Commit 05fe3f1c authored by Sergei Golubchik's avatar Sergei Golubchik

Two problems with auth_parsec.so

1. it links with ${SSL_LIBRARIES}, in WolfSSL builds it's a static
   library, so when a plugin is loaded there will be two copies of
   wolfssl in the same address space. It breaks odr (at least).
2. Plugin can linked with OpenSSL and the server with WolfSSL or
   vice versa. It might load, but then we'll have both WolfSSL and
   OpenSSL at the same time. Kind of risky.

Fix: link the plugin statically into the server if it's a WolfSSL build

adjust tests to work with static and dynamic parsec
parent 72d54ff9
...@@ -42,7 +42,7 @@ perl; ...@@ -42,7 +42,7 @@ perl;
wsrep file-key-management cracklib-password-check user-variables wsrep file-key-management cracklib-password-check user-variables
provider-bzip2 provider-lzma provider-lzo provider-bzip2 provider-lzma provider-lzo
thread-pool-groups thread-pool-queues thread-pool-stats thread-pool-groups thread-pool-queues thread-pool-stats
thread-pool-waits hashicorp provider gssapi/; thread-pool-waits hashicorp provider gssapi parsec/;
# And substitute the content some environment variables with their # And substitute the content some environment variables with their
# names: # names:
......
install soname 'auth_parsec';
create user test1@'%' identified via parsec using 'pwd'; create user test1@'%' identified via parsec using 'pwd';
ERROR HY000: Operation CREATE USER failed for 'test1'@'%' ERROR HY000: Operation CREATE USER failed for 'test1'@'%'
create user test1@'%' identified via parsec using PASSWORD('pwd'); create user test1@'%' identified via parsec using PASSWORD('pwd');
...@@ -29,4 +28,3 @@ test.have_ssl() ...@@ -29,4 +28,3 @@ test.have_ssl()
yes yes
drop function have_ssl; drop function have_ssl;
drop user test1@'%'; drop user test1@'%';
uninstall soname 'auth_parsec';
install soname 'CLIENT_PLUGIN'; install soname 'CLIENT_PLUGIN';
Got one of the listed errors Got one of the listed errors
include/master-slave.inc
[connection master]
connection slave;
install soname 'auth_PLUGIN';
connection master;
install soname 'auth_plugin';
create user rpluser@'%' identified via PLUGIN using PASSWORD('rpl_pass'); create user rpluser@'%' identified via PLUGIN using PASSWORD('rpl_pass');
grant replication slave on *.* to rpluser@'%'; grant replication slave on *.* to rpluser@'%';
connection master; include/master-slave.inc
[connection master]
connection slave; connection slave;
include/stop_slave.inc include/stop_slave.inc
change master to master_user='rpluser', master_password='rpl_pass'; change master to master_user='rpluser', master_password='rpl_pass';
include/start_slave.inc include/start_slave.inc
# Cleanup
include/stop_slave.inc include/stop_slave.inc
change master to master_user='root', master_password=''; change master to master_user='root', master_password='';
include/start_slave.inc include/start_slave.inc
include/stop_slave.inc include/rpl_end.inc
drop user rpluser@'%';
uninstall soname 'auth_plugin';
connection master;
drop user rpluser@'%'; drop user rpluser@'%';
uninstall soname 'auth_plugin';
--ssl-key= --ssl-key=
--ssl-cert= --ssl-cert=
--ssl-ca= --ssl-ca=
--plugin-load-add=$AUTH_PARSEC_SO
--loose-parsec
source include/platform.inc; source include/platform.inc;
source include/not_embedded.inc; source include/not_embedded.inc;
if (!$AUTH_PARSEC_SO) { if (`select count(*) = 0 from information_schema.plugins where plugin_name = 'parsec'`)
skip No auth_parsec plugin; {
--skip Needs parsec plugin
} }
if (!$PARSEC_SO) { if (!$PARSEC_SO) {
skip No auth_parsec plugin; skip No auth_parsec plugin;
} }
install soname 'auth_parsec';
--error ER_CANNOT_USER --error ER_CANNOT_USER
create user test1@'%' identified via parsec using 'pwd'; create user test1@'%' identified via parsec using 'pwd';
create user test1@'%' identified via parsec using PASSWORD('pwd'); create user test1@'%' identified via parsec using PASSWORD('pwd');
...@@ -42,4 +43,3 @@ if ($MTR_COMBINATION_WIN) { ...@@ -42,4 +43,3 @@ if ($MTR_COMBINATION_WIN) {
drop function have_ssl; drop function have_ssl;
drop user test1@'%'; drop user test1@'%';
uninstall soname 'auth_parsec';
[parsec] [parsec]
--plugin-load-add=$AUTH_PARSEC_SO
--loose-parsec
[ed25519] [ed25519]
--plugin-load-add=$AUTH_ED25519_SO
--loose-ed25519
...@@ -2,21 +2,20 @@ ...@@ -2,21 +2,20 @@
source include/not_msan.inc; source include/not_msan.inc;
if ($MTR_COMBINATION_ED25519) { if ($MTR_COMBINATION_ED25519) {
if (!$AUTH_ED25519_SO) {
skip No auth_ed25519 plugin;
}
let $AUTH_PLUGIN = ed25519; let $AUTH_PLUGIN = ed25519;
let $CLIENT_PLUGIN=client_ed25519; let $CLIENT_PLUGIN=client_ed25519;
} }
if ($MTR_COMBINATION_PARSEC) { if ($MTR_COMBINATION_PARSEC) {
if (!$AUTH_PARSEC_SO) {
skip No auth_parsec plugin;
}
let $AUTH_PLUGIN = parsec; let $AUTH_PLUGIN = parsec;
let $CLIENT_PLUGIN=parsec; let $CLIENT_PLUGIN=parsec;
} }
if (`select count(*) = 0 from information_schema.plugins where plugin_name = '$AUTH_PLUGIN'`)
{
--skip Needs $AUTH_PLUGIN plugin
}
--replace_result $CLIENT_PLUGIN CLIENT_PLUGIN --replace_result $CLIENT_PLUGIN CLIENT_PLUGIN
--error ER_CANT_OPEN_LIBRARY,ER_CANT_FIND_DL_ENTRY --error ER_CANT_OPEN_LIBRARY,ER_CANT_FIND_DL_ENTRY
eval install soname '$CLIENT_PLUGIN'; eval install soname '$CLIENT_PLUGIN';
...@@ -25,36 +24,22 @@ if ($errno == 1126) { ...@@ -25,36 +24,22 @@ if ($errno == 1126) {
skip $CLIENT_PLUGIN is not found or contains unresolved symbols; skip $CLIENT_PLUGIN is not found or contains unresolved symbols;
} }
source include/master-slave.inc;
sync_slave_with_master;
--replace_result $AUTH_PLUGIN PLUGIN
eval install soname 'auth_$AUTH_PLUGIN';
# create a user for replication with auth plugin # create a user for replication with auth plugin
connection master;
--replace_result $AUTH_PLUGIN plugin
eval install soname 'auth_$AUTH_PLUGIN';
--replace_result $AUTH_PLUGIN PLUGIN --replace_result $AUTH_PLUGIN PLUGIN
eval create user rpluser@'%' identified via $AUTH_PLUGIN using PASSWORD('rpl_pass'); eval create user rpluser@'%' identified via $AUTH_PLUGIN using PASSWORD('rpl_pass');
grant replication slave on *.* to rpluser@'%'; grant replication slave on *.* to rpluser@'%';
connection master;
sync_slave_with_master; source include/master-slave.inc;
connection slave;
# Set the slave to connect using the user created with the auth plugin for replication # Set the slave to connect using the user created with the auth plugin for replication
source include/stop_slave.inc; source include/stop_slave.inc;
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
change master to master_user='rpluser', master_password='rpl_pass'; change master to master_user='rpluser', master_password='rpl_pass';
source include/start_slave.inc; source include/start_slave.inc;
--echo # Cleanup
source include/stop_slave.inc; source include/stop_slave.inc;
change master to master_user='root', master_password=''; change master to master_user='root', master_password='';
source include/start_slave.inc; source include/start_slave.inc;
source include/stop_slave.inc;
drop user rpluser@'%'; source include/rpl_end.inc;
--replace_result $AUTH_PLUGIN plugin
eval uninstall soname 'auth_$AUTH_PLUGIN';
connection master;
drop user rpluser@'%'; drop user rpluser@'%';
--replace_result $AUTH_PLUGIN plugin
eval uninstall soname 'auth_$AUTH_PLUGIN';
IF (HAVE_evp_pkey) IF (HAVE_evp_pkey)
ADD_DEFINITIONS(${SSL_DEFINES}) ADD_DEFINITIONS(${SSL_DEFINES})
MYSQL_ADD_PLUGIN(auth_parsec server_parsec.cc LINK_LIBRARIES ${SSL_LIBRARIES}) IF(WITH_SSL STREQUAL "bundled")
MYSQL_ADD_PLUGIN(auth_parsec server_parsec.cc STATIC_ONLY DEFAULT)
ELSE()
MYSQL_ADD_PLUGIN(auth_parsec server_parsec.cc
LINK_LIBRARIES ${SSL_LIBRARIES})
ENDIF()
ENDIF() ENDIF()
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment