WIP: try to figure out why azure is different authentication-wise

shyiko · Apr 18, 2019 · af3a940 · af3a940
1 parent 777448d
commit af3a940
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 9 deletions.
diff --git a/src/main/java/com/github/shyiko/mysql/binlog/BinaryLogClient.java b/src/main/java/com/github/shyiko/mysql/binlog/BinaryLogClient.java
@@ -45,13 +45,7 @@
 import com.github.shyiko.mysql.binlog.network.protocol.Packet;
 import com.github.shyiko.mysql.binlog.network.protocol.PacketChannel;
 import com.github.shyiko.mysql.binlog.network.protocol.ResultSetRowPacket;
-import com.github.shyiko.mysql.binlog.network.protocol.command.AuthenticateCommand;
-import com.github.shyiko.mysql.binlog.network.protocol.command.Command;
-import com.github.shyiko.mysql.binlog.network.protocol.command.DumpBinaryLogCommand;
-import com.github.shyiko.mysql.binlog.network.protocol.command.DumpBinaryLogGtidCommand;
-import com.github.shyiko.mysql.binlog.network.protocol.command.PingCommand;
-import com.github.shyiko.mysql.binlog.network.protocol.command.QueryCommand;
-import com.github.shyiko.mysql.binlog.network.protocol.command.SSLRequestCommand;
+import com.github.shyiko.mysql.binlog.network.protocol.command.*;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
@@ -722,6 +716,18 @@ private void authenticate(GreetingPacket greetingPacket) throws IOException {
                 ErrorPacket errorPacket = new ErrorPacket(bytes);
                 throw new AuthenticationException(errorPacket.getErrorMessage(), errorPacket.getErrorCode(),
                     errorPacket.getSqlState());
+            } else if ( authenticationResult[0] == (byte) 0xFE /* switch auth method */) {
+                ByteArrayInputStream buffer = new ByteArrayInputStream(authenticationResult);
+                buffer.read(1);
+                String authName = buffer.readZeroTerminatedString();
+                if (authName.equals("mysql_native_password")) {
+                    String scramble = buffer.readZeroTerminatedString();
+
+                    Command switchCommand = new AuthenticateNativePasswordCommand(scramble, password);
+                    channel.write(switchCommand, 3);
+                    byte[] authResult = channel.read();
+                    return;
+                }
             }
             throw new AuthenticationException("Unexpected authentication result (" + authenticationResult[0] + ")");
         }

diff --git a/src/main/java/com/github/shyiko/mysql/binlog/network/ClientCapabilities.java b/src/main/java/com/github/shyiko/mysql/binlog/network/ClientCapabilities.java
@@ -42,6 +42,7 @@ public final class ClientCapabilities {
     public static final int MULTI_RESULTS = 1 << 17; /* enable/disable multi-results */
     public static final int PS_MULTI_RESULTS = 1 << 18; /* multi-results in ps-protocol */
     public static final int PLUGIN_AUTH = 1 << 19; /* client supports plugin authentication */
+    public static final int PLUGIN_AUTH_LEN_ENC = 1 << 21;
     public static final int SSL_VERIFY_SERVER_CERT = 1 << 30;
     public static final int REMEMBER_OPTIONS = 1 << 31;
 

diff --git a/src/main/java/com/github/shyiko/mysql/binlog/network/protocol/GreetingPacket.java b/src/main/java/com/github/shyiko/mysql/binlog/network/protocol/GreetingPacket.java
@@ -81,4 +81,7 @@ public int getServerCollation() {
         return serverCollation;
     }
 
+    public void setScramble(String s) {
+        this.scramble = s;
+    }
 }
diff --git a/...ain/java/com/github/shyiko/mysql/binlog/network/protocol/command/AuthenticateCommand.java b/...ain/java/com/github/shyiko/mysql/binlog/network/protocol/command/AuthenticateCommand.java
@@ -55,10 +55,14 @@ public byte[] toByteArray() throws IOException {
         int clientCapabilities = this.clientCapabilities;
         if (clientCapabilities == 0) {
             clientCapabilities = ClientCapabilities.LONG_FLAG |
-                    ClientCapabilities.PROTOCOL_41 | ClientCapabilities.SECURE_CONNECTION;
+                    ClientCapabilities.PROTOCOL_41 |
+                    ClientCapabilities.SECURE_CONNECTION |
+                    ClientCapabilities.LONG_PASSWORD |
+                    ClientCapabilities.PLUGIN_AUTH;
             if (schema != null) {
                 clientCapabilities |= ClientCapabilities.CONNECT_WITH_DB;
             }
+            clientCapabilities |= ClientCapabilities.PLUGIN_AUTH_LEN_ENC;
         }
         buffer.writeInteger(clientCapabilities, 4);
         buffer.writeInteger(0, 4); // maximum packet length
@@ -73,13 +77,14 @@ public byte[] toByteArray() throws IOException {
         if (schema != null) {
             buffer.writeZeroTerminatedString(schema);
         }
+        buffer.writeZeroTerminatedString("mysql_native_password");
         return buffer.toByteArray();
     }
 
     /**
      * see mysql/sql/password.c scramble(...)
      */
-    private static byte[] passwordCompatibleWithMySQL411(String password, String salt) {
+    public static byte[] passwordCompatibleWithMySQL411(String password, String salt) {
         MessageDigest sha;
         try {
             sha = MessageDigest.getInstance("SHA-1");

diff --git a/...ithub/shyiko/mysql/binlog/network/protocol/command/AuthenticateNativePasswordCommand.java b/...ithub/shyiko/mysql/binlog/network/protocol/command/AuthenticateNativePasswordCommand.java
@@ -0,0 +1,16 @@
+package com.github.shyiko.mysql.binlog.network.protocol.command;
+
+import java.io.IOException;
+
+public class AuthenticateNativePasswordCommand implements Command {
+    private final String scramble, password;
+
+    public AuthenticateNativePasswordCommand(String scramble, String password) {
+        this.scramble = scramble;
+        this.password = password;
+    }
+    @Override
+    public byte[] toByteArray() throws IOException {
+        return AuthenticateCommand.passwordCompatibleWithMySQL411(password, scramble);
+    }
+}