Commit d6af9bef authored by Horst.Hunger's avatar Horst.Hunger

due to merge

parent 7af50942
--disable_query_log
--require r/true.require
select (PLUGIN_LIBRARY LIKE 'qa_auth_interface%') as `TRUE` FROM INFORMATION_SCHEMA.PLUGINS
WHERE PLUGIN_NAME='qa_auth_interface';
--enable_query_log
--disable_query_log
--require r/true.require
select (PLUGIN_LIBRARY LIKE 'qa_auth_server%') as `TRUE` FROM INFORMATION_SCHEMA.PLUGINS
WHERE PLUGIN_NAME='qa_auth_server';
--enable_query_log
...@@ -131,6 +131,9 @@ my $opt_start_dirty; ...@@ -131,6 +131,9 @@ my $opt_start_dirty;
my $opt_start_exit; my $opt_start_exit;
my $start_only; my $start_only;
my $auth_interface_fn; # the name of qa_auth_interface plugin
my $auth_server_fn; # the name of qa_auth_server plugin
my $auth_client_fn; # the name of qa_auth_client plugin
my $auth_filename; # the name of the authentication test plugin my $auth_filename; # the name of the authentication test plugin
my $auth_plugin; # the path to the authentication test plugin my $auth_plugin; # the path to the authentication test plugin
...@@ -1062,14 +1065,20 @@ sub command_line_setup { ...@@ -1062,14 +1065,20 @@ sub command_line_setup {
"$basedir/sql/share/charsets", "$basedir/sql/share/charsets",
"$basedir/share/charsets"); "$basedir/share/charsets");
# Look for client test plugin # Look for auth test plugins
if (IS_WINDOWS) if (IS_WINDOWS)
{ {
$auth_filename = "auth_test_plugin.dll"; $auth_filename = "auth_test_plugin.dll";
$auth_interface_fn = "qa_auth_interface.dll";
$auth_server_fn = "qa_auth_server.dll";
$auth_client_fn = "qa_auth_client.dll";
} }
else else
{ {
$auth_filename = "auth_test_plugin.so"; $auth_filename = "auth_test_plugin.so";
$auth_interface_fn = "qa_auth_interface.so";
$auth_server_fn = "qa_auth_server.so";
$auth_client_fn = "qa_auth_client.so";
} }
$auth_plugin= $auth_plugin=
mtr_file_exists(vs_config_dirs('plugin/auth/',$auth_filename), mtr_file_exists(vs_config_dirs('plugin/auth/',$auth_filename),
...@@ -1973,12 +1982,18 @@ sub environment_setup { ...@@ -1973,12 +1982,18 @@ sub environment_setup {
$ENV{'PLUGIN_AUTH_OPT'}= "--plugin-dir=".dirname($auth_plugin); $ENV{'PLUGIN_AUTH_OPT'}= "--plugin-dir=".dirname($auth_plugin);
$ENV{'PLUGIN_AUTH_LOAD'}="--plugin_load=test_plugin_server=".$auth_filename; $ENV{'PLUGIN_AUTH_LOAD'}="--plugin_load=test_plugin_server=".$auth_filename;
$ENV{'PLUGIN_AUTH_INTERFACE'}="--plugin_load=qa_auth_interface=".$auth_interface_fn;
$ENV{'PLUGIN_AUTH_SERVER'}="--plugin_load=qa_auth_server=".$auth_server_fn;
$ENV{'PLUGIN_AUTH_CLIENT'}="--plugin_load=qa_auth_client=".$auth_client_fn;
} }
else else
{ {
$ENV{'PLUGIN_AUTH'}= ""; $ENV{'PLUGIN_AUTH'}= "";
$ENV{'PLUGIN_AUTH_OPT'}="--plugin-dir="; $ENV{'PLUGIN_AUTH_OPT'}="--plugin-dir=";
$ENV{'PLUGIN_AUTH_LOAD'}=""; $ENV{'PLUGIN_AUTH_LOAD'}="";
$ENV{'PLUGIN_AUTH_INTERFACE'}="";
$ENV{'PLUGIN_AUTH_SERVER'}="";
$ENV{'PLUGIN_AUTH_CLIENT'}="";
} }
......
CREATE DATABASE test_user_db;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
========== test 1.1 ======================================================
CREATE USER plug IDENTIFIED WITH test_plugin_server;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server
DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server
REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug;
DROP USER plug;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server
DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server
REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug;
DROP USER plug;
CREATE USER plug IDENTIFIED WITH test_plugin_server AS '';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server
DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS '';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server
REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug;
DROP USER plug;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS ;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
CREATE USER plug IDENTIFIED WITH test_plugin_server AS plug_dest;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'plug_dest' at line 1
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS plug_dest;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'plug_dest' at line 1
========== test 1.1 syntax errors ========================================
CREATE USER plug IDENTIFIED WITH AS plug_dest;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS plug_dest' at line 1
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH AS plug_dest;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS plug_dest' at line 1
CREATE USER plug IDENTIFIED WITH;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
CREATE USER plug IDENTIFIED AS '';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS ''' at line 1
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED AS '';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS ''' at line 1
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' IDENTIFIED WITH 'test_plugin_server';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH 'test_plugin_server'' at line 1
GRANT ALL PRIVILEGES ON test_user_db.* TO plug
IDENTIFIED WITH 'test_plugin_server' IDENTIFIED WITH 'test_plugin_server';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH 'test_plugin_server'' at line 2
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS '' AS 'plug_dest';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS 'plug_dest'' at line 1
GRANT ALL PRIVILEGES ON test_user_db.* TO plug AS '' AS 'plug_dest';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS '' AS 'plug_dest'' at line 1
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS ''
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH test_plugin_server AS 'plug_dest'' at line 2
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS ''
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH test_plugin_server AS 'plug_dest'' at line 2
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'' at line 2
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED BY 'plug_dest_passwd'
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'' at line 2
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
USER plug_dest IDENTIFIED by 'plug_dest_pwd';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USER plug_dest IDENTIFIED by 'plug_dest_pwd'' at line 2
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
USER plug_dest IDENTIFIED by 'plug_dest_pwd';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USER plug_dest IDENTIFIED by 'plug_dest_pwd'' at line 2
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
plug_dest IDENTIFIED by 'plug_dest_pwd';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'plug_dest IDENTIFIED by 'plug_dest_pwd'' at line 2
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
plug_dest IDENTIFIED by 'plug_dest_pwd';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'plug_dest IDENTIFIED by 'plug_dest_pwd'' at line 2
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
IDENTIFIED by 'plug_dest_pwd';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED by 'plug_dest_pwd'' at line 2
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
IDENTIFIED by 'plug_dest_pwd';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED by 'plug_dest_pwd'' at line 2
========== test 1.1 combinations ==========================
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
========== test 1.1.1.6/1.1.2.5 ============================
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
plug_dest
DROP USER plug, plug_dest;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
DROP USER plug;
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
DROP USER plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
plug_dest
DROP USER plug, plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
DROP USER plug;
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
DROP USER plug_dest;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
plug_dest
DROP USER plug, plug_dest;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
DROP USER plug_dest;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
ERROR HY000: GRANT with IDENTIFIED WITH is illegal because the user plug already exists
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server';
ERROR HY000: GRANT with IDENTIFIED WITH is illegal because the user plug already exists
DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
ERROR HY000: Operation CREATE USER failed for 'plug'@'%'
CREATE USER plug IDENTIFIED WITH 'test_plugin_server';
ERROR HY000: Operation CREATE USER failed for 'plug'@'%'
DROP USER plug;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
plug test_plugin_server plug_dest
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
plug test_plugin_server plug_dest *939AEE68989794C0F408277411C26055CDF41119
DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug IDENTIFIED BY 'plug_dest_passwd';
ERROR HY000: Operation CREATE USER failed for 'plug'@'%'
DROP USER plug;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
plug test_plugin_server plug_dest
plug_dest test_plugin_server plug_dest
