Bug #97348 'Unknown database' error on connecting to the database with SslMode=None
Submitted: 23 Oct 2019 17:17 Modified: 28 Oct 2019 7:03
Reporter: Anatoli Koutsevol Email Updates:
Status: Can't repeat Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:8.0.18 OS:Any
Assigned to: CPU Architecture:Any

[23 Oct 2019 17:17] Anatoli Koutsevol 
Description:
Opening the connection with some existing database name assigned to Database option and with SslMode set to None causes authentication error with the message "Unknown database '***'". The database name, that is shown in the error message, is the requested database with the first character missing from it.

The problem seems to be caused by the error in WritePassword method implementation in MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin abstract class:

private void WritePassword(MySqlPacket packet)
    {
      bool secure = (Flags & ClientFlags.SECURE_CONNECTION) != 0;
      object password = GetPassword();
      if (password is string)
      {
        if (secure)
          packet.WriteLenString((string)password);
        else
          packet.WriteString((string)password);
      }
      else if (password == null)
        packet.WriteByte(0);
      else if (password is byte[])
        packet.Write(password as byte[]);
      else throw new MySqlException("Unexpected password format: " + password.GetType());
    }

Ending zero is missing after writing 
  packet.Write(password as byte[]);
So reading server-side code seems to be skipping the first character of the database name that has been written after the password. 

How to repeat:
Run the following code:

    class Program
    {
        static void Main(string[] args)
        {
            var csb = new MySqlConnectionStringBuilder
            {
                Server = "target.tslab.prv",
                Port = 3306,
                UserID = "user",
                Password = "secret123",
                Database = "mysql",
                SslMode = MySqlSslMode.None
            };
            using (var con = new MySqlConnection(csb.ConnectionString))
            {
                con.Open();
                Console.WriteLine($"Connected to {csb.Server}");
            }
        }
    }

Expected output: 
    Connected to target.tslab.prv

But it causes Unhandled Exception: 
MySql.Data.MySqlClient.MySqlException: Authentication to host 'utln36.tslab.prv' for user 'root' using method 'caching_sha2_password' failed with message: Unknown database 'ysql' ---> MySql.Data.MySqlClient.MySqlException: Unknown database 'ysql'
   at MySql.Data.MySqlClient.MySqlStream.ReadPacket()
   at MySql.Data.MySqlClient.NativeDriver.ReadPacket()
   at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.ReadPacket()
   --- End of inner exception stack trace ---
   at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.AuthenticationFailed(Exception ex)
   at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.ReadPacket()
   at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.ContinueAuthentication(Byte[] data)
   at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.HandleAuthChange(MySqlPacket packet)
   at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.Authenticate(Boolean reset)
   at MySql.Data.MySqlClient.NativeDriver.Authenticate(String authMethod, Boolean reset)
   at MySql.Data.MySqlClient.NativeDriver.Open()
   at MySql.Data.MySqlClient.Driver.Open()
   at MySql.Data.MySqlClient.Driver.Create(MySqlConnectionStringBuilder settings)
   at MySql.Data.MySqlClient.MySqlPool.CreateNewPooledConnection()
   at MySql.Data.MySqlClient.MySqlPool.GetPooledConnection()
   at MySql.Data.MySqlClient.MySqlPool.TryToGetDriver()
   at MySql.Data.MySqlClient.MySqlPool.GetConnection()
   at MySql.Data.MySqlClient.MySqlConnection.Open()
   at ConsoleApp.Program.Main(String[] args)

Suggested fix:
    private void WritePassword(MySqlPacket packet)
    {
      bool secure = (Flags & ClientFlags.SECURE_CONNECTION) != 0;
      object password = GetPassword();
      if (password is string)
      {
        if (secure)
          packet.WriteLenString((string)password);
        else
          packet.WriteString((string)password);
      }
      else if (password is byte[] passwordBytes)
      {
          packet.Write(passwordBytes);
      }
      else if (password != null)
      {
          throw new MySqlException("Unexpected password format: " + password.GetType());
      }
      packet.WriteByte(0);
    }
[23 Oct 2019 17:26] Anatoli Koutsevol 
The suggested fix code better be changed to the following:

private void WritePassword(MySqlPacket packet)
    {
        bool secure = (Flags & ClientFlags.SECURE_CONNECTION) != 0;
        object password = GetPassword();
        if (password is string)
        {
            if (secure)
                packet.WriteLenString((string) password);
            else
                packet.WriteString((string) password);
        }
        else
        {
            if (password is byte[] passwordBytes)
            {
                packet.Write(passwordBytes);
                return;
            }
            else if (password != null)
            {
                throw new MySqlException("Unexpected password format: " + password.GetType());
            }
            packet.WriteByte(0);
        }
    }
[23 Oct 2019 17:29] Anatoli Koutsevol 
Once again without return that was used to demonstrate the bug. I wish I know how to edit the comments here instead of adding the new one. :(

    private void WritePassword(MySqlPacket packet)
    {
        bool secure = (Flags & ClientFlags.SECURE_CONNECTION) != 0;
        object password = GetPassword();
        if (password is string)
        {
            if (secure)
                packet.WriteLenString((string) password);
            else
                packet.WriteString((string) password);
        }
        else
        {
            if (password is byte[] passwordBytes)
            {
                packet.Write(passwordBytes);
            }
            else if (password != null)
            {
                throw new MySqlException("Unexpected password format: " + password.GetType());
            }
            packet.WriteByte(0);
        }
    }
[23 Oct 2019 19:13] Anatoli Koutsevol 
Instead of modifying WritePassword method in MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin abstract class it may be better to fix the code in GetPassword method of MySql.Data.MySqlClient.Authentication.Sha256AuthenticationPlugin class. Ending zero byte was missing from <code>return new byte[] { 0x01 }<code> :

    public override object GetPassword()
    {
      if (Settings.SslMode != MySqlSslMode.None)
      {
        // send as clear text, since the channel is already encrypted
        byte[] passBytes = Encoding.GetBytes(Settings.Password);
        byte[] buffer = new byte[passBytes.Length + 2];
        Array.Copy(passBytes, 0, buffer, 1, passBytes.Length);
        buffer[0] = (byte) (passBytes.Length+1);
        buffer[buffer.Length-1] = 0x00;
        return buffer;
      }
      else
      {
        if (Settings.Password.Length == 0) return new byte[1];
        // send RSA encrypted, since the channel is not protected
        else if (rawPubkey == null) return new byte[] { 0x01, 0x00 }; // was: { 0x01 };
                else if (!Settings.AllowPublicKeyRetrieval)
          throw new MySqlException(Resources.RSAPublicKeyRetrievalNotEnabled);
        else
        {
          byte[] bytes = GetRsaPassword(Settings.Password, AuthenticationData, rawPubkey);
          if (bytes != null && bytes.Length == 1 && bytes[0] == 0) return null;
          return bytes;
        }
      }
    }
[24 Oct 2019 3:29] Bradley Grainger 
I can't reproduce a logon failure when using MySql.Data 8.0.18 to connect to MySQL Server 8.0.18 (Docker container).

There's also no failure with MySqlConnector https://github.com/mysql-net/MySqlConnector which also doesn't send a trailing NULL byte after the caching_sha2_password hashed password.

What MySQL Server and version are you using? I wonder if you're using a different server-side implementation that's not handling the hashed password correctly? Or you could try connecting with MySqlConnector to see if a different client is successful.
[24 Oct 2019 11:00] Anatoli Koutsevol 
I am using the following server:
mysql  Ver 8.0.18 for Linux on x86_64 (MySQL Community Server - GPL)
[24 Oct 2019 11:06] Anatoli Koutsevol 
SHOW VARIABLES LIKE "%version%";

'immediate_server_version', '999999'
'innodb_version', '8.0.18'
'original_server_version', '999999'
'protocol_version', '10'
'slave_type_conversions', ''
'tls_version', 'TLSv1,TLSv1.1,TLSv1.2'
'version', '8.0.18'
'version_comment', 'MySQL Community Server - GPL'
'version_compile_machine', 'x86_64'
'version_compile_os', 'Linux'
'version_compile_zlib', '1.2.11'
[28 Oct 2019 7:03] MySQL Verification Team 
Hello Anatoli,

Thank you for the report and feedback.
I'm also not able to reproduce as confirmed by Bradley Grainger on Win10 with VS 2019, C/NET 8.0.18 and MySQL Server 8.0.18 running remotely or even locally. Issue is seen only when I purposely remove first letter of the schema name but there was other issue initially which was handled after AllowPublicKeyRetrieval = true option. Could you please export/compress and provide exact test case from your environment to reproduce this issue at our end?

If you can provide more information, feel free to add it to this bug and change the status back to 'Open'.  

Thank you for your interest in MySQL.

regards,
Umesh
[26 Jul 2023 14:23] Heba Mohammed 
My problem is
Authentication to host 'localhost' for user 'root' using method 'mysql_native_password' failed with message: Unknown database 'rtl'