fix auth switch

Author: julienschmidt

const.go

@@ -167,7 +167,6 @@ const (
 )
 
 const (
-	cachingSha2PasswordOK                        = 0
 	cachingSha2PasswordRequestPublicKey          = 2
 	cachingSha2PasswordFastAuthSuccess           = 3
 	cachingSha2PasswordPerformFullAuthentication = 4

driver.go

@@ -154,44 +154,47 @@ func (d MySQLDriver) Open(dsn string) (driver.Conn, error) {
 }
 
 func handleAuthResult(mc *mysqlConn, oldCipher []byte, pluginName string) error {
-
-	// handle caching_sha2_password
-	if pluginName == "caching_sha2_password" {
-		auth, err := mc.readCachingSha2PasswordAuthResult()
-		if err != nil {
-			return err
-		}
-
-		switch auth {
-		case cachingSha2PasswordOK:
-			return nil // auth successful
-
-		case cachingSha2PasswordFastAuthSuccess:
-			// continue to read result packet...
-
-		case cachingSha2PasswordPerformFullAuthentication:
-			if mc.cfg.tls != nil || mc.cfg.Net == "unix" {
-				if err = mc.writeClearAuthPacket(); err != nil {
-					return err
+	// Read Result Packet
+	cipher, err := mc.readResultOK()
+	if err == nil {
+		// handle caching_sha2_password
+		// https://insidemysql.com/preparing-your-community-connector-for-mysql-8-part-2-sha256/
+		if pluginName == "caching_sha2_password" {
+			if len(cipher) == 1 {
+				switch cipher[0] {
+				case cachingSha2PasswordFastAuthSuccess:
+					cipher, err = mc.readResultOK()
+					if err == nil {
+						return nil // auth successful
+					}
+
+				case cachingSha2PasswordPerformFullAuthentication:
+					if mc.cfg.tls != nil || mc.cfg.Net == "unix" {
+						if err = mc.writeClearAuthPacket(); err != nil {
+							return err
+						}
+					} else {
+						if err = mc.writePublicKeyAuthPacket(oldCipher); err != nil {
+							return err
+						}
+					}
+					cipher, err = mc.readResultOK()
+					if err == nil {
+						return nil // auth successful
+					}
+
+				default:
+					return ErrMalformPkt
 				}
 			} else {
-				if err = mc.writePublicKeyAuthPacket(oldCipher); err != nil {
-					return err
-				}
+				return ErrMalformPkt
 			}
-			// continue to read result packet...
 
-		default:
-			return ErrMalformPkt
+		} else {
+			return nil // auth successful
 		}
 	}
 
-	// Read Result Packet
-	cipher, err := mc.readResultOK()
-	if err == nil {
-		return nil // auth successful
-	}
-
 	if mc.cfg == nil {
 		return err // auth failed and retry not possible
 	}

packets.go

@@ -581,6 +581,9 @@ func (mc *mysqlConn) readResultOK() ([]byte, error) {
 	case iOK:
 		return nil, mc.handleOkPacket(data)
 
+	case iAuthMoreData:
+		return data[1:], nil
+
 	case iEOF:
 		return readAuthSwitch(data)
 
@@ -589,26 +592,6 @@ func (mc *mysqlConn) readResultOK() ([]byte, error) {
 	}
 }
 
-// https://insidemysql.com/preparing-your-community-connector-for-mysql-8-part-2-sha256/
-func (mc *mysqlConn) readCachingSha2PasswordAuthResult() (int, error) {
-	data, err := mc.readPacket()
-	if err != nil {
-		return 0, err
-	}
-
-	// packet indicator
-	switch data[0] {
-	case iOK:
-		return 0, nil
-
-	case iAuthMoreData:
-		return int(data[1]), nil
-
-	default: // Error otherwise
-		return 0, mc.handleErrorPacket(data)
-	}
-}
-
 // Result Set Header Packet
 // http://dev.mysql.com/doc/internals/en/com-query-response.html#packet-ProtocolText::Resultset
 func (mc *mysqlConn) readResultSetHeaderPacket() (int, error) {