mysqltest: support MARIADB_OPT_RESTRICTED_AUTH

C/C 3.4 disables mysql_old_password by default, so add an option for the `connect` command to support specifying allowed authentication plugins (MARIADB_OPT_RESTRICTED_AUTH). use it to enable mysql_old_password when needed for testing
MariaDB · Apr 22, 2024 · 3f91821 · 3f91821
1 parent 5d74e43
commit 3f91821
Show file tree

Hide file tree

Showing 12 changed files with 59 additions and 39 deletions.
diff --git a/client/mysqltest.cc b/client/mysqltest.cc
@@ -6030,7 +6030,7 @@ void do_connect(struct st_command *command)
  int read_timeout= 0;
  int write_timeout= 0;
  int connect_timeout= 0;
- char *csname=0;
+ char *csname=0, *rauth __attribute__((unused))= 0;
  struct st_connection* con_slot;
  my_bool default_db;
 
@@ -6157,6 +6157,10 @@ void do_connect(struct st_command *command)
  {
  csname= strdup(con_options + sizeof("CHARSET=") - 1);
  }
+ else if (strncasecmp(con_options, STRING_WITH_LEN("auth=")) == 0)
+ {
+ rauth= strdup(con_options + sizeof("auth=") - 1);
+ }
  else
  die("Illegal option to connect: %.*b",
  (int) (end - con_options), con_options);
@@ -6195,8 +6199,10 @@ void do_connect(struct st_command *command)
  if (opt_charsets_dir)
  mysql_options(con_slot->mysql, MYSQL_SET_CHARSET_DIR,
  opt_charsets_dir);
+#ifndef EMBEDDED_LIBRARY
+ if (rauth)
+ mysql_options(con_slot->mysql, MARIADB_OPT_RESTRICTED_AUTH, rauth);
 
-#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
  set_ssl_opts(con_slot->mysql, con_ssl == USE_SSL_FORBIDDEN ? 0 :
  con_ssl == USE_SSL_REQUIRED ? 1 : opt_use_ssl,
  ssl_cipher ? ssl_cipher : opt_ssl_cipher);
@@ -6273,6 +6279,7 @@ void do_connect(struct st_command *command)
  dynstr_free(&ds_options);
  dynstr_free(&ds_default_auth);
  free(csname);
+ free(rauth);
  DBUG_VOID_RETURN;
 }
 

diff --git a/mysql-test/main/change_user.result b/mysql-test/main/change_user.result
@@ -1,3 +1,4 @@
+connect old,localhost,root,,,,,auth=mysql_old_password:mysql_native_password;
 set global secure_auth=0;
 Warnings:
 Warning 1287 '@@secure_auth' is deprecated and will be removed in a future release

diff --git a/mysql-test/main/change_user.test b/mysql-test/main/change_user.test
@@ -1,5 +1,9 @@
 # This test is checking that old password authentication works
 --disable_service_connection
+
+# connect with mysql_old_password enabled
+connect old,localhost,root,,,,,auth=mysql_old_password:mysql_native_password;
+
 set global secure_auth=0;
 #
 # functional change user tests

diff --git a/mysql-test/main/connect.result b/mysql-test/main/connect.result
@@ -112,8 +112,8 @@ flush privileges;
 show grants for test@localhost;
 Grants for test@localhost
 GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test`@`localhost` IDENTIFIED BY PASSWORD '2f27438961437573'
-connect  con10,localhost,test,gambling2,;
-connect  con5,localhost,test,gambling2,mysql;
+connect con10,localhost,test,gambling2,,,,auth=mysql_old_password:mysql_native_password;
+connect con5,localhost,test,gambling2,mysql,,,auth=mysql_old_password:mysql_native_password;
 set password="";
 set password='gambling3';
 ERROR HY000: Password hash should be a 41-digit hexadecimal number
@@ -152,24 +152,24 @@ time_zone_transition_type
 transaction_registry
 user
 user_bak
-connect con6,localhost,test,gambling3,test;
+connect con6,localhost,test,gambling3,test,,,auth=mysql_old_password:mysql_native_password;
 show tables;
 Tables_in_test
 connection default;
 disconnect con10;
 disconnect con5;
 disconnect con6;
 connect(localhost,test,,test2,MASTER_PORT,MASTER_SOCKET);
-connect fail_con,localhost,test,,test2;
+connect fail_con,localhost,test,,test2,,,auth=mysql_old_password:mysql_native_password;
 ERROR 28000: Access denied for user 'test'@'localhost' (using password: NO)
 connect(localhost,test,,test,MASTER_PORT,MASTER_SOCKET);
-connect fail_con,localhost,test,,;
+connect fail_con,localhost,test,,,,,auth=mysql_old_password:mysql_native_password;
 ERROR 28000: Access denied for user 'test'@'localhost' (using password: NO)
 connect(localhost,test,zorro,test2,MASTER_PORT,MASTER_SOCKET);
-connect fail_con,localhost,test,zorro,test2;
+connect fail_con,localhost,test,zorro,test2,,,auth=mysql_old_password:mysql_native_password;
 ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
 connect(localhost,test,zorro,test,MASTER_PORT,MASTER_SOCKET);
-connect fail_con,localhost,test,zorro,;
+connect fail_con,localhost,test,zorro,,,,auth=mysql_old_password:mysql_native_password;
 ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
 # switching back from mysql.user to mysql.global_priv
 delete from mysql.user where user=_binary"test";
@@ -353,9 +353,9 @@ user() current_user()
 mysqltest_up1@localhost mysqltest_up1@%
 disconnect pcon2;
 connect(localhost,mysqltest_up2,newpw,test,MASTER_PORT,MASTER_SOCKET);
-connect pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,;
+connect pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password;
 ERROR 28000: Access denied for user 'mysqltest_up2'@'localhost' (using password: YES)
-connect pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,;
+connect pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password;
 select user(), current_user();
 user() current_user()
 mysqltest_up2@localhost mysqltest_up2@%
@@ -381,7 +381,7 @@ select user(), current_user();
 user() current_user()
 mysqltest_up1@localhost mysqltest_up1@%
 disconnect pcon6;
-connect pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,;
+connect pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password;
 select user(), current_user();
 user() current_user()
 mysqltest_up2@localhost mysqltest_up2@%

diff --git a/mysql-test/main/connect.test b/mysql-test/main/connect.test
@@ -70,14 +70,14 @@ update mysql.user set plugin='mysql_old_password' where user='test';
 flush privileges;
 show grants for test@localhost;
 
-connect (con10,localhost,test,gambling2,);
-connect (con5,localhost,test,gambling2,mysql);
+connect con10,localhost,test,gambling2,,,,auth=mysql_old_password:mysql_native_password;
+connect con5,localhost,test,gambling2,mysql,,,auth=mysql_old_password:mysql_native_password;
 set password="";
 --error ER_PASSWD_LENGTH
 set password='gambling3';
 set password=old_password('gambling3');
 show tables;
-connect (con6,localhost,test,gambling3,test);
+connect (con6,localhost,test,gambling3,test,,,auth=mysql_old_password:mysql_native_password);
 show tables;
 
 connection default;
@@ -87,16 +87,16 @@ disconnect con6;
 
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 --error ER_ACCESS_DENIED_ERROR
-connect (fail_con,localhost,test,,test2);
+connect (fail_con,localhost,test,,test2,,,auth=mysql_old_password:mysql_native_password);
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 --error ER_ACCESS_DENIED_ERROR
-connect (fail_con,localhost,test,,);
+connect (fail_con,localhost,test,,,,,auth=mysql_old_password:mysql_native_password);
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 --error ER_ACCESS_DENIED_ERROR
-connect (fail_con,localhost,test,zorro,test2);
+connect (fail_con,localhost,test,zorro,test2,,,auth=mysql_old_password:mysql_native_password);
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 --error ER_ACCESS_DENIED_ERROR
-connect (fail_con,localhost,test,zorro,);
+connect (fail_con,localhost,test,zorro,,,,auth=mysql_old_password:mysql_native_password);
 
 source include/switch_to_mysql_global_priv.inc;
 # remove user 'test' so that other tests which may use 'test'
@@ -379,8 +379,8 @@ disconnect pcon2;
 
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 --error ER_ACCESS_DENIED_ERROR
-connect(pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,);
-connect(pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,);
+connect(pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password);
+connect(pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password);
 select user(), current_user();
 disconnect pcon4;
 
@@ -415,7 +415,7 @@ connect(pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,);
 select user(), current_user();
 disconnect pcon6;
 
-connect(pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,);
+connect(pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password);
 select user(), current_user();
 disconnect pcon7;
 connection default;

diff --git a/mysql-test/main/connect_debug.test b/mysql-test/main/connect_debug.test
@@ -19,7 +19,7 @@ set global debug_dbug='+d,auth_invalid_plugin';
 create user 'bad' identified by 'worse';
 --replace_regex /loaded: [^\n]*/loaded: invalid plugin name/
 --error 1
---exec $MYSQL --default-auth=mysql_old_password --user=bad --password=worse 2>&1
+--exec $MYSQL --default-auth=ed25519 --user=bad --password=worse 2>&1
 set global debug_dbug=@old_dbug;
 drop user bad;
 

diff --git a/mysql-test/main/set_password.result b/mysql-test/main/set_password.result
@@ -42,17 +42,17 @@ select current_user();
 current_user()
 newpassnat@localhost
 disconnect con;
-connect con,localhost,oldauth,test,;
+connect con,localhost,oldauth,test,,,,auth=mysql_old_password:mysql_native_password;
 select current_user();
 current_user()
 oldauth@localhost
 disconnect con;
-connect con,localhost,oldpass,test,;
+connect con,localhost,oldpass,test,,,,auth=mysql_old_password:mysql_native_password;
 select current_user();
 current_user()
 oldpass@localhost
 disconnect con;
-connect con,localhost,oldpassold,test,;
+connect con,localhost,oldpassold,test,,,,auth=mysql_old_password:mysql_native_password;
 select current_user();
 current_user()
 oldpassold@localhost
@@ -74,17 +74,17 @@ select current_user();
 current_user()
 newpassnat@localhost
 disconnect con;
-connect con,localhost,oldauth,test,;
+connect con,localhost,oldauth,test,,,,auth=mysql_old_password:mysql_native_password;
 select current_user();
 current_user()
 oldauth@localhost
 disconnect con;
-connect con,localhost,oldpass,test,;
+connect con,localhost,oldpass,test,,,,auth=mysql_old_password:mysql_native_password;
 select current_user();
 current_user()
 oldpass@localhost
 disconnect con;
-connect con,localhost,oldpassold,test,;
+connect con,localhost,oldpassold,test,,,,auth=mysql_old_password:mysql_native_password;
 select current_user();
 current_user()
 oldpassold@localhost

diff --git a/mysql-test/main/set_password.test b/mysql-test/main/set_password.test
@@ -47,13 +47,13 @@ select current_user();
 --connect(con,localhost,newpassnat,test,)
 select current_user();
 --disconnect con
---connect(con,localhost,oldauth,test,)
+--connect(con,localhost,oldauth,test,,,,auth=mysql_old_password:mysql_native_password)
 select current_user();
 --disconnect con
---connect(con,localhost,oldpass,test,)
+--connect(con,localhost,oldpass,test,,,,auth=mysql_old_password:mysql_native_password)
 select current_user();
 --disconnect con
---connect(con,localhost,oldpassold,test,)
+--connect(con,localhost,oldpassold,test,,,,auth=mysql_old_password:mysql_native_password)
 select current_user();
 --disconnect con
 
@@ -70,13 +70,13 @@ select current_user();
 --connect(con,localhost,newpassnat,test,)
 select current_user();
 --disconnect con
---connect(con,localhost,oldauth,test,)
+--connect(con,localhost,oldauth,test,,,,auth=mysql_old_password:mysql_native_password)
 select current_user();
 --disconnect con
---connect(con,localhost,oldpass,test,)
+--connect(con,localhost,oldpass,test,,,,auth=mysql_old_password:mysql_native_password)
 select current_user();
 --disconnect con
---connect(con,localhost,oldpassold,test,)
+--connect(con,localhost,oldpassold,test,,,,auth=mysql_old_password:mysql_native_password)
 select current_user();
 --disconnect con
 

diff --git a/mysql-test/suite/sys_vars/r/old_passwords_func.result b/mysql-test/suite/sys_vars/r/old_passwords_func.result
@@ -21,7 +21,10 @@ SELECT CURRENT_USER();
 CURRENT_USER()
 userNewPass2@localhost
 userNewPass2@localhost Expected
-connect con3,localhost,userOldPass,pass3,;
+connect(localhost,userOldPass,pass3,test,MASTER_MYPORT,MASTER_MYSOCK);
+connect con3,localhost,userOldPass,pass3;
+ERROR HY000: Authentication plugin 'mysql_old_password' couldn't be found in restricted_auth plugin list.
+connect con3,localhost,userOldPass,pass3,,,,auth=mysql_old_password:mysql_native_password;
 SELECT CURRENT_USER();
 CURRENT_USER()
 userOldPass@localhost

diff --git a/mysql-test/suite/sys_vars/r/secure_auth_func.result b/mysql-test/suite/sys_vars/r/secure_auth_func.result
@@ -14,7 +14,7 @@ CREATE USER 'testUser'@'localhost' IDENTIFIED BY 'newpass';
 connect con_user1,localhost,testUser,newpass,;
 connection default;
 SET PASSWORD FOR 'testUser'@'localhost' = OLD_PASSWORD('newpass');
-connect con_user2,localhost,testUser,newpass,;
+connect con_user2,localhost,testUser,newpass,,,,auth=mysql_old_password:mysql_native_password;
 connection default;
 '#--------------------FN_DYNVARS_144_03-------------------------#'
 SET GLOBAL secure_auth = ON;

diff --git a/mysql-test/suite/sys_vars/t/old_passwords_func.test b/mysql-test/suite/sys_vars/t/old_passwords_func.test
@@ -61,7 +61,11 @@ connect (con2,localhost,userNewPass2,pass2,);
 SELECT CURRENT_USER();
 --echo userNewPass2@localhost Expected
 
-connect (con3,localhost,userOldPass,pass3,);
+--replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT
+--error 5010
+connect con3,localhost,userOldPass,pass3;
+connect con3,localhost,userOldPass,pass3,,,,auth=mysql_old_password:mysql_native_password;
+
 SELECT CURRENT_USER();
 --echo userOldPass@localhost Expected
 

diff --git a/mysql-test/suite/sys_vars/t/secure_auth_func.test b/mysql-test/suite/sys_vars/t/secure_auth_func.test
@@ -65,7 +65,8 @@ connection default;
 #
 SET PASSWORD FOR 'testUser'@'localhost' = OLD_PASSWORD('newpass');
 
-connect (con_user2,localhost,testUser,newpass,);
+connect (con_user2,localhost,testUser,newpass,,,,auth=mysql_old_password:mysql_native_password);
+
 
 connection default;