Commit 5616bd55 authored by Sergei Golubchik's avatar Sergei Golubchik

unix_socket bypasses make_if_fail by not doing any network reads

parent 18830d78
update mysql.user set plugin='unix_socket';
flush privileges;
connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET);
ERROR HY000: Plugin 'unix_socket' is not loaded
ERROR HY000: Plugin 'unix_socket' is not loaded
install plugin unix_socket soname 'auth_socket.so';
connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'USER'@'localhost' (using password: NO)
ERROR 28000: Access denied for user 'USER'@'localhost' (using password: NO)
update mysql.user set plugin='';
flush privileges;
uninstall plugin unix_socket;
--source include/have_unix_socket.inc
#
# MDEV-3909 remote user enumeration
# unix_socket tests
#
update mysql.user set plugin='unix_socket';
flush privileges;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT $USER USER
--error ER_PLUGIN_IS_NOT_LOADED
connect (fail,localhost,$USER);
--error ER_PLUGIN_IS_NOT_LOADED
change_user $USER;
eval install plugin unix_socket soname '$AUTH_SOCKET_SO';
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT $USER USER
--error ER_ACCESS_DENIED_ERROR
connect (fail,localhost,$USER);
--error ER_ACCESS_DENIED_ERROR
change_user $USER;
update mysql.user set plugin='';
flush privileges;
uninstall plugin unix_socket;
...@@ -8192,6 +8192,11 @@ bool acl_authenticate(THD *thd, uint connect_errors, ...@@ -8192,6 +8192,11 @@ bool acl_authenticate(THD *thd, uint connect_errors,
auth_plugin_name= &mpvio.acl_user->plugin; auth_plugin_name= &mpvio.acl_user->plugin;
res= do_auth_once(thd, auth_plugin_name, &mpvio); res= do_auth_once(thd, auth_plugin_name, &mpvio);
} }
if (mpvio.make_it_fail)
{
mpvio.status= MPVIO_EXT::FAILURE;
res= CR_ERROR;
}
Security_context *sctx= thd->security_ctx; Security_context *sctx= thd->security_ctx;
ACL_USER *acl_user= mpvio.acl_user; ACL_USER *acl_user= mpvio.acl_user;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment