diff options
3 files changed, 176 insertions, 4 deletions
diff --git a/mysql-test/suite/perfschema/r/hostcache_ipv4_auth_ed25519.result b/mysql-test/suite/perfschema/r/hostcache_ipv4_auth_ed25519.result new file mode 100644 index 00000000000..ac40e37dd66 --- /dev/null +++ b/mysql-test/suite/perfschema/r/hostcache_ipv4_auth_ed25519.result @@ -0,0 +1,119 @@ +install soname 'auth_ed25519'; +flush status; +flush hosts; +flush user_resources; +flush privileges; +select `User`, `Host` from mysql.`user` where `host` like '%\\%%'; +User Host +select `User`, `Host` from mysql.`user` where `user` like '192.%'; +User Host +select `User`, `Host` from mysql.`user` where `user` like '2001:%'; +User Host +select `User`, `Host` from mysql.`user` where `user` like 'santa.claus.%'; +User Host +create user plug1@'santa.claus.ipv4.example.com' + identified with ed25519 as 'foo'; +create user plug2@'santa.claus.ipv4.example.com' + identified with ED25519 as 'vubFBzIrapbfHct1/J72dnUryz5VS7lA6XHH8sIx4TI'; +set @saved_dbug = @@global.debug_dbug; +set global debug_dbug= "+d,vio_peer_addr_fake_ipv4,getnameinfo_fake_ipv4,getaddrinfo_fake_good_ipv4"; +connect(127.0.0.1,plug1,foo,test,PORT,SOCKET); +connect con1, 127.0.0.1, plug1,foo,,$MASTER_MYPORT; +ERROR 28000: Access denied for user 'plug1'@'santa.claus.ipv4.example.com' (using password: NO) +"Dumping performance_schema.host_cache" +IP 192.0.2.4 +HOST santa.claus.ipv4.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 0 +COUNT_HOST_BLOCKED_ERRORS 0 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 1 +COUNT_HANDSHAKE_ERRORS 0 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 0 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTIONS_ERRORS 0 +COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS 0 +COUNT_DEFAULT_DATABASE_ERRORS 0 +COUNT_INIT_CONNECT_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +connect(127.0.0.1,plug2,bar,test,PORT,SOCKET); +connect con1, 127.0.0.1, plug2,bar,,$MASTER_MYPORT; +ERROR 28000: Access denied for user 'plug2'@'santa.claus.ipv4.example.com' (using password: YES) +"Dumping performance_schema.host_cache" +IP 192.0.2.4 +HOST santa.claus.ipv4.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 0 +COUNT_HOST_BLOCKED_ERRORS 0 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 1 +COUNT_HANDSHAKE_ERRORS 0 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 1 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTIONS_ERRORS 0 +COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS 0 +COUNT_DEFAULT_DATABASE_ERRORS 0 +COUNT_INIT_CONNECT_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +connect con1, 127.0.0.1, plug2,foo,,$MASTER_MYPORT; +select current_user(); +current_user() +plug2@santa.claus.ipv4.example.com +disconnect con1; +connection default; +"Dumping performance_schema.host_cache" +IP 192.0.2.4 +HOST santa.claus.ipv4.example.com +HOST_VALIDATED YES +SUM_CONNECT_ERRORS 0 +COUNT_HOST_BLOCKED_ERRORS 0 +COUNT_NAMEINFO_TRANSIENT_ERRORS 0 +COUNT_NAMEINFO_PERMANENT_ERRORS 0 +COUNT_FORMAT_ERRORS 0 +COUNT_ADDRINFO_TRANSIENT_ERRORS 0 +COUNT_ADDRINFO_PERMANENT_ERRORS 0 +COUNT_FCRDNS_ERRORS 0 +COUNT_HOST_ACL_ERRORS 0 +COUNT_NO_AUTH_PLUGIN_ERRORS 0 +COUNT_AUTH_PLUGIN_ERRORS 1 +COUNT_HANDSHAKE_ERRORS 0 +COUNT_PROXY_USER_ERRORS 0 +COUNT_PROXY_USER_ACL_ERRORS 0 +COUNT_AUTHENTICATION_ERRORS 1 +COUNT_SSL_ERRORS 0 +COUNT_MAX_USER_CONNECTIONS_ERRORS 0 +COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS 0 +COUNT_DEFAULT_DATABASE_ERRORS 0 +COUNT_INIT_CONNECT_ERRORS 0 +COUNT_LOCAL_ERRORS 0 +COUNT_UNKNOWN_ERRORS 0 +FIRST_ERROR_SEEN set +LAST_ERROR_SEEN set +drop user plug1@'santa.claus.ipv4.example.com'; +drop user plug2@'santa.claus.ipv4.example.com'; +set @@global.debug_dbug = @saved_dbug; +uninstall plugin ed25519; diff --git a/mysql-test/suite/perfschema/t/hostcache_ipv4_auth_ed25519.test b/mysql-test/suite/perfschema/t/hostcache_ipv4_auth_ed25519.test new file mode 100644 index 00000000000..6a97b6d0958 --- /dev/null +++ b/mysql-test/suite/perfschema/t/hostcache_ipv4_auth_ed25519.test @@ -0,0 +1,53 @@ +# +# Tests for the performance_schema host_cache. +# +# Test authorization with auth plugins. +# error reporting in: +# - column COUNT_AUTH_PLUGIN_ERRORS +# - column COUNT_PROXY_USER_ERRORS +# - column COUNT_PROXY_USER_ACL_ERRORS + +source include/not_embedded.inc; +source include/have_debug.inc; +source include/have_perfschema.inc; +source include/have_plugin_auth.inc; +source include/have_hostname_cache.inc; + +if (!$AUTH_ED25519_SO) { + skip No auth_ed25519 plugin; +} +install soname 'auth_ed25519'; + +# Enforce a clean state +source ../include/wait_for_pfs_thread_count.inc; +source ../include/hostcache_set_state.inc; + +create user plug1@'santa.claus.ipv4.example.com' + identified with ed25519 as 'foo'; +create user plug2@'santa.claus.ipv4.example.com' + identified with ED25519 as 'vubFBzIrapbfHct1/J72dnUryz5VS7lA6XHH8sIx4TI'; + +set @saved_dbug = @@global.debug_dbug; +set global debug_dbug= "+d,vio_peer_addr_fake_ipv4,getnameinfo_fake_ipv4,getaddrinfo_fake_good_ipv4"; + +replace_result $MASTER_MYPORT PORT $MASTER_MYSOCK SOCKET; +error ER_ACCESS_DENIED_ERROR; +connect con1, 127.0.0.1, plug1,foo,,$MASTER_MYPORT; +source ../include/hostcache_dump.inc; + +replace_result $MASTER_MYPORT PORT $MASTER_MYSOCK SOCKET; +error ER_ACCESS_DENIED_ERROR; +connect con1, 127.0.0.1, plug2,bar,,$MASTER_MYPORT; +source ../include/hostcache_dump.inc; + +connect con1, 127.0.0.1, plug2,foo,,$MASTER_MYPORT; +select current_user(); +disconnect con1; +connection default; +source ../include/hostcache_dump.inc; + +drop user plug1@'santa.claus.ipv4.example.com'; +drop user plug2@'santa.claus.ipv4.example.com'; + +set @@global.debug_dbug = @saved_dbug; +uninstall plugin ed25519; diff --git a/plugin/auth_ed25519/server_ed25519.c b/plugin/auth_ed25519/server_ed25519.c index 81fc3e66755..e9678450042 100644 --- a/plugin/auth_ed25519/server_ed25519.c +++ b/plugin/auth_ed25519/server_ed25519.c @@ -41,17 +41,17 @@ static int auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) /* prepare the pk */ if (info->auth_string_length != PASSWORD_LEN) - return CR_AUTH_USER_CREDENTIALS; + return CR_ERROR; // bad password in the user table memcpy(pw, info->auth_string, PASSWORD_LEN); pw[PASSWORD_LEN]= '='; if (my_base64_decode(pw, PASSWORD_LEN_BUF, pk, NULL, 0) != CRYPTO_PUBLICKEYBYTES) - return CR_AUTH_USER_CREDENTIALS; + return CR_ERROR; // bad password in the user table info->password_used= PASSWORD_USED_YES; /* prepare random nonce */ if (my_random_bytes((unsigned char *)nonce, (int)sizeof(nonce))) - return CR_AUTH_USER_CREDENTIALS; + return CR_ERROR; // eh? OpenSSL error /* send it */ if (vio->write_packet(vio, reply + CRYPTO_BYTES, NONCE_BYTES)) @@ -63,7 +63,7 @@ static int auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) memcpy(reply, pkt, CRYPTO_BYTES); if (crypto_sign_open(reply, CRYPTO_BYTES + NONCE_BYTES, pk)) - return CR_ERROR; + return CR_AUTH_USER_CREDENTIALS; // wrong password provided by the user return CR_OK; } |