diff options
| -rw-r--r-- | libmysql/client_settings.h | 5 | ||||
| -rw-r--r-- | mysql-test/r/auth_rpl.result | 22 | ||||
| -rw-r--r-- | mysql-test/t/auth_rpl-master.opt | 2 | ||||
| -rw-r--r-- | mysql-test/t/auth_rpl-slave.opt | 4 | ||||
| -rw-r--r-- | mysql-test/t/auth_rpl.test | 64 | ||||
| -rw-r--r-- | sql/client_settings.h | 15 | ||||
| -rw-r--r-- | sql/slave.cc | 4 |
7 files changed, 113 insertions, 3 deletions
diff --git a/libmysql/client_settings.h b/libmysql/client_settings.h index d04d61067f2..ecc9a7773ca 100644 --- a/libmysql/client_settings.h +++ b/libmysql/client_settings.h @@ -22,6 +22,11 @@ extern uint mysql_port; extern char * mysql_unix_port; +/* + Note: CLIENT_CAPABILITIES is also defined in sql/client_settings.h. + When adding capabilities here, consider if they should be also added to + the server's version. +*/ #define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | \ CLIENT_LONG_FLAG | \ CLIENT_TRANSACTIONS | \ diff --git a/mysql-test/r/auth_rpl.result b/mysql-test/r/auth_rpl.result new file mode 100644 index 00000000000..1c03461df9b --- /dev/null +++ b/mysql-test/r/auth_rpl.result @@ -0,0 +1,22 @@ +include/master-slave.inc +[connection master] +[connection slave] +include/stop_slave.inc +[connection master] +CREATE USER 'plug_user' IDENTIFIED WITH 'test_plugin_server' AS 'plug_user'; +GRANT REPLICATION SLAVE ON *.* TO plug_user; +FLUSH PRIVILEGES; +[connection slave] +CHANGE MASTER TO MASTER_USER= 'plug_user'; +include/start_slave.inc +# Slave in-sync with master now. +SELECT user, plugin, authentication_string FROM mysql.user WHERE user LIKE 'plug_user'; +user plugin authentication_string +plug_user test_plugin_server plug_user +# Cleanup (on slave). +include/stop_slave.inc +CHANGE MASTER TO MASTER_USER='root'; +DROP USER 'plug_user'; +# Cleanup (on master). +DROP USER 'plug_user'; +include/rpl_end.inc diff --git a/mysql-test/t/auth_rpl-master.opt b/mysql-test/t/auth_rpl-master.opt new file mode 100644 index 00000000000..3536d102387 --- /dev/null +++ b/mysql-test/t/auth_rpl-master.opt @@ -0,0 +1,2 @@ +$PLUGIN_AUTH_OPT +$PLUGIN_AUTH_LOAD diff --git a/mysql-test/t/auth_rpl-slave.opt b/mysql-test/t/auth_rpl-slave.opt new file mode 100644 index 00000000000..3f4af6e59bb --- /dev/null +++ b/mysql-test/t/auth_rpl-slave.opt @@ -0,0 +1,4 @@ +--master-retry-count=1 +$PLUGIN_AUTH_OPT +$PLUGIN_AUTH_LOAD + diff --git a/mysql-test/t/auth_rpl.test b/mysql-test/t/auth_rpl.test new file mode 100644 index 00000000000..9947d463acd --- /dev/null +++ b/mysql-test/t/auth_rpl.test @@ -0,0 +1,64 @@ +--source include/have_plugin_auth.inc
+--source include/not_embedded.inc
+--source include/master-slave.inc
+
+#
+# Check that replication slave can connect to master using an account
+# which authenticates with an external authentication plugin (bug#12897501).
+
+#
+# First stop the slave to guarantee that nothing is replicated.
+#
+--connection slave
+--echo [connection slave]
+--source include/stop_slave.inc
+#
+# Create an replication account on the master.
+#
+--connection master
+--echo [connection master]
+CREATE USER 'plug_user' IDENTIFIED WITH 'test_plugin_server' AS 'plug_user';
+GRANT REPLICATION SLAVE ON *.* TO plug_user;
+FLUSH PRIVILEGES;
+
+#
+# Now go to slave and change the replication user.
+#
+--connection slave
+--echo [connection slave]
+--let $master_user= query_get_value(SHOW SLAVE STATUS, Master_User, 1)
+CHANGE MASTER TO MASTER_USER= 'plug_user';
+
+#
+# Start slave with new replication account - this should trigger connection
+# to the master server.
+#
+--source include/start_slave.inc
+
+# Replicate all statements executed on master, in this case,
+# (creation of the plug_user account).
+#
+--connection master
+--sync_slave_with_master
+--echo # Slave in-sync with master now.
+
+SELECT user, plugin, authentication_string FROM mysql.user WHERE user LIKE 'plug_user';
+
+#
+# Now we can stop the slave and clean up.
+#
+# Note: it is important that slave is stopped at this
+# moment - otherwise master's cleanup statements
+# would be replicated on slave!
+#
+--echo # Cleanup (on slave).
+--source include/stop_slave.inc
+eval CHANGE MASTER TO MASTER_USER='$master_user';
+DROP USER 'plug_user';
+
+--echo # Cleanup (on master).
+--connection master
+DROP USER 'plug_user';
+
+--let $rpl_only_running_threads= 1
+--source include/rpl_end.inc
diff --git a/sql/client_settings.h b/sql/client_settings.h index d9145bcce26..acae7907aa5 100644 --- a/sql/client_settings.h +++ b/sql/client_settings.h @@ -23,9 +23,18 @@ #include <thr_alarm.h> #include <sql_common.h> -#define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | \ - CLIENT_SECURE_CONNECTION | CLIENT_TRANSACTIONS | \ - CLIENT_PROTOCOL_41 | CLIENT_SECURE_CONNECTION) +/* + Note: CLIENT_CAPABILITIES is also defined in libmysql/client_settings.h. + When adding capabilities here, consider if they should be also added to + the libmysql version. +*/ +#define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | \ + CLIENT_LONG_FLAG | \ + CLIENT_SECURE_CONNECTION | \ + CLIENT_TRANSACTIONS | \ + CLIENT_PROTOCOL_41 | \ + CLIENT_SECURE_CONNECTION | \ + CLIENT_PLUGIN_AUTH) #define read_user_name(A) {} #undef HAVE_SMEM diff --git a/sql/slave.cc b/sql/slave.cc index d0b123c5c6f..7a3eee952c3 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -4204,6 +4204,10 @@ static int connect_to_master(THD* thd, MYSQL* mysql, Master_info* mi, /* This one is not strictly needed but we have it here for completeness */ mysql_options(mysql, MYSQL_SET_CHARSET_DIR, (char *) charsets_dir); + /* Set MYSQL_PLUGIN_DIR in case master asks for an external authentication plugin */ + if (opt_plugin_dir_ptr && *opt_plugin_dir_ptr)
+ mysql_options(mysql, MYSQL_PLUGIN_DIR, opt_plugin_dir_ptr);
+ while (!(slave_was_killed = io_slave_killed(thd,mi)) && (reconnect ? mysql_reconnect(mysql) != 0 : mysql_real_connect(mysql, mi->host, mi->user, mi->password, 0, |