| 344 | } |
| 345 | |
| 346 | func (mc *mysqlConn) handleAuthResult(oldAuthData []byte, plugin string) error { |
| 347 | // Read Result Packet |
| 348 | authData, newPlugin, err := mc.readAuthResult() |
| 349 | if err != nil { |
| 350 | return err |
| 351 | } |
| 352 | |
| 353 | // handle auth plugin switch, if requested |
| 354 | if newPlugin != "" { |
| 355 | // If CLIENT_PLUGIN_AUTH capability is not supported, no new cipher is |
| 356 | // sent and we have to keep using the cipher sent in the init packet. |
| 357 | if authData == nil { |
| 358 | authData = oldAuthData |
| 359 | } else { |
| 360 | // copy data from read buffer to owned slice |
| 361 | copy(oldAuthData, authData) |
| 362 | } |
| 363 | |
| 364 | plugin = newPlugin |
| 365 | |
| 366 | authResp, err := mc.auth(authData, plugin) |
| 367 | if err != nil { |
| 368 | return err |
| 369 | } |
| 370 | if err = mc.writeAuthSwitchPacket(authResp); err != nil { |
| 371 | return err |
| 372 | } |
| 373 | |
| 374 | // Read Result Packet |
| 375 | authData, newPlugin, err = mc.readAuthResult() |
| 376 | if err != nil { |
| 377 | return err |
| 378 | } |
| 379 | |
| 380 | // Do not allow to change the auth plugin more than once |
| 381 | if newPlugin != "" { |
| 382 | return ErrMalformPkt |
| 383 | } |
| 384 | } |
| 385 | |
| 386 | switch plugin { |
| 387 | |
| 388 | // https://dev.mysql.com/blog-archive/preparing-your-community-connector-for-mysql-8-part-2-sha256/ |
| 389 | case "caching_sha2_password": |
| 390 | switch len(authData) { |
| 391 | case 0: |
| 392 | return nil // auth successful |
| 393 | case 1: |
| 394 | switch authData[0] { |
| 395 | case cachingSha2PasswordFastAuthSuccess: |
| 396 | if err = mc.resultUnchanged().readResultOK(); err == nil { |
| 397 | return nil // auth successful |
| 398 | } |
| 399 | |
| 400 | case cachingSha2PasswordPerformFullAuthentication: |
| 401 | if mc.cfg.TLS != nil || mc.cfg.Net == "unix" { |
| 402 | // write cleartext auth packet |
| 403 | err = mc.writeAuthSwitchPacket(append([]byte(mc.cfg.Passwd), 0)) |