summaryrefslogtreecommitdiffstats
path: root/plugin/auth_gssapi/mysql-test
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 18:00:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 18:00:34 +0000
commit3f619478f796eddbba6e39502fe941b285dd97b1 (patch)
treee2c7b5777f728320e5b5542b6213fd3591ba51e2 /plugin/auth_gssapi/mysql-test
parentInitial commit. (diff)
downloadmariadb-3f619478f796eddbba6e39502fe941b285dd97b1.tar.xz
mariadb-3f619478f796eddbba6e39502fe941b285dd97b1.zip
Adding upstream version 1:10.11.6.upstream/1%10.11.6upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'plugin/auth_gssapi/mysql-test')
-rw-r--r--plugin/auth_gssapi/mysql-test/auth_gssapi/basic.result22
-rw-r--r--plugin/auth_gssapi/mysql-test/auth_gssapi/basic.test41
-rw-r--r--plugin/auth_gssapi/mysql-test/auth_gssapi/groups.result40
-rw-r--r--plugin/auth_gssapi/mysql-test/auth_gssapi/groups.test70
-rw-r--r--plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.result30
-rw-r--r--plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.test32
-rw-r--r--plugin/auth_gssapi/mysql-test/auth_gssapi/suite.opt1
-rw-r--r--plugin/auth_gssapi/mysql-test/auth_gssapi/suite.pm53
8 files changed, 289 insertions, 0 deletions
diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.result b/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.result
new file mode 100644
index 00000000..09be092d
--- /dev/null
+++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.result
@@ -0,0 +1,22 @@
+CREATE USER 'GSSAPI_SHORTNAME' IDENTIFIED WITH gssapi;
+connect con1,localhost,$GSSAPI_SHORTNAME,,;
+SELECT USER(),CURRENT_USER();
+USER() CURRENT_USER()
+GSSAPI_SHORTNAME@localhost GSSAPI_SHORTNAME@%
+disconnect con1;
+connection default;
+DROP USER 'GSSAPI_SHORTNAME';
+CREATE USER nosuchuser IDENTIFIED WITH gssapi;
+ERROR 28000: GSSAPI name mismatch, requested 'nosuchuser', actual name 'GSSAPI_SHORTNAME'
+DROP USER nosuchuser;
+CREATE USER usr1 IDENTIFIED WITH gssapi as 'GSSAPI_FULLNAME';
+connect con1,localhost,usr1,,;
+SELECT USER(),CURRENT_USER();
+USER() CURRENT_USER()
+usr1@localhost usr1@%
+disconnect con1;
+connection default;
+DROP USER usr1;
+CREATE USER nosuchuser IDENTIFIED WITH gssapi AS 'nosuchuser@EXAMPLE.COM';
+ERROR 28000: GSSAPI name mismatch, requested 'nosuchuser@EXAMPLE.COM', actual name 'GSSAPI_FULLNAME'
+DROP USER nosuchuser;
diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.test b/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.test
new file mode 100644
index 00000000..dc242e3a
--- /dev/null
+++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/basic.test
@@ -0,0 +1,41 @@
+#
+# CREATE USER without 'AS' clause
+#
+--replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME
+eval CREATE USER '$GSSAPI_SHORTNAME' IDENTIFIED WITH gssapi;
+connect (con1,localhost,$GSSAPI_SHORTNAME,,);
+--replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME
+SELECT USER(),CURRENT_USER();
+disconnect con1;
+
+connection default;
+--replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME
+eval DROP USER '$GSSAPI_SHORTNAME';
+
+CREATE USER nosuchuser IDENTIFIED WITH gssapi;
+--disable_query_log
+--replace_regex /actual name '.*'/actual name 'GSSAPI_SHORTNAME'/
+--error ER_ACCESS_DENIED_ERROR
+connect (con1,localhost,nosuchuser,,);
+--enable_query_log
+DROP USER nosuchuser;
+
+#
+# CREATE USER with 'AS' clause
+#
+--replace_result $GSSAPI_FULLNAME GSSAPI_FULLNAME
+eval CREATE USER usr1 IDENTIFIED WITH gssapi as '$GSSAPI_FULLNAME';
+connect (con1,localhost,usr1,,);
+--replace_result $GSSAPI_FULLNAME GSSAPI_FULLNAME
+SELECT USER(),CURRENT_USER();
+disconnect con1;
+connection default;
+DROP USER usr1;
+
+CREATE USER nosuchuser IDENTIFIED WITH gssapi AS 'nosuchuser@EXAMPLE.COM';
+--disable_query_log
+--replace_regex /actual name '.*'/actual name 'GSSAPI_FULLNAME'/
+--error ER_ACCESS_DENIED_ERROR
+connect (con1,localhost,nosuchuser,,);
+--enable_query_log
+DROP USER nosuchuser;
diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/groups.result b/plugin/auth_gssapi/mysql-test/auth_gssapi/groups.result
new file mode 100644
index 00000000..38244eca
--- /dev/null
+++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/groups.result
@@ -0,0 +1,40 @@
+CREATE USER 'nosuchgroup' IDENTIFIED WITH gssapi AS 'GROUP:nosuchgroup';
+connect(localhost,nosuchuser,,test,MASTER_MYPORT,MASTER_MYSOCK);
+connect con1,localhost,nosuchuser,,;
+ERROR 28000: Access denied for user 'nosuchuser'@'localhost' (using password: NO)
+DROP USER nosuchgroup;
+CREATE USER 'nullsid' IDENTIFIED WITH gssapi AS 'SID:S-1-0-0';
+connect(localhost,nullsid,,test,MASTER_MYPORT,MASTER_MYSOCK);
+connect con1,localhost,nullsid,,;
+ERROR 28000: Access denied for user 'nullsid'@'localhost' (using password: NO)
+DROP USER nullsid;
+CREATE USER 'anonymous' IDENTIFIED WITH gssapi AS 'SID:AN';
+connect(localhost,anonymous,,test,MASTER_MYPORT,MASTER_MYSOCK);
+connect con1,localhost,anonymous,,;
+ERROR 28000: Access denied for user 'anonymous'@'localhost' (using password: NO)
+DROP USER anonymous;
+CREATE USER 'group_everyone' IDENTIFIED WITH gssapi AS 'GROUP:Everyone';
+connect con1,localhost,group_everyone,,;
+disconnect con1;
+connection default;
+DROP USER group_everyone;
+CREATE USER 'sid_wd' IDENTIFIED WITH gssapi AS 'SID:WD';
+connect con1,localhost,sid_wd,,;
+disconnect con1;
+connection default;
+DROP USER sid_wd;
+CREATE USER 'S_1_1_0' IDENTIFIED WITH gssapi AS 'SID:S-1-1-0';
+connect con1,localhost,S_1_1_0,,;
+disconnect con1;
+connection default;
+DROP USER S_1_1_0;
+CREATE USER 'me_short' IDENTIFIED WITH gssapi AS 'GROUP:GSSAPI_SHORTNAME';
+connect con1,localhost,me_short,,;
+disconnect con1;
+connection default;
+DROP USER me_short;
+CREATE USER 'me_sid' IDENTIFIED WITH gssapi AS 'SID:MY-SID';
+connect con1,localhost,me_sid,,;
+disconnect con1;
+connection default;
+DROP USER me_sid;
diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/groups.test b/plugin/auth_gssapi/mysql-test/auth_gssapi/groups.test
new file mode 100644
index 00000000..647e0204
--- /dev/null
+++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/groups.test
@@ -0,0 +1,70 @@
+source include/windows.inc;
+--replace_regex /name '[^']+'/name 'localhost'/
+
+
+
+# Invalid group name
+CREATE USER 'nosuchgroup' IDENTIFIED WITH gssapi AS 'GROUP:nosuchgroup';
+replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
+error ER_ACCESS_DENIED_ERROR;
+connect (con1,localhost,nosuchuser,,);
+DROP USER nosuchgroup;
+
+# Group with no members, NULL SID
+CREATE USER 'nullsid' IDENTIFIED WITH gssapi AS 'SID:S-1-0-0';
+replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
+error ER_ACCESS_DENIED_ERROR;
+connect (con1,localhost,nullsid,,);
+DROP USER nullsid;
+
+
+# Anonymous
+CREATE USER 'anonymous' IDENTIFIED WITH gssapi AS 'SID:AN';
+replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
+error ER_ACCESS_DENIED_ERROR;
+connect (con1,localhost,anonymous,,);
+DROP USER anonymous;
+
+
+# Positive tests
+
+# Everyone group
+CREATE USER 'group_everyone' IDENTIFIED WITH gssapi AS 'GROUP:Everyone';
+replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
+connect (con1,localhost,group_everyone,,);
+disconnect con1;
+connection default;
+DROP USER group_everyone;
+
+# Everyone AS well-known SID name
+CREATE USER 'sid_wd' IDENTIFIED WITH gssapi AS 'SID:WD';
+replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
+connect (con1,localhost,sid_wd,,);
+disconnect con1;
+connection default;
+DROP USER sid_wd;
+
+# Everyone AS SID S-1-1-0
+CREATE USER 'S_1_1_0' IDENTIFIED WITH gssapi AS 'SID:S-1-1-0';
+replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
+connect (con1,localhost,S_1_1_0,,);
+disconnect con1;
+connection default;
+DROP USER S_1_1_0;
+
+replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME;
+eval CREATE USER 'me_short' IDENTIFIED WITH gssapi AS 'GROUP:$GSSAPI_SHORTNAME';
+replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
+connect (con1,localhost,me_short,,);
+disconnect con1;
+connection default;
+DROP USER me_short;
+
+
+replace_result $SID MY-SID;
+eval CREATE USER 'me_sid' IDENTIFIED WITH gssapi AS 'SID:$SID';
+replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
+connect (con1,localhost,me_sid,,);
+disconnect con1;
+connection default;
+DROP USER me_sid; \ No newline at end of file
diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.result b/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.result
new file mode 100644
index 00000000..41d27073
--- /dev/null
+++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.result
@@ -0,0 +1,30 @@
+CREATE USER 'nosuchuser' IDENTIFIED WITH gssapi OR mysql_native_password as password("good");
+connect(localhost,nosuchuser,,test,MASTER_MYPORT,MASTER_MYSOCK);
+connect con1,localhost,nosuchuser,,;
+ERROR 28000: Access denied for user 'nosuchuser'@'localhost' (using password: NO)
+connect con1,localhost,nosuchuser,good,;
+SELECT USER(),CURRENT_USER();
+USER() CURRENT_USER()
+nosuchuser@localhost nosuchuser@%
+disconnect con1;
+connection default;
+DROP USER nosuchuser;
+CREATE USER 'nosuchuser' IDENTIFIED WITH mysql_native_password as password("good") OR gssapi;
+connect(localhost,nosuchuser,,test,MASTER_MYPORT,MASTER_MYSOCK);
+connect con1,localhost,nosuchuser,,;
+ERROR 28000: GSSAPI name mismatch, requested 'nosuchuser', actual name 'GSSAPI_SHORTNAME'
+connect con1,localhost,nosuchuser,good,;
+SELECT USER(),CURRENT_USER();
+USER() CURRENT_USER()
+nosuchuser@localhost nosuchuser@%
+disconnect con1;
+connection default;
+DROP USER nosuchuser;
+CREATE USER 'GSSAPI_SHORTNAME' IDENTIFIED WITH mysql_native_password as password("good") OR gssapi;
+connect con1,localhost,$GSSAPI_SHORTNAME,,;
+SELECT USER(),CURRENT_USER();
+USER() CURRENT_USER()
+GSSAPI_SHORTNAME@localhost GSSAPI_SHORTNAME@%
+disconnect con1;
+connection default;
+DROP USER 'GSSAPI_SHORTNAME';
diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.test b/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.test
new file mode 100644
index 00000000..0257946b
--- /dev/null
+++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/multiauth.test
@@ -0,0 +1,32 @@
+# gssapi,password
+CREATE USER 'nosuchuser' IDENTIFIED WITH gssapi OR mysql_native_password as password("good");
+replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
+error ER_ACCESS_DENIED_ERROR;
+connect (con1,localhost,nosuchuser,,);
+connect (con1,localhost,nosuchuser,good,);
+SELECT USER(),CURRENT_USER();
+disconnect con1;
+connection default;
+DROP USER nosuchuser;
+
+# password,gssapi
+CREATE USER 'nosuchuser' IDENTIFIED WITH mysql_native_password as password("good") OR gssapi;
+replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT $GSSAPI_SHORTNAME GSSAPI_SHORTNAME;
+error ER_ACCESS_DENIED_ERROR;
+connect (con1,localhost,nosuchuser,,);
+connect (con1,localhost,nosuchuser,good,);
+SELECT USER(),CURRENT_USER();
+disconnect con1;
+connection default;
+DROP USER nosuchuser;
+
+replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME;
+eval CREATE USER '$GSSAPI_SHORTNAME' IDENTIFIED WITH mysql_native_password as password("good") OR gssapi;
+connect (con1,localhost,$GSSAPI_SHORTNAME,,);
+replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME;
+SELECT USER(),CURRENT_USER();
+disconnect con1;
+connection default;
+replace_result $GSSAPI_SHORTNAME GSSAPI_SHORTNAME;
+eval DROP USER '$GSSAPI_SHORTNAME';
+
diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.opt b/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.opt
new file mode 100644
index 00000000..c9a5d522
--- /dev/null
+++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.opt
@@ -0,0 +1 @@
+--loose-gssapi=ON --loose-gssapi-keytab-path=$GSSAPI_KEYTAB_PATH --loose-gssapi-principal-name=$GSSAPI_PRINCIPAL_NAME --plugin-load-add=$AUTH_GSSAPI_SO
diff --git a/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.pm b/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.pm
new file mode 100644
index 00000000..af13b76e
--- /dev/null
+++ b/plugin/auth_gssapi/mysql-test/auth_gssapi/suite.pm
@@ -0,0 +1,53 @@
+
+package My::Suite::AuthGSSAPI;
+
+@ISA = qw(My::Suite);
+
+return "No AUTH_GSSAPI plugin" unless ($ENV{AUTH_GSSAPI_SO} or $::mysqld_variables{gssapi} eq "ON");
+
+return "Not run for embedded server" if $::opt_embedded_server;
+
+# Following environment variables may need to be set
+if ($^O eq "MSWin32")
+{
+ chomp(my $whoami =`whoami /UPN 2>NUL` || `whoami`);
+ my $fullname = $whoami;
+ $fullname =~ s/\\/\\\\/; # SQL escaping for backslash
+ $ENV{'GSSAPI_FULLNAME'} = $fullname;
+ $ENV{'GSSAPI_SHORTNAME'} = $ENV{'USERNAME'};
+ chomp(my $sid = `powershell -Command "([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value"`);
+ $ENV{'SID'} = $sid;
+
+}
+else
+{
+ if (!$ENV{'GSSAPI_FULLNAME'})
+ {
+ my $s = `klist 2>/dev/null |grep 'Default principal: '`;
+ if ($s)
+ {
+ chomp($s);
+ my $fullname = substr($s,19);
+ $ENV{'GSSAPI_FULLNAME'} = $fullname;
+ }
+ }
+ $ENV{'GSSAPI_SHORTNAME'} = (split /@/, $ENV{'GSSAPI_FULLNAME'}) [0];
+}
+
+
+if (!$ENV{'GSSAPI_FULLNAME'} || !$ENV{'GSSAPI_SHORTNAME'})
+{
+ return "Environment variable GSSAPI_SHORTNAME and GSSAPI_FULLNAME need to be set"
+}
+
+if ($::opt_verbose)
+{
+ foreach $var ('GSSAPI_SHORTNAME','GSSAPI_FULLNAME','GSSAPI_KEYTAB_PATH','GSSAPI_PRINCIPAL_NAME')
+ {
+ print "$var=$ENV{$var}\n";
+ }
+}
+sub is_default { 1 }
+
+bless { };
+