database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

CONC-544: restrict authentication plugins

Browse Source 
Added new option MARIADB_OPT_RESTRICTED_AUTH (and corresponding
"restricted-auth" option for configuration files) which specifies
on or more comma spearated authentication plugins which are allowed
for authenication.

If the server asks for an authentication plugin not listed in this
option the connect attempt will fail with error CR_PLUGIN_NOT_ALLOWED.
This commit is contained in:
Georg Richter
2021-09-14 06:24:56 +02:00
parent fc9bfcd80a
commit 7e0be5a919
7 changed files with 90 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
unittest/libmariadb/connection.c
View File

@@ -1915,7 +1915,72 @@ static int test_conc490(MYSQL *my __attribute__((unused)))
return OK;
}
static int test_conc544(MYSQL *mysql)
{
int rc;
MYSQL *my= mysql_init(NULL);
char query[1024];
if (!mysql_client_find_plugin(mysql, "client_ed25519", MYSQL_CLIENT_AUTHENTICATION_PLUGIN))
{
diag("client_ed25519 plugin not available");
return SKIP;
}
rc= mysql_query(mysql, "INSTALL SONAME 'auth_ed25519'");
if (rc)
{
diag("feature not supported, ed25519 plugin not available");
return SKIP;
}
rc= mysql_optionsv(my, MARIADB_OPT_RESTRICTED_AUTH, "client_ed25519");
check_mysql_rc(rc, mysql);
if (my_test_connect(my, hostname, username,
password, schema, port, socketname, 0))
{
diag("error expected (restricted auth)");
return FAIL;
}
mysql_close(my);
if (mysql_get_server_version(mysql) < 100400) {
sprintf(query, "CREATE OR REPLACE USER 'ede'@'%s' IDENTIFIED VIA ed25519 USING '6aW9C7ENlasUfymtfMvMZZtnkCVlcb1ssxOLJ0kj/AA'", this_host);
} else {
sprintf(query, "CREATE OR REPLACE USER 'ede'@'%s' IDENTIFIED VIA ed25519 USING PASSWORD('MySup8%%rPassw@ord')", this_host);
}
rc= mysql_query(mysql, query);
check_mysql_rc(rc, mysql);
sprintf(query, "GRANT ALL ON %s.* TO 'ede'@'%s'", schema, this_host);
rc= mysql_query(mysql, query);
check_mysql_rc(rc, mysql);
my= mysql_init(NULL);
if (plugindir)
mysql_optionsv(my, MYSQL_PLUGIN_DIR, plugindir);
mysql_optionsv(my, MARIADB_OPT_RESTRICTED_AUTH, "client_ed25519, mysql_native_password");
if (!my_test_connect(my, hostname, "ede", "MySup8%rPassw@ord", schema, port, socketname, 0))
{
diag("Error: %s", mysql_error(my));
return FAIL;
}
mysql_close(my);
sprintf(query, "DROP USER 'ede'@'%s'", this_host);
rc= mysql_query(mysql, query);
check_mysql_rc(rc, mysql);
sprintf(query, "UNINSTALL SONAME 'auth_ed25519'");
rc= mysql_query(mysql, query);
check_mysql_rc(rc, mysql);
return OK;
}
struct my_tests_st my_tests[] = {
{"test_conc544", test_conc544, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
{"test_conc490", test_conc490, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_gtid", test_gtid, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
{"test_conc496", test_conc496, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},