MySQL: support for MYSQL_SECURE_AUTH

[simon-graham]

In the latest version 6.1.0 of the MySQL Connector/C, "secure-auth" in the client is enabled by default. See the MYSQL_SECURE_AUTH documentation here. Similarly, there is a server "secure-auth" setting described here.

On my MySQL server 5.0.95 running on CentOS 5, the secure-auth setting defaults to OFF. Thus if you link Poco::Data::MySQL against v6.1.0 of the C connector, and attempt to connect to this server it fails with a Poco::Data::ConnectionFailedException:

Connection attempt failed: Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled)

The solution is to expose the client secure-auth setting through the Session options. The below diff is for the latest 1.5.x code:

Index: Data/MySQL/src/SessionImpl.cpp
===================================================================
--- Data/MySQL/src/SessionImpl.cpp  (revision 2536)
+++ Data/MySQL/src/SessionImpl.cpp  (working copy)
@@ -109,6 +109,7 @@
    options["db"] = "";
    options["compress"] = "";
    options["auto-reconnect"] = "";
+   options["secure-auth"] = "";

    const std::string& connString = connectionString();
    for (std::string::const_iterator start = connString.begin();;) 
@@ -126,7 +127,7 @@
        start = finish + 1;
    } 

-   if (options["user"] == "")
+   if (options["user"].empty())
        throw MySQLException("create session: specify user name");

    const char * db = NULL;
@@ -141,16 +142,23 @@
        _handle.options(MYSQL_OPT_COMPRESS);
    else if (options["compress"] == "false")
        ;
-   else if (options["compress"] != "")
+   else if (!options["compress"].empty())
        throw MySQLException("create session: specify correct compress option (true or false) or skip it");

    if (options["auto-reconnect"] == "true")
        _handle.options(MYSQL_OPT_RECONNECT, true);
    else if (options["auto-reconnect"] == "false")
        _handle.options(MYSQL_OPT_RECONNECT, false);
-   else if (options["auto-reconnect"] != "")
+   else if (!options["auto-reconnect"].empty())
        throw MySQLException("create session: specify correct auto-reconnect option (true or false) or skip it");

+   if (options["secure-auth"] == "true")
+       _handle.options(MYSQL_SECURE_AUTH, true);
+   else if (options["secure-auth"] == "false")
+       _handle.options(MYSQL_SECURE_AUTH, false);
+   else if (!options["secure-auth"].empty())
+       throw MySQLException("create session: specify correct secure-auth option (true or false) or skip it");
+
    // Real connect
    _handle.connect(options["host"].c_str(), 
            options["user"].c_str(), 

[simon-graham]

Afterwards, I'm successfully able to connect to the server using code like the following:

const std::string host="127.0.0.1";
const std::string user="root";
const std::string password="password";
const std::string db="test";
Poco::Data::Session session(Poco::Data::MySQL::Connector::KEY,
    "host=" + host + ";user=" + user + ";password=" + password +";db=" + db + ";secure-auth=false");

[simon-graham]

For reference, the Connector/C (libmysqlclient) v6.1.0 source code is available here. You can see in mysql_init() in sql-common/client.c where it initialises sec_auth to TRUE.

mysql->options.secure_auth= TRUE;