support OPT_GET_SERVER_PUBLIC_KEY

Author: tmtm

lib/mysql.rb

@@ -97,6 +97,7 @@ def initialize
     @result_exist = false
     @local_infile = nil
     @ssl_mode = SSL_MODE_PREFERRED
+    @get_server_public_key = false
   end
 
   # Connect to mysqld.
@@ -113,7 +114,7 @@ def connect(host=nil, user=nil, passwd=nil, db=nil, port=nil, socket=nil, flag=0
       warn 'unsupported flag: CLIENT_COMPRESS' if $VERBOSE
       flag &= ~CLIENT_COMPRESS
     end
-    @protocol = Protocol.new host, port, socket, @connect_timeout, @read_timeout, @write_timeout, @local_infile, @ssl_mode
+    @protocol = Protocol.new host, port, socket, @connect_timeout, @read_timeout, @write_timeout, @local_infile, @ssl_mode, @get_server_public_key
     @protocol.authenticate user, passwd, db, flag, @charset
     @charset ||= @protocol.charset
     @host_info = (host.nil? || host == "localhost") ? 'Localhost via UNIX socket' : "#{host} via TCP/IP"
@@ -145,7 +146,8 @@ def close!
   # Set option for connection.
   #
   # Available options:
-  #   Mysql::INIT_COMMAND, Mysql::OPT_CONNECT_TIMEOUT, Mysql::OPT_READ_TIMEOUT,
+  #   Mysql::INIT_COMMAND, Mysql::OPT_CONNECT_TIMEOUT, Mysql::OPT_GET_SERVER_PUBLIC_KEY,
+  #   Mysql::OPT_LOAD_DATA_LOCAL_DIR, Mysql::OPT_LOCAL_INFILE, Mysql::OPT_READ_TIMEOUT,
   #   Mysql::OPT_SSL_MODE, Mysql::OPT_WRITE_TIMEOUT, Mysql::SET_CHARSET_NAME
   # @param [Integer] opt option
   # @param [Integer] value option value that is depend on opt
@@ -165,7 +167,8 @@ def options(opt, value=nil)
 #    when Mysql::OPT_CONNECT_ATTR_RESET
     when Mysql::OPT_CONNECT_TIMEOUT
       @connect_timeout = value
-#    when Mysql::OPT_GET_SERVER_PUBLIC_KEY
+    when Mysql::OPT_GET_SERVER_PUBLIC_KEY
+      @get_server_public_key = value
     when Mysql::OPT_LOAD_DATA_LOCAL_DIR
       @local_infile = value
     when Mysql::OPT_LOCAL_INFILE

lib/mysql/authenticator/caching_sha2_password.rb

@@ -26,10 +26,19 @@ def authenticate(passwd, scramble)
           when "\x03"  # fast_auth_success
             # OK
           when "\x04"  # perform_full_authentication
-            if @protocol.client_flags & CLIENT_SSL == 0
+            if @protocol.client_flags & CLIENT_SSL != 0
+              @protocol.write passwd+"\0"
+            elsif !@protocol.get_server_public_key
               raise 'Authentication requires secure connection'
+            else
+              @protocol.write "\2"  # request public key
+              pkt = @protocol.read
+              pkt.utiny # skip
+              pubkey = pkt.to_s
+              hash = (passwd+"\0").unpack("C*").zip(scramble.unpack("C*")).map{|a, b| a ^ b}.pack("C*")
+              enc = OpenSSL::PKey::RSA.new(pubkey).public_encrypt(hash, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
+              @protocol.write enc
             end
-            @protocol.write passwd+"\0"
           else
             raise "invalid auth reply packet: #{data.inspect}"
           end

lib/mysql/protocol.rb

@@ -120,6 +120,7 @@ def self.value2net(v)
     attr_reader :server_status
     attr_reader :warning_count
     attr_reader :message
+    attr_reader :get_server_public_key
     attr_accessor :charset
 
     # @state variable keep state for connection.
@@ -138,9 +139,10 @@ def self.value2net(v)
     # write_timeout :: [Integer] write timeout (sec).
     # local_infile :: [String] local infile path
     # ssl_mode :: [Integer]
+    # get_server_public_key :: [Boolean]
     # === Exception
     # [ClientError] :: connection timeout
-    def initialize(host, port, socket, conn_timeout, read_timeout, write_timeout, local_infile, ssl_mode)
+    def initialize(host, port, socket, conn_timeout, read_timeout, write_timeout, local_infile, ssl_mode, get_server_public_key)
       @insert_id = 0
       @warning_count = 0
       @gc_stmt_queue = []   # stmt id list which GC destroy.
@@ -149,6 +151,7 @@ def initialize(host, port, socket, conn_timeout, read_timeout, write_timeout, lo
       @write_timeout = write_timeout
       @local_infile = local_infile
       @ssl_mode = ssl_mode
+      @get_server_public_key = get_server_public_key
       begin
         Timeout.timeout conn_timeout do
           if host.nil? or host.empty? or host == "localhost"