backend: fix using password in the error message is wrong (#333)

pingcap · Jul 19, 2023 · 56eb332 · 56eb332
1 parent 9a49933
commit 56eb332
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/pkg/proxy/backend/authenticator.go b/pkg/proxy/backend/authenticator.go
@@ -203,8 +203,9 @@ func (auth *Authenticator) handshakeFirstTime(logger *zap.Logger, cctx ConnConte
 	// forward client handshake resp
 	if err := auth.writeAuthHandshake(
 		backendIO, backendTLSConfig, backendCapability,
-		// send an unknown auth plugin so that the backend will request the auth data again.
-		unknownAuthPlugin, nil, 0,
+		// Send an unknown auth plugin so that the backend will request the auth data again.
+		// Copy the auth data so that the backend can set correct `using password` in the error message.
+		unknownAuthPlugin, clientResp.AuthData, 0,
 	); err != nil {
 		return pnet.WrapUserError(err, handshakeErrMsg)
 	}

diff --git a/pkg/proxy/backend/authenticator_test.go b/pkg/proxy/backend/authenticator_test.go
@@ -267,3 +267,26 @@ func TestEnableTLS(t *testing.T) {
 		clean()
 	}
 }
+
+// Even if auth fails, the auth data should be passed so that `using password` in the error message is correct.
+func TestAuthFail(t *testing.T) {
+	cfgs := []cfgOverrider{
+		func(cfg *testConfig) {
+			cfg.clientConfig.authData = nil
+			cfg.backendConfig.authSucceed = false
+		},
+		func(cfg *testConfig) {
+			cfg.clientConfig.authData = []byte("dummy")
+			cfg.backendConfig.authSucceed = false
+		},
+	}
+
+	tc := newTCPConnSuite(t)
+	for _, cfg := range cfgs {
+		ts, clean := newTestSuite(t, tc, cfg)
+		ts.authenticateFirstTime(t, func(t *testing.T, ts *testSuite) {
+			require.Equal(t, len(ts.mc.authData), len(ts.mb.authData))
+		})
+		clean()
+	}
+}