Commit d6af9bef authored by Horst.Hunger's avatar Horst.Hunger

due to merge

parent 7af50942
--disable_query_log
--require r/true.require
select (PLUGIN_LIBRARY LIKE 'qa_auth_interface%') as `TRUE` FROM INFORMATION_SCHEMA.PLUGINS
WHERE PLUGIN_NAME='qa_auth_interface';
--enable_query_log
--disable_query_log
--require r/true.require
select (PLUGIN_LIBRARY LIKE 'qa_auth_server%') as `TRUE` FROM INFORMATION_SCHEMA.PLUGINS
WHERE PLUGIN_NAME='qa_auth_server';
--enable_query_log
...@@ -131,6 +131,9 @@ my $opt_start_dirty; ...@@ -131,6 +131,9 @@ my $opt_start_dirty;
my $opt_start_exit; my $opt_start_exit;
my $start_only; my $start_only;
my $auth_interface_fn; # the name of qa_auth_interface plugin
my $auth_server_fn; # the name of qa_auth_server plugin
my $auth_client_fn; # the name of qa_auth_client plugin
my $auth_filename; # the name of the authentication test plugin my $auth_filename; # the name of the authentication test plugin
my $auth_plugin; # the path to the authentication test plugin my $auth_plugin; # the path to the authentication test plugin
...@@ -1062,14 +1065,20 @@ sub command_line_setup { ...@@ -1062,14 +1065,20 @@ sub command_line_setup {
"$basedir/sql/share/charsets", "$basedir/sql/share/charsets",
"$basedir/share/charsets"); "$basedir/share/charsets");
# Look for client test plugin # Look for auth test plugins
if (IS_WINDOWS) if (IS_WINDOWS)
{ {
$auth_filename = "auth_test_plugin.dll"; $auth_filename = "auth_test_plugin.dll";
$auth_interface_fn = "qa_auth_interface.dll";
$auth_server_fn = "qa_auth_server.dll";
$auth_client_fn = "qa_auth_client.dll";
} }
else else
{ {
$auth_filename = "auth_test_plugin.so"; $auth_filename = "auth_test_plugin.so";
$auth_interface_fn = "qa_auth_interface.so";
$auth_server_fn = "qa_auth_server.so";
$auth_client_fn = "qa_auth_client.so";
} }
$auth_plugin= $auth_plugin=
mtr_file_exists(vs_config_dirs('plugin/auth/',$auth_filename), mtr_file_exists(vs_config_dirs('plugin/auth/',$auth_filename),
...@@ -1973,12 +1982,18 @@ sub environment_setup { ...@@ -1973,12 +1982,18 @@ sub environment_setup {
$ENV{'PLUGIN_AUTH_OPT'}= "--plugin-dir=".dirname($auth_plugin); $ENV{'PLUGIN_AUTH_OPT'}= "--plugin-dir=".dirname($auth_plugin);
$ENV{'PLUGIN_AUTH_LOAD'}="--plugin_load=test_plugin_server=".$auth_filename; $ENV{'PLUGIN_AUTH_LOAD'}="--plugin_load=test_plugin_server=".$auth_filename;
$ENV{'PLUGIN_AUTH_INTERFACE'}="--plugin_load=qa_auth_interface=".$auth_interface_fn;
$ENV{'PLUGIN_AUTH_SERVER'}="--plugin_load=qa_auth_server=".$auth_server_fn;
$ENV{'PLUGIN_AUTH_CLIENT'}="--plugin_load=qa_auth_client=".$auth_client_fn;
} }
else else
{ {
$ENV{'PLUGIN_AUTH'}= ""; $ENV{'PLUGIN_AUTH'}= "";
$ENV{'PLUGIN_AUTH_OPT'}="--plugin-dir="; $ENV{'PLUGIN_AUTH_OPT'}="--plugin-dir=";
$ENV{'PLUGIN_AUTH_LOAD'}=""; $ENV{'PLUGIN_AUTH_LOAD'}="";
$ENV{'PLUGIN_AUTH_INTERFACE'}="";
$ENV{'PLUGIN_AUTH_SERVER'}="";
$ENV{'PLUGIN_AUTH_CLIENT'}="";
} }
......
This diff is collapsed.
This diff is collapsed.
CREATE DATABASE test_user_db;
========== test 1.1.3.2 ====================================
=== check contens of components of info ====================
CREATE USER qa_test_1_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_1_dest';
CREATE USER qa_test_1_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_1_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_1_dest TO qa_test_1_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
qa_test_1_dest
qa_test_1_user qa_auth_interface qa_test_1_dest
SELECT @@proxy_user;
@@proxy_user
NULL
SELECT @@external_user;
@@external_user
NULL
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
current_user() user() @@local.proxy_user @@local.external_user
qa_test_1_user@% qa_test_1_user@localhost NULL NULL
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
qa_test_1_dest
qa_test_1_user qa_auth_interface qa_test_1_dest
DROP USER qa_test_1_user;
DROP USER qa_test_1_dest;
=== Assign values to components of info ====================
CREATE USER qa_test_2_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_2_dest';
CREATE USER qa_test_2_dest IDENTIFIED BY 'dest_passwd';
CREATE USER authenticated_as IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_2_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_2_dest TO qa_test_2_user;
GRANT PROXY ON authenticated_as TO qa_test_2_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
authenticated_as
qa_test_2_dest
qa_test_2_user qa_auth_interface qa_test_2_dest
SELECT @@proxy_user;
@@proxy_user
NULL
SELECT @@external_user;
@@external_user
NULL
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
current_user() user() @@local.proxy_user @@local.external_user
authenticated_as@% user_name@localhost 'qa_test_2_user'@'%' 'qa_test_2_user'@'%'
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
authenticated_as
qa_test_2_dest
qa_test_2_user qa_auth_interface qa_test_2_dest
DROP USER qa_test_2_user;
DROP USER qa_test_2_dest;
DROP USER authenticated_as;
=== Assign too high values for *length, which should have no effect ====
CREATE USER qa_test_3_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_3_dest';
CREATE USER qa_test_3_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_3_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_3_dest TO qa_test_3_user;
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
current_user() user() @@local.proxy_user @@local.external_user
qa_test_3_dest@% qa_test_3_user@localhost 'qa_test_3_user'@'%' 'qa_test_3_user'@'%'
DROP USER qa_test_3_user;
DROP USER qa_test_3_dest;
=== Assign too low values for *length, which should have no effect ====
CREATE USER qa_test_4_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_4_dest';
CREATE USER qa_test_4_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_4_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_4_dest TO qa_test_4_user;
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
current_user() user() @@local.proxy_user @@local.external_user
qa_test_4_dest@% qa_test_4_user@localhost 'qa_test_4_user'@'%' 'qa_test_4_user'@'%'
DROP USER qa_test_4_user;
DROP USER qa_test_4_dest;
=== Assign empty string especially to authenticated_as (in plugin) ====
CREATE USER qa_test_5_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_5_dest';
CREATE USER qa_test_5_dest IDENTIFIED BY 'dest_passwd';
CREATE USER ''@'localhost' IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_5_dest identified by 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'localhost' identified by 'dest_passwd';
GRANT PROXY ON qa_test_5_dest TO qa_test_5_user;
GRANT PROXY ON qa_test_5_dest TO ''@'localhost';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
*DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_5_user qa_auth_interface qa_test_5_dest
qa_test_5_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'qa_test_5_user'@'localhost' (using password: YES)
DROP USER qa_test_5_user;
DROP USER qa_test_5_dest;
DROP USER ''@'localhost';
=== Assign 'root' especially to authenticated_as (in plugin) ====
CREATE USER qa_test_6_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
CREATE USER qa_test_6_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_6_dest TO qa_test_6_user;
SELECT user,plugin,authentication_string,password FROM mysql.user;
user plugin authentication_string password
root
root
root
qa_test_6_user qa_auth_interface qa_test_6_dest
qa_test_6_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'qa_test_6_user'@'localhost' (using password: YES)
GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
SELECT user,plugin,authentication_string,password FROM mysql.user;
user plugin authentication_string password
root
root
root
qa_test_6_user qa_auth_interface qa_test_6_dest
qa_test_6_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22
root qa_auth_interface qa_test_6_dest
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
REVOKE PROXY ON qa_test_6_dest FROM root;
SELECT user,plugin,authentication_string FROM mysql.user;
user plugin authentication_string
root
root
root
qa_test_6_user qa_auth_interface qa_test_6_dest
qa_test_6_dest
root qa_auth_interface qa_test_6_dest
exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
DROP USER qa_test_6_user;
DROP USER qa_test_6_dest;
DELETE FROM mysql.user WHERE user='root' AND plugin='qa_auth_interface';
SELECT user,plugin,authentication_string,password FROM mysql.user;
user plugin authentication_string password
root
root
root
=== Test of the --default_auth option for clients ====
CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_11_dest';
CREATE USER qa_test_11_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_11_dest TO qa_test_11_user;
exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'qa_test_11_user'@'localhost' (using password: YES)
DROP USER qa_test_11_user, qa_test_11_dest;
DROP DATABASE test_user_db;
CREATE DATABASE test_user_db;
CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_server AS 'qa_test_11_dest';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_11_dest TO qa_test_11_user;
exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
current_user() user() @@local.proxy_user @@local.external_user
qa_test_11_dest@% qa_test_11_user@localhost 'qa_test_11_user'@'%' 'qa_test_11_user'@'%'
exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_2_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'qa_test_2_user'@'localhost' (using password: NO)
DROP USER qa_test_11_user, qa_test_11_dest;
DROP DATABASE test_user_db;
$PLUGIN_AUTH_OPT
$PLUGIN_AUTH_LOAD
This diff is collapsed.
$PLUGIN_AUTH_OPT
$PLUGIN_AUTH_LOAD
This diff is collapsed.
$PLUGIN_AUTH_OPT
$PLUGIN_AUTH_INTERFACE
# Horst Hunger
# Created: 2010-10-06
#
# Test of the authentification interface. The plugin checks the expected values set
# by this application and the application checks the values set the the plugin.
--source include/have_plugin_interface.inc
--source include/not_embedded.inc
CREATE DATABASE test_user_db;
--echo ========== test 1.1.3.2 ====================================
--echo === check contens of components of info ====================
CREATE USER qa_test_1_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_1_dest';
CREATE USER qa_test_1_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_1_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_1_dest TO qa_test_1_user;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
SELECT @@proxy_user;
SELECT @@external_user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER qa_test_1_user;
DROP USER qa_test_1_dest;
--echo === Assign values to components of info ====================
CREATE USER qa_test_2_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_2_dest';
CREATE USER qa_test_2_dest IDENTIFIED BY 'dest_passwd';
CREATE USER authenticated_as IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_2_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_2_dest TO qa_test_2_user;
GRANT PROXY ON authenticated_as TO qa_test_2_user;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
SELECT @@proxy_user;
SELECT @@external_user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER qa_test_2_user;
DROP USER qa_test_2_dest;
DROP USER authenticated_as;
--echo === Assign too high values for *length, which should have no effect ====
CREATE USER qa_test_3_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_3_dest';
CREATE USER qa_test_3_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_3_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_3_dest TO qa_test_3_user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_3_user;
DROP USER qa_test_3_dest;
--echo === Assign too low values for *length, which should have no effect ====
CREATE USER qa_test_4_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_4_dest';
CREATE USER qa_test_4_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_4_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_4_dest TO qa_test_4_user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_4_user;
DROP USER qa_test_4_dest;
--echo === Assign empty string especially to authenticated_as (in plugin) ====
CREATE USER qa_test_5_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_5_dest';
CREATE USER qa_test_5_dest IDENTIFIED BY 'dest_passwd';
CREATE USER ''@'localhost' IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_5_dest identified by 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'localhost' identified by 'dest_passwd';
GRANT PROXY ON qa_test_5_dest TO qa_test_5_user;
GRANT PROXY ON qa_test_5_dest TO ''@'localhost';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_5_user;
DROP USER qa_test_5_dest;
DROP USER ''@'localhost';
--echo === Assign 'root' especially to authenticated_as (in plugin) ====
CREATE USER qa_test_6_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
CREATE USER qa_test_6_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_6_dest TO qa_test_6_user;
SELECT user,plugin,authentication_string,password FROM mysql.user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
SELECT user,plugin,authentication_string,password FROM mysql.user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
REVOKE PROXY ON qa_test_6_dest FROM root;
SELECT user,plugin,authentication_string FROM mysql.user;
--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_6_user;
DROP USER qa_test_6_dest;
DELETE FROM mysql.user WHERE user='root' AND plugin='qa_auth_interface';
SELECT user,plugin,authentication_string,password FROM mysql.user;
--echo === Test of the --default_auth option for clients ====
CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_11_dest';
CREATE USER qa_test_11_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_11_dest TO qa_test_11_user;
--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_11_user, qa_test_11_dest;
DROP DATABASE test_user_db;
