= my_strdup(key_memory_MPVIO_EXT_auth_info,
                                    mpvio.auth_info.external_user, MYF(0));
 
-  if (res == CR_OK_HANDSHAKE_COMPLETE)
-    thd->get_stmt_da()->disable_status();
-  else
-    my_ok(thd);
+  my_ok(thd);
 
   PSI_CALL_set_thread_account
     (thd->main_security_ctx.user, static_cast<uint>(strlen(thd->main_security_ctx.user)),