Re: e8021aaf28e: auth: refactor MYSQL_AUTHENTICATION_INTERFACE_VERSION naming
Hi, Nikita, This looks very confusing, this is not how versions work. What are you trying to achieve by that? On Oct 07, Nikita Malyavin wrote:
revision-id: e8021aaf28e (mariadb-11.6.1-9-ge8021aaf28e) parent(s): a5b80531fbb author: Nikita Malyavin committer: Nikita Malyavin timestamp: 2024-10-04 00:16:17 +0200 message:
auth: refactor MYSQL_AUTHENTICATION_INTERFACE_VERSION naming
Rename MYSQL_AUTHENTICATION_INTERFACE_VERSION to MYSQL_AUTH_INTERFACE_VERSION_2_02. This is the current latest version, and it will be fixed to all auth plugins for current implementation. MYSQL_AUTHENTICATION_INTERFACE_VERSION will stay for compatibility with 3-rd party auth plugins and will be fixed to V. 2.02. Add MYSQL_AUTHENTICATION_INTERFACE_VERSION_LAST that will be updated as needed. Add MYSQL_AUTH_INTERFACE_MAJOR_MASK to identify major version.
Regards, Sergei Chief Architect, MariaDB Server and security@mariadb.org
Hello Sergei. How do versions work, then? On Mon, 7 Oct 2024 at 16:51, Sergei Golubchik <serg@mariadb.org> wrote:
Hi, Nikita,
This looks very confusing, this is not how versions work. What are you trying to achieve by that?
revision-id: e8021aaf28e (mariadb-11.6.1-9-ge8021aaf28e) parent(s): a5b80531fbb author: Nikita Malyavin committer: Nikita Malyavin timestamp: 2024-10-04 00:16:17 +0200 message:
auth: refactor MYSQL_AUTHENTICATION_INTERFACE_VERSION naming
Rename MYSQL_AUTHENTICATION_INTERFACE_VERSION to MYSQL_AUTH_INTERFACE_VERSION_2_02. This is the current latest version, and it will be fixed to all auth
On Oct 07, Nikita Malyavin wrote: plugins
for current implementation. MYSQL_AUTHENTICATION_INTERFACE_VERSION will stay for compatibility with 3-rd party auth plugins and will be fixed to V. 2.02. Add MYSQL_AUTHENTICATION_INTERFACE_VERSION_LAST that will be updated as needed. Add MYSQL_AUTH_INTERFACE_MAJOR_MASK to identify major version.
Regards, Sergei Chief Architect, MariaDB Server and security@mariadb.org
-- Yours truly, Nikita Malyavin
Hi, Nikita, Plugins don't have to choose. If the API is changed, all plugins compiled with it use this version - the version they were compiled with. But after looking at the second patch I think that you didn't introduce any changes in the API, so the version doesn't need to be increased at all. On Oct 07, Nikita Malyavin wrote:
Hello Sergei.
How do versions work, then?
On Mon, 7 Oct 2024 at 16:51, Sergei Golubchik <serg@mariadb.org> wrote:
Hi, Nikita,
This looks very confusing, this is not how versions work. What are you trying to achieve by that?
On Oct 07, Nikita Malyavin wrote:
revision-id: e8021aaf28e (mariadb-11.6.1-9-ge8021aaf28e) parent(s): a5b80531fbb author: Nikita Malyavin committer: Nikita Malyavin timestamp: 2024-10-04 00:16:17 +0200 message:
auth: refactor MYSQL_AUTHENTICATION_INTERFACE_VERSION naming
Regards, Sergei Chief Architect, MariaDB Server and security@mariadb.org
Plugins don't have to choose. If the API is changed, all plugins compiled with it use this version - the version they were compiled with.
Sounds weird. What would the version be for then? Besides, there's 0x100 plugin, which is supposed to be compiled with version 0x0100 (I guess this means 1.0 and hence all the related renaming is done). The sql_acl side also checks the version and uses the API accordingly.
But after looking at the second patch I think that you didn't introduce any changes in the API, so the version doesn't need to be increased at all.
I made -- now hash_password is called for empty password, which wasn't expected by old plugin. -- Yours truly, Nikita Malyavin
Hi, Nikita, On Oct 07, Nikita Malyavin wrote:
Plugins don't have to choose. If the API is changed, all plugins compiled with it use this version - the version they were compiled with.
Sounds weird. What would the version be for then?
It's the API version. When the API changes, the version is increased.
Besides, there's 0x100 plugin, which is supposed to be compiled with version 0x0100 (I guess this means 1.0 and hence all the related renaming is done).
Yes, and it is compiled with version 0x0100.
But after looking at the second patch I think that you didn't introduce any changes in the API, so the version doesn't need to be increased at all.
I made -- now hash_password is called for empty password, which wasn't expected by old plugin.
It was, it starts from if (password_length == 0) *hash_length= 0; else Regards, Sergei Chief Architect, MariaDB Server and security@mariadb.org
Hi Sergei, I don't really understand your points. I guess you could mean that we update the plugins that we maintain to the latest API version, as soon as it is updated. I also point out, that the api behavior is changed with calling hash_password for empty passwords. I thought that it breaks old_password, so decided that it can be significant to update the version. But as you provide the correct way to do that, and it doesn't break anything, it's likely not worth it. Regards, Nikita
participants (2)
-
Nikita Malyavin -
Sergei Golubchik