database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-11340 Allow multiple alternative authentication methods for the same user

Browse Source 
test a multi-auth with a missing auth plugin on the client

update (and simplify) plugin_auth.test to match
This commit is contained in:
Sergei Golubchik
2019-01-29 12:55:33 +01:00
parent 5b15cc613e
commit 7075d7fce6
5 changed files with 61 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
mysql-test/suite/plugins/r/multiauth.result
View File

@@ -14,6 +14,7 @@ select user(), current_user(), database();
user() current_user() database()
mysqltest1@localhost mysqltest1@% test
# name does not match, password bad = failure
mysqltest: Could not open connection 'default': 1045 Access denied for user 'mysqltest1'@'localhost' (using password: YES)
drop user USER, mysqltest1;
create user USER identified via mysql_native_password as password("GOOD") OR unix_socket;
create user mysqltest1 identified via mysql_native_password as password("good") OR unix_socket;
@@ -29,6 +30,7 @@ select user(), current_user(), database();
user() current_user() database()
mysqltest1@localhost mysqltest1@% test
# name does not match, password bad = failure
mysqltest: Could not open connection 'default': 1698 Access denied for user 'mysqltest1'@'localhost'
drop user USER, mysqltest1;
create user USER identified via unix_socket OR ed25519 as password("GOOD");
create user mysqltest1 identified via unix_socket OR ed25519 as password("good");
@@ -44,6 +46,7 @@ select user(), current_user(), database();
user() current_user() database()
mysqltest1@localhost mysqltest1@% test
# name does not match, password bad = failure
mysqltest: Could not open connection 'default': 1045 Access denied for user 'mysqltest1'@'localhost' (using password: YES)
drop user USER, mysqltest1;
create user USER identified via ed25519 as password("GOOD") OR unix_socket;
create user mysqltest1 identified via ed25519 as password("good") OR unix_socket;
@@ -59,6 +62,7 @@ select user(), current_user(), database();
user() current_user() database()
mysqltest1@localhost mysqltest1@% test
# name does not match, password bad = failure
mysqltest: Could not open connection 'default': 1698 Access denied for user 'mysqltest1'@'localhost'
drop user USER, mysqltest1;
create user USER identified via ed25519 as password("GOOD") OR unix_socket OR mysql_native_password as password("works");
create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works");
@@ -78,6 +82,7 @@ select user(), current_user(), database();
user() current_user() database()
mysqltest1@localhost mysqltest1@% test
# name does not match, password bad = failure
mysqltest: Could not open connection 'default': 1045 Access denied for user 'mysqltest1'@'localhost' (using password: YES)
drop user USER, mysqltest1;
create user mysqltest1 identified via mysql_native_password as password("good") OR mysql_native_password as password("works");
show create user mysqltest1;
@@ -92,6 +97,7 @@ select user(), current_user(), database();
user() current_user() database()
mysqltest1@localhost mysqltest1@% test
# password bad = failure
mysqltest: Could not open connection 'default': 1045 Access denied for user 'mysqltest1'@'localhost' (using password: YES)
drop user mysqltest1;
create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works");
show grants for mysqltest1;
@@ -160,11 +166,29 @@ select user(), current_user(), database();
user() current_user() database()
USER@localhost USER@% test
# name does not match = failure
mysqltest: Could not open connection 'default': 1698 Access denied for user 'mysqltest1'@'localhost'
# SET PASSWORD helps
set password for mysqltest1 = password('bla');
select user(), current_user(), database();
user() current_user() database()
mysqltest1@localhost mysqltest1@% test
drop user USER, mysqltest1;
create user mysqltest1 identified via ed25519 as password("good");
show create user mysqltest1;
CREATE USER for mysqltest1@%
CREATE USER 'mysqltest1'@'%' IDENTIFIED VIA ed25519 USING 'F4aF8bw7130VaRbdLCl4f/P/wkjDmgJXwWvpJ5gmsZc'
# no plugin = failure
mysqltest: Could not open connection 'default': 1045 Plugin client_ed25519 could not be loaded: <PLUGINDIR>/no/client_ed25519.so: cannot open shared object file: No such file or directory
alter user mysqltest1 identified via ed25519 as password("good") OR mysql_native_password as password("works");
show create user mysqltest1;
CREATE USER for mysqltest1@%
CREATE USER 'mysqltest1'@'%' IDENTIFIED VIA ed25519 USING 'F4aF8bw7130VaRbdLCl4f/P/wkjDmgJXwWvpJ5gmsZc' OR mysql_native_password USING '*7D8C3DF236D9163B6C274A9D47704BC496988460'
# no plugin = failure
mysqltest: Could not open connection 'default': 1045 Access denied for user 'mysqltest1'@'localhost' (using password: YES)
# no plugin, second password works = ok
select user(), current_user(), database();
user() current_user() database()
mysqltest1@localhost mysqltest1@% test
drop user mysqltest1;
uninstall soname 'auth_socket';
uninstall soname 'auth_ed25519';

20
mysql-test/suite/plugins/t/multiauth.test
View File

@@ -13,7 +13,7 @@ if (!$AUTH_ED25519_SO) {
install soname 'auth_socket';
install soname 'auth_ed25519';
--let $try_auth=$MYSQL_TEST < $MYSQLTEST_VARDIR/tmp/peercred_test.txt
--let $try_auth=$MYSQL_TEST < $MYSQLTEST_VARDIR/tmp/peercred_test.txt 2>&1
--write_file $MYSQLTEST_VARDIR/tmp/peercred_test.txt
--let $replace1=$USER@localhost
@@ -174,6 +174,24 @@ set password for mysqltest1 = password('bla');
--replace_result $dreplace "drop user USER"
eval $dreplace, mysqltest1;
#
# missing client-side plugin
#
create user mysqltest1 identified via ed25519 as password("good");
show create user mysqltest1;
--echo # no plugin = failure
--replace_result $plugindir <PLUGINDIR>
--error 1
--exec $try_auth -u mysqltest1 -pgood --plugin-dir=$plugindir/no
alter user mysqltest1 identified via ed25519 as password("good") OR mysql_native_password as password("works");
show create user mysqltest1;
--echo # no plugin = failure
--error 1
--exec $try_auth -u mysqltest1 -pgood --plugin-dir=$plugindir/no
--echo # no plugin, second password works = ok
--exec $try_auth -u mysqltest1 -pworks --plugin-dir=$plugindir/no
drop user mysqltest1;
uninstall soname 'auth_socket';
uninstall soname 'auth_ed25519';
--remove_file $MYSQLTEST_VARDIR/tmp/peercred_test.txt