DROP USER plug,plug_dest;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
plug test_plugin_server plug_dest
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
plug test_plugin_server plug_dest
plug_dest test_plugin_server plug_dest
DROP USER plug,plug_dest;
========== test 1.1.1.1/1.1.2.1/1.1.1.5 ====================
SET NAMES utf8;
CREATE USER plüg IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plüg test_plugin_server plüg_dest
DROP USER plüg;
CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plüg_dest
DROP USER plüg_dest;
SET NAMES ascii;
CREATE USER 'plüg' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
pl??g test_plugin_server pl??g_dest
DROP USER 'plüg';
CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
pl??g_dest
DROP USER 'plüg_dest';
SET NAMES latin1;
========== test 1.1.1.5 ====================================
CREATE USER 'plüg' IDENTIFIED WITH 'test_plügin_server' AS 'plüg_dest';
ERROR HY000: Plugin 'test_plügin_server' is not loaded
CREATE USER 'plug' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plüg_dest
DROP USER 'plug';
CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plüg_dest
DROP USER 'plüg_dest';
SET NAMES utf8;
CREATE USER plüg IDENTIFIED WITH 'test_plügin_server' AS 'plüg_dest';
ERROR HY000: Plugin 'test_plügin_server' is not loaded
CREATE USER 'plüg' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plüg test_plugin_server plüg_dest
DROP USER 'plüg';
CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plüg_dest
DROP USER 'plüg_dest';
CREATE USER plüg IDENTIFIED WITH test_plugin_server AS 'plüg_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plüg test_plugin_server plüg_dest
DROP USER plüg;
CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plüg_dest
DROP USER plüg_dest;
========== test 1.1.1.2/1.1.2.2=============================
SET @auth_name= 'test_plugin_server';
CREATE USER plug IDENTIFIED WITH @auth_name AS 'plug_dest';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@auth_name AS 'plug_dest'' at line 1
SET @auth_string= 'plug_dest';
CREATE USER plug IDENTIFIED WITH test_plugin_server AS @auth_string;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@auth_string' at line 1
========== test 1.1.1.3/1.1.2.3=============================
CREATE USER plug IDENTIFIED WITH 'hh''s_test_plugin_server' AS 'plug_dest';
ERROR HY000: Plugin 'hh's_test_plugin_server' is not loaded
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'hh''s_plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server hh's_plug_dest
DROP USER plug;
CREATE USER 'hh''s_plug_dest' IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
hh's_plug_dest
DROP USER 'hh''s_plug_dest';
========== test 1.1.1.4 ====================================
CREATE USER plug IDENTIFIED WITH hh''s_test_plugin_server AS 'plug_dest';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''s_test_plugin_server AS 'plug_dest'' at line 1
========== test 1.1.3.1 ====================================
GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
grant_user test_plugin_server plug_dest
CREATE USER plug_dest;
DROP USER plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
grant_user test_plugin_server plug_dest
plug_dest
DROP USER grant_user,plug_dest;
set @save_sql_mode= @@sql_mode;
SET @@sql_mode=no_auto_create_user;
GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
grant_user test_plugin_server plug_dest
CREATE USER plug_dest;
DROP USER plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest;
ERROR 42000: Can't find any matching row in the user table
DROP USER grant_user;
GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
grant_user test_plugin_server plug_dest
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
grant_user test_plugin_server plug_dest
plug_dest *939AEE68989794C0F408277411C26055CDF41119
DROP USER plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_user_passwd';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
grant_user test_plugin_server plug_dest
plug_dest *560881EB651416CEF77314D07D55EDCD5FC1BD6D
DROP USER grant_user,plug_dest;
set @@sql_mode= @save_sql_mode;
DROP DATABASE test_user_db;
CREATE DATABASE test_user_db;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
========== test 1.1.3.2 ====================================
CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
current_user()
plug_dest@%
user()
plug_user@localhost
Tables_in_test_user_db
t1
REVOKE PROXY ON plug_dest FROM plug_user;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
DROP USER plug_user,plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
plug_user test_plugin_server plug_dest
1)
current_user()
plug_dest@%
user()
plug_user@localhost
Tables_in_test_user_db
t1
REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user'
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
2)
current_user()
plug_dest@%
user()
plug_user@localhost
Tables_in_test_user_db
t1
REVOKE PROXY ON plug_dest FROM plug_user;
3)
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
DROP USER plug_user,plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
1)
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
GRANT PROXY ON plug_dest TO plug_user;
2)
current_user()
plug_dest@%
user()
plug_user@localhost
Tables_in_test_user_db
t1
REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user'
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
DROP USER plug_user,plug_dest;
========== test 1.2 ========================================
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
current_user()
plug_dest@%
user()
plug_user@localhost
RENAME USER plug_dest TO new_dest;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
GRANT PROXY ON new_dest TO plug_user;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_dest
plug_user test_plugin_server plug_dest
DROP USER plug_user,new_dest;
CREATE USER plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
GRANT PROXY ON plug_dest TO plug_user;
current_user()
plug_dest@%
user()
plug_user@localhost
RENAME USER plug_dest TO new_dest;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
GRANT PROXY ON new_dest TO plug_user;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_dest
plug_user test_plugin_server plug_dest
DROP USER plug_user,new_dest;
CREATE USER plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
connect(plug_user,localhost,plug_user,plug_dest);
select USER(),CURRENT_USER();
USER() CURRENT_USER()
plug_user@localhost plug_dest@%
connection default;
disconnect plug_user;
RENAME USER plug_user TO new_user;
connect(plug_user,localhost,new_user,plug_dest);
select USER(),CURRENT_USER();
USER() CURRENT_USER()
new_user@localhost plug_dest@%
connection default;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_user test_plugin_server plug_dest
plug_dest
disconnect plug_user;
UPDATE mysql.user SET user='plug_user' WHERE user='new_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
plug_user test_plugin_server plug_dest
DROP USER plug_dest,plug_user;
========== test 1.3 ========================================
CREATE USER plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
connect(plug_user,localhost,plug_user,plug_dest);
select USER(),CURRENT_USER();
USER() CURRENT_USER()
plug_user@localhost plug_dest@%
connection default;
disconnect plug_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
plug_user test_plugin_server plug_dest
UPDATE mysql.user SET user='new_user' WHERE user='plug_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_user test_plugin_server plug_dest
plug_dest
UPDATE mysql.user SET authentication_string='new_dest' WHERE user='new_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_user test_plugin_server new_dest
plug_dest
UPDATE mysql.user SET plugin='new_plugin_server' WHERE user='new_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_user new_plugin_server new_dest
plug_dest
connect(plug_user,localhost,new_user,new_dest);
ERROR HY000: Plugin 'new_plugin_server' is not loaded
UPDATE mysql.user SET plugin='test_plugin_server' WHERE user='new_user';
UPDATE mysql.user SET USER='new_dest' WHERE user='plug_dest';
FLUSH PRIVILEGES;
GRANT PROXY ON new_dest TO new_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_dest
new_user test_plugin_server new_dest
connect(plug_user,localhost,new_user,new_dest);
select USER(),CURRENT_USER();
USER() CURRENT_USER()
new_user@localhost new_dest@%
connection default;
disconnect plug_user;
UPDATE mysql.user SET USER='plug_dest' WHERE user='new_dest';
FLUSH PRIVILEGES;
CREATE USER new_dest IDENTIFIED BY 'new_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_dest
new_user test_plugin_server new_dest
plug_dest
GRANT ALL PRIVILEGES ON test.* TO new_user;
connect(plug_user,localhost,new_dest,new_dest_passwd);
select USER(),CURRENT_USER();
USER() CURRENT_USER()
new_dest@localhost new_dest@%
connection default;
disconnect plug_user;
DROP USER new_user,new_dest,plug_dest;
========== test 2, 2.1, 2.2 ================================
CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
test_plugin_server proxied_user
proxied_user
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user@localhost proxied_user@%
========== test 2.2.1 ======================================
SELECT @@proxy_user;
@@proxy_user
NULL
connection default;
disconnect proxy_con;
connect(proxy_con,localhost,proxy_user,proxied_user);
ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES)
GRANT PROXY ON proxied_user TO ''@'';
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user@localhost proxied_user@%
connection default;
disconnect proxy_con;
connect(proxy_con,localhost,proxy_user,proxied_user);
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxy_user@localhost proxied_user@%
========== test 2.2.1 ======================================
SELECT @@proxy_user;
@@proxy_user
''@''
connection default;
disconnect proxy_con;
DROP USER ''@'',proxied_user;
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@''
IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
test_plugin_server proxied_user
proxied_user
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user@localhost proxied_user@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection default;
disconnect proxy_con;
connect(proxy_con,localhost,proxy_user,proxied_user);
ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES)
GRANT PROXY ON proxied_user TO ''@'';
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user@localhost proxied_user@%
connection default;
disconnect proxy_con;
connect(proxy_con,localhost,proxy_user,proxied_user);
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxy_user@localhost proxied_user@%
SELECT @@proxy_user;
@@proxy_user
''@''
connection default;
disconnect proxy_con;
DROP USER ''@'',proxied_user;
CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user_1 IDENTIFIED BY 'proxied_user_1_pwd';
CREATE USER proxied_user_2 IDENTIFIED BY 'proxied_user_2_pwd';
CREATE USER proxied_user_3 IDENTIFIED BY 'proxied_user_3_pwd';
CREATE USER proxied_user_4 IDENTIFIED BY 'proxied_user_4_pwd';
CREATE USER proxied_user_5 IDENTIFIED BY 'proxied_user_5_pwd';
GRANT PROXY ON proxied_user_1 TO ''@'';
GRANT PROXY ON proxied_user_2 TO ''@'';
GRANT PROXY ON proxied_user_3 TO ''@'';
GRANT PROXY ON proxied_user_4 TO ''@'';
GRANT PROXY ON proxied_user_5 TO ''@'';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
test_plugin_server proxied_user
proxied_user_1
proxied_user_2
proxied_user_3
proxied_user_4
proxied_user_5
connect(proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd');
connect(proxy_con_2,localhost,proxied_user_2,proxied_user_2_pwd);
connect(proxy_con_3,localhost,proxied_user_3,proxied_user_3_pwd);
connect(proxy_con_4,localhost,proxied_user_4,proxied_user_4_pwd);
connect(proxy_con_5,localhost,proxied_user_5,proxied_user_5_pwd);
connection proxy_con_1;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user_1@localhost proxied_user_1@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection proxy_con_2;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user_2@localhost proxied_user_2@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection proxy_con_3;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user_3@localhost proxied_user_3@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection proxy_con_4;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user_4@localhost proxied_user_4@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection proxy_con_5;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user_5@localhost proxied_user_5@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection default;
disconnect proxy_con_1;
disconnect proxy_con_2;
disconnect proxy_con_3;
disconnect proxy_con_4;
disconnect proxy_con_5;
DROP USER ''@'',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5;
========== test 3 ==========================================
GRANT ALL PRIVILEGES ON *.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
FLUSH PRIVILEGES;
DROP USER plug_user, plug_dest;
DROP DATABASE test_user_db;
CREATE DATABASE test_user_db;
========== test 1.1.3.2 ====================================
=== check contens of components of info ====================
CREATE USER qa_test_1_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_1_dest';
CREATE USER qa_test_1_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_1_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_1_dest TO qa_test_1_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
qa_test_1_dest
qa_test_1_user qa_auth_interface qa_test_1_dest
SELECT @@proxy_user;
@@proxy_user
NULL
SELECT @@external_user;
@@external_user
NULL
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
current_user() user() @@local.proxy_user @@local.external_user
qa_test_1_user@% qa_test_1_user@localhost NULL NULL
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
qa_test_1_dest
qa_test_1_user qa_auth_interface qa_test_1_dest
DROP USER qa_test_1_user;
DROP USER qa_test_1_dest;
=== Assign values to components of info ====================
CREATE USER qa_test_2_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_2_dest';
CREATE USER qa_test_2_dest IDENTIFIED BY 'dest_passwd';
CREATE USER authenticated_as IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_2_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_2_dest TO qa_test_2_user;
GRANT PROXY ON authenticated_as TO qa_test_2_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
authenticated_as
qa_test_2_dest
qa_test_2_user qa_auth_interface qa_test_2_dest
SELECT @@proxy_user;
@@proxy_user
NULL
SELECT @@external_user;
@@external_user
NULL
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
current_user() user() @@local.proxy_user @@local.external_user
authenticated_as@% user_name@localhost 'qa_test_2_user'@'%' 'qa_test_2_user'@'%'
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
authenticated_as
qa_test_2_dest
qa_test_2_user qa_auth_interface qa_test_2_dest
DROP USER qa_test_2_user;
DROP USER qa_test_2_dest;
DROP USER authenticated_as;
=== Assign too high values for *length, which should have no effect ====
CREATE USER qa_test_3_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_3_dest';
CREATE USER qa_test_3_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_3_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_3_dest TO qa_test_3_user;
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
current_user() user() @@local.proxy_user @@local.external_user
qa_test_3_dest@% qa_test_3_user@localhost 'qa_test_3_user'@'%' 'qa_test_3_user'@'%'
DROP USER qa_test_3_user;
DROP USER qa_test_3_dest;
=== Assign too low values for *length, which should have no effect ====
CREATE USER qa_test_4_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_4_dest';
CREATE USER qa_test_4_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_4_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_4_dest TO qa_test_4_user;
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
current_user() user() @@local.proxy_user @@local.external_user
qa_test_4_dest@% qa_test_4_user@localhost 'qa_test_4_user'@'%' 'qa_test_4_user'@'%'
DROP USER qa_test_4_user;
DROP USER qa_test_4_dest;
=== Assign empty string especially to authenticated_as (in plugin) ====
CREATE USER qa_test_5_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_5_dest';
CREATE USER qa_test_5_dest IDENTIFIED BY 'dest_passwd';
CREATE USER ''@'localhost' IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_5_dest identified by 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'localhost' identified by 'dest_passwd';
GRANT PROXY ON qa_test_5_dest TO qa_test_5_user;
GRANT PROXY ON qa_test_5_dest TO ''@'localhost';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
*DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_5_user qa_auth_interface qa_test_5_dest
qa_test_5_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'qa_test_5_user'@'localhost' (using password: YES)
DROP USER qa_test_5_user;
DROP USER qa_test_5_dest;
DROP USER ''@'localhost';
=== Assign 'root' especially to authenticated_as (in plugin) ====
CREATE USER qa_test_6_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
CREATE USER qa_test_6_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_6_dest TO qa_test_6_user;
SELECT user,plugin,authentication_string,password FROM mysql.user;
user plugin authentication_string password
root
root
root
qa_test_6_user qa_auth_interface qa_test_6_dest
qa_test_6_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'qa_test_6_user'@'localhost' (using password: YES)
GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
SELECT user,plugin,authentication_string,password FROM mysql.user;
user plugin authentication_string password
root
root
root
qa_test_6_user qa_auth_interface qa_test_6_dest
qa_test_6_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22
root qa_auth_interface qa_test_6_dest
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
REVOKE PROXY ON qa_test_6_dest FROM root;
SELECT user,plugin,authentication_string FROM mysql.user;
user plugin authentication_string
root
root
root
qa_test_6_user qa_auth_interface qa_test_6_dest
qa_test_6_dest
root qa_auth_interface qa_test_6_dest