--exit
$PLUGIN_AUTH_OPT
$PLUGIN_AUTH_SERVER
# Horst Hunger
# Created: 2010-10-06
#
# Test of the authentification interface. The plugin checks the expected values set
# by this application and the application checks the values set the the plugin.
--source include/have_plugin_server.inc
--source include/not_embedded.inc
CREATE DATABASE test_user_db;
CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_server AS 'qa_test_11_dest';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_11_dest TO qa_test_11_user;
--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
DROP USER qa_test_11_user, qa_test_11_dest;
DROP DATABASE test_user_db;
--exit
...@@ -18,6 +18,14 @@ MYSQL_ADD_PLUGIN(auth dialog.c ...@@ -18,6 +18,14 @@ MYSQL_ADD_PLUGIN(auth dialog.c
MODULE_ONLY) MODULE_ONLY)
MYSQL_ADD_PLUGIN(auth_test_plugin test_plugin.c MYSQL_ADD_PLUGIN(auth_test_plugin test_plugin.c
MODULE_ONLY) MODULE_ONLY)
MYSQL_ADD_PLUGIN(qa_auth_interface qa_auth_interface.c
MODULE_ONLY)
MYSQL_ADD_PLUGIN(qa_auth_server qa_auth_server.c
MODULE_ONLY)
MYSQL_ADD_PLUGIN(qa_auth_client qa_auth_client.c
MODULE_ONLY)
CHECK_CXX_SOURCE_COMPILES( CHECK_CXX_SOURCE_COMPILES(
"#define _GNU_SOURCE "#define _GNU_SOURCE
......
...@@ -3,10 +3,14 @@ pkgplugindir=$(pkglibdir)/plugin ...@@ -3,10 +3,14 @@ pkgplugindir=$(pkglibdir)/plugin
AM_LDFLAGS=-module -rpath $(pkgplugindir) AM_LDFLAGS=-module -rpath $(pkgplugindir)
AM_CPPFLAGS=-DMYSQL_DYNAMIC_PLUGIN -Wno-pointer-sign -I$(top_srcdir)/include AM_CPPFLAGS=-DMYSQL_DYNAMIC_PLUGIN -Wno-pointer-sign -I$(top_srcdir)/include
pkgplugin_LTLIBRARIES= auth.la auth_test_plugin.la pkgplugin_LTLIBRARIES= auth.la auth_test_plugin.la qa_auth_interface.la qa_auth_server.la qa_auth_client.la
auth_la_SOURCES= dialog.c auth_la_SOURCES= dialog.c
auth_test_plugin_la_SOURCES= test_plugin.c auth_test_plugin_la_SOURCES= test_plugin.c
qa_auth_interface_la_SOURCES= qa_auth_interface.c
qa_auth_server_la_SOURCES= qa_auth_server.c
qa_auth_client_la_SOURCES= qa_auth_client.c
if HAVE_PEERCRED if HAVE_PEERCRED
pkgplugin_LTLIBRARIES+= auth_socket.la pkgplugin_LTLIBRARIES+= auth_socket.la
auth_socket_la_SOURCES= auth_socket.c auth_socket_la_SOURCES= auth_socket.c
......
/* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; version 2 of the
License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#include <my_global.h>
#include <mysql/plugin_auth.h>
#include <mysql/client_plugin.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
/**
first byte of the question string is the question "type".
It can be a "ordinary" or a "password" question.
The last bit set marks a last question in the authentication exchange.
*/
#define ORDINARY_QUESTION "\2"
#define LAST_QUESTION "\3"
#define LAST_PASSWORD "\4"
#define PASSWORD_QUESTION "\5"
/********************* CLIENT SIDE ***************************************/
/*
client plugin used for testing the plugin API
*/
#include <mysql.h>
/**
The main function of the test plugin.
Reads the prompt, check if the handshake is done and if the prompt is a
password request and returns the password. Otherwise return error.
@note
1. this plugin shows how a client authentication plugin
may read a MySQL protocol OK packet internally - which is important
where a number of packets is not known in advance.
2. the first byte of the prompt is special. it is not
shown to the user, but signals whether it is the last question
(prompt[0] & 1 == 1) or not last (prompt[0] & 1 == 0),
and whether the input is a password (not echoed).
3. the prompt is expected to be sent zero-terminated
*/
static int test_plugin_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
{
unsigned char *pkt, cmd= 0;
int pkt_len, res;
char *reply;
do
{
/* read the prompt */
pkt_len= vio->read_packet(vio, &pkt);
if (pkt_len < 0)
return CR_ERROR;
if (pkt == 0)
{
/*
in mysql_change_user() the client sends the first packet, so
the first vio->read_packet() does nothing (pkt == 0).
We send the "password", assuming the client knows what its doing.
(in other words, the dialog plugin should be only set as a default
authentication plugin on the client if the first question
asks for a password - which will be sent in cleat text, by the way)
*/
reply= mysql->passwd;
}
else
{
cmd= *pkt++;
/* is it MySQL protocol (0=OK or 254=need old password) packet ? */
if (cmd == 0 || cmd == 254)
return CR_OK_HANDSHAKE_COMPLETE; /* yes. we're done */
/*
asking for a password with an empty prompt means mysql->password
otherwise return an error
*/
if ((cmd == LAST_PASSWORD[0] || cmd == PASSWORD_QUESTION[0]) && *pkt == 0)
reply= mysql->passwd;
else
return CR_ERROR;
}
if (!reply)
return CR_ERROR;
/* send the reply to the server */
res= vio->write_packet(vio, (const unsigned char *) reply,
strlen(reply) + 1);
if (res)
return CR_ERROR;
/* repeat unless it was the last question */
} while (cmd != LAST_QUESTION[0] && cmd != PASSWORD_QUESTION[0]);
/* the job of reading the ok/error packet is left to the server */
return CR_OK;
}
mysql_declare_client_plugin(AUTHENTICATION)
"qa_auth_client",
"Horst Hunger",
"Dialog Client Authentication Plugin",
{0,1,0},
"GPL",
NULL,
NULL,
NULL,
NULL,
test_plugin_client
mysql_end_client_plugin;
/* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; version 2 of the
License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#include <my_global.h>
#include <mysql/plugin_auth.h>
#include <mysql/client_plugin.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
/**
first byte of the question string is the question "type".
It can be a "ordinary" or a "password" question.
The last bit set marks a last question in the authentication exchange.
*/
#define ORDINARY_QUESTION "\2"
#define LAST_QUESTION "\3"
#define LAST_PASSWORD "\4"
#define PASSWORD_QUESTION "\5"
/********************* SERVER SIDE ****************************************/
static int qa_auth_interface (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
{
unsigned char *pkt;
int pkt_len, err= CR_OK;
/* send a password question */
if (vio->write_packet(vio, (const unsigned char *) PASSWORD_QUESTION, 1))
return CR_ERROR;
/* read the answer */
if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
return CR_ERROR;
info->password_used= PASSWORD_USED_YES;
/* fail if the password is wrong */
if (strcmp((const char *) pkt, info->auth_string))
return CR_ERROR;
/* Check the contens of components of info */
if (strcmp(info->user_name, "qa_test_1_user")== 0)
{
if (info->user_name_length != 14)
err= CR_ERROR;
if (strcmp(info->auth_string, "qa_test_1_dest"))
err= CR_ERROR;
if (info->auth_string_length != 14)
err= CR_ERROR;
/* To be set by the plugin */
// if (strcmp(info->authenticated_as, "qa_test_1_user"))
// err= CR_ERROR;
/* To be set by the plugin */
// if (strcmp(info->external_user, ""))
// err= CR_ERROR;
if (info->password_used != PASSWORD_USED_YES)
err= CR_ERROR;
if (strcmp(info->host_or_ip, "localhost"))
err= CR_ERROR;
if (info->host_or_ip_length != 9)
err= CR_ERROR;
}
/* Assign values to the components of info even if not intended and watch the effect */
else if (strcmp(info->user_name, "qa_test_2_user")== 0)
{
/* Overwriting not intended, but with effect on USER() */
strcpy(info->user_name, "user_name");
info->user_name_length= 9;
/* Overwriting not intended, effect not visible */
strcpy((char *)info->auth_string, "auth_string");
info->auth_string_length= 11;
/* Assign with account for authorization, effect on CURRENT_USER() */
strcpy(info->authenticated_as, "authenticated_as");
/* Assign with an external account, effect on @@local.EXTERNAL_USER */
strcpy(info->external_user, "externaluser");
/* Overwriting will cause a core dump */
// strcpy(info->host_or_ip, "host_or_ip");
// info->host_or_ip_length= 10;
}
/* Invalid, means too high values for length */
else if (strcmp(info->user_name, "qa_test_3_user")== 0)
{
/* Original value is 14. Test runs also with higher value. Changes have no effect.*/
info->user_name_length= 28;
strcpy((char *)info->auth_string, "qa_test_3_dest");
/* Original value is 14. Test runs also with higher value. Changes have no effect.*/
info->auth_string_length= 28;
strcpy(info->authenticated_as, info->auth_string);
strcpy(info->external_user, info->auth_string);
}
/* Invalid, means too low values for length */
else if (strcmp(info->user_name, "qa_test_4_user")== 0)
{
/* Original value is 14. Test runs also with lower value. Changes have no effect.*/
info->user_name_length= 8;
strcpy((char *)info->auth_string, "qa_test_4_dest");
/* Original value is 14. Test runs also with lower value. Changes have no effect.*/
info->auth_string_length= 8;
strcpy(info->authenticated_as, info->auth_string);
strcpy(info->external_user, info->auth_string);
}
/* Overwrite with empty values */
else if (strcmp(info->user_name, "qa_test_5_user")== 0)
{
/* This assignment has no effect.*/
strcpy(info->user_name, "");
info->user_name_length= 0;
/* This assignment has no effect.*/
strcpy((char *)info->auth_string, "");
info->auth_string_length= 0;
/* This assignment caused an error or an "empty" user */
strcpy(info->authenticated_as, "");
/* This assignment has no effect.*/
strcpy(info->external_user, "");
/* Overwriting will cause a core dump */
// strcpy(info->host_or_ip, "");
// info->host_or_ip_length= 0;
}
/* Set to 'root' */
else if (strcmp(info->user_name, "qa_test_6_user")== 0)
{
strcpy(info->authenticated_as, "root");
}
else
{
err= CR_ERROR;
}
return err;
}
static struct st_mysql_auth qa_auth_test_handler=
{
MYSQL_AUTHENTICATION_INTERFACE_VERSION,
"qa_auth_interface", /* requires test_plugin client's plugin */
qa_auth_interface
};
mysql_declare_plugin(test_plugin)
{
MYSQL_AUTHENTICATION_PLUGIN,
&qa_auth_test_handler,
"qa_auth_interface",
"Horst Hunger",
"plugin API test plugin",
PLUGIN_LICENSE_GPL,
NULL,
NULL,
0x0100,
NULL,
NULL,
NULL
}
mysql_declare_plugin_end;
/********************* CLIENT SIDE ***************************************/
/*
client plugin used for testing the plugin API
*/
#include <mysql.h>
/**
The main function of the test plugin.
Reads the prompt, check if the handshake is done and if the prompt is a
password request and returns the password. Otherwise return error.
