Node-mysql does not support auth-switch request from server. #1396

twocode · 2016-04-25T08:37:10Z

Node-mysql does not support auth-switch request from server, and treats it as an error message.

It is not correct.

sidorares · 2016-04-25T09:13:47Z

Are you talking about https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::AuthSwitchRequest ?

Probably right solution right now would be not to set CLIENT_PLUGIN_AUTH flag ( not sure if it's currently set by default or not ). AuthSwitchRequest support would only make sense if the whole auth handshake sequence is pluggable ( right now client is always trying to connect with Authentication::Native41 )

dougwilson · 2016-04-27T21:37:34Z

Probably right solution right now would be not to set CLIENT_PLUGIN_AUTH flag ( not sure if it's currently set by default or not ).

We not only do not set the flag, but we also prevent users from setting the flag as well (https://github.com/felixge/node-mysql/blob/master/lib/ConnectionConfig.js#L109).

sidorares · 2016-04-28T00:10:03Z

If so then it's something wrong with @twocode server setup. Server must not send AuthSwitchRequest if client's CLIENT_PLUGIN_AUTH flag is not set.

@twocode , could you post what is your server version (and node-mysql version you are using as well)?

twocode · 2016-04-28T09:23:56Z

Thanks @sidorares and @dougwilson .

I am aware that CLIENT_PLUGIN_AUTH bit it not set in node-mysql's capability flags and that node-mysql forces to use Native41 authentication method (mysql_native_password) to do the authentication with servers.

However, this design/implementation is blocking something I am working on, which is some mysql proxy and leverages auth-swith flows to authenticate the user. I have tested other popular client drivers (php, java, perl, .Net, ...) and only node-mysql fails here.

I would like to make a patch that include following changes:

Set the CLIENT_PLUGIN_AUTH bit in the client capability flags.
Implement AuthSwitchRequest and AuthSwitchResponse packets.
Still keeping the only authentication method of mysql_native_password,

In this way, if server would like to auth switch to mysql_native_password, node-mysql will send the token again with the new scramble; otherwise, if server auth swtiches to another authentication method, node-mysql will return error. This follows mysql protocol flow and complies to other mysql client drivers.

Please comment?

Thanks

twocode · 2016-05-03T04:01:41Z

Hi @sidorares

Glad to see you have opened an issue for this in node-mysql2. Have you got any plans to fix it?

Thx

sidorares · 2016-05-03T04:22:12Z

@twocode potentially, at least in a way that CLIENT_PLUGIN_AUTH flag is not set until we can understand auth-switch request ( and maybe add auth-switch request support later )

twocode · 2016-05-06T01:43:01Z

@sidorares I see. What do you say that I make the changes based on the propose above? It is vital that node-mysql/node-mysql2 support this mysql protocol feature for us.

sidorares · 2016-05-06T01:46:41Z

@twocode it's relatively specific change that you need (and no one else requested), I'm afraid that the only reliable way for you to make this happen soon is to start implementing feature and submit PR :)

dougwilson · 2016-05-06T01:59:38Z

Hi @twocode, yes, please feel free to implement a pull request as you described like @sidorares suggested :) We can probably get this added at some point ourselves, but of course that would not have any good timeline, so providing a pull request is the fastest method.

Please try to ensure that this new auth switch packets and mechanisms are accompanied with tests as well. This module has two types of tests: "unit" tests which run against a fake MySQL server using this module and "integration" tests that run against actual MySQL servers. You can put the tests in which ever you feel is the most appropriate.

twocode · 2016-05-11T07:57:13Z

Thanks both. Let me prepare a patch first.

DJ-DJL · 2017-01-31T14:28:26Z

I'm still getting this error today on node-mysql2 version 1.1.2 installed via npm. Was the fix reverted? or maybe the same symptoms have a different cause?

dougwilson · 2017-01-31T15:15:52Z

Hi @DJ-DJL the mysql2 module is separate from this one.

sidorares · 2017-01-31T22:34:14Z

yes, @DJ-DJL please fill issue at mysql2 repo with as much context as you have. As far as I know AuthSwitch is only supported by mysql2, feel free to help it ported to mysqljs

Rename UseOldPasswordPacket to AuthenticationMethodSwitchRequestPacket and implement its two other fields: plugin name & data. Support mysql_native_password and mysql_old_password as potential authentication methods (but still require 'insecureAuth:true' for the latter).

Add optional auth plugin name and data to UseOldPasswordPacket. Support mysql_native_password and mysql_old_password as potential authentication methods (but still require 'insecureAuth:true' for the latter).

fixes #1396 fixes #1729 closes #1730

sidorares mentioned this issue May 2, 2016

only allow to set client/server capability flags that this library supports sidorares/node-mysql2#298

Open

sidorares mentioned this issue May 7, 2016

added server example to readme sidorares/node-mysql2#303

Merged

sidorares mentioned this issue Jun 21, 2016

Plugin based authentication support sidorares/node-mysql2#331

Merged

DJ-DJL mentioned this issue Feb 1, 2017

Server requires auth switch, but no auth switch handler provided sidorares/node-mysql2#504

Open

dougwilson mentioned this issue May 14, 2017

Connecting to Azure Database for MySQL fails #1729

Closed

dougwilson added the protocol_41 label May 14, 2017

dougwilson mentioned this issue May 14, 2017

Problems connecting to AWS RDS Instance using new IAM Authentication Feature #1715

Closed

bgrainger mentioned this issue Jun 28, 2017

Support authentication switch request. Fixes #1396 #1730

Closed

3 tasks

elemount mentioned this issue Jul 20, 2017

Support authentication switch request and basic auth plugin. #1776

Closed

dougwilson added the feature label Aug 10, 2017

dougwilson pushed a commit that referenced this issue Aug 10, 2017

Support mysql_native_password auth switch request for Azure

0517aad

fixes #1396 fixes #1729 closes #1730

dougwilson closed this as completed in e8fea70 Aug 10, 2017

GuuBu mentioned this issue Oct 20, 2020

request to turn on plugin_auth #2425

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Node-mysql does not support auth-switch request from server. #1396

Node-mysql does not support auth-switch request from server. #1396

twocode commented Apr 25, 2016

sidorares commented Apr 25, 2016

dougwilson commented Apr 27, 2016

sidorares commented Apr 28, 2016

twocode commented Apr 28, 2016

twocode commented May 3, 2016

sidorares commented May 3, 2016

twocode commented May 6, 2016

sidorares commented May 6, 2016

dougwilson commented May 6, 2016

twocode commented May 11, 2016

DJ-DJL commented Jan 31, 2017

dougwilson commented Jan 31, 2017

sidorares commented Jan 31, 2017

Node-mysql does not support auth-switch request from server. #1396

Node-mysql does not support auth-switch request from server. #1396

Comments

twocode commented Apr 25, 2016

sidorares commented Apr 25, 2016

dougwilson commented Apr 27, 2016

sidorares commented Apr 28, 2016

twocode commented Apr 28, 2016

twocode commented May 3, 2016

sidorares commented May 3, 2016

twocode commented May 6, 2016

sidorares commented May 6, 2016

dougwilson commented May 6, 2016

twocode commented May 11, 2016

DJ-DJL commented Jan 31, 2017

dougwilson commented Jan 31, 2017

sidorares commented Jan 31, 2017