MCPcopy
hub / github.com/go-sql-driver/mysql / auth

Method auth

auth.go:277–344  ·  view source on GitHub ↗
(authData []byte, plugin string)

Source from the content-addressed store, hash-verified

275}
276
277func (mc *mysqlConn) auth(authData []byte, plugin string) ([]byte, error) {
278 switch plugin {
279 case "caching_sha2_password":
280 authResp := scrambleSHA256Password(authData, mc.cfg.Passwd)
281 return authResp, nil
282
283 case "mysql_old_password":
284 if !mc.cfg.AllowOldPasswords {
285 return nil, ErrOldPassword
286 }
287 if len(mc.cfg.Passwd) == 0 {
288 return nil, nil
289 }
290 // Note: there are edge cases where this should work but doesn't;
291 // this is currently "wontfix":
292 // https://github.com/go-sql-driver/mysql/issues/184
293 authResp := append(scrambleOldPassword(authData[:8], mc.cfg.Passwd), 0)
294 return authResp, nil
295
296 case "mysql_clear_password":
297 if !mc.cfg.AllowCleartextPasswords {
298 return nil, ErrCleartextPassword
299 }
300 // http://dev.mysql.com/doc/refman/5.7/en/cleartext-authentication-plugin.html
301 // http://dev.mysql.com/doc/refman/5.7/en/pam-authentication-plugin.html
302 return append([]byte(mc.cfg.Passwd), 0), nil
303
304 case "mysql_native_password":
305 if !mc.cfg.AllowNativePasswords {
306 return nil, ErrNativePassword
307 }
308 // https://dev.mysql.com/doc/dev/mysql-server/8.4.5/page_protocol_connection_phase_authentication_methods_native_password_authentication.html
309 // Native password authentication only need and will need 20-byte challenge.
310 authResp := scramblePassword(authData[:20], mc.cfg.Passwd)
311 return authResp, nil
312
313 case "sha256_password":
314 if len(mc.cfg.Passwd) == 0 {
315 return []byte{0}, nil
316 }
317 // unlike caching_sha2_password, sha256_password does not accept
318 // cleartext password on unix transport.
319 if mc.cfg.TLS != nil {
320 // write cleartext auth packet
321 return append([]byte(mc.cfg.Passwd), 0), nil
322 }
323
324 pubKey := mc.cfg.pubKey
325 if pubKey == nil {
326 // request public key from server
327 return []byte{1}, nil
328 }
329
330 // encrypted password
331 enc, err := encryptPassword(mc.cfg.Passwd, authData, pubKey)
332 return enc, err
333
334 case "client_ed25519":

Calls 6

logMethod · 0.95
scrambleSHA256PasswordFunction · 0.85
scrambleOldPasswordFunction · 0.85
scramblePasswordFunction · 0.85
encryptPasswordFunction · 0.85
authEd25519Function · 0.85