Commit a86191c6 authored by Arun Kuruvila's avatar Arun Kuruvila

Bug #21235226 : THE --ENABLE-CLEARTEXT-PLUGIN IS NOT

                IMPLEMENTED IN ALL CLIENT PROGRAMS

Description: Option "enable-cleartext-plugin" is not
available for the following client utilities:-
mysqldump
mysqlimport
mysqlshow
mysqlcheck

Analysis: The unavailability of this option limits the
features like PAM authentication from using the above
mentioned utilities.

Fix: Option "enable-cleartext-plugin" is implemented in the
above mentioned client utilities.
parent 3846b085
/* /*
Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -42,6 +42,8 @@ static my_bool opt_alldbs = 0, opt_check_only_changed = 0, opt_extended = 0, ...@@ -42,6 +42,8 @@ static my_bool opt_alldbs = 0, opt_check_only_changed = 0, opt_extended = 0,
opt_fix_table_names= 0, opt_fix_db_names= 0, opt_upgrade= 0, opt_fix_table_names= 0, opt_fix_db_names= 0, opt_upgrade= 0,
opt_write_binlog= 1; opt_write_binlog= 1;
static uint verbose = 0, opt_mysql_port=0; static uint verbose = 0, opt_mysql_port=0;
static uint opt_enable_cleartext_plugin= 0;
static my_bool using_opt_enable_cleartext_plugin= 0;
static int my_end_arg; static int my_end_arg;
static char * opt_mysql_unix_port = 0; static char * opt_mysql_unix_port = 0;
static char *opt_password = 0, *current_user = 0, static char *opt_password = 0, *current_user = 0,
...@@ -110,6 +112,10 @@ static struct my_option my_long_options[] = ...@@ -110,6 +112,10 @@ static struct my_option my_long_options[] =
"Default authentication client-side plugin to use.", "Default authentication client-side plugin to use.",
&opt_default_auth, &opt_default_auth, 0, &opt_default_auth, &opt_default_auth, 0,
GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"enable_cleartext_plugin", OPT_ENABLE_CLEARTEXT_PLUGIN,
"Enable/disable the clear text authentication plugin.",
&opt_enable_cleartext_plugin, &opt_enable_cleartext_plugin,
0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
{"fast",'F', "Check only tables that haven't been closed properly.", {"fast",'F', "Check only tables that haven't been closed properly.",
&opt_fast, &opt_fast, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, &opt_fast, &opt_fast, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0,
0}, 0},
...@@ -326,6 +332,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), ...@@ -326,6 +332,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
verbose++; verbose++;
break; break;
case 'V': print_version(); exit(0); case 'V': print_version(); exit(0);
case OPT_ENABLE_CLEARTEXT_PLUGIN:
using_opt_enable_cleartext_plugin= TRUE;
break;
case OPT_MYSQL_PROTOCOL: case OPT_MYSQL_PROTOCOL:
opt_protocol= find_type_or_exit(argument, &sql_protocol_typelib, opt_protocol= find_type_or_exit(argument, &sql_protocol_typelib,
opt->name); opt->name);
...@@ -880,6 +889,10 @@ static int dbConnect(char *host, char *user, char *passwd) ...@@ -880,6 +889,10 @@ static int dbConnect(char *host, char *user, char *passwd)
if (opt_default_auth && *opt_default_auth) if (opt_default_auth && *opt_default_auth)
mysql_options(&mysql_connection, MYSQL_DEFAULT_AUTH, opt_default_auth); mysql_options(&mysql_connection, MYSQL_DEFAULT_AUTH, opt_default_auth);
if (using_opt_enable_cleartext_plugin)
mysql_options(&mysql_connection, MYSQL_ENABLE_CLEARTEXT_PLUGIN,
(char *) &opt_enable_cleartext_plugin);
mysql_options(&mysql_connection, MYSQL_SET_CHARSET_NAME, default_charset); mysql_options(&mysql_connection, MYSQL_SET_CHARSET_NAME, default_charset);
if (!(sock = mysql_real_connect(&mysql_connection, host, user, passwd, if (!(sock = mysql_real_connect(&mysql_connection, host, user, passwd,
NULL, opt_mysql_port, opt_mysql_unix_port, 0))) NULL, opt_mysql_port, opt_mysql_unix_port, 0)))
......
/* /*
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -129,6 +129,8 @@ static ulong opt_compatible_mode= 0; ...@@ -129,6 +129,8 @@ static ulong opt_compatible_mode= 0;
#define MYSQL_OPT_MASTER_DATA_COMMENTED_SQL 2 #define MYSQL_OPT_MASTER_DATA_COMMENTED_SQL 2
#define MYSQL_OPT_SLAVE_DATA_EFFECTIVE_SQL 1 #define MYSQL_OPT_SLAVE_DATA_EFFECTIVE_SQL 1
#define MYSQL_OPT_SLAVE_DATA_COMMENTED_SQL 2 #define MYSQL_OPT_SLAVE_DATA_COMMENTED_SQL 2
static uint opt_enable_cleartext_plugin= 0;
static my_bool using_opt_enable_cleartext_plugin= 0;
static uint opt_mysql_port= 0, opt_master_data; static uint opt_mysql_port= 0, opt_master_data;
static uint opt_slave_data; static uint opt_slave_data;
static uint my_end_arg; static uint my_end_arg;
...@@ -513,6 +515,10 @@ static struct my_option my_long_options[] = ...@@ -513,6 +515,10 @@ static struct my_option my_long_options[] =
"Default authentication client-side plugin to use.", "Default authentication client-side plugin to use.",
&opt_default_auth, &opt_default_auth, 0, &opt_default_auth, &opt_default_auth, 0,
GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"enable_cleartext_plugin", OPT_ENABLE_CLEARTEXT_PLUGIN,
"Enable/disable the clear text authentication plugin.",
&opt_enable_cleartext_plugin, &opt_enable_cleartext_plugin,
0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
{0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0} {0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
}; };
...@@ -883,6 +889,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), ...@@ -883,6 +889,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
default_charset= (char*) MYSQL_DEFAULT_CHARSET_NAME; default_charset= (char*) MYSQL_DEFAULT_CHARSET_NAME;
break; break;
} }
case (int) OPT_ENABLE_CLEARTEXT_PLUGIN:
using_opt_enable_cleartext_plugin= TRUE;
break;
case (int) OPT_MYSQL_PROTOCOL: case (int) OPT_MYSQL_PROTOCOL:
opt_protocol= find_type_or_exit(argument, &sql_protocol_typelib, opt_protocol= find_type_or_exit(argument, &sql_protocol_typelib,
opt->name); opt->name);
...@@ -1485,6 +1494,10 @@ static int connect_to_db(char *host, char *user,char *passwd) ...@@ -1485,6 +1494,10 @@ static int connect_to_db(char *host, char *user,char *passwd)
if (opt_default_auth && *opt_default_auth) if (opt_default_auth && *opt_default_auth)
mysql_options(&mysql_connection, MYSQL_DEFAULT_AUTH, opt_default_auth); mysql_options(&mysql_connection, MYSQL_DEFAULT_AUTH, opt_default_auth);
if (using_opt_enable_cleartext_plugin)
mysql_options(&mysql_connection, MYSQL_ENABLE_CLEARTEXT_PLUGIN,
(char *) &opt_enable_cleartext_plugin);
if (!(mysql= mysql_real_connect(&mysql_connection,host,user,passwd, if (!(mysql= mysql_real_connect(&mysql_connection,host,user,passwd,
NULL,opt_mysql_port,opt_mysql_unix_port, NULL,opt_mysql_port,opt_mysql_unix_port,
0))) 0)))
......
...@@ -49,6 +49,8 @@ static char *opt_password=0, *current_user=0, ...@@ -49,6 +49,8 @@ static char *opt_password=0, *current_user=0,
*lines_terminated=0, *enclosed=0, *opt_enclosed=0, *lines_terminated=0, *enclosed=0, *opt_enclosed=0,
*escaped=0, *opt_columns=0, *escaped=0, *opt_columns=0,
*default_charset= (char*) MYSQL_AUTODETECT_CHARSET_NAME; *default_charset= (char*) MYSQL_AUTODETECT_CHARSET_NAME;
static uint opt_enable_cleartext_plugin= 0;
static my_bool using_opt_enable_cleartext_plugin= 0;
static uint opt_mysql_port= 0, opt_protocol= 0; static uint opt_mysql_port= 0, opt_protocol= 0;
static char * opt_mysql_unix_port=0; static char * opt_mysql_unix_port=0;
static char *opt_plugin_dir= 0, *opt_default_auth= 0; static char *opt_plugin_dir= 0, *opt_default_auth= 0;
...@@ -88,6 +90,10 @@ static struct my_option my_long_options[] = ...@@ -88,6 +90,10 @@ static struct my_option my_long_options[] =
GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"delete", 'd', "First delete all rows from table.", &opt_delete, {"delete", 'd', "First delete all rows from table.", &opt_delete,
&opt_delete, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, &opt_delete, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
{"enable_cleartext_plugin", OPT_ENABLE_CLEARTEXT_PLUGIN,
"Enable/disable the clear text authentication plugin.",
&opt_enable_cleartext_plugin, &opt_enable_cleartext_plugin,
0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
{"fields-terminated-by", OPT_FTB, {"fields-terminated-by", OPT_FTB,
"Fields in the input file are terminated by the given string.", "Fields in the input file are terminated by the given string.",
&fields_terminated, &fields_terminated, 0, &fields_terminated, &fields_terminated, 0,
...@@ -234,6 +240,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), ...@@ -234,6 +240,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
opt_local_file=1; opt_local_file=1;
break; break;
#endif #endif
case OPT_ENABLE_CLEARTEXT_PLUGIN:
using_opt_enable_cleartext_plugin= TRUE;
break;
case OPT_MYSQL_PROTOCOL: case OPT_MYSQL_PROTOCOL:
opt_protocol= find_type_or_exit(argument, &sql_protocol_typelib, opt_protocol= find_type_or_exit(argument, &sql_protocol_typelib,
opt->name); opt->name);
...@@ -435,6 +444,10 @@ static MYSQL *db_connect(char *host, char *database, ...@@ -435,6 +444,10 @@ static MYSQL *db_connect(char *host, char *database,
if (opt_default_auth && *opt_default_auth) if (opt_default_auth && *opt_default_auth)
mysql_options(mysql, MYSQL_DEFAULT_AUTH, opt_default_auth); mysql_options(mysql, MYSQL_DEFAULT_AUTH, opt_default_auth);
if (using_opt_enable_cleartext_plugin)
mysql_options(mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN,
(char*)&opt_enable_cleartext_plugin);
mysql_options(mysql, MYSQL_SET_CHARSET_NAME, default_charset); mysql_options(mysql, MYSQL_SET_CHARSET_NAME, default_charset);
if (!(mysql_real_connect(mysql,host,user,passwd, if (!(mysql_real_connect(mysql,host,user,passwd,
database,opt_mysql_port,opt_mysql_unix_port, database,opt_mysql_port,opt_mysql_unix_port,
......
/* /*
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -37,6 +37,8 @@ static uint my_end_arg= 0; ...@@ -37,6 +37,8 @@ static uint my_end_arg= 0;
static uint opt_verbose=0; static uint opt_verbose=0;
static char *default_charset= (char*) MYSQL_AUTODETECT_CHARSET_NAME; static char *default_charset= (char*) MYSQL_AUTODETECT_CHARSET_NAME;
static char *opt_plugin_dir= 0, *opt_default_auth= 0; static char *opt_plugin_dir= 0, *opt_default_auth= 0;
static uint opt_enable_cleartext_plugin= 0;
static my_bool using_opt_enable_cleartext_plugin= 0;
#ifdef HAVE_SMEM #ifdef HAVE_SMEM
static char *shared_memory_base_name=0; static char *shared_memory_base_name=0;
...@@ -133,6 +135,10 @@ int main(int argc, char **argv) ...@@ -133,6 +135,10 @@ int main(int argc, char **argv)
if (opt_default_auth && *opt_default_auth) if (opt_default_auth && *opt_default_auth)
mysql_options(&mysql, MYSQL_DEFAULT_AUTH, opt_default_auth); mysql_options(&mysql, MYSQL_DEFAULT_AUTH, opt_default_auth);
if (using_opt_enable_cleartext_plugin)
mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN,
(char*)&opt_enable_cleartext_plugin);
if (!(mysql_real_connect(&mysql,host,user,opt_password, if (!(mysql_real_connect(&mysql,host,user,opt_password,
(first_argument_uses_wildcards) ? "" : (first_argument_uses_wildcards) ? "" :
argv[0],opt_mysql_port,opt_mysql_unix_port, argv[0],opt_mysql_port,opt_mysql_unix_port,
...@@ -195,6 +201,10 @@ static struct my_option my_long_options[] = ...@@ -195,6 +201,10 @@ static struct my_option my_long_options[] =
"Default authentication client-side plugin to use.", "Default authentication client-side plugin to use.",
&opt_default_auth, &opt_default_auth, 0, &opt_default_auth, &opt_default_auth, 0,
GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"enable_cleartext_plugin", OPT_ENABLE_CLEARTEXT_PLUGIN,
"Enable/disable the clear text authentication plugin.",
&opt_enable_cleartext_plugin, &opt_enable_cleartext_plugin,
0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
{"help", '?', "Display this help and exit.", 0, 0, 0, GET_NO_ARG, NO_ARG, {"help", '?', "Display this help and exit.", 0, 0, 0, GET_NO_ARG, NO_ARG,
0, 0, 0, 0, 0, 0}, 0, 0, 0, 0, 0, 0},
{"host", 'h', "Connect to host.", &host, &host, 0, GET_STR, {"host", 'h', "Connect to host.", &host, &host, 0, GET_STR,
...@@ -309,6 +319,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), ...@@ -309,6 +319,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
opt_protocol = MYSQL_PROTOCOL_PIPE; opt_protocol = MYSQL_PROTOCOL_PIPE;
#endif #endif
break; break;
case (int) OPT_ENABLE_CLEARTEXT_PLUGIN:
using_opt_enable_cleartext_plugin= TRUE;
break;
case OPT_MYSQL_PROTOCOL: case OPT_MYSQL_PROTOCOL:
opt_protocol= find_type_or_exit(argument, &sql_protocol_typelib, opt_protocol= find_type_or_exit(argument, &sql_protocol_typelib,
opt->name); opt->name);
......
#
# Bug #21235226 : THE --ENABLE-CLEARTEXT-PLUGIN IS NOT IMPLEMENTED
# IN ALL CLIENT PROGRAMS
#
CREATE DATABASE db21235226;
USE db21235226;
CREATE TABLE t1(a INT);
INSERT INTO t1 VALUES (1), (2);
SELECT * FROM t1;
a
1
2
CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
AS 'cleartext_test';
GRANT ALL PRIVILEGES ON *.* TO uplain@localhost;
mysqldump: Got error: 2059: Authentication plugin 'mysql_clear_password' cannot be loaded: plugin not enabled when trying to connect
SELECT * FROM t1;
a
mysqlimport: Error: 2059 Authentication plugin 'mysql_clear_password' cannot be loaded: plugin not enabled
SELECT * FROM t1;
a
1
2
mysqlshow: Authentication plugin 'mysql_clear_password' cannot be loaded: plugin not enabled
Database: db21235226
+--------+
| Tables |
+--------+
| t1 |
+--------+
mysqlcheck: Got error: 2059: Authentication plugin 'mysql_clear_password' cannot be loaded: plugin not enabled when trying to connect
db21235226.t1 OK
DROP TABLE t1;
DROP DATABASE db21235226;
DROP USER uplain@localhost;
$PLUGIN_AUTH_OPT
$PLUGIN_AUTH_LOAD
--source include/have_plugin_auth.inc
--source include/not_embedded.inc
--echo #
--echo # Bug #21235226 : THE --ENABLE-CLEARTEXT-PLUGIN IS NOT IMPLEMENTED
--echo # IN ALL CLIENT PROGRAMS
--echo #
CREATE DATABASE db21235226;
USE db21235226;
CREATE TABLE t1(a INT);
INSERT INTO t1 VALUES (1), (2);
SELECT * FROM t1;
CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
AS 'cleartext_test';
GRANT ALL PRIVILEGES ON *.* TO uplain@localhost;
#Reset the LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN variable.
let LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN=N;
#Scenario 1 : MYSQL_DUMP without --enable_cleartext_plugin
# Should get CR_AUTH_PLUGIN_CANNOT_LOAD error
--error 2
--exec $MYSQL_DUMP --user=uplain --password=cleartext_test --tab=$MYSQLTEST_VARDIR/tmp/ db21235226 2>&1
#Scenario 2 : MYSQL_DUMP with --enable_cleartext_plugin
--exec $MYSQL_DUMP --enable_cleartext_plugin --user=uplain --password=cleartext_test --tab=$MYSQLTEST_VARDIR/tmp/ db21235226
--exec $MYSQL --enable_cleartext_plugin --user=uplain --password=cleartext_test db21235226 < $MYSQLTEST_VARDIR/tmp/t1.sql
SELECT * FROM t1;
#Scenario 3 : MYSQL_IMPORT without --enable_cleartext_plugin
# Should get CR_AUTH_PLUGIN_CANNOT_LOAD error
--replace_regex /.*mysqlimport(\.exe)*/mysqlimport/
--error 1
--exec $MYSQL_IMPORT --user=uplain --password=cleartext_test --silent db21235226 $MYSQLTEST_VARDIR/tmp/t1.txt 2>&1
#Scenario 4 : MYSQL_IMPORT with --enable_cleartext_plugin
--exec $MYSQL_IMPORT --enable_cleartext_plugin --user=uplain --password=cleartext_test --silent db21235226 $MYSQLTEST_VARDIR/tmp/t1.txt
SELECT * FROM t1;
#Scenario 5 : MYSQL_SHOW without --enable_cleartext_plugin
# Should get CR_AUTH_PLUGIN_CANNOT_LOAD error
--replace_regex /.*mysqlshow(\.exe)*/mysqlshow/
--error 1
--exec $MYSQL_SHOW --user=uplain --password=cleartext_test db21235226 2>&1
#Scenario 6 : MYSQL_SHOW with --enable_cleartext_plugin
--exec $MYSQL_SHOW --enable_cleartext_plugin --user=uplain --password=cleartext_test db21235226
#Scenario 7 : MYSQL_CHECK without --enable_cleartext_plugin
# Should get CR_AUTH_PLUGIN_CANNOT_LOAD error
--replace_regex /.*mysqlcheck(\.exe)*/mysqlcheck/
--error 2
--exec $MYSQL_CHECK --user=uplain --password=cleartext_test db21235226 t1 2>&1
#Scenario 8 : MYSQL_CHECK with --enable_cleartext_plugin
--exec $MYSQL_CHECK --enable_cleartext_plugin --user=uplain --password=cleartext_test db21235226 t1
#Cleanup
DROP TABLE t1;
DROP DATABASE db21235226;
DROP USER uplain@localhost;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment