diff options
| author | Horst.Hunger <horst.hunger@sun.com> | 2010-10-20 16:56:09 +0200 |
|---|---|---|
| committer | Horst.Hunger <horst.hunger@sun.com> | 2010-10-20 16:56:09 +0200 |
| commit | d6af9bef7a72f24b05a88b6cd4fd3a69b14cc82d (patch) | |
| tree | 72e585dfcbbc4720d5800aaee874e1695e3351b4 | |
| parent | 7af5094208edac1dd3af9ba2883f3c91264fbf6a (diff) | |
| download | mariadb-git-d6af9bef7a72f24b05a88b6cd4fd3a69b14cc82d.tar.gz | |
due to merge
| -rw-r--r-- | mysql-test/include/have_plugin_interface.inc | 5 | ||||
| -rw-r--r-- | mysql-test/include/have_plugin_server.inc | 5 | ||||
| -rwxr-xr-x | mysql-test/mysql-test-run.pl | 17 | ||||
| -rw-r--r-- | mysql-test/r/plugin_auth_qa.result | 327 | ||||
| -rw-r--r-- | mysql-test/r/plugin_auth_qa_1.result | 335 | ||||
| -rw-r--r-- | mysql-test/r/plugin_auth_qa_2.result | 146 | ||||
| -rw-r--r-- | mysql-test/r/plugin_auth_qa_3.result | 11 | ||||
| -rw-r--r-- | mysql-test/t/plugin_auth_qa-master.opt | 2 | ||||
| -rw-r--r-- | mysql-test/t/plugin_auth_qa.test | 338 | ||||
| -rw-r--r-- | mysql-test/t/plugin_auth_qa_1-master.opt | 2 | ||||
| -rw-r--r-- | mysql-test/t/plugin_auth_qa_1.test | 334 | ||||
| -rw-r--r-- | mysql-test/t/plugin_auth_qa_2-master.opt | 2 | ||||
| -rw-r--r-- | mysql-test/t/plugin_auth_qa_2.test | 148 | ||||
| -rw-r--r-- | mysql-test/t/plugin_auth_qa_3-master.opt | 2 | ||||
| -rw-r--r-- | mysql-test/t/plugin_auth_qa_3.test | 25 | ||||
| -rw-r--r-- | plugin/auth/CMakeLists.txt | 8 | ||||
| -rw-r--r-- | plugin/auth/Makefile.am | 6 | ||||
| -rw-r--r-- | plugin/auth/qa_auth_client.c | 127 | ||||
| -rw-r--r-- | plugin/auth/qa_auth_interface.c | 262 | ||||
| -rw-r--r-- | plugin/auth/qa_auth_server.c | 87 |
20 files changed, 2187 insertions, 2 deletions
diff --git a/mysql-test/include/have_plugin_interface.inc b/mysql-test/include/have_plugin_interface.inc new file mode 100644 index 00000000000..afe8ffad40d --- /dev/null +++ b/mysql-test/include/have_plugin_interface.inc @@ -0,0 +1,5 @@ +--disable_query_log +--require r/true.require +select (PLUGIN_LIBRARY LIKE 'qa_auth_interface%') as `TRUE` FROM INFORMATION_SCHEMA.PLUGINS + WHERE PLUGIN_NAME='qa_auth_interface'; +--enable_query_log diff --git a/mysql-test/include/have_plugin_server.inc b/mysql-test/include/have_plugin_server.inc new file mode 100644 index 00000000000..aad1f026b44 --- /dev/null +++ b/mysql-test/include/have_plugin_server.inc @@ -0,0 +1,5 @@ +--disable_query_log +--require r/true.require +select (PLUGIN_LIBRARY LIKE 'qa_auth_server%') as `TRUE` FROM INFORMATION_SCHEMA.PLUGINS + WHERE PLUGIN_NAME='qa_auth_server'; +--enable_query_log diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl index 88719ff5bb2..419fb4fdbaa 100755 --- a/mysql-test/mysql-test-run.pl +++ b/mysql-test/mysql-test-run.pl @@ -131,6 +131,9 @@ my $opt_start_dirty; my $opt_start_exit; my $start_only; +my $auth_interface_fn; # the name of qa_auth_interface plugin +my $auth_server_fn; # the name of qa_auth_server plugin +my $auth_client_fn; # the name of qa_auth_client plugin my $auth_filename; # the name of the authentication test plugin my $auth_plugin; # the path to the authentication test plugin @@ -1062,14 +1065,20 @@ sub command_line_setup { "$basedir/sql/share/charsets", "$basedir/share/charsets"); - # Look for client test plugin + # Look for auth test plugins if (IS_WINDOWS) { $auth_filename = "auth_test_plugin.dll"; + $auth_interface_fn = "qa_auth_interface.dll"; + $auth_server_fn = "qa_auth_server.dll"; + $auth_client_fn = "qa_auth_client.dll"; } else { $auth_filename = "auth_test_plugin.so"; + $auth_interface_fn = "qa_auth_interface.so"; + $auth_server_fn = "qa_auth_server.so"; + $auth_client_fn = "qa_auth_client.so"; } $auth_plugin= mtr_file_exists(vs_config_dirs('plugin/auth/',$auth_filename), @@ -1973,12 +1982,18 @@ sub environment_setup { $ENV{'PLUGIN_AUTH_OPT'}= "--plugin-dir=".dirname($auth_plugin); $ENV{'PLUGIN_AUTH_LOAD'}="--plugin_load=test_plugin_server=".$auth_filename; + $ENV{'PLUGIN_AUTH_INTERFACE'}="--plugin_load=qa_auth_interface=".$auth_interface_fn; + $ENV{'PLUGIN_AUTH_SERVER'}="--plugin_load=qa_auth_server=".$auth_server_fn; + $ENV{'PLUGIN_AUTH_CLIENT'}="--plugin_load=qa_auth_client=".$auth_client_fn; } else { $ENV{'PLUGIN_AUTH'}= ""; $ENV{'PLUGIN_AUTH_OPT'}="--plugin-dir="; $ENV{'PLUGIN_AUTH_LOAD'}=""; + $ENV{'PLUGIN_AUTH_INTERFACE'}=""; + $ENV{'PLUGIN_AUTH_SERVER'}=""; + $ENV{'PLUGIN_AUTH_CLIENT'}=""; } diff --git a/mysql-test/r/plugin_auth_qa.result b/mysql-test/r/plugin_auth_qa.result new file mode 100644 index 00000000000..d1ecf6a6470 --- /dev/null +++ b/mysql-test/r/plugin_auth_qa.result @@ -0,0 +1,327 @@ +CREATE DATABASE test_user_db; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +========== test 1.1 ====================================================== +CREATE USER plug IDENTIFIED WITH test_plugin_server; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server +DROP USER plug; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server +REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug; +DROP USER plug; +CREATE USER plug IDENTIFIED WITH 'test_plugin_server'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server +DROP USER plug; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server +REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug; +DROP USER plug; +CREATE USER plug IDENTIFIED WITH test_plugin_server AS ''; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server +DROP USER plug; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS ''; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server +REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug; +DROP USER plug; +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS ; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 +CREATE USER plug IDENTIFIED WITH test_plugin_server AS plug_dest; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'plug_dest' at line 1 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS plug_dest; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'plug_dest' at line 1 +========== test 1.1 syntax errors ======================================== +CREATE USER plug IDENTIFIED WITH AS plug_dest; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS plug_dest' at line 1 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH AS plug_dest; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS plug_dest' at line 1 +CREATE USER plug IDENTIFIED WITH; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 +CREATE USER plug IDENTIFIED AS ''; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS ''' at line 1 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED AS ''; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS ''' at line 1 +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' IDENTIFIED WITH 'test_plugin_server'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH 'test_plugin_server'' at line 1 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug +IDENTIFIED WITH 'test_plugin_server' IDENTIFIED WITH 'test_plugin_server'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH 'test_plugin_server'' at line 2 +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS '' AS 'plug_dest'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS 'plug_dest'' at line 1 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug AS '' AS 'plug_dest'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS '' AS 'plug_dest'' at line 1 +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS '' +IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH test_plugin_server AS 'plug_dest'' at line 2 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS '' + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH test_plugin_server AS 'plug_dest'' at line 2 +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd' +IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'' at line 2 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED BY 'plug_dest_passwd' + IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'' at line 2 +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' +USER plug_dest IDENTIFIED by 'plug_dest_pwd'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USER plug_dest IDENTIFIED by 'plug_dest_pwd'' at line 2 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' + USER plug_dest IDENTIFIED by 'plug_dest_pwd'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USER plug_dest IDENTIFIED by 'plug_dest_pwd'' at line 2 +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' +plug_dest IDENTIFIED by 'plug_dest_pwd'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'plug_dest IDENTIFIED by 'plug_dest_pwd'' at line 2 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' + plug_dest IDENTIFIED by 'plug_dest_pwd'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'plug_dest IDENTIFIED by 'plug_dest_pwd'' at line 2 +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' +IDENTIFIED by 'plug_dest_pwd'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED by 'plug_dest_pwd'' at line 2 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' + IDENTIFIED by 'plug_dest_pwd'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED by 'plug_dest_pwd'' at line 2 +========== test 1.1 combinations ========================== +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +========== test 1.1.1.6/1.1.2.5 ============================ +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server