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
DROP USER qa_test_6_user;
DROP USER qa_test_6_dest;
DELETE FROM mysql.user WHERE user='root' AND plugin='qa_auth_interface';
SELECT user,plugin,authentication_string,password FROM mysql.user;
user plugin authentication_string password
root
root
root
=== Test of the --default_auth option for clients ====
CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_11_dest';
CREATE USER qa_test_11_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_11_dest TO qa_test_11_user;
exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'qa_test_11_user'@'localhost' (using password: YES)
DROP USER qa_test_11_user, qa_test_11_dest;
DROP DATABASE test_user_db;
CREATE DATABASE test_user_db;
CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_server AS 'qa_test_11_dest';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_11_dest TO qa_test_11_user;
exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
current_user() user() @@local.proxy_user @@local.external_user
qa_test_11_dest@% qa_test_11_user@localhost 'qa_test_11_user'@'%' 'qa_test_11_user'@'%'
exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_2_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'qa_test_2_user'@'localhost' (using password: NO)
DROP USER qa_test_11_user, qa_test_11_dest;
DROP DATABASE test_user_db;
$PLUGIN_AUTH_OPT
$PLUGIN_AUTH_LOAD
# The numbers represent test cases of the test plan.
--source include/have_plugin_auth.inc
--source include/not_embedded.inc
CREATE DATABASE test_user_db;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--echo ========== test 1.1 ======================================================
# without '', without AS part
CREATE USER plug IDENTIFIED WITH test_plugin_server;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug;
DROP USER plug;
# with '', without AS part
CREATE USER plug IDENTIFIED WITH 'test_plugin_server';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug;
DROP USER plug;
# without '', AS part empty
CREATE USER plug IDENTIFIED WITH test_plugin_server AS '';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS '';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug;
DROP USER plug;
# with '', AS part empty without ''
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS ;
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS;
# without '', AS part without ''
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH test_plugin_server AS plug_dest;
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS plug_dest;
--echo ========== test 1.1 syntax errors ========================================
# without auth_name
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH AS plug_dest;
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH AS plug_dest;
# without auth_name and AS part
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH;
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH;
# without auth_name but AS part
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED AS '';
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED AS '';
# with 2 auth_name parts
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' IDENTIFIED WITH 'test_plugin_server';
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug
IDENTIFIED WITH 'test_plugin_server' IDENTIFIED WITH 'test_plugin_server';
# with 2 AS parts
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS '' AS 'plug_dest';
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug AS '' AS 'plug_dest';
# with 2 complete WITH parts
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS ''
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS ''
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
# with BY and WITH part
--error ER_PARSE_ERROR
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED BY 'plug_dest_passwd'
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
# with WITH part and BY part
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
USER plug_dest IDENTIFIED by 'plug_dest_pwd';
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
USER plug_dest IDENTIFIED by 'plug_dest_pwd';
# with WITH part and BY part
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
plug_dest IDENTIFIED by 'plug_dest_pwd';
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
plug_dest IDENTIFIED by 'plug_dest_pwd';
# with WITH part and BY part
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
IDENTIFIED by 'plug_dest_pwd';
--error ER_PARSE_ERROR
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
IDENTIFIED by 'plug_dest_pwd';
--echo ========== test 1.1 combinations ==========================
# CREATE...WITH/CREATE...BY
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--echo ========== test 1.1.1.6/1.1.2.5 ============================
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug, plug_dest;
#
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug;
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug_dest;
# GRANT...WITH/CREATE...BY
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug, plug_dest;
#
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug;
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug_dest;
# CREATE...WITH/GRANT...BY
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug, plug_dest;
#
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug_dest;
#
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--error 1700
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--error 1700
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server';
DROP USER plug;
#
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest';
--error ER_CANNOT_USER
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--error ER_CANNOT_USER
CREATE USER plug IDENTIFIED WITH 'test_plugin_server';
DROP USER plug;
#
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
DROP USER plug;
#
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest';
--error ER_CANNOT_USER
CREATE USER plug IDENTIFIED BY 'plug_dest_passwd';
DROP USER plug;
#
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
DROP USER plug,plug_dest;
#
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
DROP USER plug,plug_dest;
#
--echo ========== test 1.1.1.1/1.1.2.1/1.1.1.5 ====================
SET NAMES utf8;
#
CREATE USER plüg IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plüg;
CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plüg_dest;
SET NAMES ascii;
#
CREATE USER 'plüg' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER 'plüg';
CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER 'plüg_dest';
SET NAMES latin1;
#
--echo ========== test 1.1.1.5 ====================================
--error ER_PLUGIN_IS_NOT_LOADED
CREATE USER 'plüg' IDENTIFIED WITH 'test_plügin_server' AS 'plüg_dest';
CREATE USER 'plug' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER 'plug';
CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER 'plüg_dest';
SET NAMES utf8;
#
--error ER_PLUGIN_IS_NOT_LOADED
CREATE USER plüg IDENTIFIED WITH 'test_plügin_server' AS 'plüg_dest';
CREATE USER 'plüg' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER 'plüg';
CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER 'plüg_dest';
CREATE USER plüg IDENTIFIED WITH test_plugin_server AS 'plüg_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plüg;
CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plüg_dest;
--echo ========== test 1.1.1.2/1.1.2.2=============================
SET @auth_name= 'test_plugin_server';
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH @auth_name AS 'plug_dest';
SET @auth_string= 'plug_dest';
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH test_plugin_server AS @auth_string;
--echo ========== test 1.1.1.3/1.1.2.3=============================
--error ER_PLUGIN_IS_NOT_LOADED
CREATE USER plug IDENTIFIED WITH 'hh''s_test_plugin_server' AS 'plug_dest';
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'hh''s_plug_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug;
CREATE USER 'hh''s_plug_dest' IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER 'hh''s_plug_dest';
--echo ========== test 1.1.1.4 ====================================
--error ER_PARSE_ERROR
CREATE USER plug IDENTIFIED WITH hh''s_test_plugin_server AS 'plug_dest';
--echo ========== test 1.1.3.1 ====================================
GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
CREATE USER plug_dest;
DROP USER plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER grant_user,plug_dest;
#
set @save_sql_mode= @@sql_mode;
SET @@sql_mode=no_auto_create_user;
GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
CREATE USER plug_dest;
DROP USER plug_dest;
--error ER_PASSWORD_NO_MATCH
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest;
DROP USER grant_user;
#
GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
DROP USER plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_user_passwd';
--sorted_result
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
DROP USER grant_user,plug_dest;
set @@sql_mode= @save_sql_mode;
#
DROP DATABASE test_user_db;
