added support for closing an authPlugin for plugins whose resources need to be cleaned up.

craiggwilson · craiggwilson · commit f972a49e8173 · 2017-03-21T09:26:03.000-05:00
diff --git a/auth.go b/auth.go
@@ -36,6 +36,9 @@ type AuthPlugin interface {
 	// Next takes a server's challenge and returns
 	// the bytes to send back or an error.
 	Next(challenge []byte) ([]byte, error)
+
+	// Close cleans up the resources of the plugin.
+	Close()
 }
 
 type clearTextPlugin struct {
@@ -51,6 +54,8 @@ func (p *clearTextPlugin) Next(challenge []byte) ([]byte, error) {
 	return append([]byte(p.cfg.Passwd), 0), nil
 }
 
+func (p *clearTextPlugin) Close() {}
+
 type nativePasswordPlugin struct {
 	cfg *Config
 }
@@ -64,6 +69,8 @@ func (p *nativePasswordPlugin) Next(challenge []byte) ([]byte, error) {
 	return scramblePassword(challenge, []byte(p.cfg.Passwd)), nil
 }
 
+func (p *nativePasswordPlugin) Close() {}
+
 type oldPasswordPlugin struct {
 	cfg *Config
 }
@@ -77,7 +84,9 @@ func (p *oldPasswordPlugin) Next(challenge []byte) ([]byte, error) {
 	return append(scrambleOldPassword(challenge, []byte(p.cfg.Passwd)), 0), nil
 }
 
-func handleAuthResult(mc *mysqlConn, plugin AuthPlugin, oldCipher []byte) error {
+func (p *oldPasswordPlugin) Close() {}
+
+func handleAuthResult(mc *mysqlConn, oldCipher []byte) error {
 	data, err := mc.readPacket()
 	if err != nil {
 		return err
@@ -91,11 +100,12 @@ func handleAuthResult(mc *mysqlConn, plugin AuthPlugin, oldCipher []byte) error
 		return mc.handleOkPacket(data)
 
 	case iEOF: // auth switch
+		mc.authPlugin.Close()
 		if len(data) > 1 {
 			pluginEndIndex := bytes.IndexByte(data, 0x00)
 			pluginName := string(data[1:pluginEndIndex])
 			if apf, ok := authPluginFactories[pluginName]; ok {
-				plugin = apf(mc.cfg)
+				mc.authPlugin = apf(mc.cfg)
 			} else {
 				return ErrUnknownPlugin
 			}
@@ -105,7 +115,7 @@ func handleAuthResult(mc *mysqlConn, plugin AuthPlugin, oldCipher []byte) error
 			}
 		} else {
 			// https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::OldAuthSwitchRequest
-			plugin = authPluginFactories[mysqlOldPassword](mc.cfg)
+			mc.authPlugin = authPluginFactories[mysqlOldPassword](mc.cfg)
 			authData = oldCipher
 		}
 	case iAuthContinue:
@@ -115,7 +125,7 @@ func handleAuthResult(mc *mysqlConn, plugin AuthPlugin, oldCipher []byte) error
 		return mc.handleErrorPacket(data)
 	}
 
-	authData, err = plugin.Next(authData)
+	authData, err = mc.authPlugin.Next(authData)
 	if err != nil {
 		return err
 	}
@@ -125,5 +135,5 @@ func handleAuthResult(mc *mysqlConn, plugin AuthPlugin, oldCipher []byte) error
 		return err
 	}
 
-	return handleAuthResult(mc, plugin, authData)
+	return handleAuthResult(mc, authData)
 }
diff --git a/connection.go b/connection.go
@@ -30,6 +30,7 @@ type mysqlConn struct {
 	sequence         uint8
 	parseTime        bool
 	strict           bool
+	authPlugin       AuthPlugin
 }
 
 // Handles parameters set in DSN after the connection is established
@@ -92,6 +93,10 @@ func (mc *mysqlConn) Close() (err error) {
 // closed the network connection.
 func (mc *mysqlConn) cleanup() {
 	// Makes cleanup idempotent
+	if mc.authPlugin != nil {
+		mc.authPlugin.Close()
+		mc.authPlugin = nil
+	}
 	if mc.netConn != nil {
 		if err := mc.netConn.Close(); err != nil {
 			errLog.Print(err)
diff --git a/driver.go b/driver.go
@@ -106,18 +106,18 @@ func (d MySQLDriver) Open(dsn string) (driver.Conn, error) {
 		authPluginName = defaultAuthPluginName
 	}
 
-	var authPlugin AuthPlugin
 	if apf, ok := authPluginFactories[authPluginName]; ok {
-		authPlugin = apf(mc.cfg)
-		authData, err = authPlugin.Next(authData)
+		mc.authPlugin = apf(mc.cfg)
+		authData, err = mc.authPlugin.Next(authData)
 		if err != nil {
+			mc.cleanup()
 			return nil, err
 		}
 	} else {
 		// we'll tell the server in response that we are switching to our
 		// default plugin because we didn't recognize the one they sent us.
 		authPluginName = defaultAuthPluginName
-		authPlugin = authPluginFactories[authPluginName](mc.cfg)
+		mc.authPlugin = authPluginFactories[authPluginName](mc.cfg)
 
 		// zero-out the authData because the current authData was for
 		// a plugin we don't know about.
@@ -131,7 +131,7 @@ func (d MySQLDriver) Open(dsn string) (driver.Conn, error) {
 	}
 
 	// Handle response to auth packet, switch methods if possible
-	if err = handleAuthResult(mc, authPlugin, oldCipher); err != nil {
+	if err = handleAuthResult(mc, oldCipher); err != nil {
 		// Authentication failed and MySQL has already closed the connection
 		// (https://dev.mysql.com/doc/internals/en/authentication-fails.html).
 		// Do not send COM_QUIT, just cleanup and return the error.

