rajvarun77 opened a new pull request, #3310: URL: https://github.com/apache/brpc/pull/3310
**Draft / WIP — not for review yet. Posted now so the staged plan announced on [email protected] and at [#2093 (comment)](https://github.com/apache/brpc/pull/2093#issuecomment-4536371681) has a concrete first commit to point at.** ## What Adds `src/brpc/policy/mysql_auth_hash.{h,cpp}` implementing the **mysql_native_password** (a.k.a. `mysql41`) authentication scramble: ``` scramble = SHA1(password) XOR SHA1( salt || SHA1( SHA1(password) ) ) ``` Plus `test/brpc_mysql_auth_hash_unittest.cpp` with two known-answer vectors, an empty-password check, a bad-salt-length check, a determinism check, and a salt-diversity check. ## Why this exists as a standalone commit The original MySQL PR #2093 by @yanglimingcn bundled an `mysql_auth_hash.cpp` lifted directly from MySQL Connector/C++ — which is **GPLv2** (with the FOSS exception). @wwbmmm flagged this as unmergeable at [#2093 (discussion)](https://github.com/apache/brpc/pull/2093#discussion_r1083736392). Replacing that file with a clean-room implementation is on the critical path for any MySQL work landing in brpc, so it's the first stage of the takeover plan. This file is implemented from MySQL's [public protocol documentation](https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_connection_phase_authentication_methods_native_password_authentication.html) only — no GPL source consulted. It uses `butil::SHA1HashBytes` (BSD-licensed Chromium SHA-1 already in `butil/`), so it adds **zero new third-party dependencies**. ## Where this fits in the larger plan The full staged delivery announced on dev@: | Stage | Scope | This PR | |---|---|---| | **1a** | Clean-room `mysql_auth_hash` (this PR) | **You are here.** Leaf utility, no callers yet. | | 1b | Text protocol (`COM_QUERY`, result-set parsing, authenticator wiring, `MysqlChannel` etc.) | Follows; will use this commit | | 2 | Transactions (`MysqlTransaction`) | | | 3 | Prepared statements + `Socket::_fd_version` ABA mapping | | | 4 | `caching_sha2_password` + TLS *(beyond #2093 scope)* | | This is intentionally a small leaf utility — it does not yet wire into `MysqlAuthenticator`. That wiring lands in Stage 1b. Opening as **Draft** because the function has no production caller in this PR; it ships only with the unit test exercising it. Maintainers may prefer to wait until 1b before reviewing, which is fine. ## Refs - Takeover comment: https://github.com/apache/brpc/pull/2093#issuecomment-4536371681 - Issue: #209 - Original PR being staged: #2093 - GPL blocker comment from @wwbmmm: https://github.com/apache/brpc/pull/2093#discussion_r1083736392 CC: @wwbmmm @yanglimingcn @chenBright ## Test plan - [x] Unit tests added (`brpc_mysql_auth_hash_unittest.cpp`) — 6 cases, includes two SHA-1-derived known answer vectors - [ ] GitHub Actions CI passes (pending after push) - [ ] Integration with real MySQL server — deferred to Stage 1b once authenticator is wired -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