--exit
$PLUGIN_AUTH_OPT
$PLUGIN_AUTH_LOAD
# The numbers represent test cases of the test plan.
--source include/have_plugin_auth.inc
--source include/not_embedded.inc
CREATE DATABASE test_user_db;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--echo ========== test 1.1.3.2 ====================================
# CREATE...WITH/CREATE...BY/GRANT
CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
REVOKE PROXY ON plug_dest FROM plug_user;
--error 1
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
DROP USER plug_user,plug_dest;
#
# GRANT...WITH
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--echo 1)
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user'
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
--echo 2)
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
REVOKE PROXY ON plug_dest FROM plug_user;
--echo 3)
--error 1
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
DROP USER plug_user,plug_dest;
#
# GRANT...WITH/CREATE...BY
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
--echo 1)
--error 1
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
GRANT PROXY ON plug_dest TO plug_user;
--echo 2)
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user'
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
#REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_dest'
# IDENTIFIED BY 'plug_dest_passwd';
DROP USER plug_user,plug_dest;
--echo ========== test 1.2 ========================================
# GRANT...WITH/CREATE...BY
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1
RENAME USER plug_dest TO new_dest;
--error 1
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1
GRANT PROXY ON new_dest TO plug_user;
--error 1
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug_user,new_dest;
# CREATE...WITH/CREATE...BY
CREATE USER plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
--error 1
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1
GRANT PROXY ON plug_dest TO plug_user;
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1
RENAME USER plug_dest TO new_dest;
--error 1
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1
GRANT PROXY ON new_dest TO plug_user;
--error 1
--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug_user,new_dest;
# CREATE...WITH
CREATE USER plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
--echo connect(plug_user,localhost,plug_user,plug_dest);
connect(plug_user,localhost,plug_user,plug_dest);
select USER(),CURRENT_USER();
--echo connection default;
connection default;
--echo disconnect plug_user;
disconnect plug_user;
RENAME USER plug_user TO new_user;
--echo connect(plug_user,localhost,new_user,plug_dest);
connect(plug_user,localhost,new_user,plug_dest);
select USER(),CURRENT_USER();
--echo connection default;
connection default;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--echo disconnect plug_user;
disconnect plug_user;
UPDATE mysql.user SET user='plug_user' WHERE user='new_user';
FLUSH PRIVILEGES;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug_dest,plug_user;
--echo ========== test 1.3 ========================================
#
CREATE USER plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
--echo connect(plug_user,localhost,plug_user,plug_dest);
connect(plug_user,localhost,plug_user,plug_dest);
select USER(),CURRENT_USER();
--echo connection default;
connection default;
--echo disconnect plug_user;
disconnect plug_user;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
UPDATE mysql.user SET user='new_user' WHERE user='plug_user';
FLUSH PRIVILEGES;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
UPDATE mysql.user SET authentication_string='new_dest' WHERE user='new_user';
FLUSH PRIVILEGES;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
UPDATE mysql.user SET plugin='new_plugin_server' WHERE user='new_user';
FLUSH PRIVILEGES;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--echo connect(plug_user,localhost,new_user,new_dest);
--disable_query_log
--error ER_PLUGIN_IS_NOT_LOADED
connect(plug_user,localhost,new_user,new_dest);
--enable_query_log
UPDATE mysql.user SET plugin='test_plugin_server' WHERE user='new_user';
UPDATE mysql.user SET USER='new_dest' WHERE user='plug_dest';
FLUSH PRIVILEGES;
GRANT PROXY ON new_dest TO new_user;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--echo connect(plug_user,localhost,new_user,new_dest);
connect(plug_user,localhost,new_user,new_dest);
select USER(),CURRENT_USER();
--echo connection default;
connection default;
--echo disconnect plug_user;
disconnect plug_user;
UPDATE mysql.user SET USER='plug_dest' WHERE user='new_dest';
FLUSH PRIVILEGES;
CREATE USER new_dest IDENTIFIED BY 'new_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
GRANT ALL PRIVILEGES ON test.* TO new_user;
--echo connect(plug_user,localhost,new_dest,new_dest_passwd);
connect(plug_user,localhost,new_dest,new_dest_passwd);
select USER(),CURRENT_USER();
--echo connection default;
connection default;
--echo disconnect plug_user;
disconnect plug_user;
DROP USER new_user,new_dest,plug_dest;
--echo ========== test 2, 2.1, 2.2 ================================
CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
--echo ========== test 2.2.1 ======================================
SELECT @@proxy_user;
--echo connection default;
connection default;
--echo disconnect proxy_con;
disconnect proxy_con;
--echo connect(proxy_con,localhost,proxy_user,proxied_user);
--disable_query_log
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(proxy_con,localhost,proxy_user,proxied_user);
--enable_query_log
GRANT PROXY ON proxied_user TO ''@'';
--echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
--echo connection default;
connection default;
--echo disconnect proxy_con;
disconnect proxy_con;
--echo connect(proxy_con,localhost,proxy_user,proxied_user);
connect(proxy_con,localhost,proxy_user,proxied_user);
SELECT USER(),CURRENT_USER();
--echo ========== test 2.2.1 ======================================
SELECT @@proxy_user;
--echo connection default;
connection default;
--echo disconnect proxy_con;
disconnect proxy_con;
DROP USER ''@'',proxied_user;
#
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@''
IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
--echo connection default;
connection default;
--echo disconnect proxy_con;
disconnect proxy_con;
--echo connect(proxy_con,localhost,proxy_user,proxied_user);
--disable_query_log
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(proxy_con,localhost,proxy_user,proxied_user);
--enable_query_log
GRANT PROXY ON proxied_user TO ''@'';
--echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
connect(proxy_con,localhost,proxied_user,proxied_user_passwd);
SELECT USER(),CURRENT_USER();
--echo connection default;
connection default;
--echo disconnect proxy_con;
disconnect proxy_con;
--echo connect(proxy_con,localhost,proxy_user,proxied_user);
connect(proxy_con,localhost,proxy_user,proxied_user);
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
--echo connection default;
connection default;
--echo disconnect proxy_con;
disconnect proxy_con;
DROP USER ''@'',proxied_user;
#
CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user_1 IDENTIFIED BY 'proxied_user_1_pwd';
CREATE USER proxied_user_2 IDENTIFIED BY 'proxied_user_2_pwd';
CREATE USER proxied_user_3 IDENTIFIED BY 'proxied_user_3_pwd';
CREATE USER proxied_user_4 IDENTIFIED BY 'proxied_user_4_pwd';
CREATE USER proxied_user_5 IDENTIFIED BY 'proxied_user_5_pwd';
GRANT PROXY ON proxied_user_1 TO ''@'';
GRANT PROXY ON proxied_user_2 TO ''@'';
GRANT PROXY ON proxied_user_3 TO ''@'';
GRANT PROXY ON proxied_user_4 TO ''@'';
GRANT PROXY ON proxied_user_5 TO ''@'';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--echo connect(proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd');
connect(proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd');
--echo connect(proxy_con_2,localhost,proxied_user_2,proxied_user_2_pwd);
connect(proxy_con_2,localhost,proxied_user_2,proxied_user_2_pwd);
--echo connect(proxy_con_3,localhost,proxied_user_3,proxied_user_3_pwd);
connect(proxy_con_3,localhost,proxied_user_3,proxied_user_3_pwd);
--echo connect(proxy_con_4,localhost,proxied_user_4,proxied_user_4_pwd);
connect(proxy_con_4,localhost,proxied_user_4,proxied_user_4_pwd);
--echo connect(proxy_con_5,localhost,proxied_user_5,proxied_user_5_pwd);
connect(proxy_con_5,localhost,proxied_user_5,proxied_user_5_pwd);
--echo connection proxy_con_1;
connection proxy_con_1;
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
--echo connection proxy_con_2;
connection proxy_con_2;
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
--echo connection proxy_con_3;
connection proxy_con_3;
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
--echo connection proxy_con_4;
connection proxy_con_4;
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
--echo connection proxy_con_5;
connection proxy_con_5;
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
--echo connection default;
connection default;
--echo disconnect proxy_con_1;
disconnect proxy_con_1;
--echo disconnect proxy_con_2;
disconnect proxy_con_2;
--echo disconnect proxy_con_3;
disconnect proxy_con_3;
--echo disconnect proxy_con_4;
disconnect proxy_con_4;
--echo disconnect proxy_con_5;
disconnect proxy_con_5;
DROP USER ''@'',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5;
--echo ========== test 3 ==========================================
GRANT ALL PRIVILEGES ON *.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
FLUSH PRIVILEGES;
# Not working with the patch.
#--replace_result $MYSQLADMIN MYSQLADMIN $MASTER_MYPORT MYPORT $MASTER_MYSOCK MYSOCK
#--exec $MYSQLADMIN $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -S $MASTER_MYSOCK -u plug_user --password=plug_dest ping 2>&1
#--replace_result $MYSQL_CHECK MYSQL_CHECK $MASTER_MYPORT MYPORT
#--exec $MYSQL_CHECK $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u plug_user --password=plug_dest test
#--replace_result $MYSQL_DUMP MYSQL_DUMP $MASTER_MYPORT MYPORT
#--exec $MYSQL_DUMP -h localhost -P $MASTER_MYPORT $PLUGIN_AUTH_OPT -u plug_user --password=plug_dest test
#--replace_result $MYSQL_SHOW MYSQL_SHOW $MASTER_MYPORT MYPORT
#--exec $MYSQL_SHOW $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --plugin_dir=../plugin/auth -u plug_user --password=plug_dest 2>&1
DROP USER plug_user, plug_dest;
DROP DATABASE test_user_db;
--exit
$PLUGIN_AUTH_OPT
$PLUGIN_AUTH_INTERFACE
# Horst Hunger
# Created: 2010-10-06
#
# Test of the authentification interface. The plugin checks the expected values set
# by this application and the application checks the values set the the plugin.
--source include/have_plugin_interface.inc
--source include/not_embedded.inc
CREATE DATABASE test_user_db;
--echo ========== test 1.1.3.2 ====================================
--echo === check contens of components of info ====================
CREATE USER qa_test_1_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_1_dest';
CREATE USER qa_test_1_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_1_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_1_dest TO qa_test_1_user;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
SELECT @@proxy_user;
SELECT @@external_user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER qa_test_1_user;
DROP USER qa_test_1_dest;
--echo === Assign values to components of info ====================
CREATE USER qa_test_2_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_2_dest';
CREATE USER qa_test_2_dest IDENTIFIED BY 'dest_passwd';
CREATE USER authenticated_as IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_2_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_2_dest TO qa_test_2_user;
GRANT PROXY ON authenticated_as TO qa_test_2_user;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
SELECT @@proxy_user;
SELECT @@external_user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER qa_test_2_user;
DROP USER qa_test_2_dest;
DROP USER authenticated_as;
--echo === Assign too high values for *length, which should have no effect ====
CREATE USER qa_test_3_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_3_dest';
CREATE USER qa_test_3_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_3_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_3_dest TO qa_test_3_user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_3_user;
DROP USER qa_test_3_dest;
--echo === Assign too low values for *length, which should have no effect ====
CREATE USER qa_test_4_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_4_dest';
CREATE USER qa_test_4_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_4_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_4_dest TO qa_test_4_user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_4_user;
DROP USER qa_test_4_dest;
--echo === Assign empty string especially to authenticated_as (in plugin) ====
CREATE USER qa_test_5_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_5_dest';
CREATE USER qa_test_5_dest IDENTIFIED BY 'dest_passwd';
CREATE USER ''@'localhost' IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_5_dest identified by 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'localhost' identified by 'dest_passwd';
GRANT PROXY ON qa_test_5_dest TO qa_test_5_user;
GRANT PROXY ON qa_test_5_dest TO ''@'localhost';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_5_user;
DROP USER qa_test_5_dest;
DROP USER ''@'localhost';
--echo === Assign 'root' especially to authenticated_as (in plugin) ====
CREATE USER qa_test_6_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
CREATE USER qa_test_6_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_6_dest TO qa_test_6_user;
SELECT user,plugin,authentication_string,password FROM mysql.user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
SELECT user,plugin,authentication_string,password FROM mysql.user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
REVOKE PROXY ON qa_test_6_dest FROM root;
SELECT user,plugin,authentication_string FROM mysql.user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_6_user;
DROP USER qa_test_6_dest;
DELETE FROM mysql.user WHERE user='root' AND plugin='qa_auth_interface';
SELECT user,plugin,authentication_string,password FROM mysql.user;
--echo === Test of the --default_auth option for clients ====
CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_11_dest';
CREATE USER qa_test_11_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_11_dest TO qa_test_11_user;
--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_11_user, qa_test_11_dest;
DROP DATABASE test_user_db;
--exit
$PLUGIN_AUTH_OPT
$PLUGIN_AUTH_SERVER
# Horst Hunger
# Created: 2010-10-06
#
# Test of the authentification interface. The plugin checks the expected values set
# by this application and the application checks the values set the the plugin.
--source include/have_plugin_server.inc
--source include/not_embedded.inc
CREATE DATABASE test_user_db;
CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_server AS 'qa_test_11_dest';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_11_dest TO qa_test_11_user;
--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_11_user, qa_test_11_dest;
DROP DATABASE test_user_db;
--exit
...@@ -18,6 +18,14 @@ MYSQL_ADD_PLUGIN(auth dialog.c ...@@ -18,6 +18,14 @@ MYSQL_ADD_PLUGIN(auth dialog.c
MODULE_ONLY) MODULE_ONLY)
MYSQL_ADD_PLUGIN(auth_test_plugin test_plugin.c MYSQL_ADD_PLUGIN(auth_test_plugin test_plugin.c
MODULE_ONLY) MODULE_ONLY)
MYSQL_ADD_PLUGIN(qa_auth_interface qa_auth_interface.c
MODULE_ONLY)
MYSQL_ADD_PLUGIN(qa_auth_server qa_auth_server.c
MODULE_ONLY)
MYSQL_ADD_PLUGIN(qa_auth_client qa_auth_client.c
MODULE_ONLY)
CHECK_CXX_SOURCE_COMPILES( CHECK_CXX_SOURCE_COMPILES(
"#define _GNU_SOURCE "#define _GNU_SOURCE
......
...@@ -3,10 +3,14 @@ pkgplugindir=$(pkglibdir)/plugin ...@@ -3,10 +3,14 @@ pkgplugindir=$(pkglibdir)/plugin
AM_LDFLAGS=-module -rpath $(pkgplugindir) AM_LDFLAGS=-module -rpath $(pkgplugindir)
AM_CPPFLAGS=-DMYSQL_DYNAMIC_PLUGIN -Wno-pointer-sign -I$(top_srcdir)/include AM_CPPFLAGS=-DMYSQL_DYNAMIC_PLUGIN -Wno-pointer-sign -I$(top_srcdir)/include
pkgplugin_LTLIBRARIES= auth.la auth_test_plugin.la pkgplugin_LTLIBRARIES= auth.la auth_test_plugin.la qa_auth_interface.la qa_auth_server.la qa_auth_client.la
auth_la_SOURCES= dialog.c auth_la_SOURCES= dialog.c
auth_test_plugin_la_SOURCES= test_plugin.c auth_test_plugin_la_SOURCES= test_plugin.c
qa_auth_interface_la_SOURCES= qa_auth_interface.c
qa_auth_server_la_SOURCES= qa_auth_server.c
qa_auth_client_la_SOURCES= qa_auth_client.c
if HAVE_PEERCRED if HAVE_PEERCRED
pkgplugin_LTLIBRARIES+= auth_socket.la pkgplugin_LTLIBRARIES+= auth_socket.la
auth_socket_la_SOURCES= auth_socket.c auth_socket_la_SOURCES= auth_socket.c
......
/* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; version 2 of the
License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#include <my_global.h>
#include <mysql/plugin_auth.h>
#include <mysql/client_plugin.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
/**
first byte of the question string is the question "type".
It can be a "ordinary" or a "password" question.
The last bit set marks a last question in the authentication exchange.
*/
#define ORDINARY_QUESTION "\2"
#define LAST_QUESTION "\3"
#define LAST_PASSWORD "\4"
#define PASSWORD_QUESTION "\5"
/********************* CLIENT SIDE ***************************************/
/*
client plugin used for testing the plugin API
*/
#include <mysql.h>
/**
The main function of the test plugin.
Reads the prompt, check if the handshake is done and if the prompt is a
password request and returns the password. Otherwise return error.
@note
1. this plugin shows how a client authentication plugin
may read a MySQL protocol OK packet internally - which is important
where a number of packets is not known in advance.
2. the first byte of the prompt is special. it is not
shown to the user, but signals whether it is the last question
(prompt[0] & 1 == 1) or not last (prompt[0] & 1 == 0),
and whether the input is a password (not echoed).
3. the prompt is expected to be sent zero-terminated
*/
static int test_plugin_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
{
unsigned char *pkt, cmd= 0;
int pkt_len, res;
char *reply;
do
{
/* read the prompt */
pkt_len= vio->read_packet(vio, &pkt);
if (pkt_len < 0)
return CR_ERROR;
if (pkt == 0)
{
/*
in mysql_change_user() the client sends the first packet, so
the first vio->read_packet() does nothing (pkt == 0).
We send the "password", assuming the client knows what its doing.
(in other words, the dialog plugin should be only set as a default
authentication plugin on the client if the first question
asks for a password - which will be sent in cleat text, by the way)
*/
reply= mysql->passwd;
}
else
{
cmd= *pkt++;
/* is it MySQL protocol (0=OK or 254=need old password) packet ? */
if (cmd == 0 || cmd == 254)
return CR_OK_HANDSHAKE_COMPLETE; /* yes. we're done */
/*
asking for a password with an empty prompt means mysql->password
otherwise return an error
*/
if ((cmd == LAST_PASSWORD[0] || cmd == PASSWORD_QUESTION[0]) && *pkt == 0)
reply= mysql->passwd;
else
return CR_ERROR;
}
if (!reply)
return CR_ERROR;
/* send the reply to the server */
res= vio->write_packet(vio, (const unsigned char *) reply,
strlen(reply) + 1);
if (res)
return CR_ERROR;
/* repeat unless it was the last question */
} while (cmd != LAST_QUESTION[0] && cmd != PASSWORD_QUESTION[0]);
/* the job of reading the ok/error packet is left to the server */
return CR_OK;
}
mysql_declare_client_plugin(AUTHENTICATION)
"qa_auth_client",
"Horst Hunger",
"Dialog Client Authentication Plugin",
{0,1,0},
"GPL",
NULL,
NULL,
NULL,
NULL,
test_plugin_client
mysql_end_client_plugin;
/* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; version 2 of the
License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#include <my_global.h>
#include <mysql/plugin_auth.h>
#include <mysql/client_plugin.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
/**
first byte of the question string is the question "type".
It can be a "ordinary" or a "password" question.
The last bit set marks a last question in the authentication exchange.
*/
#define ORDINARY_QUESTION "\2"
#define LAST_QUESTION "\3"
#define LAST_PASSWORD "\4"
#define PASSWORD_QUESTION "\5"
/********************* SERVER SIDE ****************************************/
static int qa_auth_interface (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
{
unsigned char *pkt;
int pkt_len, err= CR_OK;
/* send a password question */
if (vio->write_packet(vio, (const unsigned char *) PASSWORD_QUESTION, 1))
return CR_ERROR;
/* read the answer */
if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
return CR_ERROR;
info->password_used= PASSWORD_USED_YES;
/* fail if the password is wrong */
if (strcmp((const char *) pkt, info->auth_string))
return CR_ERROR;
/* Check the contens of components of info */
if (strcmp(info->user_name, "qa_test_1_user")== 0)
{
if (info->user_name_length != 14)
err= CR_ERROR;
if (strcmp(info->auth_string, "qa_test_1_dest"))
err= CR_ERROR;
if (info->auth_string_length != 14)
err= CR_ERROR;
/* To be set by the plugin */
// if (strcmp(info->authenticated_as, "qa_test_1_user"))
// err= CR_ERROR;
/* To be set by the plugin */
// if (strcmp(info->external_user, ""))
// err= CR_ERROR;
if (info->password_used != PASSWORD_USED_YES)
err= CR_ERROR;
if (strcmp(info->host_or_ip, "localhost"))
err= CR_ERROR;
if (info->host_or_ip_length != 9)
err= CR_ERROR;
}
/* Assign values to the components of info even if not intended and watch the effect */
else if (strcmp(info->user_name, "qa_test_2_user")== 0)
{
/* Overwriting not intended, but with effect on USER() */
strcpy(info->user_name, "user_name");
info->user_name_length= 9;
/* Overwriting not intended, effect not visible */
strcpy((char *)info->auth_string, "auth_string");
info->auth_string_length= 11;
/* Assign with account for authorization, effect on CURRENT_USER() */
strcpy(info->authenticated_as, "authenticated_as");
/* Assign with an external account, effect on @@local.EXTERNAL_USER */
strcpy(info->external_user, "externaluser");
/* Overwriting will cause a core dump */
// strcpy(info->host_or_ip, "host_or_ip");
// info->host_or_ip_length= 10;
}
/* Invalid, means too high values for length */
else if (strcmp(info->user_name, "qa_test_3_user")== 0)
{
/* Original value is 14. Test runs also with higher value. Changes have no effect.*/
info->user_name_length= 28;
strcpy((char *)info->auth_string, "qa_test_3_dest");
/* Original value is 14. Test runs also with higher value. Changes have no effect.*/
info->auth_string_length= 28;
strcpy(info->authenticated_as, info->auth_string);
strcpy(info->external_user, info->auth_string);
}
/* Invalid, means too low values for length */
else if (strcmp(info->user_name, "qa_test_4_user")== 0)
{
/* Original value is 14. Test runs also with lower value. Changes have no effect.*/
info->user_name_length= 8;
strcpy((char *)info->auth_string, "qa_test_4_dest");
/* Original value is 14. Test runs also with lower value. Changes have no effect.*/
info->auth_string_length= 8;
strcpy(info->authenticated_as, info->auth_string);
strcpy(info->external_user, info->auth_string);
}
/* Overwrite with empty values */
else if (strcmp(info->user_name, "qa_test_5_user")== 0)
{
/* This assignment has no effect.*/
strcpy(info->user_name, "");
info->user_name_length= 0;
/* This assignment has no effect.*/
strcpy((char *)info->auth_string, "");
info->auth_string_length= 0;
/* This assignment caused an error or an "empty" user */
strcpy(info->authenticated_as, "");
/* This assignment has no effect.*/
strcpy(info->external_user, "");
/* Overwriting will cause a core dump */
// strcpy(info->host_or_ip, "");
// info->host_or_ip_length= 0;
}
/* Set to 'root' */
else if (strcmp(info->user_name, "qa_test_6_user")== 0)
{
strcpy(info->authenticated_as, "root");
}
else
{
err= CR_ERROR;
}
return err;
}
static struct st_mysql_auth qa_auth_test_handler=
{
MYSQL_AUTHENTICATION_INTERFACE_VERSION,
"qa_auth_interface", /* requires test_plugin client's plugin */
qa_auth_interface
};
mysql_declare_plugin(test_plugin)
{
MYSQL_AUTHENTICATION_PLUGIN,
&qa_auth_test_handler,
"qa_auth_interface",
"Horst Hunger",
"plugin API test plugin",
PLUGIN_LICENSE_GPL,
NULL,
NULL,
0x0100,
NULL,
NULL,
NULL
}
mysql_declare_plugin_end;
/********************* CLIENT SIDE ***************************************/
/*
client plugin used for testing the plugin API
*/
#include <mysql.h>
/**
The main function of the test plugin.
Reads the prompt, check if the handshake is done and if the prompt is a
password request and returns the password. Otherwise return error.
@note
1. this plugin shows how a client authentication plugin
may read a MySQL protocol OK packet internally - which is important
where a number of packets is not known in advance.
2. the first byte of the prompt is special. it is not
shown to the user, but signals whether it is the last question
(prompt[0] & 1 == 1) or not last (prompt[0] & 1 == 0),
and whether the input is a password (not echoed).
3. the prompt is expected to be sent zero-terminated
*/
static int test_plugin_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
{
unsigned char *pkt, cmd= 0;
int pkt_len, res;
char *reply;
do
{
/* read the prompt */
pkt_len= vio->read_packet(vio, &pkt);
if (pkt_len < 0)
return CR_ERROR;
if (pkt == 0)
{
/*
in mysql_change_user() the client sends the first packet, so
the first vio->read_packet() does nothing (pkt == 0).
We send the "password", assuming the client knows what its doing.
(in other words, the dialog plugin should be only set as a default
authentication plugin on the client if the first question
asks for a password - which will be sent in cleat text, by the way)
*/
reply= mysql->passwd;
}
else
{
cmd= *pkt++;
/* is it MySQL protocol (0=OK or 254=need old password) packet ? */
if (cmd == 0 || cmd == 254)
return CR_OK_HANDSHAKE_COMPLETE; /* yes. we're done */
/*
asking for a password with an empty prompt means mysql->password
otherwise return an error
*/
if ((cmd == LAST_PASSWORD[0] || cmd == PASSWORD_QUESTION[0]) && *pkt == 0)
reply= mysql->passwd;
else
return CR_ERROR;
}
if (!reply)
return CR_ERROR;
/* send the reply to the server */
res= vio->write_packet(vio, (const unsigned char *) reply,
strlen(reply) + 1);
if (res)
return CR_ERROR;
/* repeat unless it was the last question */
} while (cmd != LAST_QUESTION[0] && cmd != PASSWORD_QUESTION[0]);
/* the job of reading the ok/error packet is left to the server */
return CR_OK;
}
mysql_declare_client_plugin(AUTHENTICATION)
"qa_auth_interface",
"Horst Hunger",
"Dialog Client Authentication Plugin",
{0,1,0},
"GPL",
NULL,
NULL,
NULL,
NULL,
test_plugin_client
mysql_end_client_plugin;
/* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; version 2 of the
License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#include <my_global.h>
#include <mysql/plugin_auth.h>
#include <mysql/client_plugin.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
/**
first byte of the question string is the question "type".
It can be a "ordinary" or a "password" question.
The last bit set marks a last question in the authentication exchange.
*/
#define ORDINARY_QUESTION "\2"
#define LAST_QUESTION "\3"
#define LAST_PASSWORD "\4"
#define PASSWORD_QUESTION "\5"
/********************* SERVER SIDE ****************************************/
static int qa_auth_interface (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
{
unsigned char *pkt;
int pkt_len, err= CR_OK;
/* send a password question */
if (vio->write_packet(vio, (const unsigned char *) PASSWORD_QUESTION, 1))
return CR_ERROR;
/* read the answer */
if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
return CR_ERROR;
info->password_used= PASSWORD_USED_YES;
/* fail if the password is wrong */
if (strcmp((const char *) pkt, info->auth_string))
return CR_ERROR;
/* Test of default_auth */
if (strcmp(info->user_name, "qa_test_11_user")== 0)
{
strcpy(info->authenticated_as, "qa_test_11_dest");
}
else
err= CR_ERROR;
return err;
}
static struct st_mysql_auth qa_auth_test_handler=
{
MYSQL_AUTHENTICATION_INTERFACE_VERSION,
"qa_auth_interface", /* requires test_plugin client's plugin */
qa_auth_interface
};
mysql_declare_plugin(test_plugin)
{
MYSQL_AUTHENTICATION_PLUGIN,
&qa_auth_test_handler,
"qa_auth_server",
"Horst Hunger",
"plugin API test plugin",
PLUGIN_LICENSE_GPL,
NULL,
NULL,
0x0100,
NULL,
NULL,
NULL
}
mysql_declare_plugin_end;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment