1--TEST-- 2PAM: SHA-256, option: MYSQLI_SERVER_PUBLIC_KEY (invalid) 3--SKIPIF-- 4<?php 5require_once('skipif.inc'); 6require_once('skipifemb.inc'); 7require_once('skipifconnectfailure.inc'); 8 9ob_start(); 10phpinfo(INFO_MODULES); 11$tmp = ob_get_contents(); 12ob_end_clean(); 13if (!stristr($tmp, "auth_plugin_sha256_password")) 14 die("skip SHA256 auth plugin not built-in to mysqlnd"); 15 16require_once('connect.inc'); 17if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) 18 die(printf("skip: [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error())); 19 20if (mysqli_get_server_version($link) < 50606) 21 die("skip: SHA-256 requires MySQL 5.6.6+"); 22 23if (!($res = $link->query("SHOW PLUGINS"))) { 24 die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); 25} 26 27$found = false; 28while ($row = $res->fetch_assoc()) { 29 if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) { 30 $found = true; 31 break; 32 } 33} 34if (!$found) 35 die("skip SHA-256 server plugin unavailable"); 36 37if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) { 38 die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); 39} 40 41if (!($row = $res->fetch_assoc())) { 42 die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error)); 43} 44 45if (strlen($row['Value']) < 100) { 46 die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error)); 47} 48 49/* date changes may give false positive */ 50$file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); 51if ((file_exists($file) && !unlink($file)) || !($fp = @fopen($file, "w"))) { 52 die(sprintf("skip Cannot create RSA pub key file '%s'", $file)); 53} 54if (strlen($row['Value']) != fwrite($fp, $row['Value'])) { 55 die(sprintf("skip Failed to create pub key file")); 56} 57 58 59if (!$link->query("SET @@session.old_passwords=2")) { 60 die(sprintf("skip Cannot set @@session.old_passwords=2 [%d] %s", $link->errno, $link->error)); 61} 62 63$link->query('DROP USER shatest'); 64$link->query("DROP USER shatest@localhost"); 65 66 67if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') || 68 !$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) { 69 die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error)); 70} 71 72if (!$link->query('SET PASSWORD FOR shatest@"%" = PASSWORD("shatest")') || 73 !$link->query('SET PASSWORD FOR shatest@"localhost" = PASSWORD("shatest")')) { 74 die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error)); 75} 76 77if (!$link->query("DROP TABLE IF EXISTS test") || 78 !$link->query("CREATE TABLE test (id INT)") || 79 !$link->query("INSERT INTO test(id) VALUES (1), (2), (3)")) 80 die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error)); 81 82 83if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) || 84 !$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) { 85 die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link))); 86} 87 88$link->close(); 89?> 90--FILE-- 91<?php 92 require_once("connect.inc"); 93 94 function sha_connect($offset, $host, $db, $port, $socket, $file) { 95 96 $link = mysqli_init(); 97 if (!($link->options(MYSQLI_SERVER_PUBLIC_KEY, $file))) { 98 printf("[%03d + 001] mysqli_options failed, [%d] %s\n", $offset, $link->errno, $link->error); 99 return false; 100 } 101 102 if (!$link->real_connect($host, 'shatest', 'shatest', $db, $port, $socket)) { 103 printf("[%03d + 002] [%d] %s\n", $offset, $link->connect_errno, $link->connect_error); 104 return false; 105 } 106 107 if (!$res = $link->query("SELECT id FROM test WHERE id = 1")) 108 printf("[%03d + 003] [%d] %s\n", $offset, $link->errno, $link->error); 109 return false; 110 111 if (!$row = mysqli_fetch_assoc($res)) { 112 printf("[%03d + 004] [%d] %s\n", $offset, $link->errno, $link->error); 113 return false; 114 } 115 116 if ($row['id'] != 1) { 117 printf("[%03d + 005] Expecting 1 got %s/'%s'", $offset, gettype($row['id']), $row['id']); 118 return false; 119 } 120 121 $res->close(); 122 $link->close(); 123 return true; 124 } 125 126 $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); 127 if (file_exists($file) && is_readable($file)) { 128 129 /* valid key */ 130 sha_connect(100, $host, $db, $port, $socket, $file); 131 132 /* invalid key */ 133 $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd")); 134 135 $key = file_get_contents($file); 136 $key = str_replace("A", "a", $key); 137 $key = str_replace("M", "m", $key); 138 @unlink($file_wrong); 139 if (!($fp = fopen($file_wrong, "w"))) { 140 printf("[002] Can't write public key file."); 141 } else { 142 fwrite($fp, $key); 143 fclose($fp); 144 sha_connect(200, $host, $db, $port, $socket, $file_wrong); 145 } 146 147 /* empty file */ 148 @unlink($file_wrong); 149 if (!($fp = fopen($file_wrong, "w"))) { 150 printf("[003] Can't write public key file."); 151 } else { 152 fwrite($fp, ""); 153 fclose($fp); 154 sha_connect(300, $host, $db, $port, $socket, $file_wrong); 155 } 156 157 /* file does not exist */ 158 @unlink($file_wrong); 159 sha_connect(400, $host, $db, $port, $socket, $file_wrong); 160 161 } else { 162 printf("[001] Cannot read public key file."); 163 } 164 165 print "done!"; 166?> 167--CLEAN-- 168<?php 169 require_once("clean_table.inc"); 170 $link->query('DROP USER shatest'); 171 $link->query('DROP USER shatest@localhost'); 172 $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); 173 @unlink($file); 174 $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd")); 175 @unlink($file_wrong); 176?> 177--EXPECTF-- 178Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d 179[200 + 002] [1045] %s 180 181Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d 182[300 + 002] [1045] %s 183 184Warning: mysqli::real_connect(%sest_sha256_wrong_%d): failed to open stream: No such file or directory in %s on line %d 185 186Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d 187[400 + 002] [1045] %s 188done!