1--TEST-- 2PAM: SHA-256, mysqlnd.sha256_server_public_key 3--EXTENSIONS-- 4mysqli 5--SKIPIF-- 6<?php 7ob_start(); 8phpinfo(INFO_MODULES); 9$tmp = ob_get_contents(); 10ob_end_clean(); 11if (!stristr($tmp, "auth_plugin_sha256_password")) 12 die("skip SHA256 auth plugin not built-in to mysqlnd"); 13 14require_once 'connect.inc'; 15if (!$link = @my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) 16 die(sprintf("skip Can't connect to MySQL Server - [%d] %s", mysqli_connect_errno(), mysqli_connect_error())); 17 18if (mysqli_get_server_version($link) < 50606) 19 die("skip: SHA-256 requires MySQL 5.6.6+"); 20 21if (!($res = $link->query("SHOW PLUGINS"))) { 22 die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); 23} 24 25$found = false; 26while ($row = $res->fetch_assoc()) { 27 if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) { 28 $found = true; 29 break; 30 } 31} 32if (!$found) 33 die("skip SHA-256 server plugin unavailable"); 34 35if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) { 36 die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); 37} 38 39if (!($row = $res->fetch_assoc())) { 40 die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error)); 41} 42 43$key = $row['Value']; 44if (strlen($key) < 100) { 45 die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error)); 46} 47 48/* date changes may give false positive */ 49$file = "test_sha256_ini"; 50if ((file_exists($file) && !unlink($file)) || !($fp = @fopen($file, "w"))) { 51 die(sprintf("skip Cannot create RSA pub key file '%s'", $file)); 52} 53$key = str_replace("A", "a", $key); 54$key = str_replace("M", "m", $key); 55if (strlen($key) != fwrite($fp, $key)) { 56 die(sprintf("skip Failed to create pub key file")); 57} 58 59// Ignore errors because this variable exists only in MySQL 5.6 and 5.7 60$link->query("SET @@session.old_passwords=2"); 61 62$link->query('DROP USER shatest'); 63$link->query("DROP USER shatest@localhost"); 64 65 66if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') || 67 !$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) { 68 die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error)); 69} 70 71if (!$link->query('SET PASSWORD FOR shatest@"%" = "shatest"') || 72 !$link->query('SET PASSWORD FOR shatest@"localhost" = "shatest"')) { 73 die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error)); 74} 75 76if (!$link->query("DROP TABLE IF EXISTS test") || 77 !$link->query("CREATE TABLE test (id INT)") || 78 !$link->query("INSERT INTO test(id) VALUES (1), (2), (3)")) 79 die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error)); 80 81 82if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) || 83 !$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) { 84 die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link))); 85} 86 87$link->close(); 88echo "nocache"; 89?> 90--INI-- 91mysqlnd.sha256_server_public_key="test_sha256_ini" 92--FILE-- 93<?php 94 require_once 'connect.inc'; 95 96 97 $link = new mysqli($host, 'shatest', 'shatest', $db, $port, $socket); 98 if ($link->connect_errno) { 99 printf("[001] [%d] %s\n", $link->connect_errno, $link->connect_error); 100 } else { 101 if (!$res = $link->query("SELECT id FROM test WHERE id = 1")) 102 printf("[002] [%d] %s\n", $link->errno, $link->error); 103 104 if (!$row = mysqli_fetch_assoc($res)) { 105 printf("[003] [%d] %s\n", $link->errno, $link->error); 106 } 107 108 if ($row['id'] != 1) { 109 printf("[004] Expecting 1 got %s/'%s'", gettype($row['id']), $row['id']); 110 } 111 } 112 print "done!"; 113?> 114--CLEAN-- 115<?php 116 require_once 'clean_table.inc'; 117 $link->query('DROP USER shatest'); 118 $link->query('DROP USER shatest@localhost'); 119 $file = "test_sha256_ini"; 120 @unlink($file); 121?> 122--EXPECTF-- 123Warning: mysqli::__construct(): (HY000/1045): %s in %s on line %d 124[001] [1045] %s 125done! 126