plug_dest +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server plug_dest +plug_dest +DROP USER plug, plug_dest; +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server plug_dest +DROP USER plug; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug_dest +DROP USER plug_dest; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server plug_dest +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server plug_dest +plug_dest +DROP USER plug, plug_dest; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server plug_dest +DROP USER plug; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug_dest +DROP USER plug_dest; +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server plug_dest +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server plug_dest +plug_dest +DROP USER plug, plug_dest; +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server plug_dest +DROP USER plug; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug_dest +DROP USER plug_dest; +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +ERROR HY000: GRANT with IDENTIFIED WITH is illegal because the user plug already exists +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server'; +ERROR HY000: GRANT with IDENTIFIED WITH is illegal because the user plug already exists +DROP USER plug; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +ERROR HY000: Operation CREATE USER failed for 'plug'@'%' +CREATE USER plug IDENTIFIED WITH 'test_plugin_server'; +ERROR HY000: Operation CREATE USER failed for 'plug'@'%' +DROP USER plug; +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +user plugin authentication_string password +plug test_plugin_server plug_dest +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +user plugin authentication_string password +plug test_plugin_server plug_dest *939AEE68989794C0F408277411C26055CDF41119 +DROP USER plug; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug IDENTIFIED BY 'plug_dest_passwd'; +ERROR HY000: Operation CREATE USER failed for 'plug'@'%' +DROP USER plug; +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +user plugin authentication_string password +plug test_plugin_server plug_dest +plug_dest test_plugin_server plug_dest +DROP USER plug,plug_dest; +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +user plugin authentication_string password +plug test_plugin_server plug_dest +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest +IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +user plugin authentication_string password +plug test_plugin_server plug_dest +plug_dest test_plugin_server plug_dest +DROP USER plug,plug_dest; +========== test 1.1.1.1/1.1.2.1/1.1.1.5 ==================== +SET NAMES utf8; +CREATE USER plüg IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plüg test_plugin_server plüg_dest +DROP USER plüg; +CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plüg_dest +DROP USER plüg_dest; +SET NAMES ascii; +CREATE USER 'plüg' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +pl??g test_plugin_server pl??g_dest +DROP USER 'plüg'; +CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +pl??g_dest +DROP USER 'plüg_dest'; +SET NAMES latin1; +========== test 1.1.1.5 ==================================== +CREATE USER 'plüg' IDENTIFIED WITH 'test_plügin_server' AS 'plüg_dest'; +ERROR HY000: Plugin 'test_plügin_server' is not loaded +CREATE USER 'plug' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server plüg_dest +DROP USER 'plug'; +CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plüg_dest +DROP USER 'plüg_dest'; +SET NAMES utf8; +CREATE USER plüg IDENTIFIED WITH 'test_plügin_server' AS 'plüg_dest'; +ERROR HY000: Plugin 'test_plügin_server' is not loaded +CREATE USER 'plüg' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plüg test_plugin_server plüg_dest +DROP USER 'plüg'; +CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plüg_dest +DROP USER 'plüg_dest'; +CREATE USER plüg IDENTIFIED WITH test_plugin_server AS 'plüg_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plüg test_plugin_server plüg_dest +DROP USER plüg; +CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plüg_dest +DROP USER plüg_dest; +========== test 1.1.1.2/1.1.2.2============================= +SET @auth_name= 'test_plugin_server'; +CREATE USER plug IDENTIFIED WITH @auth_name AS 'plug_dest'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@auth_name AS 'plug_dest'' at line 1 +SET @auth_string= 'plug_dest'; +CREATE USER plug IDENTIFIED WITH test_plugin_server AS @auth_string; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@auth_string' at line 1 +========== test 1.1.1.3/1.1.2.3============================= +CREATE USER plug IDENTIFIED WITH 'hh''s_test_plugin_server' AS 'plug_dest'; +ERROR HY000: Plugin 'hh's_test_plugin_server' is not loaded +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'hh''s_plug_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug test_plugin_server hh's_plug_dest +DROP USER plug; +CREATE USER 'hh''s_plug_dest' IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +hh's_plug_dest +DROP USER 'hh''s_plug_dest'; +========== test 1.1.1.4 ==================================== +CREATE USER plug IDENTIFIED WITH hh''s_test_plugin_server AS 'plug_dest'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''s_test_plugin_server AS 'plug_dest'' at line 1 +========== test 1.1.3.1 ==================================== +GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +grant_user test_plugin_server plug_dest +CREATE USER plug_dest; +DROP USER plug_dest; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +grant_user test_plugin_server plug_dest +plug_dest +DROP USER grant_user,plug_dest; +set @save_sql_mode= @@sql_mode; +SET @@sql_mode=no_auto_create_user; +GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +grant_user test_plugin_server plug_dest +CREATE USER plug_dest; +DROP USER plug_dest; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest; +ERROR 42000: Can't find any matching row in the user table +DROP USER grant_user; +GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +grant_user test_plugin_server plug_dest +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +user plugin authentication_string password +grant_user test_plugin_server plug_dest +plug_dest *939AEE68989794C0F408277411C26055CDF41119 +DROP USER plug_dest; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_user_passwd'; +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +user plugin authentication_string password +grant_user test_plugin_server plug_dest +plug_dest *560881EB651416CEF77314D07D55EDCD5FC1BD6D +DROP USER grant_user,plug_dest; +set @@sql_mode= @save_sql_mode; +DROP DATABASE test_user_db; diff --git a/mysql-test/r/plugin_auth_qa_1.result b/mysql-test/r/plugin_auth_qa_1.result new file mode 100644 index 00000000000..00ee47b56b3 --- /dev/null +++ b/mysql-test/r/plugin_auth_qa_1.result @@ -0,0 +1,335 @@ +CREATE DATABASE test_user_db; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +========== test 1.1.3.2 ==================================== +CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; +current_user() +plug_dest@% +user() +plug_user@localhost +Tables_in_test_user_db +t1 +REVOKE PROXY ON plug_dest FROM plug_user; +ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES) +DROP USER plug_user,plug_dest; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user +IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug_dest +plug_user test_plugin_server plug_dest +1) +current_user() +plug_dest@% +user() +plug_user@localhost +Tables_in_test_user_db +t1 +REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user' + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +2) +current_user() +plug_dest@% +user() +plug_user@localhost +Tables_in_test_user_db +t1 +REVOKE PROXY ON plug_dest FROM plug_user; +3) +ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES) +DROP USER plug_user,plug_dest; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user +IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +1) +ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES) +GRANT PROXY ON plug_dest TO plug_user; +2) +current_user() +plug_dest@% +user() +plug_user@localhost +Tables_in_test_user_db +t1 +REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user' + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +DROP USER plug_user,plug_dest; +========== test 1.2 ======================================== +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user +IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; +current_user() +plug_dest@% +user() +plug_user@localhost +RENAME USER plug_dest TO new_dest; +ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES) +GRANT PROXY ON new_dest TO plug_user; +ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES) +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +new_dest +plug_user test_plugin_server plug_dest +DROP USER plug_user,new_dest; +CREATE USER plug_user +IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES) +GRANT PROXY ON plug_dest TO plug_user; +current_user() +plug_dest@% +user() +plug_user@localhost +RENAME USER plug_dest TO new_dest; +ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES) +GRANT PROXY ON new_dest TO plug_user; +ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES) +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +new_dest +plug_user