Commit 5599fef0 authored by Georgi Kodinov's avatar Georgi Kodinov

Bug #59657: Move the client authentication_pam plugin into the server repository

Created a clear text built in client authentication plugin.
Test case added.
Added a negative test case : a login failure.
parent 565d3453
...@@ -27,7 +27,7 @@ ...@@ -27,7 +27,7 @@
# with name1, name2 etc from the comma separated list of plugin names # with name1, name2 etc from the comma separated list of plugin names
# in the optional 4th argument. # in the optional 4th argument.
auth_test_plugin plugin/auth PLUGIN_AUTH test_plugin_server auth_test_plugin plugin/auth PLUGIN_AUTH test_plugin_server,cleartext_plugin_server
qa_auth_interface plugin/auth PLUGIN_AUTH_INTERFACE qa_auth_interface qa_auth_interface plugin/auth PLUGIN_AUTH_INTERFACE qa_auth_interface
qa_auth_server plugin/auth PLUGIN_AUTH_SERVER qa_auth_server qa_auth_server plugin/auth PLUGIN_AUTH_SERVER qa_auth_server
qa_auth_client plugin/auth PLUGIN_AUTH_CLIENT qa_auth_client qa_auth_client plugin/auth PLUGIN_AUTH_CLIENT qa_auth_client
......
...@@ -330,4 +330,16 @@ mysqld is alive ...@@ -330,4 +330,16 @@ mysqld is alive
# Executing 'mysqldump' # Executing 'mysqldump'
# Executing 'mysql_upgrade' # Executing 'mysql_upgrade'
The --upgrade-system-tables option was used, databases won't be touched. The --upgrade-system-tables option was used, databases won't be touched.
#
# Bug #59657: Move the client authentication_pam plugin into the
# server repository
#
CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
AS 'cleartext_test';
## test plugin auth
ERROR 28000: Access denied for user 'uplain'@'localhost' (using password: YES)
select USER(),CURRENT_USER();
USER() CURRENT_USER()
uplain@localhost uplain@localhost
DROP USER uplain@localhost;
End of 5.5 tests End of 5.5 tests
...@@ -411,4 +411,26 @@ FLUSH PRIVILEGES; ...@@ -411,4 +411,26 @@ FLUSH PRIVILEGES;
--echo # Executing 'mysql_upgrade' --echo # Executing 'mysql_upgrade'
--exec $MYSQL_UPGRADE -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT --default-auth=auth_test_plugin $PLUGIN_AUTH_OPT --skip-verbose --force --upgrade-system-tables --exec $MYSQL_UPGRADE -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT --default-auth=auth_test_plugin $PLUGIN_AUTH_OPT --skip-verbose --force --upgrade-system-tables
--echo #
--echo # Bug #59657: Move the client authentication_pam plugin into the
--echo # server repository
--echo #
CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
AS 'cleartext_test';
--echo ## test plugin auth
--disable_query_log
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(cleartext_fail_con,localhost,uplain,cleartext_test2);
--enable_query_log
connect(cleartext_con,localhost,uplain,cleartext_test);
connection cleartext_con;
select USER(),CURRENT_USER();
connection default;
disconnect cleartext_con;
DROP USER uplain@localhost;
--echo End of 5.5 tests --echo End of 5.5 tests
...@@ -82,6 +82,36 @@ static struct st_mysql_auth auth_test_handler= ...@@ -82,6 +82,36 @@ static struct st_mysql_auth auth_test_handler=
auth_test_plugin auth_test_plugin
}; };
/**
dialog test plugin mimicking the ordinary auth mechanism. Used to test the clear text plugin API
*/
static int auth_cleartext_plugin(MYSQL_PLUGIN_VIO *vio,
MYSQL_SERVER_AUTH_INFO *info)
{
unsigned char *pkt;
int pkt_len;
/* read the password */
if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
return CR_ERROR;
info->password_used= PASSWORD_USED_YES;
/* fail if the password is wrong */
if (strcmp((const char *) pkt, info->auth_string))
return CR_ERROR;
return CR_OK;
}
static struct st_mysql_auth auth_cleartext_handler=
{
MYSQL_AUTHENTICATION_INTERFACE_VERSION,
"mysql_clear_password", /* requires the clear text plugin */
auth_cleartext_plugin
};
mysql_declare_plugin(test_plugin) mysql_declare_plugin(test_plugin)
{ {
MYSQL_AUTHENTICATION_PLUGIN, MYSQL_AUTHENTICATION_PLUGIN,
...@@ -96,9 +126,24 @@ mysql_declare_plugin(test_plugin) ...@@ -96,9 +126,24 @@ mysql_declare_plugin(test_plugin)
NULL, NULL,
NULL, NULL,
NULL NULL
},
{
MYSQL_AUTHENTICATION_PLUGIN,
&auth_cleartext_handler,
"cleartext_plugin_server",
"Georgi Kodinov",
"cleartext plugin API test plugin",
PLUGIN_LICENSE_GPL,
NULL,
NULL,
0x0100,
NULL,
NULL,
NULL
} }
mysql_declare_plugin_end; mysql_declare_plugin_end;
/********************* CLIENT SIDE ***************************************/ /********************* CLIENT SIDE ***************************************/
/* /*
client plugin used for testing the plugin API client plugin used for testing the plugin API
......
...@@ -2261,6 +2261,7 @@ typedef struct st_mysql_client_plugin_AUTHENTICATION auth_plugin_t; ...@@ -2261,6 +2261,7 @@ typedef struct st_mysql_client_plugin_AUTHENTICATION auth_plugin_t;
static int client_mpvio_write_packet(struct st_plugin_vio*, const uchar*, int); static int client_mpvio_write_packet(struct st_plugin_vio*, const uchar*, int);
static int native_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql); static int native_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql);
static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql); static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql);
static int clear_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql);
static auth_plugin_t native_password_client_plugin= static auth_plugin_t native_password_client_plugin=
{ {
...@@ -2294,10 +2295,27 @@ static auth_plugin_t old_password_client_plugin= ...@@ -2294,10 +2295,27 @@ static auth_plugin_t old_password_client_plugin=
old_password_auth_client old_password_auth_client
}; };
static auth_plugin_t clear_password_client_plugin=
{
MYSQL_CLIENT_AUTHENTICATION_PLUGIN,
MYSQL_CLIENT_AUTHENTICATION_PLUGIN_INTERFACE_VERSION,
"mysql_clear_password",
"Georgi Kodinov",
"Clear password authentication plugin",
{0,1,0},
"GPL",
NULL,
NULL,
NULL,
NULL,
clear_password_auth_client
};
struct st_mysql_client_plugin *mysql_client_builtins[]= struct st_mysql_client_plugin *mysql_client_builtins[]=
{ {
(struct st_mysql_client_plugin *)&native_password_client_plugin, (struct st_mysql_client_plugin *)&native_password_client_plugin,
(struct st_mysql_client_plugin *)&old_password_client_plugin, (struct st_mysql_client_plugin *)&old_password_client_plugin,
(struct st_mysql_client_plugin *)&clear_password_client_plugin,
0 0
}; };
...@@ -4271,3 +4289,20 @@ static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql) ...@@ -4271,3 +4289,20 @@ static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
DBUG_RETURN(CR_OK); DBUG_RETURN(CR_OK);
} }
/**
The main function of the mysql_clear_password authentication plugin.
*/
static int clear_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
{
int res;
/* send password in clear text */
res= vio->write_packet(vio, (const unsigned char *) mysql->passwd,
strlen(mysql->passwd) + 1);
return res ? CR_ERROR : CR_OK;
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment