1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
--TEST--
PAM: SHA-256
--EXTENSIONS--
mysqli
--SKIPIF--
<?php
ob_start();
phpinfo(INFO_MODULES);
$tmp = ob_get_contents();
ob_end_clean();
if (!stristr($tmp, "auth_plugin_sha256_password"))
die("skip SHA256 auth plugin not built-in to mysqlnd");
require_once 'connect.inc';
if (!$link = @my_mysqli_connect($host, $user, $passwd, $db, $port, $socket))
die(sprintf("skip Can't connect to MySQL Server - [%d] %s", mysqli_connect_errno(), mysqli_connect_error()));
if (mysqli_get_server_version($link) < 50606)
die("skip: SHA-256 requires MySQL 5.6.6+");
if (!($res = $link->query("SHOW PLUGINS"))) {
die(sprintf("skip [%d] %s\n", $link->errno, $link->error));
}
$found = false;
while ($row = $res->fetch_assoc()) {
if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) {
$found = true;
break;
}
}
if (!$found)
die("skip SHA-256 server plugin unavailable");
if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) {
die(sprintf("skip [%d] %s\n", $link->errno, $link->error));
}
if (!($row = $res->fetch_assoc())) {
die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error));
}
if (strlen($row['Value']) < 100) {
die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error));
}
// Ignore errors because this variable exists only in MySQL 5.6 and 5.7
$link->query("SET @@session.old_passwords=2");
$link->query('DROP USER shatest');
$link->query("DROP USER shatest@localhost");
if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') ||
!$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) {
die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error));
}
if (!$link->query('SET PASSWORD FOR shatest@"%" = "shatest"') ||
!$link->query('SET PASSWORD FOR shatest@"localhost" = "shatest"')) {
die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error));
}
if (!$link->query("DROP TABLE IF EXISTS test") ||
!$link->query("CREATE TABLE test (id INT)") ||
!$link->query("INSERT INTO test(id) VALUES (1), (2), (3)"))
die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error));
if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) ||
!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) {
die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link)));
}
$link->close();
echo "nocache";
?>
--FILE--
<?php
require_once 'connect.inc';
if (!$link = my_mysqli_connect($host, 'shatest', 'shatest', $db, $port, $socket)) {
printf("[001] Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n",
$host, "shatest", $db, $port, $socket);
} else {
if (!$res = $link->query("SELECT id FROM test WHERE id = 1"))
printf("[002] [%d] %s\n", $link->errno, $link->error);
if (!$row = mysqli_fetch_assoc($res)) {
printf("[003] [%d] %s\n", $link->errno, $link->error);
}
if ($row['id'] != 1) {
printf("[004] Expecting 1 got %s/'%s'", gettype($row['id']), $row['id']);
}
$res->close();
$link->close();
}
print "done!";
?>
--CLEAN--
<?php
require_once 'clean_table.inc';
$link->query('DROP USER shatest');
$link->query('DROP USER shatest@localhost');
?>
--EXPECT--
done!
|