@note
1. this plugin shows how a client authentication plugin
may read a MySQL protocol OK packet internally - which is important
where a number of packets is not known in advance.
2. the first byte of the prompt is special. it is not
shown to the user, but signals whether it is the last question
(prompt[0] & 1 == 1) or not last (prompt[0] & 1 == 0),
and whether the input is a password (not echoed).
3. the prompt is expected to be sent zero-terminated
*/
static int test_plugin_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
{
unsigned char *pkt, cmd= 0;
int pkt_len, res;
char *reply;
do
{
/* read the prompt */
pkt_len= vio->read_packet(vio, &pkt);
if (pkt_len < 0)
return CR_ERROR;
if (pkt == 0)
{
/*
in mysql_change_user() the client sends the first packet, so
the first vio->read_packet() does nothing (pkt == 0).
We send the "password", assuming the client knows what its doing.
(in other words, the dialog plugin should be only set as a default
authentication plugin on the client if the first question
asks for a password - which will be sent in cleat text, by the way)
*/
reply= mysql->passwd;
}
else
{
cmd= *pkt++;
/* is it MySQL protocol (0=OK or 254=need old password) packet ? */
if (cmd == 0 || cmd == 254)
return CR_OK_HANDSHAKE_COMPLETE; /* yes. we're done */
/*
asking for a password with an empty prompt means mysql->password
otherwise return an error
*/
if ((cmd == LAST_PASSWORD[0] || cmd == PASSWORD_QUESTION[0]) && *pkt == 0)
reply= mysql->passwd;
else
return CR_ERROR;
}
if (!reply)
return CR_ERROR;
/* send the reply to the server */
res= vio->write_packet(vio, (const unsigned char *) reply,
strlen(reply) + 1);
if (res)
return CR_ERROR;
/* repeat unless it was the last question */
} while (cmd != LAST_QUESTION[0] && cmd != PASSWORD_QUESTION[0]);
/* the job of reading the ok/error packet is left to the server */
return CR_OK;
}
mysql_declare_client_plugin(AUTHENTICATION)
"qa_auth_interface",
"Horst Hunger",
"Dialog Client Authentication Plugin",
{0,1,0},
"GPL",
NULL,
NULL,
NULL,
NULL,
test_plugin_client
mysql_end_client_plugin;
/* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; version 2 of the
License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#include <my_global.h>
#include <mysql/plugin_auth.h>
#include <mysql/client_plugin.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
/**
first byte of the question string is the question "type".
It can be a "ordinary" or a "password" question.
The last bit set marks a last question in the authentication exchange.
*/
#define ORDINARY_QUESTION "\2"
#define LAST_QUESTION "\3"
#define LAST_PASSWORD "\4"
#define PASSWORD_QUESTION "\5"
/********************* SERVER SIDE ****************************************/
static int qa_auth_interface (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
{
unsigned char *pkt;
int pkt_len, err= CR_OK;
/* send a password question */
if (vio->write_packet(vio, (const unsigned char *) PASSWORD_QUESTION, 1))
return CR_ERROR;
/* read the answer */
if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
return CR_ERROR;
info->password_used= PASSWORD_USED_YES;
/* fail if the password is wrong */
if (strcmp((const char *) pkt, info->auth_string))
return CR_ERROR;
/* Test of default_auth */
if (strcmp(info->user_name, "qa_test_11_user")== 0)
{
strcpy(info->authenticated_as, "qa_test_11_dest");
}
else
err= CR_ERROR;
return err;
}
static struct st_mysql_auth qa_auth_test_handler=
{
MYSQL_AUTHENTICATION_INTERFACE_VERSION,
"qa_auth_interface", /* requires test_plugin client's plugin */
qa_auth_interface
};
mysql_declare_plugin(test_plugin)
{
MYSQL_AUTHENTICATION_PLUGIN,
&qa_auth_test_handler,
"qa_auth_server",
"Horst Hunger",
"plugin API test plugin",
PLUGIN_LICENSE_GPL,
NULL,
NULL,
0x0100,
NULL,
NULL,
NULL
}
mysql_declare_plugin_end;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment