1--TEST--
2PAM: SHA-256, option: MYSQLI_SERVER_PUBLIC_KEY (invalid)
3--EXTENSIONS--
4mysqli
5--SKIPIF--
6<?php
7require_once('skipifconnectfailure.inc');
8
9ob_start();
10phpinfo(INFO_MODULES);
11$tmp = ob_get_contents();
12ob_end_clean();
13if (!stristr($tmp, "auth_plugin_sha256_password"))
14    die("skip SHA256 auth plugin not built-in to mysqlnd");
15
16require_once('connect.inc');
17if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket))
18        die(printf("skip: [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error()));
19
20if (mysqli_get_server_version($link) < 50606)
21    die("skip: SHA-256 requires MySQL 5.6.6+");
22
23if (!($res = $link->query("SHOW PLUGINS"))) {
24    die(sprintf("skip [%d] %s\n", $link->errno, $link->error));
25}
26
27$found = false;
28while ($row = $res->fetch_assoc()) {
29    if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) {
30        $found = true;
31        break;
32    }
33}
34if (!$found)
35    die("skip SHA-256 server plugin unavailable");
36
37if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) {
38    die(sprintf("skip [%d] %s\n", $link->errno, $link->error));
39}
40
41if (!($row = $res->fetch_assoc())) {
42    die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error));
43}
44
45if (strlen($row['Value']) < 100) {
46    die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error));
47}
48
49/* date changes may give false positive */
50$file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd"));
51if ((file_exists($file) && !unlink($file)) || !($fp = @fopen($file, "w"))) {
52    die(sprintf("skip Cannot create RSA pub key file '%s'", $file));
53}
54if (strlen($row['Value']) != fwrite($fp, $row['Value'])) {
55    die(sprintf("skip Failed to create pub key file"));
56}
57
58// Ignore errors because this variable exists only in MySQL 5.6 and 5.7
59$link->query("SET @@session.old_passwords=2");
60
61$link->query('DROP USER shatest');
62$link->query("DROP USER shatest@localhost");
63
64
65if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') ||
66    !$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) {
67    die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error));
68}
69
70if (!$link->query('SET PASSWORD FOR shatest@"%" = "shatest"') ||
71    !$link->query('SET PASSWORD FOR shatest@"localhost" = "shatest"')) {
72    die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error));
73}
74
75if (!$link->query("DROP TABLE IF EXISTS test") ||
76    !$link->query("CREATE TABLE test (id INT)") ||
77    !$link->query("INSERT INTO test(id) VALUES (1), (2), (3)"))
78    die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error));
79
80
81if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) ||
82    !$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) {
83    die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link)));
84}
85
86$link->close();
87echo "nocache";
88?>
89--FILE--
90<?php
91    require_once("connect.inc");
92
93    function sha_connect($offset, $host, $db, $port, $socket, $file) {
94
95        $link = mysqli_init();
96        if (!($link->options(MYSQLI_SERVER_PUBLIC_KEY, $file))) {
97            printf("[%03d + 001] mysqli_options failed, [%d] %s\n", $offset, $link->errno, $link->error);
98            return false;
99        }
100
101        if (!$link->real_connect($host, 'shatest', 'shatest', $db, $port, $socket)) {
102            printf("[%03d + 002] [%d] %s\n", $offset, $link->connect_errno, $link->connect_error);
103            return false;
104        }
105
106        if (!$res = $link->query("SELECT id FROM test WHERE id = 1"))
107            printf("[%03d + 003] [%d] %s\n", $offset, $link->errno, $link->error);
108            return false;
109
110        if (!$row = mysqli_fetch_assoc($res)) {
111            printf("[%03d + 004] [%d] %s\n", $offset, $link->errno, $link->error);
112            return false;
113        }
114
115        if ($row['id'] != 1) {
116            printf("[%03d + 005] Expecting 1 got %s/'%s'", $offset, gettype($row['id']), $row['id']);
117            return false;
118        }
119
120        $res->close();
121        $link->close();
122        return true;
123    }
124
125    $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd"));
126    if (file_exists($file) && is_readable($file)) {
127
128        /* valid key */
129        sha_connect(100, $host, $db, $port, $socket, $file);
130
131        /* invalid key */
132        $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd"));
133
134        $key = file_get_contents($file);
135        $key = str_replace("A", "a", $key);
136        $key = str_replace("M", "m", $key);
137        @unlink($file_wrong);
138        if (!($fp = fopen($file_wrong, "w"))) {
139            printf("[002] Can't write public key file.");
140        } else {
141            fwrite($fp, $key);
142            fclose($fp);
143            sha_connect(200, $host, $db, $port, $socket, $file_wrong);
144        }
145
146        /* empty file */
147        @unlink($file_wrong);
148        if (!($fp = fopen($file_wrong, "w"))) {
149            printf("[003] Can't write public key file.");
150        } else {
151            fwrite($fp, "");
152            fclose($fp);
153            sha_connect(300, $host, $db, $port, $socket, $file_wrong);
154        }
155
156        /* file does not exist */
157        @unlink($file_wrong);
158        sha_connect(400, $host, $db, $port, $socket, $file_wrong);
159
160    } else {
161        printf("[001] Cannot read public key file.");
162    }
163
164    print "done!";
165?>
166--CLEAN--
167<?php
168    require_once("clean_table.inc");
169    $link->query('DROP USER shatest');
170    $link->query('DROP USER shatest@localhost');
171    $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd"));
172    @unlink($file);
173    $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd"));
174    @unlink($file_wrong);
175?>
176--EXPECTF--
177Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d
178[200 + 002] [1045] %s
179
180Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d
181[300 + 002] [1045] %s
182
183Warning: mysqli::real_connect(%sest_sha256_wrong_%d): Failed to open stream: No such file or directory in %s on line %d
184
185Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d
186[400 + 002] [1045] %s
187done!
188