Merge lp:~sergei.glushchenko/percona-server/5.5-ps-bug1289599 into lp:percona-server/5.5

Proposed by Sergei Glushchenko on 2014-03-13
Status: Merged
Approved by: Laurynas Biveinis on 2014-03-14
Approved revision: 625
Merged at revision: 636
Proposed branch: lp:~sergei.glushchenko/percona-server/5.5-ps-bug1289599
Merge into: lp:percona-server/5.5
Diff against target: 113 lines (+75/-0)
6 files modified
mysql-test/include/have_socket_auth_plugin.inc (+22/-0)
mysql-test/include/plugin.defs (+1/-0)
mysql-test/r/percona_bug1289599.result (+12/-0)
mysql-test/t/percona_bug1289599-master.opt (+1/-0)
mysql-test/t/percona_bug1289599.test (+33/-0)
sql/sql_acl.cc (+6/-0)
To merge this branch: bzr merge lp:~sergei.glushchenko/percona-server/5.5-ps-bug1289599
Reviewer Review Type Date Requested Status
Laurynas Biveinis (community) 2014-03-13 Approve on 2014-03-14
Review via email: mp+210889@code.launchpad.net

Description of the change

http://jenkins.percona.com/view/PS%205.5/job/percona-server-5.5-param/975

    Fix by testing make_it_fail flag after authentication is done.

    Add MTR variables and necessary check routines for auth_socket
    plugin.

    Add test case which is modified test case from MariaDB but
    takes into account that Unix user can present in mysql.user
    (for example root).

To post a comment you must log in.
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file 'mysql-test/include/have_socket_auth_plugin.inc'
2--- mysql-test/include/have_socket_auth_plugin.inc 1970-01-01 00:00:00 +0000
3+++ mysql-test/include/have_socket_auth_plugin.inc 2014-03-13 19:33:29 +0000
4@@ -0,0 +1,22 @@
5+disable_query_log;
6+#
7+# Check if server has support for loading plugins
8+#
9+if (`SELECT @@have_dynamic_loading != 'YES'`) {
10+ --skip Socket auth plugin requires dynamic loading
11+}
12+
13+#
14+# Check if the variable SOCKET_AUTH is set
15+#
16+if (!$SOCKET_AUTH) {
17+ --skip SOCKET_AUTH plugin requires the environment variable \$SOCKET_AUTH to be set (normally done by mtr)
18+}
19+
20+#
21+# Check if --plugin-dir was setup for null_audit db
22+#
23+if (`SELECT CONCAT('--plugin-dir=', REPLACE(@@plugin_dir, '\\\\', '/')) != '$SOCKET_AUTH_OPT/'`) {
24+ --skip socket_auth plugin requires that --plugin-dir is set to the socket_auth plugin dir (either the .opt file does not contain \$SOCKET_AUTH_OPT or another plugin is in use)
25+}
26+enable_query_log;
27
28=== modified file 'mysql-test/include/plugin.defs'
29--- mysql-test/include/plugin.defs 2012-10-31 07:10:48 +0000
30+++ mysql-test/include/plugin.defs 2014-03-13 19:33:29 +0000
31@@ -41,3 +41,4 @@
32 mypluglib plugin/fulltext SIMPLE_PARSER
33 libdaemon_example plugin/daemon_example DAEMONEXAMPLE
34 adt_null plugin/audit_null AUDIT_NULL
35+auth_socket plugin/auth SOCKET_AUTH
36
37=== added file 'mysql-test/r/percona_bug1289599.result'
38--- mysql-test/r/percona_bug1289599.result 1970-01-01 00:00:00 +0000
39+++ mysql-test/r/percona_bug1289599.result 2014-03-13 19:33:29 +0000
40@@ -0,0 +1,12 @@
41+update mysql.user set plugin='auth_socket';
42+flush privileges;
43+connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET);
44+ERROR HY000: Plugin 'auth_socket' is not loaded
45+ERROR HY000: Plugin 'auth_socket' is not loaded
46+install plugin auth_socket soname 'auth_socket.so';
47+connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET);
48+Got one of the listed errors
49+Got one of the listed errors
50+update mysql.user set plugin='';
51+flush privileges;
52+uninstall plugin auth_socket;
53
54=== added file 'mysql-test/t/percona_bug1289599-master.opt'
55--- mysql-test/t/percona_bug1289599-master.opt 1970-01-01 00:00:00 +0000
56+++ mysql-test/t/percona_bug1289599-master.opt 2014-03-13 19:33:29 +0000
57@@ -0,0 +1,1 @@
58+--plugin_dir=$SOCKET_AUTH_DIR
59\ No newline at end of file
60
61=== added file 'mysql-test/t/percona_bug1289599.test'
62--- mysql-test/t/percona_bug1289599.test 1970-01-01 00:00:00 +0000
63+++ mysql-test/t/percona_bug1289599.test 2014-03-13 19:33:29 +0000
64@@ -0,0 +1,33 @@
65+#
66+# Bug 1289599: Authentication bypass if auth_socket installed
67+#
68+
69+--source include/have_socket_auth_plugin.inc
70+
71+if (`SELECT count(*) <> 0 FROM mysql.user WHERE user = '$USER'`)
72+{
73+ --skip Unix user present in mysql.user
74+}
75+
76+update mysql.user set plugin='auth_socket';
77+flush privileges;
78+
79+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT $USER USER
80+--error ER_PLUGIN_IS_NOT_LOADED
81+connect (fail,localhost,$USER);
82+
83+--error ER_PLUGIN_IS_NOT_LOADED
84+change_user $USER;
85+
86+eval install plugin auth_socket soname '$SOCKET_AUTH';
87+
88+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT $USER USER
89+--error ER_ACCESS_DENIED_ERROR, ER_ACCESS_DENIED_NO_PASSWORD_ERROR
90+connect (fail,localhost,$USER);
91+
92+--error ER_ACCESS_DENIED_ERROR, ER_ACCESS_DENIED_NO_PASSWORD_ERROR
93+change_user $USER;
94+
95+update mysql.user set plugin='';
96+flush privileges;
97+uninstall plugin auth_socket;
98
99=== modified file 'sql/sql_acl.cc'
100--- sql/sql_acl.cc 2014-02-03 04:39:37 +0000
101+++ sql/sql_acl.cc 2014-03-13 19:33:29 +0000
102@@ -9819,6 +9819,12 @@
103
104 server_mpvio_update_thd(thd, &mpvio);
105
106+ if (mpvio.make_it_fail)
107+ {
108+ mpvio.status= MPVIO_EXT::FAILURE;
109+ res= CR_ERROR;
110+ }
111+
112 Security_context *sctx= thd->security_ctx;
113 const ACL_USER *acl_user= mpvio.acl_user;
114

Subscribers

People subscribed via source and target branches