Mirrors
/
mariadb
mirror of https://github.com/MariaDB/server
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
67240 Commits
3335 Branches
1099 Tags
1.3 GiB
Tree: fb9c588603
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fb9c588603'
${ noResults }
mariadb/mysql-test/r/plugin_auth.result

257 lines
11 KiB
Raw Normal View History

WL#1054: Pluggable authentication support Merged the implementation to a new base tree.
16 years ago
Bug #57916: Fix the naming of the proxy_priv table 1. Fixed the name of the table to proxies_priv 2. Fixed the column names to be of the form Capitalized_lowercase instead of Capitalized_Capitalized 3. Added Timestamp and Grantor columns 4. Added tests to plugin_auth to check the table structure 5. Updated the existing tests Fix done by Georgi Kodinov, now transferred to the 5.5.7 release build clone.
15 years ago
WL#1054: Pluggable authentication support Merged the implementation to a new base tree.
16 years ago
worklog 1054: Fixed test suite typos
15 years ago
WL#1054: Pluggable authentication support Merged the implementation to a new base tree.
16 years ago
Bug #57916: Fix the naming of the proxy_priv table 1. Fixed the name of the table to proxies_priv 2. Fixed the column names to be of the form Capitalized_lowercase instead of Capitalized_Capitalized 3. Added Timestamp and Grantor columns 4. Added tests to plugin_auth to check the table structure 5. Updated the existing tests Fix done by Georgi Kodinov, now transferred to the 5.5.7 release build clone.
15 years ago
WL#1054: Pluggable authentication support Merged the implementation to a new base tree.
16 years ago
Bug #56798 : Wrong credentials assigned when using a proxy user. Fixed incorrect handling of user credentials when authenticating via proxy user. Now the server will use the proxies user's access mask and host to update the security context runtime structure when logging in. Fixed a compilation warning with the embedded library. Fixed a crash when doing a second GRANT PROXY on ''@'' due to incomplete equality check logic.
15 years ago
  1. SELECT PLUGIN_STATUS, PLUGIN_TYPE, PLUGIN_DESCRIPTION
  2. FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='test_plugin_server';
  3. PLUGIN_STATUS ACTIVE
  4. PLUGIN_TYPE AUTHENTICATION
  5. PLUGIN_DESCRIPTION plugin API test plugin
  6. CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
  7. CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
  8. SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
  9. plugin authentication_string
  10. test_plugin_server plug_dest
  11. ## test plugin auth
  12. ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
  13. GRANT PROXY ON plug_dest TO plug;
  14. test proxies_priv columns
  15. SELECT * FROM mysql.proxies_priv;
  16. Host User Proxied_host Proxied_user With_grant Grantor Timestamp
  17. localhost root 1 xx
  18. unknown root 1 xx
  19. % plug % plug_dest 0 root@localhost xx
  20. test mysql.proxies_priv;
  21. SHOW CREATE TABLE mysql.proxies_priv;
  22. Table Create Table
  23. proxies_priv CREATE TABLE `proxies_priv` (
  24. `Host` char(60) COLLATE utf8_bin NOT NULL DEFAULT '',
  25. `User` char(16) COLLATE utf8_bin NOT NULL DEFAULT '',
  26. `Proxied_host` char(60) COLLATE utf8_bin NOT NULL DEFAULT '',
  27. `Proxied_user` char(16) COLLATE utf8_bin NOT NULL DEFAULT '',
  28. `With_grant` tinyint(1) NOT NULL DEFAULT '0',
  29. `Grantor` char(77) COLLATE utf8_bin NOT NULL DEFAULT '',
  30. `Timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  31. PRIMARY KEY (`Host`,`User`,`Proxied_host`,`Proxied_user`),
  32. KEY `Grantor` (`Grantor`)
  33. ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='User proxy privileges'
  34. select USER(),CURRENT_USER();
  35. USER() CURRENT_USER()
  36. plug@localhost plug_dest@%
  37. ## test SET PASSWORD
  38. SET PASSWORD = PASSWORD('plug_dest');
  39. Warnings:
  40. Note 1699 SET PASSWORD has no significance for users authenticating via plugins
  41. ## test bad credentials
  42. ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
  43. ## test bad default plugin : should get CR_AUTH_PLUGIN_CANNOT_LOAD
  44. ## test correct default plugin
  45. select USER(),CURRENT_USER();
  46. USER() CURRENT_USER()
  47. plug@localhost plug@%
  48. ## test no_auto_create_user sql mode with plugin users
  49. SET @@sql_mode=no_auto_create_user;
  50. GRANT INSERT ON TEST.* TO grant_user IDENTIFIED WITH 'test_plugin_server';
  51. SET @@sql_mode=default;
  52. DROP USER grant_user;
  53. ## test utf-8 user name
  54. CREATE USER `Ÿ` IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
  55. GRANT PROXY ON plug_dest TO `Ÿ`;
  56. select USER(),CURRENT_USER();
  57. USER() CURRENT_USER()
  58. Ÿ@localhost plug_dest@%
  59. DROP USER `Ÿ`;
  60. ## test GRANT ... IDENTIFIED WITH/BY ...
  61. CREATE DATABASE test_grant_db;
  62. # create new user via GRANT WITH
  63. GRANT ALL PRIVILEGES ON test_grant_db.* TO new_grant_user
  64. IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
  65. GRANT PROXY ON plug_dest TO new_grant_user;
  66. select USER(),CURRENT_USER();
  67. USER() CURRENT_USER()
  68. new_grant_user@localhost plug_dest@%
  69. USE test_grant_db;
  70. CREATE TABLE t1 (a INT);
  71. DROP TABLE t1;
  72. REVOKE ALL PRIVILEGES ON test_grant_db.* FROM new_grant_user;
  73. # try re-create existing user via GRANT IDENTIFIED BY
  74. GRANT ALL PRIVILEGES ON test_grant_db.* TO new_grant_user
  75. IDENTIFIED BY 'unused_password';
  76. # make sure password doesn't take precendence
  77. ERROR 28000: Access denied for user 'new_grant_user'@'localhost' (using password: YES)
  78. #make sure plugin auth still available
  79. select USER(),CURRENT_USER();
  80. USER() CURRENT_USER()
  81. new_grant_user@localhost plug_dest@%
  82. USE test_grant_db;
  83. CREATE TABLE t1 (a INT);
  84. DROP TABLE t1;
  85. DROP USER new_grant_user;
  86. # try re-create existing user via GRANT IDENTIFIED WITH
  87. GRANT ALL PRIVILEGES ON test_grant_db.* TO plug
  88. IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
  89. ERROR HY000: GRANT with IDENTIFIED WITH is illegal because the user plug already exists
  90. GRANT ALL PRIVILEGES ON test_grant_db.* TO plug_dest
  91. IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
  92. ERROR HY000: GRANT with IDENTIFIED WITH is illegal because the user plug_dest already exists
  93. REVOKE SELECT on test_grant_db.* FROM joro
  94. INDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
  95. ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'' at line 2
  96. REVOKE SELECT on test_grant_db.* FROM joro
  97. INDENTIFIED BY 'plug_dest_passwd';
  98. ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INDENTIFIED BY 'plug_dest_passwd'' at line 2
  99. REVOKE SELECT on test_grant_db.* FROM joro
  100. INDENTIFIED BY PASSWORD 'plug_dest_passwd';
  101. ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INDENTIFIED BY PASSWORD 'plug_dest_passwd'' at line 2
  102. DROP DATABASE test_grant_db;
  103. ## GRANT PROXY tests
  104. CREATE USER grant_plug IDENTIFIED WITH 'test_plugin_server'
  105. AS 'grant_plug_dest';
  106. CREATE USER grant_plug_dest IDENTIFIED BY 'grant_plug_dest_passwd';
  107. CREATE USER grant_plug_dest2 IDENTIFIED BY 'grant_plug_dest_passwd2';
  108. # ALL PRIVILEGES doesn't include PROXY
  109. GRANT ALL PRIVILEGES ON *.* TO grant_plug;
  110. ERROR 28000: Access denied for user 'grant_plug'@'localhost' (using password: YES)
  111. GRANT ALL PRIVILEGES,PROXY ON grant_plug_dest TO grant_plug;
  112. ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'PROXY ON grant_plug_dest TO grant_plug' at line 1
  113. this should fail : can't combine PROXY
  114. GRANT ALL SELECT,PROXY ON grant_plug_dest TO grant_plug;
  115. ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT,PROXY ON grant_plug_dest TO grant_plug' at line 1
  116. # this should fail : no such grant
  117. REVOKE PROXY ON grant_plug_dest FROM grant_plug;
  118. ERROR 42000: There is no such grant defined for user 'grant_plug' on host '%'
  119. in grant_plug_dest_con
  120. ## testing what an ordinary user can grant
  121. this should fail : no rights to grant all
  122. GRANT PROXY ON ''@'' TO grant_plug;
  123. ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
  124. this should fail : not the same user
  125. GRANT PROXY ON grant_plug TO grant_plug_dest;
  126. ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
  127. this should fail : same user, but on a different host
  128. GRANT PROXY ON grant_plug_dest TO grant_plug;
  129. ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
  130. this should work : same user
  131. GRANT PROXY ON grant_plug_dest@localhost TO grant_plug_dest2;
  132. REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug_dest2;
  133. this should work : same user
  134. GRANT PROXY ON grant_plug_dest@localhost TO grant_plug WITH GRANT OPTION;
  135. REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug;
  136. this should fail : can't create users
  137. GRANT PROXY ON grant_plug_dest@localhost TO grant_plug@localhost;
  138. ERROR 42000: You are not allowed to create a user with GRANT
  139. in default connection
  140. # test what root can grant
  141. should work : root has PROXY to all users
  142. GRANT PROXY ON ''@'' TO grant_plug;
  143. REVOKE PROXY ON ''@'' FROM grant_plug;
  144. should work : root has PROXY to all users
  145. GRANT PROXY ON ''@'' TO proxy_admin IDENTIFIED BY 'test'
  146. WITH GRANT OPTION;
  147. need USAGE : PROXY doesn't contain it.
  148. GRANT USAGE on *.* TO proxy_admin;
  149. in proxy_admin_con;
  150. should work : proxy_admin has proxy to ''@''
  151. GRANT PROXY ON future_user TO grant_plug;
  152. in default connection
  153. SHOW GRANTS FOR grant_plug;
  154. Grants for grant_plug@%
  155. GRANT ALL PRIVILEGES ON *.* TO 'grant_plug'@'%' WITH GRANT OPTION
  156. GRANT PROXY ON 'future_user'@'%' TO 'grant_plug'@'%'
  157. REVOKE PROXY ON future_user FROM grant_plug;
  158. SHOW GRANTS FOR grant_plug;
  159. Grants for grant_plug@%
  160. GRANT ALL PRIVILEGES ON *.* TO 'grant_plug'@'%' WITH GRANT OPTION
  161. ## testing drop user
  162. CREATE USER test_drop@localhost;
  163. GRANT PROXY ON future_user TO test_drop@localhost;
  164. SHOW GRANTS FOR test_drop@localhost;
  165. Grants for test_drop@localhost
  166. GRANT USAGE ON *.* TO 'test_drop'@'localhost'
  167. GRANT PROXY ON 'future_user'@'%' TO 'test_drop'@'localhost'
  168. DROP USER test_drop@localhost;
  169. SELECT * FROM mysql.proxies_priv WHERE Host = 'test_drop' AND User = 'localhost';
  170. Host User Proxied_host Proxied_user With_grant Grantor Timestamp
  171. DROP USER proxy_admin;
  172. DROP USER grant_plug,grant_plug_dest,grant_plug_dest2;
  173. ## END GRANT PROXY tests
  174. ## cleanup
  175. DROP USER plug;
  176. DROP USER plug_dest;
  177. ## @@proxy_user tests
  178. CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
  179. CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
  180. GRANT PROXY ON plug_dest TO plug;
  181. SELECT USER(),CURRENT_USER(),@@LOCAL.proxy_user;
  182. USER() CURRENT_USER() @@LOCAL.proxy_user
  183. root@localhost root@localhost NULL
  184. SELECT @@GLOBAL.proxy_user;
  185. ERROR HY000: Variable 'proxy_user' is a SESSION variable
  186. SELECT @@LOCAL.proxy_user;
  187. @@LOCAL.proxy_user
  188. NULL
  189. SET GLOBAL proxy_user = 'test';
  190. ERROR HY000: Variable 'proxy_user' is a read only variable
  191. SET LOCAL proxy_user = 'test';
  192. ERROR HY000: Variable 'proxy_user' is a read only variable
  193. SELECT @@LOCAL.proxy_user;
  194. @@LOCAL.proxy_user
  195. NULL
  196. # in connection plug_con
  197. SELECT @@LOCAL.proxy_user;
  198. @@LOCAL.proxy_user
  199. 'plug'@'%'
  200. # in connection default
  201. ## cleanup
  202. DROP USER plug;
  203. DROP USER plug_dest;
  204. ## END @@proxy_user tests
  205. ## @@external_user tests
  206. CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
  207. CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
  208. GRANT PROXY ON plug_dest TO plug;
  209. SELECT USER(),CURRENT_USER(),@@LOCAL.external_user;
  210. USER() CURRENT_USER() @@LOCAL.external_user
  211. root@localhost root@localhost NULL
  212. SELECT @@GLOBAL.external_user;
  213. ERROR HY000: Variable 'external_user' is a SESSION variable
  214. SELECT @@LOCAL.external_user;
  215. @@LOCAL.external_user
  216. NULL
  217. SET GLOBAL external_user = 'test';
  218. ERROR HY000: Variable 'external_user' is a read only variable
  219. SET LOCAL external_user = 'test';
  220. ERROR HY000: Variable 'external_user' is a read only variable
  221. SELECT @@LOCAL.external_user;
  222. @@LOCAL.external_user
  223. NULL
  224. # in connection plug_con
  225. SELECT @@LOCAL.external_user;
  226. @@LOCAL.external_user
  227. 'plug'@'%'
  228. # in connection default
  229. ## cleanup
  230. DROP USER plug;
  231. DROP USER plug_dest;
  232. ## END @@external_user tests
  233. #
  234. # Bug #56798 : Wrong credentials assigned when using a proxy user.
  235. #
  236. GRANT ALL PRIVILEGES ON *.* TO power_user;
  237. GRANT USAGE ON anonymous_db.* TO ''@''
  238. IDENTIFIED WITH 'test_plugin_server' AS 'power_user';
  239. GRANT PROXY ON power_user TO ''@'';
  240. CREATE DATABASE confidential_db;
  241. SELECT user(),current_user(),@@proxy_user;
  242. user() current_user() @@proxy_user
  243. test_login_user@localhost power_user@% ''@''
  244. DROP USER power_user;
  245. DROP USER ''@'';
  246. DROP DATABASE confidential_db;
  247. # Test case #2 (crash with double grant proxy)
  248. CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user';
  249. CREATE USER standard_user;
  250. CREATE DATABASE shared;
  251. GRANT ALL PRIVILEGES ON shared.* TO standard_user;
  252. GRANT PROXY ON standard_user TO ''@'';
  253. #should not crash
  254. GRANT PROXY ON standard_user TO ''@'';
  255. DROP USER ''@'';
  256. DROP USER standard_user;
  257. DROP DATABASE shared;