test_plugin_server plug_dest +DROP USER plug_user,new_dest; +CREATE USER plug_user +IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; +connect(plug_user,localhost,plug_user,plug_dest); +select USER(),CURRENT_USER(); +USER() CURRENT_USER() +plug_user@localhost plug_dest@% +connection default; +disconnect plug_user; +RENAME USER plug_user TO new_user; +connect(plug_user,localhost,new_user,plug_dest); +select USER(),CURRENT_USER(); +USER() CURRENT_USER() +new_user@localhost plug_dest@% +connection default; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +new_user test_plugin_server plug_dest +plug_dest +disconnect plug_user; +UPDATE mysql.user SET user='plug_user' WHERE user='new_user'; +FLUSH PRIVILEGES; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug_dest +plug_user test_plugin_server plug_dest +DROP USER plug_dest,plug_user; +========== test 1.3 ======================================== +CREATE USER plug_user +IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; +connect(plug_user,localhost,plug_user,plug_dest); +select USER(),CURRENT_USER(); +USER() CURRENT_USER() +plug_user@localhost plug_dest@% +connection default; +disconnect plug_user; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +plug_dest +plug_user test_plugin_server plug_dest +UPDATE mysql.user SET user='new_user' WHERE user='plug_user'; +FLUSH PRIVILEGES; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +new_user test_plugin_server plug_dest +plug_dest +UPDATE mysql.user SET authentication_string='new_dest' WHERE user='new_user'; +FLUSH PRIVILEGES; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +new_user test_plugin_server new_dest +plug_dest +UPDATE mysql.user SET plugin='new_plugin_server' WHERE user='new_user'; +FLUSH PRIVILEGES; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +new_user new_plugin_server new_dest +plug_dest +connect(plug_user,localhost,new_user,new_dest); +ERROR HY000: Plugin 'new_plugin_server' is not loaded +UPDATE mysql.user SET plugin='test_plugin_server' WHERE user='new_user'; +UPDATE mysql.user SET USER='new_dest' WHERE user='plug_dest'; +FLUSH PRIVILEGES; +GRANT PROXY ON new_dest TO new_user; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +new_dest +new_user test_plugin_server new_dest +connect(plug_user,localhost,new_user,new_dest); +select USER(),CURRENT_USER(); +USER() CURRENT_USER() +new_user@localhost new_dest@% +connection default; +disconnect plug_user; +UPDATE mysql.user SET USER='plug_dest' WHERE user='new_dest'; +FLUSH PRIVILEGES; +CREATE USER new_dest IDENTIFIED BY 'new_dest_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +new_dest +new_user test_plugin_server new_dest +plug_dest +GRANT ALL PRIVILEGES ON test.* TO new_user; +connect(plug_user,localhost,new_dest,new_dest_passwd); +select USER(),CURRENT_USER(); +USER() CURRENT_USER() +new_dest@localhost new_dest@% +connection default; +disconnect plug_user; +DROP USER new_user,new_dest,plug_dest; +========== test 2, 2.1, 2.2 ================================ +CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; +CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string + test_plugin_server proxied_user +proxied_user +connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +proxied_user@localhost proxied_user@% +========== test 2.2.1 ====================================== +SELECT @@proxy_user; +@@proxy_user +NULL +connection default; +disconnect proxy_con; +connect(proxy_con,localhost,proxy_user,proxied_user); +ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES) +GRANT PROXY ON proxied_user TO ''@''; +connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +proxied_user@localhost proxied_user@% +connection default; +disconnect proxy_con; +connect(proxy_con,localhost,proxy_user,proxied_user); +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +proxy_user@localhost proxied_user@% +========== test 2.2.1 ====================================== +SELECT @@proxy_user; +@@proxy_user +''@'' +connection default; +disconnect proxy_con; +DROP USER ''@'',proxied_user; +GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'' +IDENTIFIED WITH test_plugin_server AS 'proxied_user'; +CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd'; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string + test_plugin_server proxied_user +proxied_user +connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +proxied_user@localhost proxied_user@% +SELECT @@proxy_user; +@@proxy_user +NULL +connection default; +disconnect proxy_con; +connect(proxy_con,localhost,proxy_user,proxied_user); +ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES) +GRANT PROXY ON proxied_user TO ''@''; +connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +proxied_user@localhost proxied_user@% +connection default; +disconnect proxy_con; +connect(proxy_con,localhost,proxy_user,proxied_user); +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +proxy_user@localhost proxied_user@% +SELECT @@proxy_user; +@@proxy_user +''@'' +connection default; +disconnect proxy_con; +DROP USER ''@'',proxied_user; +CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; +CREATE USER proxied_user_1 IDENTIFIED BY 'proxied_user_1_pwd'; +CREATE USER proxied_user_2 IDENTIFIED BY 'proxied_user_2_pwd'; +CREATE USER proxied_user_3 IDENTIFIED BY 'proxied_user_3_pwd'; +CREATE USER proxied_user_4 IDENTIFIED BY 'proxied_user_4_pwd'; +CREATE USER proxied_user_5 IDENTIFIED BY 'proxied_user_5_pwd'; +GRANT PROXY ON proxied_user_1 TO ''@''; +GRANT PROXY ON proxied_user_2 TO ''@''; +GRANT PROXY ON proxied_user_3 TO ''@''; +GRANT PROXY ON proxied_user_4 TO ''@''; +GRANT PROXY ON proxied_user_5 TO ''@''; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string + test_plugin_server proxied_user +proxied_user_1 +proxied_user_2 +proxied_user_3 +proxied_user_4 +proxied_user_5 +connect(proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd'); +connect(proxy_con_2,localhost,proxied_user_2,proxied_user_2_pwd); +connect(proxy_con_3,localhost,proxied_user_3,proxied_user_3_pwd); +connect(proxy_con_4,localhost,proxied_user_4,proxied_user_4_pwd); +connect(proxy_con_5,localhost,proxied_user_5,proxied_user_5_pwd); +connection proxy_con_1; +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +proxied_user_1@localhost proxied_user_1@% +SELECT @@proxy_user; +@@proxy_user +NULL +connection proxy_con_2; +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +proxied_user_2@localhost proxied_user_2@% +SELECT @@proxy_user; +@@proxy_user +NULL +connection proxy_con_3; +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +proxied_user_3@localhost proxied_user_3@% +SELECT @@proxy_user; +@@proxy_user +NULL +connection proxy_con_4; +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +proxied_user_4@localhost proxied_user_4@% +SELECT @@proxy_user; +@@proxy_user +NULL +connection proxy_con_5; +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +proxied_user_5@localhost proxied_user_5@% +SELECT @@proxy_user; +@@proxy_user +NULL +connection default; +disconnect proxy_con_1; +disconnect proxy_con_2; +disconnect proxy_con_3; +disconnect proxy_con_4; +disconnect proxy_con_5; +DROP USER ''@'',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5; +========== test 3 ========================================== +GRANT ALL PRIVILEGES ON *.* TO plug_user +IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; +FLUSH PRIVILEGES; +DROP USER plug_user, plug_dest; +DROP DATABASE test_user_db; diff --git a/mysql-test/r/plugin_auth_qa_2.result b/mysql-test/r/plugin_auth_qa_2.result new file mode 100644 index 00000000000..a73cc25418c --- /dev/null +++ b/mysql-test/r/plugin_auth_qa_2.result @@ -0,0 +1,146 @@ +CREATE DATABASE test_user_db; +========== test 1.1.3.2 ==================================== +=== check contens of components of info ==================== +CREATE USER qa_test_1_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_1_dest'; +CREATE USER qa_test_1_dest IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_1_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_1_dest TO qa_test_1_user; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +qa_test_1_dest +qa_test_1_user qa_auth_interface qa_test_1_dest +SELECT @@proxy_user; +@@proxy_user +NULL +SELECT @@external_user; +@@external_user +NULL +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +current_user() user() @@local.proxy_user @@local.external_user +qa_test_1_user@% qa_test_1_user@localhost NULL NULL +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +qa_test_1_dest +qa_test_1_user qa_auth_interface qa_test_1_dest +DROP USER qa_test_1_user; +DROP USER qa_test_1_dest; +=== Assign values to components of info ==================== +CREATE USER qa_test_2_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_2_dest'; +CREATE USER qa_test_2_dest IDENTIFIED BY 'dest_passwd'; +CREATE USER authenticated_as IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_2_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_2_dest TO qa_test_2_user; +GRANT PROXY ON authenticated_as TO qa_test_2_user; +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +authenticated_as +qa_test_2_dest +qa_test_2_user qa_auth_interface qa_test_2_dest +SELECT @@proxy_user; +@@proxy_user +NULL +SELECT @@external_user; +@@external_user +NULL +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +current_user() user() @@local.proxy_user @@local.external_user +authenticated_as@% user_name@localhost 