-
Notifications
You must be signed in to change notification settings - Fork 332
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication problem against MariaDB 10.4 with PAM #703
Comments
If this is a "non-standard" MariaDB configuration (the tests routinely pass against vanilla MariaDB 10.4, e.g., https://travis-ci.org/mysql-net/MySqlConnector/jobs/587524438), are you able to provide a Dockerfile (or similar) that reproduces the problem? |
I've prepare something to reproduce the scenario. You find it here: I've attached a pcap file with the LDAP requests during the run of the dotnet test tool. Here is also a screenshot with the interesting part from that trace: Note in the authentication section the simple: test12, here the last character from the password is stripped. The second pcap file in the archive is from a working database connection using the mariadb/mysql CLI. The interesting part from the LDAP traffic is here: Attached file with LDAP-traces: Thank you very much! |
I'm trying to track this down on my own. For this purpose I installed the most recent version of dotnet core (3.0.100) and tried to run the tests according to your contribution guide before trying to change anything: start the MySQL server using the docker command, copied the config.json.example, changed nothing within since I'm using your docker command to start the server and issue
Is there anything else besides dotnet core I need to install? |
Is this related to #268? |
It sounds like there are problems compiling for https://github.com/mysql-net/MySqlConnector/blob/master/tests/SideBySide/SideBySide.csproj#L52-L57 Are you on Linux or macOS? One workaround would be to change
<TargetFramework>netcoreapp3.0</TargetFramework> so you're not compiling for the full .NET Framework.
|
I suppose it could be. I haven't set up your test environment yet, but since (I assume) MariaDB is sending the password in clear text to the LDAP server, it must also have received it in clear text from MySqlConnector. The only way for that to happen is At a first glance, it looks like the client is sending the entire password, which must mean that MariaDB is truncating the last character. Is there supposed to be a NULL padding byte? |
The mysql-connector-j client writes a trailing NULL: https://github.com/mysql/mysql-connector-j/blob/66459e9d39c8fd09767992bc592acd2053279be6/src/main/protocol-impl/java/com/mysql/cj/protocol/a/authentication/MysqlClearPasswordPlugin.java#L77-L80 Adding a NULL byte in MySqlConnector should be a simple fix (and would be compatible with any server that's performing a simple |
Another example of NULL terminator being written: https://github.com/mysql/mysql-server/blob/4869291f7ee258e136ef03f5a50135fe7329ffb9/sql-common/client.cc#L8365-L8367 |
I'm alternatively on Windows or on Linux. I suppose the failing tests concerning UnixDomainSockets on Windows are okay, aren't they. That was a fast fix, thank you very much indeed. Will there be a new package on nuget shortly? |
Yes, 0.59.0 should be shipping later today. |
Fixed in 0.59.0. |
Authentication fails against MariaDB 10.4 with PAM. LDAP trace reveals that last character of password is swallowed.
Tests with HeidiSQL 10.1.0.5464 and MariaDB 10.3.13 CLI client (Windows) using the same credentials and against the same server work.
The text was updated successfully, but these errors were encountered: