polardbxengine/mysql-test/suite/auth_sec/t/server_withssl_client_withs...

277 lines
14 KiB
Plaintext

###############################################################################
# #
# Authorization and authentication of the key-value pair shared between #
# the server and the client when server is started with open SSL and client #
# is connected with SSL #
# #
# #
# Creation Date: 2012-12-20 #
# Author : Tanjot Singh Uppal #
# #
# #
# Description:Test Cases of validates the authentication of the handshake #
# information when server started with open SSL and client started with SSL #
# #
###############################################################################
let $crllen=`select length(trim(coalesce(@@ssl_crl, ''))) + length(trim(coalesce(@@ssl_crlpath, '')))`;
if (!$crllen)
{
skip Needs OpenSSL;
}
# This test will intentionally generate errors in the server error log
# when a broken password is inserted into the mysql.user table.
# The below suppression is to clear those errors.
--disable_query_log
call mtr.add_suppression(".*Password salt for user.*");
--enable_query_log
--disable_query_log
call mtr.add_suppression(".*SSL.*");
--enable_query_log
# The default authentication plugin at the server side is mysql_native_password
--echo
--echo
--echo ======================================================================================
--echo Checking the user access with SSL through user created with mysql_native_password plugin
--echo ======================================================================================
--echo
# Creating a user at localhost with mysql_native_password plugin
--echo Creating a user with the mysql_native_plugin
CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_native_password';
set password for 'Tanjotuser1'@'localhost' = 'abc';
GRANT ALL on *.* to 'Tanjotuser1'@'localhost';
# Trying connecting the client with the mysql_native_password user with the SSL credentials.
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=mysql_native_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
# Trying connecting the client with the mysql_native_password user with the SSL credentials.
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=mysql_native_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
# Dropping the created users
DROP USER 'Tanjotuser1'@'localhost';
--echo
--echo
--echo ======================================================================================
--echo Checking the user access with SSL through user created with sha256_password plugin
--echo ======================================================================================
--echo
# Creating a user at localhost with sha256_password plugin
--echo Creating a user with the sha256_password plugin
CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'sha256_password';
set password for 'Tanjotuser1'@'localhost' = 'abc';
GRANT ALL on *.* to 'Tanjotuser1'@'localhost';
# Trying connecting the client with the sha256_password user with the SSL credentials.
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=mysql_native_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
# Trying connecting the client with the sha256_password user with the SSL credentials.
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=mysql_native_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
# Dropping the created users
DROP USER 'Tanjotuser1'@'localhost';
--echo
--echo
--echo =================================================================================================
--echo Starting the server with the default authentication sha256_password
--echo =================================================================================================
--echo
--echo # Restart server with default-authentication-plugin=sha256_password;
let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
--exec echo "wait" > $restart_file
--shutdown_server
--source include/wait_until_disconnected.inc
-- exec echo "restart:--default-authentication-plugin=sha256_password " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
-- enable_reconnect
-- source include/wait_until_connected_again.inc
--echo
--echo
--echo ======================================================================================
--echo Checking the user access with SSL through user created with mysql_native_password plugin
--echo ======================================================================================
--echo
# Creating a user at localhost with mysql_native_password plugin
--echo Creating a user with the mysql_old_plugin
CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_native_password';
set password for 'Tanjotuser1'@'localhost' = 'abc';
GRANT ALL on *.* to 'Tanjotuser1'@'localhost';
# Trying connecting the client with the mysql_native_password user with the SSL credentials.
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=mysql_native_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
# Trying connecting the client with the mysql_native_password user with the SSL credentials.
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=mysql_native_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
# Dropping the created users
DROP USER 'Tanjotuser1'@'localhost';
--echo
--echo
--echo ======================================================================================
--echo Checking the user access with SSL through user created with sha256_password plugin
--echo ======================================================================================
--echo
# Creating a user at localhost with sha256_password plugin
--echo Creating a user with the sha256_plugin
CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'sha256_password';
set password for 'Tanjotuser1'@'localhost' = 'abc';
GRANT ALL on *.* to 'Tanjotuser1'@'localhost';
# Trying connecting the client with the sha256_password user with the SSL credentials.
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo 2 for GLOBAL Expected
--echo 2 for SESSION Expected
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=mysql_native_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo 2 for GLOBAL Expected
--echo 2 for SESSION Expected
# Below section is hased out till Bug #16048665 is fixed
#--echo **** connecting client using the ssl credentials
#--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
#--echo 2 for GLOBAL Expected
#--echo 2 for SESSION Expected
# Trying connecting the client with the sha256_password user with the SSL credentials.
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo 2 for GLOBAL Expected
--echo 2 for SESSION Expected
--echo **** connecting client using the ssl credentials
--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=mysql_native_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
--echo 2 for GLOBAL Expected
--echo 2 for SESSION Expected
# Below section is hased out till Bug #16048665 is fixed
#--echo **** connecting client using the ssl credentials
#--exec $MYSQL -uTanjotuser1 -hlocalhost -pabc --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem -e "select current_user()"
#--echo 2 for GLOBAL Expected
#--echo 2 for SESSION Expected
# Dropping the created users
DROP USER 'Tanjotuser1'@'localhost';