'qa_test_2_user'@'%' 'qa_test_2_user'@'%' +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +user plugin authentication_string +authenticated_as +qa_test_2_dest +qa_test_2_user qa_auth_interface qa_test_2_dest +DROP USER qa_test_2_user; +DROP USER qa_test_2_dest; +DROP USER authenticated_as; +=== Assign too high values for *length, which should have no effect ==== +CREATE USER qa_test_3_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_3_dest'; +CREATE USER qa_test_3_dest IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_3_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_3_dest TO qa_test_3_user; +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +current_user() user() @@local.proxy_user @@local.external_user +qa_test_3_dest@% qa_test_3_user@localhost 'qa_test_3_user'@'%' 'qa_test_3_user'@'%' +DROP USER qa_test_3_user; +DROP USER qa_test_3_dest; +=== Assign too low values for *length, which should have no effect ==== +CREATE USER qa_test_4_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_4_dest'; +CREATE USER qa_test_4_dest IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_4_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_4_dest TO qa_test_4_user; +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +current_user() user() @@local.proxy_user @@local.external_user +qa_test_4_dest@% qa_test_4_user@localhost 'qa_test_4_user'@'%' 'qa_test_4_user'@'%' +DROP USER qa_test_4_user; +DROP USER qa_test_4_dest; +=== Assign empty string especially to authenticated_as (in plugin) ==== +CREATE USER qa_test_5_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_5_dest'; +CREATE USER qa_test_5_dest IDENTIFIED BY 'dest_passwd'; +CREATE USER ''@'localhost' IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_5_dest identified by 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'localhost' identified by 'dest_passwd'; +GRANT PROXY ON qa_test_5_dest TO qa_test_5_user; +GRANT PROXY ON qa_test_5_dest TO ''@'localhost'; +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +user plugin authentication_string password + *DFCACE76914AD7BD801FC1A1ECF6562272621A22 +qa_test_5_user qa_auth_interface qa_test_5_dest +qa_test_5_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22 +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +ERROR 1045 (28000): Access denied for user 'qa_test_5_user'@'localhost' (using password: YES) +DROP USER qa_test_5_user; +DROP USER qa_test_5_dest; +DROP USER ''@'localhost'; +=== Assign 'root' especially to authenticated_as (in plugin) ==== +CREATE USER qa_test_6_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest'; +CREATE USER qa_test_6_dest IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_6_dest TO qa_test_6_user; +SELECT user,plugin,authentication_string,password FROM mysql.user; +user plugin authentication_string password +root +root +root +qa_test_6_user qa_auth_interface qa_test_6_dest +qa_test_6_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22 +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +ERROR 1045 (28000): Access denied for user 'qa_test_6_user'@'localhost' (using password: YES) +GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest'; +SELECT user,plugin,authentication_string,password FROM mysql.user; +user plugin authentication_string password +root +root +root +qa_test_6_user qa_auth_interface qa_test_6_dest +qa_test_6_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22 +root qa_auth_interface qa_test_6_dest +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) +REVOKE PROXY ON qa_test_6_dest FROM root; +SELECT user,plugin,authentication_string FROM mysql.user; +user plugin authentication_string +root +root +root +qa_test_6_user qa_auth_interface qa_test_6_dest +qa_test_6_dest +root qa_auth_interface qa_test_6_dest +exec MYSQL PLUGIN_AUTH_OPT -h localhost -P 13000 --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) +DROP USER qa_test_6_user; +DROP USER qa_test_6_dest; +DELETE FROM mysql.user WHERE user='root' AND plugin='qa_auth_interface'; +SELECT user,plugin,authentication_string,password FROM mysql.user; +user plugin authentication_string password +root +root +root +=== Test of the --default_auth option for clients ==== +CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_11_dest'; +CREATE USER qa_test_11_dest IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_11_dest TO qa_test_11_user; +exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +ERROR 1045 (28000): Access denied for user 'qa_test_11_user'@'localhost' (using password: YES) +DROP USER qa_test_11_user, qa_test_11_dest; +DROP DATABASE test_user_db; diff --git a/mysql-test/r/plugin_auth_qa_3.result b/mysql-test/r/plugin_auth_qa_3.result new file mode 100644 index 00000000000..92d47bcf580 --- /dev/null +++ b/mysql-test/r/plugin_auth_qa_3.result @@ -0,0 +1,11 @@ +CREATE DATABASE test_user_db; +CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_server AS 'qa_test_11_dest'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_11_dest TO qa_test_11_user; +exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +current_user() user() @@local.proxy_user @@local.external_user +qa_test_11_dest@% qa_test_11_user@localhost 'qa_test_11_user'@'%' 'qa_test_11_user'@'%' +exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P 13000 -u qa_test_2_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +ERROR 1045 (28000): Access denied for user 'qa_test_2_user'@'localhost' (using password: NO) +DROP USER qa_test_11_user, qa_test_11_dest; +DROP DATABASE test_user_db; diff --git a/mysql-test/t/plugin_auth_qa-master.opt b/mysql-test/t/plugin_auth_qa-master.opt new file mode 100644 index 00000000000..3536d102387 --- /dev/null +++ b/mysql-test/t/plugin_auth_qa-master.opt @@ -0,0 +1,2 @@ +$PLUGIN_AUTH_OPT +$PLUGIN_AUTH_LOAD diff --git a/mysql-test/t/plugin_auth_qa.test b/mysql-test/t/plugin_auth_qa.test new file mode 100644 index 00000000000..0961c1dfef5 --- /dev/null +++ b/mysql-test/t/plugin_auth_qa.test @@ -0,0 +1,338 @@ +# The numbers represent test cases of the test plan. + +--source include/have_plugin_auth.inc +--source include/not_embedded.inc + +CREATE DATABASE test_user_db; + +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--echo ========== test 1.1 ====================================================== +# without '', without AS part +CREATE USER plug IDENTIFIED WITH test_plugin_server; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug; +DROP USER plug; +# with '', without AS part +CREATE USER plug IDENTIFIED WITH 'test_plugin_server'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug; +DROP USER plug; +# without '', AS part empty +CREATE USER plug IDENTIFIED WITH test_plugin_server AS ''; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS ''; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +REVOKE ALL PRIVILEGES ON test_user_db.* FROM plug; +DROP USER plug; +# with '', AS part empty without '' +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS ; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS; +# without '', AS part without '' +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH test_plugin_server AS plug_dest; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS plug_dest; +--echo ========== test 1.1 syntax errors ======================================== +# without auth_name +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH AS plug_dest; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH AS plug_dest; +# without auth_name and AS part +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH; +# without auth_name but AS part +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED AS ''; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED AS ''; +# with 2 auth_name parts +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' IDENTIFIED WITH 'test_plugin_server'; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug + IDENTIFIED WITH 'test_plugin_server' IDENTIFIED WITH 'test_plugin_server'; +# with 2 AS parts +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS '' AS 'plug_dest'; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug AS '' AS 'plug_dest'; +# with 2 complete WITH parts +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS '' + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS '' + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +# with BY and WITH part +--error ER_PARSE_ERROR +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd' + IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED BY 'plug_dest_passwd' + IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +# with WITH part and BY part +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' + USER plug_dest IDENTIFIED by 'plug_dest_pwd'; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' + USER plug_dest IDENTIFIED by 'plug_dest_pwd'; +# with WITH part and BY part +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' + plug_dest IDENTIFIED by 'plug_dest_pwd'; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' + plug_dest IDENTIFIED by 'plug_dest_pwd'; +# with WITH part and BY part +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' + IDENTIFIED by 'plug_dest_pwd'; +--error ER_PARSE_ERROR +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest' + IDENTIFIED by 'plug_dest_pwd'; + +--echo ========== test 1.1 combinations ========================== +# CREATE...WITH/CREATE...BY +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--echo ========== test 1.1.1.6/1.1.2.5 ============================ +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug, plug_dest; +# +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug_dest; +# GRANT...WITH/CREATE...BY +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug, plug_dest; +# +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug_dest; +# CREATE...WITH/GRANT...BY +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug, plug_dest; +# +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug_dest; +# +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--error 1700 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--error 1700 +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server'; +DROP USER plug; +# +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +--error ER_CANNOT_USER +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--error ER_CANNOT_USER +CREATE USER plug IDENTIFIED WITH 'test_plugin_server'; +DROP USER plug; +# +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +DROP USER plug; +# +GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +--error ER_CANNOT_USER +CREATE USER plug IDENTIFIED BY 'plug_dest_passwd'; +DROP USER plug; +# +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +DROP USER plug,plug_dest; +# +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +DROP USER plug,plug_dest; +# + +--echo ========== test 1.1.1.1/1.1.2.1/1.1.1.5 ==================== + +SET NAMES utf8; +# +CREATE USER plüg IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plüg; +CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plüg_dest; + +SET NAMES ascii; +# +CREATE USER 'plüg' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER 'plüg'; +CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER 'plüg_dest'; + +SET NAMES latin1; +# +--echo ========== test 1.1.1.5 ==================================== +--error ER_PLUGIN_IS_NOT_LOADED +CREATE USER 'plüg' IDENTIFIED WITH 'test_plügin_server' AS 'plüg_dest'; +CREATE USER 'plug' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER 'plug'; +CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER 'plüg_dest'; + +SET NAMES utf8; +# +--error ER_PLUGIN_IS_NOT_LOADED +CREATE USER plüg IDENTIFIED WITH 'test_plügin_server' AS 'plüg_dest'; +CREATE USER 'plüg' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER 'plüg'; +CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER 'plüg_dest'; + +CREATE USER plüg IDENTIFIED WITH test_plugin_server AS 'plüg_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plüg; +CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plüg_dest; + +--echo ========== test 1.1.1.2/1.1.2.2============================= + +SET @auth_name= 'test_plugin_server'; +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH @auth_name AS 'plug_dest'; + +SET @auth_string= 'plug_dest'; +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH test_plugin_server AS @auth_string; + +--echo ========== test 1.1.1.3/1.1.2.3============================= + +--error ER_PLUGIN_IS_NOT_LOADED +CREATE USER plug IDENTIFIED WITH 'hh''s_test_plugin_server' AS 'plug_dest'; + +CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'hh''s_plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug; +CREATE USER 'hh''s_plug_dest' IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER 'hh''s_plug_dest'; + +--echo ========== test 1.1.1.4 ==================================== + +--error ER_PARSE_ERROR +CREATE USER plug IDENTIFIED WITH hh''s_test_plugin_server AS 'plug_dest'; + +--echo ========== test 1.1.3.1 ==================================== + +GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +CREATE USER plug_dest; +DROP USER plug_dest; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER grant_user,plug_dest; +# +set @save_sql_mode= @@sql_mode; +SET @@sql_mode=no_auto_create_user; +GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +CREATE USER plug_dest; +DROP USER plug_dest; +--error ER_PASSWORD_NO_MATCH +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest; +DROP USER grant_user; +# +GRANT INSERT ON test_user_db.* TO grant_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +DROP USER plug_dest; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_user_passwd'; +--sorted_result +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; +DROP USER grant_user,plug_dest; +set @@sql_mode= @save_sql_mode; +# +DROP DATABASE test_user_db; +--exit + diff --git a/mysql-test/t/plugin_auth_qa_1-master.opt b/mysql-test/t/plugin_auth_qa_1-master.opt new file mode 100644 index 00000000000..3536d102387 --- /dev/null +++ b/mysql-test/t/plugin_auth_qa_1-master.opt @@ -0,0 +1,2 @@ +$PLUGIN_AUTH_OPT +$PLUGIN_AUTH_LOAD diff --git a/mysql-test/t/plugin_auth_qa_1.test b/mysql-test/t/plugin_auth_qa_1.test new file mode 100644 index 00000000000..d7a7afe9407 --- /dev/null +++ b/mysql-test/t/plugin_auth_qa_1.test @@ -0,0 +1,334 @@ +# The numbers represent test cases of the test plan. + +--source include/have_plugin_auth.inc +--source include/not_embedded.inc + +CREATE DATABASE test_user_db; + +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; + +--echo ========== test 1.1.3.2 ==================================== + +# CREATE...WITH/CREATE...BY/GRANT +CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +REVOKE PROXY ON plug_dest FROM plug_user; +--error 1 +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +DROP USER plug_user,plug_dest; +# +# GRANT...WITH +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; + +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--echo 1) +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user' + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +--echo 2) +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +REVOKE PROXY ON plug_dest FROM plug_user; +--echo 3) +--error 1 +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +DROP USER plug_user,plug_dest; +# +# GRANT...WITH/CREATE...BY +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +--echo 1) +--error 1 +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +GRANT PROXY ON plug_dest TO plug_user; +--echo 2) +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user' + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +#REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_dest' +# IDENTIFIED BY 'plug_dest_passwd'; +DROP USER plug_user,plug_dest; + +--echo ========== test 1.2 ======================================== + +# GRANT...WITH/CREATE...BY +GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 +RENAME USER plug_dest TO new_dest; +--error 1 +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 +GRANT PROXY ON new_dest TO plug_user; +--error 1 +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1 +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug_user,new_dest; + +# CREATE...WITH/CREATE...BY +CREATE USER plug_user + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +--error 1 +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 +GRANT PROXY ON plug_dest TO plug_user; +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 +RENAME USER plug_dest TO new_dest; +--error 1 +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1 +GRANT PROXY ON new_dest TO plug_user; +--error 1 +--exec $MYSQL -S var/tmp/mysqld.1.sock -u plug_user $PLUGIN_AUTH_OPT --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1 +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug_user,new_dest; +# CREATE...WITH +CREATE USER plug_user + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; +--echo connect(plug_user,localhost,plug_user,plug_dest); +connect(plug_user,localhost,plug_user,plug_dest); +select USER(),CURRENT_USER(); +--echo connection default; +connection default; +--echo disconnect plug_user; +disconnect plug_user; +RENAME USER plug_user TO new_user; +--echo connect(plug_user,localhost,new_user,plug_dest); +connect(plug_user,localhost,new_user,plug_dest); +select USER(),CURRENT_USER(); +--echo connection default; +connection default; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--echo disconnect plug_user; +disconnect plug_user; +UPDATE mysql.user SET user='plug_user' WHERE user='new_user'; +FLUSH PRIVILEGES; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +DROP USER plug_dest,plug_user; +--echo ========== test 1.3 ======================================== + +# +CREATE USER plug_user + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; +--echo connect(plug_user,localhost,plug_user,plug_dest); +connect(plug_user,localhost,plug_user,plug_dest); +select USER(),CURRENT_USER(); +--echo connection default; +connection default; +--echo disconnect plug_user; +disconnect plug_user; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +UPDATE mysql.user SET user='new_user' WHERE user='plug_user'; +FLUSH PRIVILEGES; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +UPDATE mysql.user SET authentication_string='new_dest' WHERE user='new_user'; +FLUSH PRIVILEGES; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +UPDATE mysql.user SET plugin='new_plugin_server' WHERE user='new_user'; +FLUSH PRIVILEGES; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--echo connect(plug_user,localhost,new_user,new_dest); +--disable_query_log +--error ER_PLUGIN_IS_NOT_LOADED +connect(plug_user,localhost,new_user,new_dest); +--enable_query_log +UPDATE mysql.user SET plugin='test_plugin_server' WHERE user='new_user'; +UPDATE mysql.user SET USER='new_dest' WHERE user='plug_dest'; +FLUSH PRIVILEGES; +GRANT PROXY ON new_dest TO new_user; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--echo connect(plug_user,localhost,new_user,new_dest); +connect(plug_user,localhost,new_user,new_dest); +select USER(),CURRENT_USER(); +--echo connection default; +connection default; +--echo disconnect plug_user; +disconnect plug_user; +UPDATE mysql.user SET USER='plug_dest' WHERE user='new_dest'; +FLUSH PRIVILEGES; +CREATE USER new_dest IDENTIFIED BY 'new_dest_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +GRANT ALL PRIVILEGES ON test.