[incubator-doris] branch master updated: [MySQL] Support for AuthSwitchRequest In HandShakePacket to better support MySQL 8.0 clients (#5386)

Tue, 16 Feb 2021 06:49:53 -0800 

This is an automated email from the ASF dual-hosted git repository.

morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-doris.git


The following commit(s) were added to refs/heads/master by this push:
     new a7d16ac  [MySQL] Support for AuthSwitchRequest In HandShakePacket to 
better support MySQL 8.0 clients (#5386)
a7d16ac is described below

commit a7d16acaac3e1baf227c801110863c07b7f0223d
Author: HappenLee <[email protected]>
AuthorDate: Tue Feb 16 22:47:53 2021 +0800

    [MySQL] Support for AuthSwitchRequest In HandShakePacket to better support 
MySQL 8.0 clients (#5386)
    
    issue:5348
---
 .../org/apache/doris/mysql/MysqlAuthPacket.java    |  8 +++++++
 .../apache/doris/mysql/MysqlHandshakePacket.java   | 13 +++++++++++
 .../java/org/apache/doris/mysql/MysqlProto.java    | 25 ++++++++++++++++++++++
 3 files changed, 46 insertions(+)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlAuthPacket.java 
b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlAuthPacket.java
index 76c12c6..b112850 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlAuthPacket.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlAuthPacket.java
@@ -44,6 +44,10 @@ public class MysqlAuthPacket extends MysqlPacket {
         return authResponse;
     }
 
+    public void setAuthResponse(byte[] bytes) {
+        authResponse = bytes;
+    }
+
     public String getDb() {
         return database;
     }
@@ -56,6 +60,10 @@ public class MysqlAuthPacket extends MysqlPacket {
         return capability;
     }
 
+    public String getPluginName() {
+        return pluginName;
+    }
+
     @Override
     public boolean readFrom(ByteBuffer buffer) {
         // read capability four byte, which CLIENT_PROTOCOL_41 must be set
diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlHandshakePacket.java 
b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlHandshakePacket.java
index 8c04a24..347ee0b 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlHandshakePacket.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlHandshakePacket.java
@@ -80,4 +80,17 @@ public class MysqlHandshakePacket extends MysqlPacket {
             serializer.writeNulTerminateString(AUTH_PLUGIN_NAME);
         }
     }
+
+    public boolean checkAuthPluginSameAsDoris(String pluginName) {
+        return AUTH_PLUGIN_NAME.equals(pluginName);
+    }
+
+    // If the auth default plugin in client is different from Doris
+    // it will create a AuthSwitchRequest
+    public void buildAuthSwitchRequest(MysqlSerializer serializer) {
+        serializer.writeInt1((byte)0xfe);
+        serializer.writeNulTerminateString(AUTH_PLUGIN_NAME);
+        serializer.writeBytes(authPluginData);
+        serializer.writeInt1(0);
+    }
 }
diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlProto.java 
b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlProto.java
index 7c6c1a4..c608948 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlProto.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlProto.java
@@ -164,6 +164,31 @@ public class MysqlProto {
             sendResponsePacket(context);
             return false;
         }
+
+        // Starting with MySQL 8.0.4, MySQL changed the default authentication 
plugin for MySQL client
+        // from mysql_native_password to caching_sha2_password.
+        // ref: 
https://mysqlserverteam.com/mysql-8-0-4-new-default-authentication-plugin-caching_sha2_password/
+        // So, User use mysql client or ODBC Driver after 8.0.4 have problem 
to connect to Doris
+        // with password.
+        // So Doris support the Protocol::AuthSwitchRequest to tell client to 
keep the default password plugin
+        // which Doris is using now.
+        if 
(!handshakePacket.checkAuthPluginSameAsDoris(authPacket.getPluginName())) {
+            // 1. clear the serializer
+            serializer.reset();
+            // 2. build the auth switch request and send to the client
+            handshakePacket.buildAuthSwitchRequest(serializer);
+            channel.sendAndFlush(serializer.toByteBuffer());
+            // Server receive auth switch response packet from client.
+            ByteBuffer authSwitchResponse = channel.fetchOnePacket();
+            if (authSwitchResponse == null) {
+                // receive response failed.
+                return false;
+            }
+            // 3. the client use default password plugin of Doris to dispose
+            // password
+            authPacket.setAuthResponse(readEofString(authSwitchResponse));
+        }
+
         // change the capability of serializer
         context.setCapability(context.getServerCapability());
         serializer.setCapability(context.getCapability());


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to