database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-11340 Allow multiple alternative authentication methods for the same user

Browse Source 
test a multi-auth with a missing auth plugin on the client

update (and simplify) plugin_auth.test to match
This commit is contained in:
Sergei Golubchik
2019-01-29 12:55:33 +01:00
parent 5b15cc613e
commit 7075d7fce6
5 changed files with 61 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libmariadb

Submodule libmariadb updated: 1e4b08bd29...beb9d5ea89

33
mysql-test/main/plugin_auth.result
View File

@ -11,6 +11,8 @@ SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
plugin authentication_string plugin authentication_string
test_plugin_server plug_dest test_plugin_server plug_dest
## test plugin auth ## test plugin auth
connect(localhost,plug,plug_dest,test,MYSQL_PORT,MYSQL_SOCK);
connect plug_con,localhost,plug,plug_dest;
ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES) ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
GRANT PROXY ON plug_dest TO plug; GRANT PROXY ON plug_dest TO plug;
test proxies_priv columns test proxies_priv columns
@ -32,7 +34,6 @@ proxies_priv CREATE TABLE `proxies_priv` (
KEY `Grantor` (`Grantor`) KEY `Grantor` (`Grantor`)
) ENGINE=Aria DEFAULT CHARSET=utf8 COLLATE=utf8_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='User proxy privileges' ) ENGINE=Aria DEFAULT CHARSET=utf8 COLLATE=utf8_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='User proxy privileges'
connect plug_con,localhost,plug,plug_dest; connect plug_con,localhost,plug,plug_dest;
connection plug_con;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
USER() CURRENT_USER() USER() CURRENT_USER()
plug@localhost plug_dest@% plug@localhost plug_dest@%
@ -41,11 +42,18 @@ SET PASSWORD = PASSWORD('plug_dest');
connection default; connection default;
disconnect plug_con; disconnect plug_con;
## test bad credentials ## test bad credentials
connect(localhost,plug,bad_credentials,test,MYSQL_PORT,MYSQL_SOCK);
connect plug_con,localhost,plug,bad_credentials;
ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES) ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
## test bad default plugin : should get CR_AUTH_PLUGIN_CANNOT_LOAD ## test bad default plugin : nothing bad happens, as that plugin was't required by the server
connect plug_con_wrongp,localhost,plug,plug_dest,,,,,wrong_plugin_name;
select USER(),CURRENT_USER();
USER() CURRENT_USER()
plug@localhost plug_dest@%
connection default;
disconnect plug_con_wrongp;
## test correct default plugin ## test correct default plugin
connect plug_con_rightp,localhost,plug,plug_dest,,,,,auth_test_plugin; connect plug_con_rightp,localhost,plug,plug_dest,,,,,auth_test_plugin;
connection plug_con_rightp;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
USER() CURRENT_USER() USER() CURRENT_USER()
plug@localhost plug_dest@% plug@localhost plug_dest@%
@ -60,7 +68,6 @@ DROP USER grant_user;
CREATE USER `Ÿ` IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; CREATE USER `Ÿ` IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
GRANT PROXY ON plug_dest TO `Ÿ`; GRANT PROXY ON plug_dest TO `Ÿ`;
connect non_ascii,localhost,Ÿ,plug_dest; connect non_ascii,localhost,Ÿ,plug_dest;
connection non_ascii;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
USER() CURRENT_USER() USER() CURRENT_USER()
Ÿ@localhost plug_dest@% Ÿ@localhost plug_dest@%
@ -74,7 +81,6 @@ GRANT ALL PRIVILEGES ON test_grant_db.* TO new_grant_user
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'; IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
GRANT PROXY ON plug_dest TO new_grant_user; GRANT PROXY ON plug_dest TO new_grant_user;
connect plug_con_grant,localhost,new_grant_user,plug_dest; connect plug_con_grant,localhost,new_grant_user,plug_dest;