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,9 @@ type AuthPlugin interface {`
`36`	`36`	`// Next takes a server's challenge and returns`
`37`	`37`	`// the bytes to send back or an error.`
`38`	`38`	`Next(challenge []byte) ([]byte, error)`
	`39`	`+`
	`40`	`+ // Close cleans up the resources of the plugin.`
	`41`	`+ Close()`
`39`	`42`	`}`
`40`	`43`
`41`	`44`	`type clearTextPlugin struct {`
`@@ -51,6 +54,8 @@ func (p *clearTextPlugin) Next(challenge []byte) ([]byte, error) {`
`51`	`54`	`return append([]byte(p.cfg.Passwd), 0), nil`
`52`	`55`	`}`
`53`	`56`
	`57`	`+func (p *clearTextPlugin) Close() {}`
	`58`	`+`
`54`	`59`	`type nativePasswordPlugin struct {`
`55`	`60`	`cfg *Config`
`56`	`61`	`}`
`@@ -64,6 +69,8 @@ func (p *nativePasswordPlugin) Next(challenge []byte) ([]byte, error) {`
`64`	`69`	`return scramblePassword(challenge, []byte(p.cfg.Passwd)), nil`
`65`	`70`	`}`
`66`	`71`
	`72`	`+func (p *nativePasswordPlugin) Close() {}`
	`73`	`+`
`67`	`74`	`type oldPasswordPlugin struct {`
`68`	`75`	`cfg *Config`
`69`	`76`	`}`
`@@ -77,7 +84,9 @@ func (p *oldPasswordPlugin) Next(challenge []byte) ([]byte, error) {`
`77`	`84`	`return append(scrambleOldPassword(challenge, []byte(p.cfg.Passwd)), 0), nil`
`78`	`85`	`}`
`79`	`86`
`80`		`-func handleAuthResult(mc *mysqlConn, plugin AuthPlugin, oldCipher []byte) error {`
	`87`	`+func (p *oldPasswordPlugin) Close() {}`
	`88`	`+`
	`89`	`+func handleAuthResult(mc *mysqlConn, oldCipher []byte) error {`
`81`	`90`	`data, err := mc.readPacket()`
`82`	`91`	`if err != nil {`
`83`	`92`	`return err`
`@@ -91,11 +100,12 @@ func handleAuthResult(mc *mysqlConn, plugin AuthPlugin, oldCipher []byte) error`
`91`	`100`	`return mc.handleOkPacket(data)`
`92`	`101`
`93`	`102`	`case iEOF: // auth switch`
	`103`	`+ mc.authPlugin.Close()`
`94`	`104`	`if len(data) > 1 {`
`95`	`105`	`pluginEndIndex := bytes.IndexByte(data, 0x00)`
`96`	`106`	`pluginName := string(data[1:pluginEndIndex])`
`97`	`107`	`if apf, ok := authPluginFactories[pluginName]; ok {`
`98`		`- plugin = apf(mc.cfg)`
	`108`	`+ mc.authPlugin = apf(mc.cfg)`
`99`	`109`	`} else {`
`100`	`110`	`return ErrUnknownPlugin`
`101`	`111`	`}`
`@@ -105,7 +115,7 @@ func handleAuthResult(mc *mysqlConn, plugin AuthPlugin, oldCipher []byte) error`
`105`	`115`	`}`
`106`	`116`	`} else {`
`107`	`117`	`// https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::OldAuthSwitchRequest`
`108`		`- plugin = authPluginFactories[mysqlOldPassword](mc.cfg)`
	`118`	`+ mc.authPlugin = authPluginFactories[mysqlOldPassword](mc.cfg)`
`109`	`119`	`authData = oldCipher`
`110`	`120`	`}`
`111`	`121`	`case iAuthContinue:`
`@@ -115,7 +125,7 @@ func handleAuthResult(mc *mysqlConn, plugin AuthPlugin, oldCipher []byte) error`
`115`	`125`	`return mc.handleErrorPacket(data)`
`116`	`126`	`}`
`117`	`127`
`118`		`- authData, err = plugin.Next(authData)`
	`128`	`+ authData, err = mc.authPlugin.Next(authData)`
`119`	`129`	`if err != nil {`
`120`	`130`	`return err`
`121`	`131`	`}`
`@@ -125,5 +135,5 @@ func handleAuthResult(mc *mysqlConn, plugin AuthPlugin, oldCipher []byte) error`
`125`	`135`	`return err`
`126`	`136`	`}`
`127`	`137`
`128`		`- return handleAuthResult(mc, plugin, authData)`
	`138`	`+ return handleAuthResult(mc, authData)`
`129`	`139`	`}`