File: plugin_auth_sha256_server_default_tls.test

package info (click to toggle)
mysql-8.0 8.0.43-3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 1,273,924 kB
  • sloc: cpp: 4,684,605; ansic: 412,450; pascal: 108,398; java: 83,641; perl: 30,221; cs: 27,067; sql: 26,594; sh: 24,181; python: 21,816; yacc: 17,169; php: 11,522; xml: 7,388; javascript: 7,076; makefile: 2,194; lex: 1,075; awk: 670; asm: 520; objc: 183; ruby: 97; lisp: 86
file content (77 lines) | stat: -rw-r--r-- 3,275 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 

set @orig_sql_mode_session= @@SESSION.sql_mode;
set @orig_sql_mode_global= @@GLOBAL.sql_mode;

CREATE USER 'kristofer';
ALTER USER 'kristofer' IDENTIFIED BY 'secret';
SELECT user, plugin FROM mysql.user ORDER BY user;
connect(con1,localhost,kristofer,secret,,,,SSL);
connection con1;
SELECT USER(),CURRENT_USER();
connection default;
disconnect con1;
DROP USER 'kristofer';

CREATE USER 'kristofer'@'localhost' IDENTIFIED WITH 'sha256_password';
CREATE USER 'kristofer2'@'localhost' IDENTIFIED WITH 'sha256_password';
ALTER USER 'kristofer'@'localhost' IDENTIFIED BY 'secret2';
ALTER USER 'kristofer2'@'localhost' IDENTIFIED BY 'secret2';
connect(con2,localhost,kristofer,secret2,,,,SSL);
connection con2;
SELECT USER(),CURRENT_USER();
SHOW GRANTS FOR 'kristofer'@'localhost';

--echo Change user (should succeed)
change_user kristofer2,secret2;
SELECT USER(),CURRENT_USER();

connection default;
disconnect con2;
--echo **** Client default_auth=sha_256_password and server default auth=sha256_password
# Why using sha256_password requires --ssl=1 ?
# The current client library can't know if SSL was attempted or not
# when the default client auth is switched and hence it will only report
# that the connection is unencrypted forcing the client to ask for RSA keys.
# However, it is possible to inform the client library to enforce SSL using
# MYSQL_OPT_ENFORCE_SSL (or --ssl=1) and this will be enough for the
# sha256_password plugin to safely assume a secure connection despite it hasn't
# really been established yet.
--exec $MYSQL -ukristofer -psecret2 --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-mode=VERIFY_CA -e "select user(), current_user()"
--echo **** Client default_auth=native and server default auth=sha256_password
--exec $MYSQL -ukristofer -psecret2 --default_auth=mysql_native_password --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "select user(), current_user()"

DROP USER 'kristofer'@'localhost';
DROP USER 'kristofer2'@'localhost';

CREATE USER 'kristofer'@'localhost';
ALTER USER 'kristofer'@'localhost' IDENTIFIED BY '';
connect(con3,localhost,kristofer,,,,,SSL);
connection con3;
SELECT USER(),CURRENT_USER();
SHOW GRANTS FOR 'kristofer'@'localhost';
connection default;
disconnect con3;
DROP USER 'kristofer'@'localhost';

CREATE USER 'kristofer'@'33.33.33.33';
ALTER USER 'kristofer'@'33.33.33.33' IDENTIFIED BY '';
--echo Connection should fail for localhost
--replace_result $MASTER_MYSOCK MASTER_MYSOCK
--disable_query_log
--error ER_ACCESS_DENIED_ERROR
connect(con4,127.0.0.1,kristofer,,,,,SSL);
--enable_query_log
DROP USER 'kristofer'@'33.33.33.33';

CREATE USER 'kristofer'@'localhost' IDENTIFIED BY 'awesomeness';
connect(con3,localhost,kristofer,awesomeness,,,,SSL);
connection con3;
SELECT USER(),CURRENT_USER();
SHOW GRANTS FOR 'kristofer'@'localhost';
connection default;
disconnect con3;
ALTER USER 'kristofer'@'localhost' IDENTIFIED BY '';
DROP USER 'kristofer'@'localhost';

set GLOBAL sql_mode= @orig_sql_mode_global;
set SESSION sql_mode= @orig_sql_mode_session;