connection plug_con_grant;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
USER() CURRENT_USER() USER() CURRENT_USER()
new_grant_user@localhost plug_dest@% new_grant_user@localhost plug_dest@%
@ -91,7 +97,6 @@ connect(localhost,new_grant_user,plug_dest,test,MYSQL_PORT,MYSQL_SOCK);
connect plug_con_grant_deny,localhost,new_grant_user,plug_dest; connect plug_con_grant_deny,localhost,new_grant_user,plug_dest;
ERROR 28000: Access denied for user 'new_grant_user'@'localhost' (using password: YES) ERROR 28000: Access denied for user 'new_grant_user'@'localhost' (using password: YES)
connect plug_con_grant,localhost,new_grant_user,new_password; connect plug_con_grant,localhost,new_grant_user,new_password;
connection plug_con_grant;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
USER() CURRENT_USER() USER() CURRENT_USER()
new_grant_user@localhost new_grant_user@% new_grant_user@localhost new_grant_user@%
@ -133,8 +138,6 @@ ERROR 42000: You have an error in your SQL syntax; check the manual that corresp
REVOKE PROXY ON grant_plug_dest FROM grant_plug; REVOKE PROXY ON grant_plug_dest FROM grant_plug;
ERROR 42000: There is no such grant defined for user 'grant_plug' on host '%' ERROR 42000: There is no such grant defined for user 'grant_plug' on host '%'
connect grant_plug_dest_con,localhost,grant_plug_dest,grant_plug_dest_passwd; connect grant_plug_dest_con,localhost,grant_plug_dest,grant_plug_dest_passwd;
connection grant_plug_dest_con;
in grant_plug_dest_con
## testing what an ordinary user can grant ## testing what an ordinary user can grant
this should fail : no rights to grant all this should fail : no rights to grant all
GRANT PROXY ON ''@'%%' TO grant_plug; GRANT PROXY ON ''@'%%' TO grant_plug;
@ -158,7 +161,6 @@ this should fail : can't create users
GRANT PROXY ON grant_plug_dest TO grant_plug@localhost; GRANT PROXY ON grant_plug_dest TO grant_plug@localhost;
ERROR 42000: You are not allowed to create a user with GRANT ERROR 42000: You are not allowed to create a user with GRANT
connection default; connection default;
in default connection
disconnect grant_plug_dest_con; disconnect grant_plug_dest_con;
# test what root can grant # test what root can grant
should work : root has PROXY to all users should work : root has PROXY to all users
@ -170,12 +172,9 @@ WITH GRANT OPTION;
need USAGE : PROXY doesn't contain it. need USAGE : PROXY doesn't contain it.
GRANT USAGE on *.* TO proxy_admin; GRANT USAGE on *.* TO proxy_admin;
connect proxy_admin_con,localhost,proxy_admin,test; connect proxy_admin_con,localhost,proxy_admin,test;
connection proxy_admin_con;
in proxy_admin_con;
should work : proxy_admin has proxy to ''@'%%' should work : proxy_admin has proxy to ''@'%%'
GRANT PROXY ON future_user TO grant_plug; GRANT PROXY ON future_user TO grant_plug;
connection default; connection default;
in default connection
disconnect proxy_admin_con; disconnect proxy_admin_con;
SHOW GRANTS FOR grant_plug; SHOW GRANTS FOR grant_plug;
Grants for grant_plug@% Grants for grant_plug@%
@ -221,13 +220,10 @@ SELECT @@LOCAL.proxy_user;
@@LOCAL.proxy_user @@LOCAL.proxy_user
NULL NULL
connect plug_con,localhost,plug,plug_dest; connect plug_con,localhost,plug,plug_dest;
connection plug_con;
# in connection plug_con
SELECT @@LOCAL.proxy_user; SELECT @@LOCAL.proxy_user;
@@LOCAL.proxy_user @@LOCAL.proxy_user
'plug'@'%' 'plug'@'%'
connection default; connection default;
# in connection default
disconnect plug_con; disconnect plug_con;
## cleanup ## cleanup
DROP USER plug; DROP USER plug;
@ -253,13 +249,10 @@ SELECT @@LOCAL.external_user;
@@LOCAL.external_user @@LOCAL.external_user
NULL NULL
connect plug_con,localhost,plug,plug_dest; connect plug_con,localhost,plug,plug_dest;
connection plug_con;
