1--TEST-- 2PAM: SHA-256, mysqlnd.sha256_server_public_key 3--SKIPIF-- 4<?php 5require_once('skipif.inc'); 6require_once('skipifemb.inc'); 7require_once('skipifconnectfailure.inc'); 8 9ob_start(); 10phpinfo(INFO_MODULES); 11$tmp = ob_get_contents(); 12ob_end_clean(); 13if (!stristr($tmp, "auth_plugin_sha256_password")) 14 die("skip SHA256 auth plugin not built-in to mysqlnd"); 15 16require_once('connect.inc'); 17if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) 18 die(printf("skip: [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error())); 19 20if (mysqli_get_server_version($link) < 50606) 21 die("skip: SHA-256 requires MySQL 5.6.6+"); 22 23if (!($res = $link->query("SHOW PLUGINS"))) { 24 die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); 25} 26 27$found = false; 28while ($row = $res->fetch_assoc()) { 29 if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) { 30 $found = true; 31 break; 32 } 33} 34if (!$found) 35 die("skip SHA-256 server plugin unavailable"); 36 37if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) { 38 die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); 39} 40 41if (!($row = $res->fetch_assoc())) { 42 die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error)); 43} 44 45$key = $row['Value']; 46if (strlen($key) < 100) { 47 die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error)); 48} 49 50/* date changes may give false positive */ 51$file = "test_sha256_ini"; 52if ((file_exists($file) && !unlink($file)) || !($fp = @fopen($file, "w"))) { 53 die(sprintf("skip Cannot create RSA pub key file '%s'", $file)); 54} 55$key = str_replace("A", "a", $key); 56$key = str_replace("M", "m", $key); 57if (strlen($key) != fwrite($fp, $key)) { 58 die(sprintf("skip Failed to create pub key file")); 59} 60 61 62if (!$link->query("SET @@session.old_passwords=2")) { 63 die(sprintf("skip Cannot set @@session.old_passwords=2 [%d] %s", $link->errno, $link->error)); 64} 65 66$link->query('DROP USER shatest'); 67$link->query("DROP USER shatest@localhost"); 68 69 70if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') || 71 !$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) { 72 die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error)); 73} 74 75if (!$link->query('SET PASSWORD FOR shatest@"%" = PASSWORD("shatest")') || 76 !$link->query('SET PASSWORD FOR shatest@"localhost" = PASSWORD("shatest")')) { 77 die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error)); 78} 79 80if (!$link->query("DROP TABLE IF EXISTS test") || 81 !$link->query("CREATE TABLE test (id INT)") || 82 !$link->query("INSERT INTO test(id) VALUES (1), (2), (3)")) 83 die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error)); 84 85 86if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) || 87 !$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) { 88 die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link))); 89} 90 91$link->close(); 92?> 93--INI-- 94mysqlnd.sha256_server_public_key="test_sha256_ini" 95--FILE-- 96<?php 97 require_once("connect.inc"); 98 99 100 $link = new mysqli($host, 'shatest', 'shatest', $db, $port, $socket); 101 if ($link->connect_errno) { 102 printf("[001] [%d] %s\n", $link->connect_errno, $link->connect_error); 103 } else { 104 if (!$res = $link->query("SELECT id FROM test WHERE id = 1")) 105 printf("[002] [%d] %s\n", $link->errno, $link->error); 106 107 if (!$row = mysqli_fetch_assoc($res)) { 108 printf("[003] [%d] %s\n", $link->errno, $link->error); 109 } 110 111 if ($row['id'] != 1) { 112 printf("[004] Expecting 1 got %s/'%s'", gettype($row['id']), $row['id']); 113 } 114 } 115 print "done!"; 116?> 117--CLEAN-- 118<?php 119 require_once("clean_table.inc"); 120 $link->query('DROP USER shatest'); 121 $link->query('DROP USER shatest@localhost'); 122 $file = "test_sha256_ini"; 123 @unlink($file); 124?> 125--EXPECTF-- 126 127Warning: mysqli::mysqli(): (HY000/1045): %s in %s on line %d 128[001] [1045] %s 129done!