Proxy not changing user for pooled connection

Asked by Mark Smeed on 2011-10-06

I am using the rw-splitting.lua in a multi user enviroment. I have noticed that when the proxy uses a pooled connection, it does not change the user. Resulting in the user B have user A's privileges which causes no end of security problems.

I have all noticed the error: 2011-10-06 17:10:58: [global] (debug) [network-mysqld.c:944]: error on a connection (fd: -1 event: 0). closing client connection.

I was using 0.8.2 and tried 0.9.0 in the hope this issue would have been resolved.

Currently I am using:
mysql-proxy 0.9.0
  chassis: mysql-proxy 0.9.0
  glib2: 2.28.0
  libevent: 1.4.13-stable
  LUA: Lua 5.1.4
    package.path: /usr/local/lib/mysql-proxy/lua/?.lua
    package.cpath: /usr/local/lib/mysql-proxy/lua/?.so
-- modules
  admin: 0.9.0
  proxy: 0.9.0

Any help would be appreciated.

Kindest regards,

Mark

Question information

Language:
English Edit question
Status:
Answered
For:
MySQL Proxy Edit question
Assignee:
No assignee Edit question
Last query:
2012-04-04
Last reply:
2012-04-11
Mark Smeed (mark-fkzsxrq) said : #1

Hiya,

Would it help if I posted a test case?

Kindest regards,

Mark

Leith (mleith) said : #2

Hi Mark,

We have seen the "error on a connection (fd: -1 event: 0). closing client connection." error before, this is:

http://bugs.mysql.com/bug.php?id=58591

Another test case is always appreciated. We are currently doing some fundamental scaling work in the 0.9 release, and will move on to these use cases once that is completed.

Cheers,

Mark Leith

Mark Smeed (mark-fkzsxrq) said : #3

Dear Mark,

We have managed to trace the issue back to 'plugin_call' on line 610 of network-mysqld.c. The error is triggered when the following conditions are met:

1. When plugin_call is called with ‘con->state’ set to ‘CON_STATE_SEND_AUTH_RESULT’
2. ‘if( !func )’ on line 659 succeeds
3. switch( con->auth_result_state ) on line 660 responds with MYSQLD_PACKET_ERR.

This then sets the ‘con->state’ to ‘CON_STATE_ERROR’ resulting in the error ‘[network-mysqld.c:944]: error on a connection (fd: -1 event: 0). closing client connection.’. This occurs when executing the CON_CHANGE_USER command on a pooled connection.

We have not been able to identify why we are receiving a MYSQLD_PACKET_ERR.

We are having tried various MySQL-Server builds including 5.1.59 and 5.1.51 on Centos 5.7 64Bit. We have one controller and two nodes: a master and slave.

Could you shed some light on why we are receiving this error? Do you know of any work around that might help us get passed this?

We are using the default rw-splitting.lua script and have changed

if not proxy.global.config.rwsplit then
 proxy.global.config.rwsplit = {
  min_idle_connections = 1,
  max_idle_connections = 6,

  is_debug = false
 }
end

which meant when making the 6th connection to MySQL Proxy using the same credentials and a non-persistent connection, MySQL Proxy attempts to use a pooled connection leading to the error as pervious described.

Out of interest is there an ETA on the completion of 0.9.0?

Kindest regards,

Mark Smeed

Launchpad Janitor (janitor) said : #4

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Mark Smeed (mark-fkzsxrq) said : #5

Re-opening the ticket

Launchpad Janitor (janitor) said : #6

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Mark Smeed (mark-fkzsxrq) said : #7

Re-opening the ticket

Mark Smeed (mark-fkzsxrq) said : #8

Hiya,

This ticket has already expired twice and I was wondering if someone would be so kind to reply with a response.

Kind regards,

Mark

Launchpad Janitor (janitor) said : #9

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Mark Smeed (mark-fkzsxrq) said : #10

Hi Jan & Team,

I have noticed a number of changes to the pooling code and change user function. Do you think that the changes will resolve my problem?

Kindest regards,

Mark

Jan Kneschke (jan-kneschke) said : #11

Am 04.04.2012 um 11:40 schrieb Mark Smeed:

> Question #173463 on MySQL Proxy changed:
> https://answers.launchpad.net/mysql-proxy/+question/173463
>
> Status: Expired => Open
>
> Mark Smeed is still having a problem:
> Hi Jan & Team,
>
> I have noticed a number of changes to the pooling code and change user
> function. Do you think that the changes will resolve my problem?

We fixed a bunch of issues, yep.

Please give the 0.8 tree a try and tell us if it handles your issue.

0.8.3 is pretty close to be released. Some extra testing would be nice.

> Kindest regards,

Jan

Can you help with this problem?

Provide an answer of your own, or ask Mark Smeed for more information if necessary.

To post a message you must log in.