# in connection plug_con
SELECT @@LOCAL.external_user; SELECT @@LOCAL.external_user;
@@LOCAL.external_user @@LOCAL.external_user
plug_dest plug_dest
connection default; connection default;
# in connection default
disconnect plug_con; disconnect plug_con;
## cleanup ## cleanup
DROP USER plug; DROP USER plug;
@ -315,7 +308,6 @@ REVOKE PROXY ON u2@localhost FROM u1@localhost;
ERROR 28000: Access denied for user 'root'@'localhost' ERROR 28000: Access denied for user 'root'@'localhost'
# go try graning proxy on itself, so that it will need the table # go try graning proxy on itself, so that it will need the table
connect proxy_granter_con,localhost,u2,; connect proxy_granter_con,localhost,u2,;
connection proxy_granter_con;
GRANT PROXY ON u2@localhost TO u1@localhost; GRANT PROXY ON u2@localhost TO u1@localhost;
ERROR 42S02: Table 'mysql.proxies_priv' doesn't exist ERROR 42S02: Table 'mysql.proxies_priv' doesn't exist
REVOKE PROXY ON u2@localhost FROM u1@localhost; REVOKE PROXY ON u2@localhost FROM u1@localhost;
@ -355,7 +347,6 @@ CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
## test plugin auth ## test plugin auth
ERROR 28000: Access denied for user 'uplain'@'localhost' (using password: YES) ERROR 28000: Access denied for user 'uplain'@'localhost' (using password: YES)
connect cleartext_con,localhost,uplain,cleartext_test; connect cleartext_con,localhost,uplain,cleartext_test;
connection cleartext_con;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
USER() CURRENT_USER() USER() CURRENT_USER()
uplain@localhost uplain@localhost uplain@localhost uplain@localhost
@ -474,7 +465,6 @@ CREATE USER bug12818542_dest@localhost
IDENTIFIED BY 'bug12818542_dest_passwd'; IDENTIFIED BY 'bug12818542_dest_passwd';
GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost; GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
connect bug12818542_con,localhost,bug12818542,bug12818542_dest; connect bug12818542_con,localhost,bug12818542,bug12818542_dest;
connection bug12818542_con;
SELECT USER(),CURRENT_USER(); SELECT USER(),CURRENT_USER();
USER() CURRENT_USER() USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost bug12818542@localhost bug12818542_dest@localhost
@ -482,7 +472,6 @@ SET PASSWORD = PASSWORD('bruhaha');
connection default; connection default;
disconnect bug12818542_con; disconnect bug12818542_con;
connect bug12818542_con2,localhost,bug12818542,bug12818542_dest; connect bug12818542_con2,localhost,bug12818542,bug12818542_dest;
connection bug12818542_con2;
SELECT USER(),CURRENT_USER(); SELECT USER(),CURRENT_USER();
USER() CURRENT_USER() USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost bug12818542@localhost bug12818542_dest@localhost

38
mysql-test/main/plugin_auth.test
View File

@ -15,10 +15,9 @@ CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug'; SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
--echo ## test plugin auth --echo ## test plugin auth
--disable_query_log --replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant --error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(plug_con,localhost,plug,plug_dest); connect(plug_con,localhost,plug,plug_dest);
--enable_query_log
GRANT PROXY ON plug_dest TO plug; GRANT PROXY ON plug_dest TO plug;
--echo test proxies_priv columns --echo test proxies_priv columns
@ -28,8 +27,6 @@ SELECT * FROM mysql.proxies_priv WHERE user !='root';
SHOW CREATE TABLE mysql.proxies_priv; SHOW CREATE TABLE mysql.proxies_priv;
connect(plug_con,localhost,plug,plug_dest); connect(plug_con,localhost,plug,plug_dest);
connection plug_con;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
--echo ## test SET PASSWORD --echo ## test SET PASSWORD
@ -40,22 +37,18 @@ connection default;
disconnect plug_con; disconnect plug_con;
--echo ## test bad credentials --echo ## test bad credentials
--disable_query_log --replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
--error ER_ACCESS_DENIED_ERROR --error ER_ACCESS_DENIED_ERROR
connect(plug_con,localhost,plug,bad_credentials); connect(plug_con,localhost,plug,bad_credentials);
--enable_query_log
--echo ## test bad default plugin : should get CR_AUTH_PLUGIN_CANNOT_LOAD --echo ## test bad default plugin : nothing bad happens, as that plugin was't required by the server
--disable_result_log
--disable_query_log
--error 2059
connect(plug_con_wrongp,localhost,plug,plug_dest,,,,,wrong_plugin_name); connect(plug_con_wrongp,localhost,plug,plug_dest,,,,,wrong_plugin_name);
--enable_query_log select USER(),CURRENT_USER();
--enable_result_log connection default;
disconnect plug_con_wrongp;
--echo ## test correct default plugin --echo ## test correct default plugin
connect(plug_con_rightp,localhost,plug,plug_dest,,,,,auth_test_plugin); connect(plug_con_rightp,localhost,plug,plug_dest,,,,,auth_test_plugin);
connection plug_con_rightp;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
connection default; connection default;
disconnect plug_con_rightp; disconnect plug_con_rightp;
@ -72,7 +65,6 @@ CREATE USER `Ÿ` IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
GRANT PROXY ON plug_dest TO `Ÿ`; GRANT PROXY ON plug_dest TO `Ÿ`;
connect(non_ascii,localhost,Ÿ,plug_dest); connect(non_ascii,localhost,Ÿ,plug_dest);
connection non_ascii;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
connection default; connection default;
@ -90,7 +82,6 @@ GRANT ALL PRIVILEGES ON test_grant_db.* TO new_grant_user
GRANT PROXY ON plug_dest TO new_grant_user; GRANT PROXY ON plug_dest TO new_grant_user;
connect(plug_con_grant,localhost,new_grant_user,plug_dest); connect(plug_con_grant,localhost,new_grant_user,plug_dest);
connection plug_con_grant;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
USE test_grant_db; USE test_grant_db;
CREATE TABLE t1 (a INT); CREATE TABLE t1 (a INT);
@ -108,7 +99,6 @@ GRANT ALL PRIVILEGES ON test_grant_db.* TO new_grant_user
connect(plug_con_grant_deny,localhost,new_grant_user,plug_dest); connect(plug_con_grant_deny,localhost,new_grant_user,plug_dest);
connect(plug_con_grant,localhost,new_grant_user,new_password); connect(plug_con_grant,localhost,new_grant_user,new_password);
connection plug_con_grant;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
USE test_grant_db; USE test_grant_db;
CREATE TABLE t1 (a INT); CREATE TABLE t1 (a INT);
@ -166,8 +156,6 @@ GRANT ALL SELECT,PROXY ON grant_plug_dest TO grant_plug;
REVOKE PROXY ON grant_plug_dest FROM grant_plug; REVOKE PROXY ON grant_plug_dest FROM grant_plug;
connect(grant_plug_dest_con,localhost,grant_plug_dest,grant_plug_dest_passwd); connect(grant_plug_dest_con,localhost,grant_plug_dest,grant_plug_dest_passwd);
connection grant_plug_dest_con;
--echo in grant_plug_dest_con
--echo ## testing what an ordinary user can grant --echo ## testing what an ordinary user can grant
--echo this should fail : no rights to grant all --echo this should fail : no rights to grant all
@ -209,7 +197,6 @@ REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug;
GRANT PROXY ON grant_plug_dest TO grant_plug@localhost; GRANT PROXY ON grant_plug_dest TO grant_plug@localhost;
connection default; connection default;
--echo in default connection
disconnect grant_plug_dest_con; disconnect grant_plug_dest_con;
--echo # test what root can grant --echo # test what root can grant
@ -226,14 +213,11 @@ GRANT PROXY ON ''@'%%' TO proxy_admin IDENTIFIED BY 'test'
GRANT USAGE on *.* TO proxy_admin; GRANT USAGE on *.* TO proxy_admin;
connect (proxy_admin_con,localhost,proxy_admin,test); connect (proxy_admin_con,localhost,proxy_admin,test);
connection proxy_admin_con;
--echo in proxy_admin_con;
--echo should work : proxy_admin has proxy to ''@'%%' --echo should work : proxy_admin has proxy to ''@'%%'
GRANT PROXY ON future_user TO grant_plug; GRANT PROXY ON future_user TO grant_plug;
connection default; connection default;
--echo in default connection
disconnect proxy_admin_con; disconnect proxy_admin_con;
SHOW GRANTS FOR grant_plug; SHOW GRANTS FOR grant_plug;
@ -275,11 +259,8 @@ SET LOCAL proxy_user = 'test';
SELECT @@LOCAL.proxy_user; SELECT @@LOCAL.proxy_user;
connect(plug_con,localhost,plug,plug_dest); connect(plug_con,localhost,plug,plug_dest);
connection plug_con;
--echo # in connection plug_con
SELECT @@LOCAL.proxy_user; SELECT @@LOCAL.proxy_user;
connection default; connection default;
--echo # in connection default
disconnect plug_con; disconnect plug_con;
--echo ## cleanup --echo ## cleanup
@ -304,11 +285,8 @@ SET LOCAL external_user = 'test';
SELECT @@LOCAL.external_user; SELECT @@LOCAL.external_user;
connect(plug_con,localhost,plug,plug_dest); connect(plug_con,localhost,plug,plug_dest);
connection plug_con;
--echo # in connection plug_con
SELECT @@LOCAL.external_user; SELECT @@LOCAL.external_user;
connection default; connection default;
--echo # in connection default
disconnect plug_con; disconnect plug_con;
--echo ## cleanup --echo ## cleanup
@ -382,7 +360,6 @@ REVOKE PROXY ON u2@localhost FROM u1@localhost;
--echo # go try graning proxy on itself, so that it will need the table --echo # go try graning proxy on itself, so that it will need the table
connect(proxy_granter_con,localhost,u2,); connect(proxy_granter_con,localhost,u2,);
connection proxy_granter_con;
--error ER_NO_SUCH_TABLE --error ER_NO_SUCH_TABLE
GRANT PROXY ON u2@localhost TO u1@localhost; GRANT PROXY ON u2@localhost TO u1@localhost;
@ -438,7 +415,6 @@ connect(cleartext_fail_con,localhost,uplain,cleartext_test2);
--enable_query_log --enable_query_log
connect(cleartext_con,localhost,uplain,cleartext_test); connect(cleartext_con,localhost,uplain,cleartext_test);
connection cleartext_con;
select USER(),CURRENT_USER(); select USER(),CURRENT_USER();
connection default; connection default;
@ -571,7 +547,6 @@ CREATE USER bug12818542_dest@localhost
GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost; GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
connect(bug12818542_con,localhost,bug12818542,bug12818542_dest); connect(bug12818542_con,localhost,bug12818542,bug12818542_dest);
connection bug12818542_con;
SELECT USER(),CURRENT_USER(); SELECT USER(),CURRENT_USER();
SET PASSWORD = PASSWORD('bruhaha'); SET PASSWORD = PASSWORD('bruhaha');
@ -580,7 +555,6 @@ connection default;
disconnect bug12818542_con; disconnect bug12818542_con;
connect(bug12818542_con2,localhost,bug12818542,bug12818542_dest); connect(bug12818542_con2,localhost,bug12818542,bug12818542_dest);
connection bug12818542_con2;
SELECT USER(),CURRENT_USER(); SELECT USER(),CURRENT_USER();
connection default; connection default;

24
mysql-test/suite/plugins/r/multiauth.result
View File

@ -14,6 +14,7 @@ select user(), current_user(), database();
user() current_user() database() user() current_user() database()
mysqltest1@localhost mysqltest1@% test mysqltest1@localhost mysqltest1@% test
# name does not match, password bad = failure # name does not match, password bad = failure
mysqltest: Could not open connection 'default': 1045 Access denied for user 'mysqltest1'@'localhost' (using password: YES)
drop user USER, mysqltest1; drop user USER, mysqltest1;
create user USER identified via mysql_native_password as password("GOOD") OR unix_socket; create user USER identified via mysql_native_password as password("GOOD") OR unix_socket;
create user mysqltest1 identified via mysql_native_password as password("good") OR unix_socket; create user mysqltest1 identified via mysql_native_password as password("good") OR unix_socket;
@ -29,6 +30,7 @@ select user(), current_user(), database();
user() current_user() database() user() current_user() database()
mysqltest1@localhost mysqltest1@% test mysqltest1@localhost mysqltest1@% test
# name does not match, password bad = failure # name does not match, password bad = failure
mysqltest: Could not open connection 'default': 1698 Access denied for user 'mysqltest1'@'localhost'
drop user USER, mysqltest1; drop user USER, mysqltest1;
create user USER identified via unix_socket OR ed25519 as password("GOOD"); create user USER identified via unix_socket OR ed25519 as password("GOOD");
create user mysqltest1 identified via unix_socket OR ed25519 as password("good"); create user mysqltest1 identified via unix_socket OR ed25519 as password("good");
@ -44,6 +46,7 @@ select user(), current_user(), database();
user() current_user() database() user() current_user() database()
mysqltest1@localhost mysqltest1@% test mysqltest1@localhost mysqltest1@% test
# name does not match, password bad = failure # name does not match, password bad = failure
mysqltest: Could not open connection 'default': 1045 Access denied for user 'mysqltest1'@'localhost' (using password: YES)
drop user USER, mysqltest1; drop user USER, mysqltest1;
create user USER identified via ed25519 as password("GOOD") OR unix_socket; create user USER identified via ed25519 as password("GOOD") OR unix_socket;
create user mysqltest1 identified via ed25519 as password("good") OR unix_socket; create user mysqltest1 identified via ed25519 as password("good") OR unix_socket;
@ -59,6 +62,7 @@ select user(), current_user(), database();
user() current_user() database() user() current_user() database()
mysqltest1@localhost mysqltest1@% test mysqltest1@localhost mysqltest1@% test
# name does not match, password bad = failure # name does not match, password bad = failure
mysqltest: Could not open connection 'default': 1698 Access denied for user 'mysqltest1'@'localhost'
drop user USER, mysqltest1; drop user USER, mysqltest1;
create user USER identified via ed25519 as password("GOOD") OR unix_socket OR mysql_native_password as password("works"); create user USER identified via ed25519 as password("GOOD") OR unix_socket OR mysql_native_password as password("works");
create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works"); create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works");
@ -78,6 +82,7 @@ select user(), current_user(), database();
user() current_user() database() user() current_user() database()
mysqltest1@localhost mysqltest1@% test mysqltest1@localhost mysqltest1@% test
# name does not match, password bad = failure # name does not match, password bad = failure
mysqltest: Could not open connection 'default': 1045 Access denied for user 'mysqltest1'@'localhost' (using password: YES)
drop user USER, mysqltest1; drop user USER, mysqltest1;
create user mysqltest1 identified via mysql_native_password as password("good") OR mysql_native_password as password("works"); create user mysqltest1 identified via mysql_native_password as password("good") OR mysql_native_password as password("works");
show create user mysqltest1; show create user mysqltest1;
@ -92,6 +97,7 @@ select user(), current_user(), database();
user() current_user() database() user() current_user() database()
mysqltest1@localhost mysqltest1@% test mysqltest1@localhost mysqltest1@% test
# password bad = failure # password bad = failure
mysqltest: Could not open connection 'default': 1045 Access denied for user 'mysqltest1'@'localhost' (using password: YES)
drop user mysqltest1; drop user mysqltest1;
create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works"); create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works");
show grants for mysqltest1; show grants for mysqltest1;
@ -160,11 +166,29 @@ select user(), current_user(), database();
user() current_user() database() user() current_user() database()
USER@localhost USER@% test USER@localhost USER@% test
# name does not match = failure # name does not match = failure
mysqltest: Could not open connection 'default': 1698 Access denied for user 'mysqltest1'@'localhost'
# SET PASSWORD helps # SET PASSWORD helps
set password for mysqltest1 = password('bla'); set password for mysqltest1 = password('bla');
select user(), current_user(), database(); select user(), current_user(), database();
user() current_user() database() user() current_user() database()
mysqltest1@localhost mysqltest1@% test mysqltest1@localhost mysqltest1@% test
drop user USER, mysqltest1; drop user USER, mysqltest1;
create user mysqltest1 identified via ed25519 as password("good");
show create user mysqltest1;
CREATE USER for mysqltest1@%
CREATE USER 'mysqltest1'@'%' IDENTIFIED VIA ed25519 USING 'F4aF8bw7130VaRbdLCl4f/P/wkjDmgJXwWvpJ5gmsZc'
# no plugin = failure
mysqltest: Could not open connection 'default': 1045 Plugin client_ed25519 could not be loaded: <PLUGINDIR>/no/client_ed25519.so: cannot open shared object file: No such file or directory
alter user mysqltest1 identified via ed25519 as password("good") OR mysql_native_password as password("works");
show create user mysqltest1;
CREATE USER for mysqltest1@%
CREATE USER 'mysqltest1'@'%' IDENTIFIED VIA ed25519 USING 'F4aF8bw7130VaRbdLCl4f/P/wkjDmgJXwWvpJ5gmsZc' OR mysql_native_password USING '*7D8C3DF236D9163B6C274A9D47704BC496988460'
# no plugin = failure
mysqltest: Could not open connection 'default': 1045 Access denied for user 'mysqltest1'@'localhost' (using password: YES)
# no plugin, second password works = ok
select user(), current_user(), database();
user() current_user() database()
mysqltest1@localhost mysqltest1@% test
drop user mysqltest1;
uninstall soname 'auth_socket'; uninstall soname 'auth_socket';
uninstall soname 'auth_ed25519'; uninstall soname 'auth_ed25519';

20
mysql-test/suite/plugins/t/multiauth.test
View File

@ -13,7 +13,7 @@ if (!$AUTH_ED25519_SO) {
install soname 'auth_socket'; install soname 'auth_socket';
install soname 'auth_ed25519'; install soname 'auth_ed25519';
--let $try_auth=$MYSQL_TEST < $MYSQLTEST_VARDIR/tmp/peercred_test.txt --let $try_auth=$MYSQL_TEST < $MYSQLTEST_VARDIR/tmp/peercred_test.txt 2>&1
--write_file $MYSQLTEST_VARDIR/tmp/peercred_test.txt --write_file $MYSQLTEST_VARDIR/tmp/peercred_test.txt
--let $replace1=$USER@localhost --let $replace1=$USER@localhost
@ -174,6 +174,24 @@ set password for mysqltest1 = password('bla');
--replace_result $dreplace "drop user USER" --replace_result $dreplace "drop user USER"
eval $dreplace, mysqltest1; eval $dreplace, mysqltest1;
#
# missing client-side plugin
#
create user mysqltest1 identified via ed25519 as password("good");
show create user mysqltest1;
--echo # no plugin = failure
--replace_result $plugindir <PLUGINDIR>
--error 1
--exec $try_auth -u mysqltest1 -pgood --plugin-dir=$plugindir/no
alter user mysqltest1 identified via ed25519 as password("good") OR mysql_native_password as password("works");
show create user mysqltest1;
--echo # no plugin = failure
--error 1
--exec $try_auth -u mysqltest1 -pgood --plugin-dir=$plugindir/no
--echo # no plugin, second password works = ok
--exec $try_auth -u mysqltest1 -pworks --plugin-dir=$plugindir/no
drop user mysqltest1;
uninstall soname 'auth_socket'; uninstall soname 'auth_socket';
uninstall soname 'auth_ed25519'; uninstall soname 'auth_ed25519';
--remove_file $MYSQLTEST_VARDIR/tmp/peercred_test.txt --remove_file $MYSQLTEST_VARDIR/tmp/peercred_test.txt