File: mysqli_pam_sha256_public_key_option_invalid.phpt

package info (click to toggle)
php8.4 8.4.11-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 208,108 kB
  • sloc: ansic: 1,060,628; php: 35,345; sh: 11,866; cpp: 7,201; pascal: 4,913; javascript: 3,091; asm: 2,810; yacc: 2,411; makefile: 689; xml: 446; python: 301; awk: 148
file content (186 lines) | stat: -rw-r--r-- 6,384 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
 
--TEST--
PAM: SHA-256, option: MYSQLI_SERVER_PUBLIC_KEY (invalid)
--EXTENSIONS--
mysqli
--SKIPIF--
<?php
ob_start();
phpinfo(INFO_MODULES);
$tmp = ob_get_contents();
ob_end_clean();
if (!stristr($tmp, "auth_plugin_sha256_password"))
    die("skip SHA256 auth plugin not built-in to mysqlnd");

require_once 'connect.inc';
if (!$link = @my_mysqli_connect($host, $user, $passwd, $db, $port, $socket))
    die(sprintf("skip Can't connect to MySQL Server - [%d] %s", mysqli_connect_errno(), mysqli_connect_error()));

if (mysqli_get_server_version($link) < 50606)
    die("skip: SHA-256 requires MySQL 5.6.6+");

if (!($res = $link->query("SHOW PLUGINS"))) {
    die(sprintf("skip [%d] %s\n", $link->errno, $link->error));
}

$found = false;
while ($row = $res->fetch_assoc()) {
    if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) {
        $found = true;
        break;
    }
}
if (!$found)
    die("skip SHA-256 server plugin unavailable");

if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) {
    die(sprintf("skip [%d] %s\n", $link->errno, $link->error));
}

if (!($row = $res->fetch_assoc())) {
    die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error));
}

if (strlen($row['Value']) < 100) {
    die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error));
}

/* date changes may give false positive */
$file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd"));
if ((file_exists($file) && !unlink($file)) || !($fp = @fopen($file, "w"))) {
    die(sprintf("skip Cannot create RSA pub key file '%s'", $file));
}
if (strlen($row['Value']) != fwrite($fp, $row['Value'])) {
    die(sprintf("skip Failed to create pub key file"));
}

// Ignore errors because this variable exists only in MySQL 5.6 and 5.7
$link->query("SET @@session.old_passwords=2");

$link->query('DROP USER shatest');
$link->query("DROP USER shatest@localhost");


if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') ||
    !$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) {
    die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error));
}

if (!$link->query('SET PASSWORD FOR shatest@"%" = "shatest"') ||
    !$link->query('SET PASSWORD FOR shatest@"localhost" = "shatest"')) {
    die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error));
}

if (!$link->query("DROP TABLE IF EXISTS test") ||
    !$link->query("CREATE TABLE test (id INT)") ||
    !$link->query("INSERT INTO test(id) VALUES (1), (2), (3)"))
    die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error));


if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) ||
    !$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) {
    die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link)));
}

$link->close();
echo "nocache";
?>
--FILE--
<?php
    require_once 'connect.inc';

    function sha_connect($offset, $host, $db, $port, $socket, $file) {

        $link = mysqli_init();
        if (!($link->options(MYSQLI_SERVER_PUBLIC_KEY, $file))) {
            printf("[%03d + 001] mysqli_options failed, [%d] %s\n", $offset, $link->errno, $link->error);
            return false;
        }

        if (!$link->real_connect($host, 'shatest', 'shatest', $db, $port, $socket)) {
            printf("[%03d + 002] [%d] %s\n", $offset, $link->connect_errno, $link->connect_error);
            return false;
        }

        if (!$res = $link->query("SELECT id FROM test WHERE id = 1")) {
            printf("[%03d + 003] [%d] %s\n", $offset, $link->errno, $link->error);
            return false;
        }

        if (!$row = mysqli_fetch_assoc($res)) {
            printf("[%03d + 004] [%d] %s\n", $offset, $link->errno, $link->error);
            return false;
        }

        if ($row['id'] != 1) {
            printf("[%03d + 005] Expecting 1 got %s/'%s'", $offset, gettype($row['id']), $row['id']);
            return false;
        }

        $res->close();
        $link->close();
        return true;
    }

    $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd"));
    if (file_exists($file) && is_readable($file)) {

        /* valid key */
        sha_connect(100, $host, $db, $port, $socket, $file);

        /* invalid key */
        $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd"));

        $key = file_get_contents($file);
        $key = str_replace("A", "a", $key);
        $key = str_replace("M", "m", $key);
        @unlink($file_wrong);
        if (!($fp = fopen($file_wrong, "w"))) {
            printf("[002] Can't write public key file.");
        } else {
            fwrite($fp, $key);
            fclose($fp);
            sha_connect(200, $host, $db, $port, $socket, $file_wrong);
        }

        /* empty file */
        @unlink($file_wrong);
        if (!($fp = fopen($file_wrong, "w"))) {
            printf("[003] Can't write public key file.");
        } else {
            fwrite($fp, "");
            fclose($fp);
            sha_connect(300, $host, $db, $port, $socket, $file_wrong);
        }

        /* file does not exist */
        @unlink($file_wrong);
        sha_connect(400, $host, $db, $port, $socket, $file_wrong);

    } else {
        printf("[001] Cannot read public key file.");
    }

    print "done!";
?>
--CLEAN--
<?php
    require_once 'clean_table.inc';
    $link->query('DROP USER shatest');
    $link->query('DROP USER shatest@localhost');
    $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd"));
    @unlink($file);
    $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd"));
    @unlink($file_wrong);
?>
--EXPECTF--
Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d
[200 + 002] [1045] %s

Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d
[300 + 002] [1045] %s

Warning: mysqli::real_connect(%sest_sha256_wrong_%d): Failed to open stream: No such file or directory in %s on line %d

Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d
[400 + 002] [1045] %s
done!