Skip to content

Commit

Permalink
Raise error if not using TLS or unix socket
Browse files Browse the repository at this point in the history
We aren't supporting `caching_sha2_password` in Trilogy unless mysql is
running with TLS or a unix socket, so raise an error if using
`caching_sha2_password` in that case.
  • Loading branch information
eileencodes committed Mar 13, 2024
1 parent 1a3da44 commit e5af495
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 0 deletions.
38 changes: 38 additions & 0 deletions contrib/ruby/test/client_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,44 @@ def test_connect_caching_sha2
ensure_closed client
end

def test_connect_with_unix_and_caching_sha2_works
return skip unless has_caching_sha2?
return skip unless ["127.0.0.1", "localhost"].include?(DEFAULT_HOST)

socket = new_tcp_client.query("SHOW VARIABLES LIKE 'socket'").to_a[0][1]

if !File.exist?(socket)
skip "cound not find socket at #{socket}"
end

client = new_unix_client(socket, username: "caching_sha2", password: "password")
refute_nil client
ensure
ensure_closed client
end

def test_connect_without_ssl_or_unix_socket_caching_sha2_raises
return skip unless has_caching_sha2?

# Ensure correct setup
assert_equal [["caching_sha2_password"]], new_tcp_client.query("SELECT plugin FROM mysql.user WHERE user = 'caching_sha2'").rows

options = {
host: DEFAULT_HOST,
port: DEFAULT_PORT,
username: "caching_sha2",
password: "password",
ssl: false,
ssl_mode: 0
}

err = assert_raises Trilogy::QueryError do
new_tcp_client options
end

assert_includes err.message, "TRILOGY_UNSUPPORTED"
end

def test_connection_error_native
err = assert_raises Trilogy::ConnectionError do
new_tcp_client(username: "native", password: "incorrect")
Expand Down
7 changes: 7 additions & 0 deletions src/client.c
Original file line number Diff line number Diff line change
Expand Up @@ -420,6 +420,13 @@ int trilogy_auth_recv(trilogy_conn_t *conn, trilogy_handshake_t *handshake)

switch (current_packet_type(conn)) {
case TRILOGY_PACKET_AUTH_MORE_DATA: {
bool use_ssl = (conn->socket->opts.flags & TRILOGY_CAPABILITIES_SSL) != 0;
bool has_unix_socket = (conn->socket->opts.path != NULL);

if (!use_ssl && !has_unix_socket) {
return TRILOGY_UNSUPPORTED;
}

uint8_t byte = conn->packet_buffer.buff[1];
switch (byte) {
case FAST_AUTH_OK:
Expand Down

0 comments on commit e5af495

Please sign in to comment.