Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Question] - use incoming connection credentials for proxy

See original GitHub issue

When using mysql2 as a proxy, is there anyway to use the incoming password credential in the downstream destination connection?

For example, in the below extract we have the incoming connection conn. I would like to use the username and password from that within the remote connection:

server.on('connection', conn => {
  console.log('connection');

  conn.serverHandshake({
    protocolVersion: 10,
    serverVersion: 'node.js rocks',
    connectionId: 1234,
    statusFlags: 2,
    characterSet: 8,
    capabilityFlags: 0xffffff ^ ClientFlags.COMPRESS
  });

  conn.on('field_list', (table, fields) => {
    console.log('field list:', table, fields);
    conn.writeEof();
  });

  const remote = mysql.createConnection({
    user: 'root',
    database: 'dbname',
    host: 'server.example.com',
    password: 'secret'
  });
...

I see that within the conn.serverHandshake I can use authCallback which does give me the user as well as a few other properties like authToken:

{
  user: 'my_user',
  database: 'my_database',
  address: '::ffff:127.0.0.1',
  authPluginData1: <Buffer 94 2b 93 30 a2 88 08 4c>,
  authPluginData2: <Buffer 3e 77 00 c5 00 1a f2 86 96 ad 21 30>,
  authToken: <Buffer 50 3c 77 a6 2c cf e4 15 e5 7a 7f 41 9f 0e 53 de a7 21 6d bf>
}

Can the password be extracted in any way to use as part of the downstream destination connection?

Appreciate any guidance.

Issue Analytics

  • State:open
  • Created 3 years ago
  • Comments:15 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
sidorarescommented, Jun 4, 2020

yes, if you want to validate incoming connections before you allow them to connect to the server you’ll need to access sha1(password) from the proxy ( or you can delegate validation to real server if it’s 1:1 auth mapping between proxy and server )

0reactions
haganbtcommented, Jun 15, 2020

Thanks @sidorares. Here is an example; we would like to pass through the auth from the client, through the proxy to the destination DB.

server.on('connection', async conn => {
  let remoteConn = null

  conn.serverHandshake({
    protocolVersion: 10,
    serverVersion: '5.7',
    connectionId: connectionId++,
    statusFlags: 2,
    characterSet: 8,
    capabilityFlags: 0xffffff ^ ClientFlags.COMPRESS,
    authCallback: async ({
      user,
      database,
      authToken,
      authPluginData1,
      authPluginData2,
    }) => {
      try {
        remoteConn = mysql.createConnection({
          database,
          host: 'arbitrary-host',
          port: 3306,
          user,
          password: '<USE PASSWORD FROM INCOMING CONNECTION>',
        })

        conn.writeOk()
      } catch (e) {
        conn.writeError(e)
      }
    },
  })

  conn.on('query', async sql => {
    remoteConn.query(sql, (e, results, fields) => {
      if (e) {
        conn.writeError(e)
      } else {
        conn.writeTextResult(results, fields)
      }
    })
  })
})

We do not need to do any validation or accessing of the password at the proxy, we simply wish to send it on to the destination database.

We would be very grateful if you can advise on a solution.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Adding credentials to Windows Proxy Settings
In Windows 10 menu, go to Settings (WinKey+I) and search for "Credential Manager". Under Windows Credentials, add a new entry for Windows  ......
Read more >
Connect over company proxy with user name - Stack Overflow
I can clearly see that webProxy object contains credentials set by me, the same credentials that are working with cUrl.
Read more >
Web proxy support, proxy authentication, and troubleshooting
The web proxy server may respond to a request with an HTTP 407 status code, which indicates to the software (typically a web...
Read more >
Proxy Users!!!!!!!!!!!! - Ask TOM
a proxy user is a user that is allowed to "connect on behalf of another user" say you have a middle tier application....
Read more >
Windows Security popup window pops up each time any ...
The problem was solved when I changed it to - Use This IP Address (i.e. ... LAN connection, i can access web pages...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

node-mysql2 is running slower than node-mysql, config issue?

Next page

Fatal `Packets out of order` exception using `mysql` lib connecting to `mysql2` proxy