diff options
| -rw-r--r-- | mysql-test/include/plugin.defs | 2 | ||||
| -rw-r--r-- | mysql-test/r/plugin_auth.result | 12 | ||||
| -rw-r--r-- | mysql-test/t/plugin_auth.test | 22 | ||||
| -rw-r--r-- | plugin/auth/test_plugin.c | 45 | ||||
| -rw-r--r-- | sql-common/client.c | 35 |
5 files changed, 115 insertions, 1 deletions
diff --git a/mysql-test/include/plugin.defs b/mysql-test/include/plugin.defs index 4da03dc2cc9..e07c603c8e5 100644 --- a/mysql-test/include/plugin.defs +++ b/mysql-test/include/plugin.defs @@ -27,7 +27,7 @@ # with name1, name2 etc from the comma separated list of plugin names # in the optional 4th argument. -auth_test_plugin plugin/auth PLUGIN_AUTH test_plugin_server +auth_test_plugin plugin/auth PLUGIN_AUTH test_plugin_server,cleartext_plugin_server qa_auth_interface plugin/auth PLUGIN_AUTH_INTERFACE qa_auth_interface qa_auth_server plugin/auth PLUGIN_AUTH_SERVER qa_auth_server qa_auth_client plugin/auth PLUGIN_AUTH_CLIENT qa_auth_client diff --git a/mysql-test/r/plugin_auth.result b/mysql-test/r/plugin_auth.result index fa6908530b7..7f26cdf447a 100644 --- a/mysql-test/r/plugin_auth.result +++ b/mysql-test/r/plugin_auth.result @@ -330,4 +330,16 @@ mysqld is alive # Executing 'mysqldump' # Executing 'mysql_upgrade' The --upgrade-system-tables option was used, databases won't be touched. +# +# Bug #59657: Move the client authentication_pam plugin into the +# server repository +# +CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server' + AS 'cleartext_test'; +## test plugin auth +ERROR 28000: Access denied for user 'uplain'@'localhost' (using password: YES) +select USER(),CURRENT_USER(); +USER() CURRENT_USER() +uplain@localhost uplain@localhost +DROP USER uplain@localhost; End of 5.5 tests diff --git a/mysql-test/t/plugin_auth.test b/mysql-test/t/plugin_auth.test index 5efb50a41e1..753593efc94 100644 --- a/mysql-test/t/plugin_auth.test +++ b/mysql-test/t/plugin_auth.test @@ -411,4 +411,26 @@ FLUSH PRIVILEGES; --echo # Executing 'mysql_upgrade' --exec $MYSQL_UPGRADE -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT --default-auth=auth_test_plugin $PLUGIN_AUTH_OPT --skip-verbose --force --upgrade-system-tables +--echo # +--echo # Bug #59657: Move the client authentication_pam plugin into the +--echo # server repository +--echo # + +CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server' + AS 'cleartext_test'; + +--echo ## test plugin auth +--disable_query_log +--error ER_ACCESS_DENIED_ERROR : this should fail : no grant +connect(cleartext_fail_con,localhost,uplain,cleartext_test2); +--enable_query_log + +connect(cleartext_con,localhost,uplain,cleartext_test); +connection cleartext_con; +select USER(),CURRENT_USER(); + +connection default; +disconnect cleartext_con; +DROP USER uplain@localhost; + --echo End of 5.5 tests diff --git a/plugin/auth/test_plugin.c b/plugin/auth/test_plugin.c index 161062d5b6c..d38b2782285 100644 --- a/plugin/auth/test_plugin.c +++ b/plugin/auth/test_plugin.c @@ -82,6 +82,36 @@ static struct st_mysql_auth auth_test_handler= auth_test_plugin }; +/** + dialog test plugin mimicking the ordinary auth mechanism. Used to test the clear text plugin API +*/ +static int auth_cleartext_plugin(MYSQL_PLUGIN_VIO *vio, + MYSQL_SERVER_AUTH_INFO *info) +{ + unsigned char *pkt; + int pkt_len; + + /* read the password */ + if ((pkt_len= vio->read_packet(vio, &pkt)) < 0) + return CR_ERROR; + + info->password_used= PASSWORD_USED_YES; + + /* fail if the password is wrong */ + if (strcmp((const char *) pkt, info->auth_string)) + return CR_ERROR; + + return CR_OK; +} + + +static struct st_mysql_auth auth_cleartext_handler= +{ + MYSQL_AUTHENTICATION_INTERFACE_VERSION, + "mysql_clear_password", /* requires the clear text plugin */ + auth_cleartext_plugin +}; + mysql_declare_plugin(test_plugin) { MYSQL_AUTHENTICATION_PLUGIN, @@ -96,9 +126,24 @@ mysql_declare_plugin(test_plugin) NULL, NULL, NULL +}, +{ + MYSQL_AUTHENTICATION_PLUGIN, + &auth_cleartext_handler, + "cleartext_plugin_server", + "Georgi Kodinov", + "cleartext plugin API test plugin", + PLUGIN_LICENSE_GPL, + NULL, + NULL, + 0x0100, + NULL, + NULL, + NULL } mysql_declare_plugin_end; + /********************* CLIENT SIDE ***************************************/ /* client plugin used for testing the plugin API diff --git a/sql-common/client.c b/sql-common/client.c index 3b7fc11a537..0ff03f6609b 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -2261,6 +2261,7 @@ typedef struct st_mysql_client_plugin_AUTHENTICATION auth_plugin_t; static int client_mpvio_write_packet(struct st_plugin_vio*, const uchar*, int); static int native_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql); static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql); +static int clear_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql); static auth_plugin_t native_password_client_plugin= { @@ -2294,10 +2295,27 @@ static auth_plugin_t old_password_client_plugin= old_password_auth_client }; +static auth_plugin_t clear_password_client_plugin= +{ + MYSQL_CLIENT_AUTHENTICATION_PLUGIN, + MYSQL_CLIENT_AUTHENTICATION_PLUGIN_INTERFACE_VERSION, + "mysql_clear_password", + "Georgi Kodinov", + "Clear password authentication plugin", + {0,1,0}, + "GPL", + NULL, + NULL, + NULL, + NULL, + clear_password_auth_client +}; + struct st_mysql_client_plugin *mysql_client_builtins[]= { (struct st_mysql_client_plugin *)&native_password_client_plugin, (struct st_mysql_client_plugin *)&old_password_client_plugin, + (struct st_mysql_client_plugin *)&clear_password_client_plugin, 0 }; @@ -4271,3 +4289,20 @@ static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql) DBUG_RETURN(CR_OK); } + +/** + The main function of the mysql_clear_password authentication plugin. +*/ + +static int clear_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql) +{ + int res; + + /* send password in clear text */ + res= vio->write_packet(vio, (const unsigned char *) mysql->passwd, + strlen(mysql->passwd) + 1); + + return res ? CR_ERROR : CR_OK; +} + + |