3292 Georgi Kodinov 2011-01-31
Bug #59657: Move the client authentication_pam plugin into the server repository
Created a clear text built in client authentication plugin.
Test case added.
Added a negative test case : a login failure.
modified:
mysql-test/include/plugin.defs
mysql-test/r/plugin_auth.result
mysql-test/t/plugin_auth.test
plugin/auth/test_plugin.c
sql-common/client.c
3291 Alfranio Correia 2011-01-31 [merge]
null-merge
=== modified file 'mysql-test/include/plugin.defs'
--- a/mysql-test/include/plugin.defs 2011-01-11 13:27:03 +0000
+++ b/mysql-test/include/plugin.defs 2011-01-31 15:32:57 +0000
@@ -27,7 +27,7 @@
# with name1, name2 etc from the comma separated list of plugin names
# in the optional 4th argument.
-auth_test_plugin plugin/auth PLUGIN_AUTH test_plugin_server
+auth_test_plugin plugin/auth PLUGIN_AUTH test_plugin_server,cleartext_plugin_server
qa_auth_interface plugin/auth PLUGIN_AUTH_INTERFACE qa_auth_interface
qa_auth_server plugin/auth PLUGIN_AUTH_SERVER qa_auth_server
qa_auth_client plugin/auth PLUGIN_AUTH_CLIENT qa_auth_client
=== modified file 'mysql-test/r/plugin_auth.result'
--- a/mysql-test/r/plugin_auth.result 2011-01-16 03:59:05 +0000
+++ b/mysql-test/r/plugin_auth.result 2011-01-31 15:32:57 +0000
@@ -330,4 +330,16 @@ mysqld is alive
# Executing 'mysqldump'
# Executing 'mysql_upgrade'
The --upgrade-system-tables option was used, databases won't be touched.
+#
+# Bug #59657: Move the client authentication_pam plugin into the
+# server repository
+#
+CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
+ AS 'cleartext_test';
+## test plugin auth
+ERROR 28000: Access denied for user 'uplain'@'localhost' (using password: YES)
+select USER(),CURRENT_USER();
+USER() CURRENT_USER()
+uplain@localhost uplain@localhost
+DROP USER uplain@localhost;
End of 5.5 tests
=== modified file 'mysql-test/t/plugin_auth.test'
--- a/mysql-test/t/plugin_auth.test 2011-01-16 03:59:05 +0000
+++ b/mysql-test/t/plugin_auth.test 2011-01-31 15:32:57 +0000
@@ -411,4 +411,26 @@ FLUSH PRIVILEGES;
--echo # Executing 'mysql_upgrade'
--exec $MYSQL_UPGRADE -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT --default-auth=auth_test_plugin $PLUGIN_AUTH_OPT --skip-verbose --force --upgrade-system-tables
+--echo #
+--echo # Bug #59657: Move the client authentication_pam plugin into the
+--echo # server repository
+--echo #
+
+CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
+ AS 'cleartext_test';
+
+--echo ## test plugin auth
+--disable_query_log
+--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
+connect(cleartext_fail_con,localhost,uplain,cleartext_test2);
+--enable_query_log
+
+connect(cleartext_con,localhost,uplain,cleartext_test);
+connection cleartext_con;
+select USER(),CURRENT_USER();
+
+connection default;
+disconnect cleartext_con;
+DROP USER uplain@localhost;
+
--echo End of 5.5 tests
=== modified file 'plugin/auth/test_plugin.c'
--- a/plugin/auth/test_plugin.c 2010-10-27 15:12:17 +0000
+++ b/plugin/auth/test_plugin.c 2011-01-31 15:32:57 +0000
@@ -82,6 +82,36 @@ static struct st_mysql_auth auth_test_ha
auth_test_plugin
};
+/**
+ dialog test plugin mimicking the ordinary auth mechanism. Used to test the clear text plugin API
+*/
+static int auth_cleartext_plugin(MYSQL_PLUGIN_VIO *vio,
+ MYSQL_SERVER_AUTH_INFO *info)
+{
+ unsigned char *pkt;
+ int pkt_len;
+
+ /* read the password */
+ if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
+ return CR_ERROR;
+
+ info->password_used= PASSWORD_USED_YES;
+
+ /* fail if the password is wrong */
+ if (strcmp((const char *) pkt, info->auth_string))
+ return CR_ERROR;
+
+ return CR_OK;
+}
+
+
+static struct st_mysql_auth auth_cleartext_handler=
+{
+ MYSQL_AUTHENTICATION_INTERFACE_VERSION,
+ "mysql_clear_password", /* requires the clear text plugin */
+ auth_cleartext_plugin
+};
+
mysql_declare_plugin(test_plugin)
{
MYSQL_AUTHENTICATION_PLUGIN,
@@ -96,9 +126,24 @@ mysql_declare_plugin(test_plugin)
NULL,
NULL,
NULL
+},
+{
+ MYSQL_AUTHENTICATION_PLUGIN,
+ &auth_cleartext_handler,
+ "cleartext_plugin_server",
+ "Georgi Kodinov",
+ "cleartext plugin API test plugin",
+ PLUGIN_LICENSE_GPL,
+ NULL,
+ NULL,
+ 0x0100,
+ NULL,
+ NULL,
+ NULL
}
mysql_declare_plugin_end;
+
/********************* CLIENT SIDE ***************************************/
/*
client plugin used for testing the plugin API
=== modified file 'sql-common/client.c'
--- a/sql-common/client.c 2011-01-17 07:44:37 +0000
+++ b/sql-common/client.c 2011-01-31 15:32:57 +0000
@@ -2261,6 +2261,7 @@ typedef struct st_mysql_client_plugin_AU
static int client_mpvio_write_packet(struct st_plugin_vio*, const uchar*, int);
static int native_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql);
static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql);
+static int clear_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql);
static auth_plugin_t native_password_client_plugin=
{
@@ -2294,10 +2295,27 @@ static auth_plugin_t old_password_client
old_password_auth_client
};
+static auth_plugin_t clear_password_client_plugin=
+{
+ MYSQL_CLIENT_AUTHENTICATION_PLUGIN,
+ MYSQL_CLIENT_AUTHENTICATION_PLUGIN_INTERFACE_VERSION,
+ "mysql_clear_password",
+ "Georgi Kodinov",
+ "Clear password authentication plugin",
+ {0,1,0},
+ "GPL",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ clear_password_auth_client
+};
+
struct st_mysql_client_plugin *mysql_client_builtins[]=
{
(struct st_mysql_client_plugin *)&native_password_client_plugin,
(struct st_mysql_client_plugin *)&old_password_client_plugin,
+ (struct st_mysql_client_plugin *)&clear_password_client_plugin,
0
};
@@ -4271,3 +4289,20 @@ static int old_password_auth_client(MYSQ
DBUG_RETURN(CR_OK);
}
+
+/**
+ The main function of the mysql_clear_password authentication plugin.
+*/
+
+static int clear_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
+{
+ int res;
+
+ /* send password in clear text */
+ res= vio->write_packet(vio, (const unsigned char *) mysql->passwd,
+ strlen(mysql->passwd) + 1);
+
+ return res ? CR_ERROR : CR_OK;
+}
+
+
No bundle (reason: useless for push emails).
| Thread |
|---|
| • bzr push into mysql-5.5 branch (Georgi.Kodinov:3291 to 3292) Bug#59657 | Georgi Kodinov | 31 Jan |
