diff options
Diffstat (limited to 'plugin/auth_gssapi/mysql-test')
6 files changed, 192 insertions, 0 deletions
diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.result b/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.result new file mode 100644 index 00000000..b7cf3d8e --- /dev/null +++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.result @@ -0,0 +1,26 @@ +INSTALL SONAME 'auth_gssapi'; +Warnings: +Note 1105 SSPI: using principal name 'localhost', mech 'Negotiate' +CREATE USER 'GSSAPI_SHORTNAME' IDENTIFIED WITH gssapi; +connect con1,localhost,$GSSAPI_SHORTNAME,,; +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +GSSAPI_SHORTNAME@localhost GSSAPI_SHORTNAME@% +disconnect con1; +connection default; +DROP USER 'GSSAPI_SHORTNAME'; +CREATE USER nosuchuser IDENTIFIED WITH gssapi; +ERROR 28000: GSSAPI name mismatch, requested 'nosuchuser', actual name 'GSSAPI_SHORTNAME' +DROP USER nosuchuser; +CREATE USER usr1 IDENTIFIED WITH gssapi as 'GSSAPI_FULLNAME'; +connect con1,localhost,usr1,,; +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +usr1@localhost usr1@% +disconnect con1; +connection default; +DROP USER usr1; +CREATE USER nosuchuser IDENTIFIED WITH gssapi AS 'nosuchuser@EXAMPLE.COM'; +ERROR 28000: GSSAPI name mismatch, requested 'nosuchuser@EXAMPLE.COM', actual name 'GSSAPI_FULLNAME' +DROP USER nosuchuser; +UNINSTALL SONAME 'auth_gssapi'; diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.test b/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.test new file mode 100644 index 00000000..2307aa39 --- /dev/null +++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.test @@ -0,0 +1,46 @@ +--replace_regex /name '[^']+'/name 'localhost'/ +INSTALL SONAME 'auth_gssapi'; + +# +# CREATE USER without 'AS' clause +# +--replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME +eval CREATE USER '$GSSAPI_SHORTNAME' IDENTIFIED WITH gssapi; +connect (con1,localhost,$GSSAPI_SHORTNAME,,); +--replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME +SELECT USER(),CURRENT_USER(); +disconnect con1; + +connection default; +--replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME +eval DROP USER '$GSSAPI_SHORTNAME'; + +CREATE USER nosuchuser IDENTIFIED WITH gssapi; +--disable_query_log +--replace_regex /actual name '.*'/actual name 'GSSAPI_SHORTNAME'/ +--error ER_ACCESS_DENIED_ERROR +connect (con1,localhost,nosuchuser,,); +--enable_query_log +DROP USER nosuchuser; + +# +# CREATE USER with 'AS' clause +# +--replace_result $GSSAPI_FULLNAME GSSAPI_FULLNAME +eval CREATE USER usr1 IDENTIFIED WITH gssapi as '$GSSAPI_FULLNAME'; +connect (con1,localhost,usr1,,); +--replace_result $GSSAPI_FULLNAME GSSAPI_FULLNAME +SELECT USER(),CURRENT_USER(); +disconnect con1; +connection default; +DROP USER usr1; + +CREATE USER nosuchuser IDENTIFIED WITH gssapi AS 'nosuchuser@EXAMPLE.COM'; +--disable_query_log +--replace_regex /actual name '.*'/actual name 'GSSAPI_FULLNAME'/ +--error ER_ACCESS_DENIED_ERROR +connect (con1,localhost,nosuchuser,,); +--enable_query_log +DROP USER nosuchuser; + +UNINSTALL SONAME 'auth_gssapi';
\ No newline at end of file diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.result b/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.result new file mode 100644 index 00000000..c65eb7a8 --- /dev/null +++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.result @@ -0,0 +1,34 @@ +INSTALL SONAME 'auth_gssapi'; +Warnings: +Note 1105 SSPI: using principal name 'localhost', mech 'Negotiate' +CREATE USER 'nosuchuser' IDENTIFIED WITH gssapi OR mysql_native_password as password("good"); +connect(localhost,nosuchuser,,test,MASTER_MYPORT,MASTER_MYSOCK); +connect con1,localhost,nosuchuser,,; +ERROR 28000: Access denied for user 'nosuchuser'@'localhost' (using password: NO) +connect con1,localhost,nosuchuser,good,; +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +nosuchuser@localhost nosuchuser@% +disconnect con1; +connection default; +DROP USER nosuchuser; +CREATE USER 'nosuchuser' IDENTIFIED WITH mysql_native_password as password("good") OR gssapi; +connect(localhost,nosuchuser,,test,MASTER_MYPORT,MASTER_MYSOCK); +connect con1,localhost,nosuchuser,,; +ERROR 28000: GSSAPI name mismatch, requested 'nosuchuser', actual name 'GSSAPI_SHORTNAME' +connect con1,localhost,nosuchuser,good,; +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +nosuchuser@localhost nosuchuser@% +disconnect con1; +connection default; +DROP USER nosuchuser; +CREATE USER 'GSSAPI_SHORTNAME' IDENTIFIED WITH mysql_native_password as password("good") OR gssapi; +connect con1,localhost,$GSSAPI_SHORTNAME,,; +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +GSSAPI_SHORTNAME@localhost GSSAPI_SHORTNAME@% +disconnect con1; +connection default; +DROP USER 'GSSAPI_SHORTNAME'; +UNINSTALL SONAME 'auth_gssapi'; diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.test b/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.test new file mode 100644 index 00000000..10e1e809 --- /dev/null +++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.test @@ -0,0 +1,36 @@ +--replace_regex /name '[^']+'/name 'localhost'/ +INSTALL SONAME 'auth_gssapi'; + +# gssapi,password +CREATE USER 'nosuchuser' IDENTIFIED WITH gssapi OR mysql_native_password as password("good"); +replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT; +error ER_ACCESS_DENIED_ERROR; +connect (con1,localhost,nosuchuser,,); +connect (con1,localhost,nosuchuser,good,); +SELECT USER(),CURRENT_USER(); +disconnect con1; +connection default; +DROP USER nosuchuser; + +# password,gssapi +CREATE USER 'nosuchuser' IDENTIFIED WITH mysql_native_password as password("good") OR gssapi; +replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT $GSSAPI_SHORTNAME GSSAPI_SHORTNAME; +error ER_ACCESS_DENIED_ERROR; +connect (con1,localhost,nosuchuser,,); +connect (con1,localhost,nosuchuser,good,); +SELECT USER(),CURRENT_USER(); +disconnect con1; +connection default; +DROP USER nosuchuser; + +replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME; +eval CREATE USER '$GSSAPI_SHORTNAME' IDENTIFIED WITH mysql_native_password as password("good") OR gssapi; +connect (con1,localhost,$GSSAPI_SHORTNAME,,); +replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME; +SELECT USER(),CURRENT_USER(); +disconnect con1; +connection default; +replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME; +eval DROP USER '$GSSAPI_SHORTNAME'; + +UNINSTALL SONAME 'auth_gssapi'; diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.opt b/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.opt new file mode 100644 index 00000000..3077d70c --- /dev/null +++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.opt @@ -0,0 +1 @@ +--loose-gssapi-keytab-path=$GSSAPI_KEYTAB_PATH --loose-gssapi-principal-name=$GSSAPI_PRINCIPAL_NAME diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.pm b/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.pm new file mode 100644 index 00000000..aa225536 --- /dev/null +++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.pm @@ -0,0 +1,49 @@ +package My::Suite::AuthGSSAPI; + +@ISA = qw(My::Suite); + +return "No AUTH_GSSAPI plugin" unless $ENV{AUTH_GSSAPI_SO}; + +return "Not run for embedded server" if $::opt_embedded_server; + +# Following environment variables may need to be set +if ($^O eq "MSWin32") +{ + chomp(my $whoami =`whoami /UPN 2>NUL` || `whoami`); + my $fullname = $whoami; + $fullname =~ s/\\/\\\\/; # SQL escaping for backslash + $ENV{'GSSAPI_FULLNAME'} = $fullname; + $ENV{'GSSAPI_SHORTNAME'} = $ENV{'USERNAME'}; +} +else +{ + if (!$ENV{'GSSAPI_FULLNAME'}) + { + my $s = `klist 2>/dev/null |grep 'Default principal: '`; + if ($s) + { + chomp($s); + my $fullname = substr($s,19); + $ENV{'GSSAPI_FULLNAME'} = $fullname; + } + } + $ENV{'GSSAPI_SHORTNAME'} = (split /@/, $ENV{'GSSAPI_FULLNAME'}) [0]; +} + + +if (!$ENV{'GSSAPI_FULLNAME'} || !$ENV{'GSSAPI_SHORTNAME'}) +{ + return "Environment variable GSSAPI_SHORTNAME and GSSAPI_FULLNAME need to be set" +} + +if ($::opt_verbose) +{ + foreach $var ('GSSAPI_SHORTNAME','GSSAPI_FULLNAME','GSSAPI_KEYTAB_PATH','GSSAPI_PRINCIPAL_NAME') + { + print "$var=$ENV{$var}\n"; + } +} +sub is_default { 1 } + +bless { }; + |