diff --git a/mysql-test/r/failed_auth_unixsocket.result b/mysql-test/r/failed_auth_unixsocket.result new file mode 100644 index 00000000000..7e2499795cb --- /dev/null +++ b/mysql-test/r/failed_auth_unixsocket.result @@ -0,0 +1,12 @@ +update mysql.user set plugin='unix_socket'; +flush privileges; +connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET); +ERROR HY000: Plugin 'unix_socket' is not loaded +ERROR HY000: Plugin 'unix_socket' is not loaded +install plugin unix_socket soname 'auth_socket.so'; +connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET); +ERROR 28000: Access denied for user 'USER'@'localhost' (using password: NO) +ERROR 28000: Access denied for user 'USER'@'localhost' (using password: NO) +update mysql.user set plugin=''; +flush privileges; +uninstall plugin unix_socket; diff --git a/mysql-test/t/failed_auth_unixsocket.test b/mysql-test/t/failed_auth_unixsocket.test new file mode 100644 index 00000000000..36649312a00 --- /dev/null +++ b/mysql-test/t/failed_auth_unixsocket.test @@ -0,0 +1,29 @@ +--source include/have_unix_socket.inc + +# +# MDEV-3909 remote user enumeration +# unix_socket tests +# +update mysql.user set plugin='unix_socket'; +flush privileges; + +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT $USER USER +--error ER_PLUGIN_IS_NOT_LOADED +connect (fail,localhost,$USER); + +--error ER_PLUGIN_IS_NOT_LOADED +change_user $USER; + +eval install plugin unix_socket soname '$AUTH_SOCKET_SO'; + +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT $USER USER +--error ER_ACCESS_DENIED_ERROR +connect (fail,localhost,$USER); + +--error ER_ACCESS_DENIED_ERROR +change_user $USER; + +update mysql.user set plugin=''; +flush privileges; +uninstall plugin unix_socket; + diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 9983c52abb5..f549d22eb4f 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -8192,7 +8192,12 @@ bool acl_authenticate(THD *thd, uint connect_errors, auth_plugin_name= &mpvio.acl_user->plugin; res= do_auth_once(thd, auth_plugin_name, &mpvio); } - + if (mpvio.make_it_fail) + { + mpvio.status= MPVIO_EXT::FAILURE; + res= CR_ERROR; + } + Security_context *sctx= thd->security_ctx; ACL_USER *acl_user= mpvio.acl_user;