Bug#33357723 Oracle Analytic Cloud connection failure

Issue
=====

The mysql protocol implementation used by OAC sends a client greeting
which announces:

capabilities:

  - WITH_SCHEMA
  - PLUGIN_AUTH
  - no CONNECT_ATTRibutes

which according to the spec should lead to:

- caps
- max-packet-size
- collation
- 23-bytes of 0
- username
- auth-data
- schema
- auth-name

But the payload that's sent stops right after the "schema" part:

  ...mysql\0

It is accepted like that by the server, but the router is strict
according to the spec.

Change
======

- accept client::Greeting messages which announce PLUGIN_AUTH, but don't
  send a plugin name
- fixed error-msg if decoding client greeting failed.

RB: 27018

Author: weigon

router/src/mysql_protocol/include/mysqlrouter/classic_protocol_codec_message.h

@@ -2432,12 +2432,23 @@ class Codec<message::client::Greeting>
           accu.step(wire::NulTermString(v_.schema()));
         }
 
-        if (shared_caps[classic_protocol::capabilities::pos::plugin_auth]) {
-          accu.step(wire::NulTermString(v_.auth_method_name()));
-        }
-
-        if (shared_caps
+        if (!shared_caps
                 [classic_protocol::capabilities::pos::connect_attributes]) {
+          // special handling for off-spec client/server implimentations.
+          //
+          // 1. older clients may set ::plugin_auth, but
+          //    ::connection_attributes which means nothing follows the
+          //    "auth-method-name" field
+          // 2. auth-method-name is empty, it MAY be skipped.
+          if (shared_caps[classic_protocol::capabilities::pos::plugin_auth] &&
+              !v_.auth_method_name().empty()) {
+            accu.step(wire::NulTermString(v_.auth_method_name()));
+          }
+        } else {
+          if (shared_caps[classic_protocol::capabilities::pos::plugin_auth]) {
+            accu.step(wire::NulTermString(v_.auth_method_name()));
+          }
+
           accu.step(wire::VarString(v_.attributes()));
         }
       }
@@ -2556,7 +2567,13 @@ class Codec<message::client::Greeting>
       stdx::expected<wire::NulTermString, std::error_code> auth_method_res;
       if (shared_capabilities
               [classic_protocol::capabilities::pos::plugin_auth]) {
-        auth_method_res = accu.template step<wire::NulTermString>();
+        if (net::buffer_size(buffers) == accu.result().value()) {
+          // even with plugin_auth set, the server is fine, if no
+          // auth_method_name is sent.
+          auth_method_res = wire::NulTermString{};
+        } else {
+          auth_method_res = accu.template step<wire::NulTermString>();
+        }
       }
       if (!auth_method_res)
         return stdx::make_unexpected(auth_method_res.error());

router/src/mysql_protocol/tests/test_classic_protocol_message.cc

@@ -1181,9 +1181,7 @@ INSTANTIATE_TEST_SUITE_P(Spec, CodecMessageClientStmtFetchTest,
 
 // client::Greeting
 
-namespace classic_protocol {
-namespace message {
-namespace client {
+namespace classic_protocol::message::client {
 std::ostream &operator<<(std::ostream &os, const Greeting &v) {
   os << "Greeting: "
      << "\n";
@@ -1195,9 +1193,7 @@ std::ostream &operator<<(std::ostream &os, const Greeting &v) {
 
   return os;
 }
-}  // namespace client
-}  // namespace message
-}  // namespace classic_protocol
+}  // namespace classic_protocol::message::client
 
 using CodecMessageClientGreetingTest =
     CodecTest<classic_protocol::message::client::Greeting>;
@@ -1369,6 +1365,38 @@ const CodecParam<classic_protocol::message::client::Greeting>
                  0x00, 0x00, 0x00, 0x00,  //
                  0x00, 0x00, 0x00         //
              }},
+            {
+                "choma",
+                {
+                    0b1011'1010'0010'0000'1111,  // caps:
+                                                 // long-pass
+                                                 // found-rows
+                                                 // long-flag
+                                                 // connect-with-schema
+                                                 // protocol_41
+                                                 // transactions
+                                                 // secure_connections
+                                                 // plugin_auth (set, but then
+                                                 // not used)
+                    (1 << 24) - 1,               // max-packet-size
+                    0xff,                        // collation
+                    "myroot",                    // user
+                    "\x14\xa5\xed\xe0\xdf\x96\x9d\x5e"
+                    "\xca\xa3\x45\xc3\x93\x55\xfe\x22"
+                    "\x99\x62\xc9\xed",  // authdata
+                    "mysql",             // schema
+                    "",                  // authmethod
+                    {}                   // attributes
+                },                       // client::Greeting
+                0xffffffff,              // server-caps
+                {0x0f, 0xa2, 0x0b, 0x00, 0xff, 0xff, 0xff, 0x00, 0xff, 0x00,
+                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                 0x00, 0x00, 0x6d, 0x79, 0x72, 0x6f, 0x6f, 0x74, 0x00, 0x14,
+                 0x14, 0xa5, 0xed, 0xe0, 0xdf, 0x96, 0x9d, 0x5e, 0xca, 0xa3,
+                 0x45, 0xc3, 0x93, 0x55, 0xfe, 0x22, 0x99, 0x62, 0xc9, 0xed,
+                 0x6d, 0x79, 0x73, 0x71, 0x6c, 0x00}  // bytes
+            },
 };
 
 INSTANTIATE_TEST_SUITE_P(
@@ -1380,9 +1408,7 @@ INSTANTIATE_TEST_SUITE_P(
 
 // client::ChangeUser
 
-namespace classic_protocol {
-namespace message {
-namespace client {
+namespace classic_protocol::message::client {
 std::ostream &operator<<(std::ostream &os, const ChangeUser &v) {
   os << "ChangeUser: "
      << "\n";
@@ -1392,9 +1418,7 @@ std::ostream &operator<<(std::ostream &os, const ChangeUser &v) {
 
   return os;
 }
-}  // namespace client
-}  // namespace message
-}  // namespace classic_protocol
+}  // namespace classic_protocol::message::client
 
 using CodecMessageClientChangeUserTest =
     CodecTest<classic_protocol::message::client::ChangeUser>;

router/src/routing/src/classic_protocol_splicer.cc

@@ -370,7 +370,7 @@ BasicSplicer::State ClassicProtocolSplicer::client_greeting() {
       return state();
     }
 
-    log_debug("decoding server greeting failed: %s",
+    log_debug("decoding client greeting failed: %s",
               header_decode_res.error().message().c_str());
 
     return State::FINISH;
@@ -406,7 +406,7 @@ BasicSplicer::State ClassicProtocolSplicer::client_greeting() {
       return state();
     }
 
-    log_debug("decoding server greeting failed: %s",
+    log_debug("decoding client greeting failed: %s",
               payload_decode_res.error().message().c_str());
 
     return State::FINISH;
@@ -647,7 +647,7 @@ BasicSplicer::State ClassicProtocolSplicer::tls_client_greeting() {
       return state();
     }
 
-    log_debug("decoding server greeting failed: %s",
+    log_debug("decoding client greeting after TLS failed: %s",
               decode_res.error().message().c_str());
 
     return State::FINISH;