Merge pull request #417 from ijcd/mysql_option_secure_auth

Add secure_auth mysql_option()

Author: sodabrew

README.md

@@ -108,8 +108,10 @@ Mysql2::Client.new(
   :connect_timeout = seconds,
   :reconnect = true/false,
   :local_infile = true/false,
+  :secure_auth = true/false
   )
 ```
+### Multiple result sets
 
 You can also retrieve multiple result sets. For this to work you need to connect with
 flags `Mysql2::Client::MULTI_STATEMENTS`. Using multiple result sets is normally used
@@ -127,6 +129,22 @@ end
 
 See https://gist.github.com/1367987 for using MULTI_STATEMENTS with Active Record.
 
+### Secure auth
+
+Starting wih MySQL 5.6.5, secure_auth is enabled by default on servers (it was disabled by default prior to this). This option causes the server to block connections by clients that attempt to use accounts that have passwords stored in the old (pre-4.1) format. It also causes clients to refuse to attempt a connection using the older password format. To bypass this restriction in the client, pass the option :secure_auth => false to Mysql2::Client.new(). If you using ActiveRecord, your database.yml might look something like this:
+
+```
+development:
+  adapter: mysql2
+  encoding: utf8
+  database: my_db_name
+  username: root
+  password: my_password
+  host: 127.0.0.1
+  port: 3306
+  secure_auth: false
+````
+
 ## Cascading config
 
 The default config hash is at:

ext/mysql2/client.c

@@ -716,6 +716,11 @@ static VALUE _mysql_client_options(VALUE self, int opt, VALUE value) {
       retval = &boolval;
       break;
 
+    case MYSQL_SECURE_AUTH:
+      boolval = (value == Qfalse ? 0 : 1);
+      retval = &boolval;
+      break;
+
     default:
       return Qfalse;
   }
@@ -1085,6 +1090,10 @@ static VALUE set_ssl_options(VALUE self, VALUE key, VALUE cert, VALUE ca, VALUE
   return self;
 }
 
+static VALUE set_secure_auth(VALUE self, VALUE value) {
+  return _mysql_client_options(self, MYSQL_SECURE_AUTH, value);
+}
+
 static VALUE initialize_ext(VALUE self) {
   GET_CLIENT(self);
 
@@ -1153,6 +1162,7 @@ void init_mysql2_client() {
   rb_define_private_method(cMysql2Client, "write_timeout=", set_write_timeout, 1);
   rb_define_private_method(cMysql2Client, "local_infile=", set_local_infile, 1);
   rb_define_private_method(cMysql2Client, "charset_name=", set_charset_name, 1);
+  rb_define_private_method(cMysql2Client, "secure_auth=", set_secure_auth, 1);
   rb_define_private_method(cMysql2Client, "ssl_set", set_ssl_options, 5);
   rb_define_private_method(cMysql2Client, "initialize_ext", initialize_ext, 0);
   rb_define_private_method(cMysql2Client, "connect", rb_connect, 7);

lib/mysql2/client.rb

@@ -22,10 +22,10 @@ def initialize(opts = {})
       initialize_ext
 
       # Set MySQL connection options (each one is a call to mysql_options())
-      [:reconnect, :connect_timeout, :local_infile, :read_timeout, :write_timeout].each do |key|
+      [:reconnect, :connect_timeout, :local_infile, :read_timeout, :write_timeout, :secure_auth].each do |key|
         next unless opts.key?(key)
         case key
-        when :reconnect, :local_infile
+        when :reconnect, :local_infile, :secure_auth
           send(:"#{key}=", !!opts[key])
         when :connect_timeout, :read_timeout, :write_timeout
           send(:"#{key}=", opts[key].to_i)