server: unix socket should verify user's authentication #8381
Conversation
|
/run-sqllogic-test |
server/server.go
Outdated
| @@ -129,7 +129,7 @@ func (s *Server) newConn(conn net.Conn) *clientConn { | |||
| return cc | |||
| } | |||
|
|
|||
| func (s *Server) skipAuth() bool { | |||
| func (s *Server) isLocal() bool { | |||
There was a problem hiding this comment.
The function name is isLocal and the function implement is c.cfg.Socket ? That seems weird
@jackysp
There was a problem hiding this comment.
Should it be isLocalSocket or isUnixSocket? There could be a local tcp connection. We will not support them, but MySQL also supports local named pipe and shm on windows.
There was a problem hiding this comment.
isUnixSocket sounds good.
server/conn.go
Outdated
| @@ -391,16 +392,17 @@ func (cc *clientConn) openSessionAndDoAuth(authData []byte) error { | |||
| if err != nil { | |||
| return errors.Trace(err) | |||
| } | |||
| if !cc.server.skipAuth() { | |||
| // Do Auth. | |||
| host := variable.ServerHostname | |||
There was a problem hiding this comment.
it seems mysql here will got "localhost" and do auth logic
There was a problem hiding this comment.
Yes, I know it. I used to set host to a const string here, due to I have not checked the implementation of MySQL. If it is critical, I'll check when will MySQL set "localhost" and whether there are other cases.
There was a problem hiding this comment.
I think a const is valid here :-) MySQL has a special handling/meaning of "localhost". Clients that connect to "localhost" will be redirected to a socket etc.
|
/run-all-tests |
|
/run-sqllogic-test |
|
/run-integration-ddl-test |
|
LGTM |
|
/run-all-tests |
|
PTAL @tiancaiamao @lysu @zimulala |
What problem does this PR solve?
Fix #8372 . The connection should verify user's authentication when using unix socket.
What is changed and how it works?
Verify user's authentication when using unix socket.
Check List
Tests
Code changes
Side effects
Related changes
This change is