* TO new_user; +--echo connect(plug_user,localhost,new_dest,new_dest_passwd); +connect(plug_user,localhost,new_dest,new_dest_passwd); +select USER(),CURRENT_USER(); +--echo connection default; +connection default; +--echo disconnect plug_user; +disconnect plug_user; +DROP USER new_user,new_dest,plug_dest; + +--echo ========== test 2, 2.1, 2.2 ================================ + +CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; +CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +SELECT USER(),CURRENT_USER(); +--echo ========== test 2.2.1 ====================================== +SELECT @@proxy_user; +--echo connection default; +connection default; +--echo disconnect proxy_con; +disconnect proxy_con; +--echo connect(proxy_con,localhost,proxy_user,proxied_user); +--disable_query_log +--error ER_ACCESS_DENIED_ERROR : this should fail : no grant +connect(proxy_con,localhost,proxy_user,proxied_user); +--enable_query_log +GRANT PROXY ON proxied_user TO ''@''; +--echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +SELECT USER(),CURRENT_USER(); +--echo connection default; +connection default; +--echo disconnect proxy_con; +disconnect proxy_con; +--echo connect(proxy_con,localhost,proxy_user,proxied_user); +connect(proxy_con,localhost,proxy_user,proxied_user); +SELECT USER(),CURRENT_USER(); +--echo ========== test 2.2.1 ====================================== +SELECT @@proxy_user; +--echo connection default; +connection default; +--echo disconnect proxy_con; +disconnect proxy_con; +DROP USER ''@'',proxied_user; +# +GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'' + IDENTIFIED WITH test_plugin_server AS 'proxied_user'; +CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd'; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +SELECT USER(),CURRENT_USER(); +SELECT @@proxy_user; +--echo connection default; +connection default; +--echo disconnect proxy_con; +disconnect proxy_con; +--echo connect(proxy_con,localhost,proxy_user,proxied_user); +--disable_query_log +--error ER_ACCESS_DENIED_ERROR : this should fail : no grant +connect(proxy_con,localhost,proxy_user,proxied_user); +--enable_query_log +GRANT PROXY ON proxied_user TO ''@''; +--echo connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +connect(proxy_con,localhost,proxied_user,proxied_user_passwd); +SELECT USER(),CURRENT_USER(); +--echo connection default; +connection default; +--echo disconnect proxy_con; +disconnect proxy_con; +--echo connect(proxy_con,localhost,proxy_user,proxied_user); +connect(proxy_con,localhost,proxy_user,proxied_user); +SELECT USER(),CURRENT_USER(); +SELECT @@proxy_user; +--echo connection default; +connection default; +--echo disconnect proxy_con; +disconnect proxy_con; +DROP USER ''@'',proxied_user; +# +CREATE USER ''@'' IDENTIFIED WITH test_plugin_server AS 'proxied_user'; +CREATE USER proxied_user_1 IDENTIFIED BY 'proxied_user_1_pwd'; +CREATE USER proxied_user_2 IDENTIFIED BY 'proxied_user_2_pwd'; +CREATE USER proxied_user_3 IDENTIFIED BY 'proxied_user_3_pwd'; +CREATE USER proxied_user_4 IDENTIFIED BY 'proxied_user_4_pwd'; +CREATE USER proxied_user_5 IDENTIFIED BY 'proxied_user_5_pwd'; +GRANT PROXY ON proxied_user_1 TO ''@''; +GRANT PROXY ON proxied_user_2 TO ''@''; +GRANT PROXY ON proxied_user_3 TO ''@''; +GRANT PROXY ON proxied_user_4 TO ''@''; +GRANT PROXY ON proxied_user_5 TO ''@''; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--echo connect(proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd'); +connect(proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd'); +--echo connect(proxy_con_2,localhost,proxied_user_2,proxied_user_2_pwd); +connect(proxy_con_2,localhost,proxied_user_2,proxied_user_2_pwd); +--echo connect(proxy_con_3,localhost,proxied_user_3,proxied_user_3_pwd); +connect(proxy_con_3,localhost,proxied_user_3,proxied_user_3_pwd); +--echo connect(proxy_con_4,localhost,proxied_user_4,proxied_user_4_pwd); +connect(proxy_con_4,localhost,proxied_user_4,proxied_user_4_pwd); +--echo connect(proxy_con_5,localhost,proxied_user_5,proxied_user_5_pwd); +connect(proxy_con_5,localhost,proxied_user_5,proxied_user_5_pwd); +--echo connection proxy_con_1; +connection proxy_con_1; +SELECT USER(),CURRENT_USER(); +SELECT @@proxy_user; +--echo connection proxy_con_2; +connection proxy_con_2; +SELECT USER(),CURRENT_USER(); +SELECT @@proxy_user; +--echo connection proxy_con_3; +connection proxy_con_3; +SELECT USER(),CURRENT_USER(); +SELECT @@proxy_user; +--echo connection proxy_con_4; +connection proxy_con_4; +SELECT USER(),CURRENT_USER(); +SELECT @@proxy_user; +--echo connection proxy_con_5; +connection proxy_con_5; +SELECT USER(),CURRENT_USER(); +SELECT @@proxy_user; +--echo connection default; +connection default; +--echo disconnect proxy_con_1; +disconnect proxy_con_1; +--echo disconnect proxy_con_2; +disconnect proxy_con_2; +--echo disconnect proxy_con_3; +disconnect proxy_con_3; +--echo disconnect proxy_con_4; +disconnect proxy_con_4; +--echo disconnect proxy_con_5; +disconnect proxy_con_5; +DROP USER ''@'',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5; + +--echo ========== test 3 ========================================== + +GRANT ALL PRIVILEGES ON *.* TO plug_user + IDENTIFIED WITH test_plugin_server AS 'plug_dest'; +CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd'; +GRANT PROXY ON plug_dest TO plug_user; +FLUSH PRIVILEGES; + +# Not working with the patch. + +#--replace_result $MYSQLADMIN MYSQLADMIN $MASTER_MYPORT MYPORT $MASTER_MYSOCK MYSOCK +#--exec $MYSQLADMIN $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -S $MASTER_MYSOCK -u plug_user --password=plug_dest ping 2>&1 +#--replace_result $MYSQL_CHECK MYSQL_CHECK $MASTER_MYPORT MYPORT +#--exec $MYSQL_CHECK $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u plug_user --password=plug_dest test +#--replace_result $MYSQL_DUMP MYSQL_DUMP $MASTER_MYPORT MYPORT +#--exec $MYSQL_DUMP -h localhost -P $MASTER_MYPORT $PLUGIN_AUTH_OPT -u plug_user --password=plug_dest test +#--replace_result $MYSQL_SHOW MYSQL_SHOW $MASTER_MYPORT MYPORT +#--exec $MYSQL_SHOW $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --plugin_dir=../plugin/auth -u plug_user --password=plug_dest 2>&1 +DROP USER plug_user, plug_dest; +DROP DATABASE test_user_db; +--exit diff --git a/mysql-test/t/plugin_auth_qa_2-master.opt b/mysql-test/t/plugin_auth_qa_2-master.opt new file mode 100644 index 00000000000..c29153ac95b --- /dev/null +++ b/mysql-test/t/plugin_auth_qa_2-master.opt @@ -0,0 +1,2 @@ +$PLUGIN_AUTH_OPT +$PLUGIN_AUTH_INTERFACE diff --git a/mysql-test/t/plugin_auth_qa_2.test b/mysql-test/t/plugin_auth_qa_2.test new file mode 100644 index 00000000000..053e89166b7 --- /dev/null +++ b/mysql-test/t/plugin_auth_qa_2.test @@ -0,0 +1,148 @@ +# Horst Hunger +# Created: 2010-10-06 +# +# Test of the authentification interface. The plugin checks the expected values set +# by this application and the application checks the values set the the plugin. +--source include/have_plugin_interface.inc +--source include/not_embedded.inc + +CREATE DATABASE test_user_db; + +--echo ========== test 1.1.3.2 ==================================== +--echo === check contens of components of info ==================== + +CREATE USER qa_test_1_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_1_dest'; +CREATE USER qa_test_1_dest IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_1_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_1_dest TO qa_test_1_user; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +SELECT @@proxy_user; +SELECT @@external_user; + +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 + +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; + +DROP USER qa_test_1_user; +DROP USER qa_test_1_dest; + +--echo === Assign values to components of info ==================== + +CREATE USER qa_test_2_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_2_dest'; +CREATE USER qa_test_2_dest IDENTIFIED BY 'dest_passwd'; +CREATE USER authenticated_as IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_2_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_2_dest TO qa_test_2_user; +GRANT PROXY ON authenticated_as TO qa_test_2_user; +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +SELECT @@proxy_user; +SELECT @@external_user; + +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 + +--sorted_result +SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; + +DROP USER qa_test_2_user; +DROP USER qa_test_2_dest; +DROP USER authenticated_as; + +--echo === Assign too high values for *length, which should have no effect ==== + +CREATE USER qa_test_3_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_3_dest'; +CREATE USER qa_test_3_dest IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_3_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_3_dest TO qa_test_3_user; + +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 + +DROP USER qa_test_3_user; +DROP USER qa_test_3_dest; + +--echo === Assign too low values for *length, which should have no effect ==== + +CREATE USER qa_test_4_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_4_dest'; +CREATE USER qa_test_4_dest IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_4_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_4_dest TO qa_test_4_user; + +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 + +DROP USER qa_test_4_user; +DROP USER qa_test_4_dest; + +--echo === Assign empty string especially to authenticated_as (in plugin) ==== + +CREATE USER qa_test_5_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_5_dest'; +CREATE USER qa_test_5_dest IDENTIFIED BY 'dest_passwd'; +CREATE USER ''@'localhost' IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_5_dest identified by 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'localhost' identified by 'dest_passwd'; +GRANT PROXY ON qa_test_5_dest TO qa_test_5_user; +GRANT PROXY ON qa_test_5_dest TO ''@'localhost'; + +SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root'; + +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--error 1 +--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 + +DROP USER qa_test_5_user; +DROP USER qa_test_5_dest; +DROP USER ''@'localhost'; + +--echo === Assign 'root' especially to authenticated_as (in plugin) ==== + +CREATE USER qa_test_6_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest'; +CREATE USER qa_test_6_dest IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_6_dest TO qa_test_6_user; + +SELECT user,plugin,authentication_string,password FROM mysql.user; + +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--error 1 +--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 + +GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest'; +SELECT user,plugin,authentication_string,password FROM mysql.user; + +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--error 1 +--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 + +REVOKE PROXY ON qa_test_6_dest FROM root; +SELECT user,plugin,authentication_string FROM mysql.user; + +--echo exec MYSQL PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--error 1 +--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 + +DROP USER qa_test_6_user; +DROP USER qa_test_6_dest; +DELETE FROM mysql.user WHERE user='root' AND plugin='qa_auth_interface'; +SELECT user,plugin,authentication_string,password FROM mysql.user; + + +--echo === Test of the --default_auth option for clients ==== + +CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_11_dest'; +CREATE USER qa_test_11_dest IDENTIFIED BY 'dest_passwd'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_11_dest TO qa_test_11_user; + +--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--error 1 +--exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 + +DROP USER qa_test_11_user, qa_test_11_dest; +DROP DATABASE test_user_db; + +--exit diff --git a/mysql-test/t/plugin_auth_qa_3-master.opt b/mysql-test/t/plugin_auth_qa_3-master.opt new file mode 100644 index 00000000000..5cc2af0a358 --- /dev/null +++ b/mysql-test/t/plugin_auth_qa_3-master.opt @@ -0,0 +1,2 @@ +$PLUGIN_AUTH_OPT +$PLUGIN_AUTH_SERVER diff --git a/mysql-test/t/plugin_auth_qa_3.test b/mysql-test/t/plugin_auth_qa_3.test new file mode 100644 index 00000000000..4fe02f10ba6 --- /dev/null +++ b/mysql-test/t/plugin_auth_qa_3.test @@ -0,0 +1,25 @@ +# Horst Hunger +# Created: 2010-10-06 +# +# Test of the authentification interface. The plugin checks the expected values set +# by this application and the application checks the values set the the plugin. +--source include/have_plugin_server.inc +--source include/not_embedded.inc + +CREATE DATABASE test_user_db; + +CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_server AS 'qa_test_11_dest'; +GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd'; +GRANT PROXY ON qa_test_11_dest TO qa_test_11_user; + +--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 + +--echo exec MYSQL PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--error 1 +--exec $MYSQL $PLUGIN_AUTH_OPT --default_auth=qa_auth_client -h localhost -P $MASTER_MYPORT -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 + +DROP USER qa_test_11_user, qa_test_11_dest; +DROP DATABASE test_user_db; + +--exit diff --git a/plugin/auth/CMakeLists.txt b/plugin/auth/CMakeLists.txt index 7d87e151143..6a9c31f82ce 100644 --- a/plugin/auth/CMakeLists.txt +++ b/plugin/auth/CMakeLists.txt @@ -18,6 +18,14 @@ MYSQL_ADD_PLUGIN(auth dialog.c MODULE_ONLY) MYSQL_ADD_PLUGIN(auth_test_plugin test_plugin.c MODULE_ONLY) +MYSQL_ADD_PLUGIN(qa_auth_interface qa_auth_interface.c + MODULE_ONLY) + +MYSQL_ADD_PLUGIN(qa_auth_server qa_auth_server.c + MODULE_ONLY) + +MYSQL_ADD_PLUGIN(qa_auth_client qa_auth_client.c + MODULE_ONLY) CHECK_CXX_SOURCE_COMPILES( "#define _GNU_SOURCE diff --git a/plugin/auth/Makefile.am b/plugin/auth/Makefile.am index ed459b7b2b1..30e185f36f7 100644 --- a/plugin/auth/Makefile.am +++ b/plugin/auth/Makefile.am @@ -3,10 +3,14 @@ pkgplugindir=$(pkglibdir)/plugin AM_LDFLAGS=-module -rpath $(pkgplugindir) AM_CPPFLAGS=-DMYSQL_DYNAMIC_PLUGIN -Wno-pointer-sign -I$(top_srcdir)/include -pkgplugin_LTLIBRARIES= auth.la auth_test_plugin.la +pkgplugin_LTLIBRARIES= auth.la auth_test_plugin.la qa_auth_interface.la qa_auth_server.la qa_auth_client.la auth_la_SOURCES= dialog.c auth_test_plugin_la_SOURCES= test_plugin.c +qa_auth_interface_la_SOURCES= qa_auth_interface.c +qa_auth_server_la_SOURCES= qa_auth_server.c +qa_auth_client_la_SOURCES= qa_auth_client.c + if HAVE_PEERCRED pkgplugin_LTLIBRARIES+= auth_socket.la auth_socket_la_SOURCES= auth_socket.c diff --git a/plugin/auth/qa_auth_client.c b/plugin/auth/qa_auth_client.c new file mode 100644 index 00000000000..da7bfc14a73 --- /dev/null +++ b/plugin/auth/qa_auth_client.c @@ -0,0 +1,127 @@ +/* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; version 2 of the + License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +#include <my_global.h> +#include <mysql/plugin_auth.h> +#include <mysql/client_plugin.h> +#include <string.h> +#include <stdio.h> +#include <stdlib.h> + +/** + first byte of the question string is the question "type". + It can be a "ordinary" or a "password" question. + The last bit set marks a last question in the authentication exchange. +*/ +#define ORDINARY_QUESTION "\2" +#define LAST_QUESTION "\3" +#define LAST_PASSWORD "\4" +#define PASSWORD_QUESTION "\5" + +/********************* CLIENT SIDE ***************************************/ +/* + client plugin used for testing the plugin API +*/ +#include <mysql.h> + +/** + The main function of the test plugin. + + Reads the prompt, check if the handshake is done and if the prompt is a + password request and returns the password. Otherwise return error. + + @note + 1. this plugin shows how a client authentication plugin + may read a MySQL protocol OK packet internally - which is important + where a number of packets is not known in advance. + 2. the first byte of the prompt is special. it is not + shown to the user, but signals whether it is the last question + (prompt[0] & 1 == 1) or not last (prompt[0] & 1 == 0), + and whether the input is a password (not echoed). + 3. the prompt is expected to be sent zero-terminated +*/ +static int test_plugin_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql) +{ + unsigned char *pkt, cmd= 0; + int pkt_len, res; + char *reply; + + do + { + /* read the prompt */ + pkt_len= vio->read_packet(vio, &pkt); + if (pkt_len < 0) + return CR_ERROR; + + if (pkt == 0) + { + /* + in mysql_change_user() the client sends the first packet, so + the first vio->read_packet() does nothing (pkt == 0). + + We send the "password", assuming the client knows what its doing. + (in other words, the dialog plugin should be only set as a default + authentication plugin on the client if the first question + asks for a password - which will be sent in cleat text, by the way) + */ + reply= mysql->passwd; + } + else + { + cmd= *pkt++; + + /* is it MySQL protocol (0=OK or 254=need old password) packet ? */ + if (cmd == 0 || cmd == 254) + return CR_OK_HANDSHAKE_COMPLETE; /* yes. we're done */ + + /* + asking for a password with an empty prompt means mysql->password + otherwise return an error + */ + if ((cmd == LAST_PASSWORD[0] || cmd == PASSWORD_QUESTION[0]) && *pkt == 0) + reply= mysql->passwd; + else + return CR_ERROR; + } + if (!reply) + return CR_ERROR; + /* send the reply to the server */ + res= vio->write_packet(vio, (const unsigned char *) reply, + strlen(reply) + 1); + + if (res) + return CR_ERROR; + + /* repeat unless it was the last question */ + } while (cmd != LAST_QUESTION[0] && cmd != PASSWORD_QUESTION[0]); + + /* the job of reading the ok/error packet is left to the server */ + return CR_OK; +} + + +mysql_declare_client_plugin(AUTHENTICATION) + "qa_auth_client", + "Horst Hunger", + "Dialog Client Authentication Plugin", + {0,1,0}, + "GPL", + NULL, + NULL, + NULL, + NULL, + test_plugin_client +mysql_end_client_plugin; diff --git a/plugin/auth/qa_auth_interface.c b/plugin/auth/qa_auth_interface.c new file mode 100644 index 00000000000..0aa6c9ce20c --- /dev/null +++ b/plugin/auth/qa_auth_interface.c @@ -0,0 +1,262 @@ +/* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; version 2 of the + License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +#include <my_global.h> +#include <mysql/plugin_auth.h> +#include <mysql/client_plugin.h> +#include <string.h> +#include <stdio.h> +#include <stdlib.h> + +/** + first byte of the question string is the question "type". + It can be a "ordinary" or a "password" question. + The last bit set marks a last question in the authentication exchange. +*/ +#define ORDINARY_QUESTION "\2" +#define LAST_QUESTION "\3" +#define LAST_PASSWORD "\4" +#define PASSWORD_QUESTION "\5" + +/********************* SERVER SIDE ****************************************/ + +static int qa_auth_interface (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) +{ + unsigned char *pkt; + int pkt_len, err= CR_OK; + + /* send a password question */ + if (vio->write_packet(vio, (const unsigned char *) PASSWORD_QUESTION, 1)) + return CR_ERROR; + + /* read the answer */ + if ((pkt_len= vio->read_packet(vio, &pkt)) < 0) + return CR_ERROR; + + info->password_used= PASSWORD_USED_YES; + + /* fail if the password is wrong */ + if (strcmp((const char *) pkt, info->auth_string)) + return CR_ERROR; + +/* Check the contens of components of info */ + if (strcmp(info->user_name, "qa_test_1_user")== 0) + { + if (info->user_name_length != 14) + err= CR_ERROR; + if (strcmp(info->auth_string, "qa_test_1_dest")) + err= CR_ERROR; + if (info->auth_string_length != 14) + err= CR_ERROR; +/* To be set by the plugin */ +// if (strcmp(info->authenticated_as, "qa_test_1_user")) +// err= CR_ERROR; +/* To be set by the plugin */ +// if (strcmp(info->external_user, "")) +// err= CR_ERROR; + if (info->password_used != PASSWORD_USED_YES) + err= CR_ERROR; + if (strcmp(info->host_or_ip, "localhost")) + err= CR_ERROR; + if (info->host_or_ip_length != 9) + err= CR_ERROR; + } +/* Assign values to the components of info even if not intended and watch the effect */ + else if (strcmp(info->user_name, "qa_test_2_user")== 0) + { + /* Overwriting not intended, but with effect on USER() */ + strcpy(info->user_name, "user_name"); + info->user_name_length= 9; + /* Overwriting not intended, effect not visible */ + strcpy((char *)info->auth_string, "auth_string"); + info->auth_string_length= 11; + /* Assign with account for authorization, effect on CURRENT_USER() */ + strcpy(info->authenticated_as, "authenticated_as"); + /* Assign with an external account, effect on @@local.EXTERNAL_USER */ + strcpy(info->external_user, "externaluser"); + /* Overwriting will cause a core dump */ +// strcpy(info->host_or_ip, "host_or_ip"); +// info->host_or_ip_length= 10; + } +/* Invalid, means too high values for length */ + else if (strcmp(info->user_name, "qa_test_3_user")== 0) + { +/* Original value is 14. Test runs also with higher value. Changes have no effect.*/ + info->user_name_length= 28; + strcpy((char *)info->auth_string, "qa_test_3_dest"); +/* Original value is 14. Test runs also with higher value. Changes have no effect.*/ + info->auth_string_length= 28; + strcpy(info->authenticated_as, info->auth_string); + strcpy(info->external_user, info->auth_string); + } +/* Invalid, means too low values for length */ + else if (strcmp(info->user_name, "qa_test_4_user")== 0) + { +/* Original value is 14. Test runs also with lower value. Changes have no effect.*/ + info->user_name_length= 8; + strcpy((char *)info->auth_string, "qa_test_4_dest"); +/* Original value is 14. Test runs also with lower value. Changes have no effect.*/ + info->auth_string_length= 8; + strcpy(info->authenticated_as, info->auth_string); + strcpy(info->external_user, info->auth_string); + } +/* Overwrite with empty values */ + else if (strcmp(info->user_name, "qa_test_5_user")== 0) + { +/* This assignment has no effect.*/ + strcpy(info->user_name, ""); + info->user_name_length= 0; +/* This assignment has no effect.*/ + strcpy((char *)info->auth_string, ""); + info->auth_string_length= 0; +/* This assignment caused an error or an "empty" user */ + strcpy(info->authenticated_as, ""); +/* This assignment has no effect.*/ + strcpy(info->external_user, ""); + /* Overwriting will cause a core dump */ +// strcpy(info->host_or_ip, ""); +// info->host_or_ip_length= 0; + } +/* Set to 'root' */ + else if (strcmp(info->user_name, "qa_test_6_user")== 0) + { + strcpy(info->authenticated_as, "root"); + } + else + { + err= CR_ERROR; + } + return err; +} + +static struct st_mysql_auth qa_auth_test_handler= +{ + MYSQL_AUTHENTICATION_INTERFACE_VERSION, + "qa_auth_interface", /* requires test_plugin client's plugin */ + qa_auth_interface +}; + +mysql_declare_plugin(test_plugin) +{ + MYSQL_AUTHENTICATION_PLUGIN, + &qa_auth_test_handler, + "qa_auth_interface", + "Horst Hunger", + "plugin API test plugin", + PLUGIN_LICENSE_GPL, + NULL, + NULL, + 0x0100, + NULL, + NULL, + NULL +} +mysql_declare_plugin_end; + +/********************* CLIENT SIDE ***************************************/ +/* + client plugin used for testing the plugin API +*/ +#include <mysql.h> + +/** + The main function of the test plugin. + + Reads the prompt, check if the handshake is done and if the prompt is a + password request and returns the password. Otherwise return error. + + @note + 1. this plugin shows how a client authentication plugin + may read a MySQL protocol OK packet internally - which is important + where a number of packets is not known in advance. + 2. the first byte of the prompt is special. it is not + shown to the user, but signals whether it is the last question + (prompt[0] & 1 == 1) or not last (prompt[0] & 1 == 0), + and whether the input is a password (not echoed). + 3. the prompt is expected to be sent zero-terminated +*/ +static int test_plugin_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql) +{ + unsigned char *pkt, cmd= 0; + int pkt_len, res; + char *reply; + + do + { + /* read the prompt */ + pkt_len= vio->read_packet(vio, &pkt); + if (pkt_len < 0) + return CR_ERROR; + + if (pkt == 0) + { + /* + in mysql_change_user() the client sends the first packet, so + the first vio->read_packet() does nothing (pkt == 0). + + We send the "password", assuming the client knows what its doing. + (in other words, the dialog plugin should be only set as a default + authentication plugin on the client if the first question + asks for a password - which will be sent in cleat text, by the way) + */ + reply= mysql->passwd; + } + else + { + cmd= *pkt++; + + /* is it MySQL protocol (0=OK or 254=need old password) packet ? */ + if (cmd == 0 || cmd == 254) + return CR_OK_HANDSHAKE_COMPLETE; /* yes. we're done */ + + /* + asking for a password with an empty prompt means mysql->password + otherwise return an error + */ + if ((cmd == LAST_PASSWORD[0] || cmd == PASSWORD_QUESTION[0]) && *pkt == 0) + reply= mysql->passwd; + else + return CR_ERROR; + } + if (!reply) + return CR_ERROR; + /* send the reply to the server */ + res= vio->write_packet(vio, (const unsigned char *) reply, + strlen(reply) + 1); + + if (res) + return CR_ERROR; + + /* repeat unless it was the last question */ + } while (cmd != LAST_QUESTION[0] && cmd != PASSWORD_QUESTION[0]); + + /* the job of reading the ok/error packet is left to the server */ + return CR_OK; +} + + +mysql_declare_client_plugin(AUTHENTICATION) + "qa_auth_interface", + "Horst Hunger", + "Dialog Client Authentication Plugin", + {0,1,0}, + "GPL", + NULL, + NULL, + NULL, + NULL, + test_plugin_client +mysql_end_client_plugin; diff --git a/plugin/auth/qa_auth_server.c b/plugin/auth/qa_auth_server.c new file mode 100644 index 00000000000..17171610200 --- /dev/null +++ b/plugin/auth/qa_auth_server.c @@ -0,0 +1,87 @@ +/* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; version 2 of the + License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +#include <my_global.h> +#include <mysql/plugin_auth.h> +#include <mysql/client_plugin.h> +#include <string.h> +#include <stdio.h> +#include <stdlib.h> + +/** + first byte of the question string is the question "type". + It can be a "ordinary" or a "password" question. + The last bit set marks a last question in the authentication exchange. +*/ +#define ORDINARY_QUESTION "\2" +#define LAST_QUESTION "\3" +#define LAST_PASSWORD "\4" +#define PASSWORD_QUESTION "\5" + +/********************* SERVER SIDE ****************************************/ + +static int qa_auth_interface (MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) +{ + unsigned char *pkt; + int pkt_len, err= CR_OK; + + /* send a password question */ + if (vio->write_packet(vio, (const unsigned char *) PASSWORD_QUESTION, 1)) + return CR_ERROR; + + /* read the answer */ + if ((pkt_len= vio->read_packet(vio, &pkt)) < 0) + return CR_ERROR; + + info->password_used= PASSWORD_USED_YES; + + /* fail if the password is wrong */ + if (strcmp((const char *) pkt, info->auth_string)) + return CR_ERROR; + +/* Test of default_auth */ + if (strcmp(info->user_name, "qa_test_11_user")== 0) + { + strcpy(info->authenticated_as, "qa_test_11_dest"); + } + else + err= CR_ERROR; + return err; +} + +static struct st_mysql_auth qa_auth_test_handler= +{ + MYSQL_AUTHENTICATION_INTERFACE_VERSION, + "qa_auth_interface", /* requires test_plugin client's plugin */ + qa_auth_interface +}; + +mysql_declare_plugin(test_plugin) +{ + MYSQL_AUTHENTICATION_PLUGIN, + &qa_auth_test_handler, + "qa_auth_server", + "Horst Hunger", + "plugin API test plugin", + PLUGIN_LICENSE_GPL, + NULL, + NULL, + 0x0100, + NULL, + NULL, + NULL +} +mysql_declare_plugin_end; |