1--TEST-- 2PAM: SHA-256, option: MYSQLI_SERVER_PUBLIC_KEY (invalid) 3--EXTENSIONS-- 4mysqli 5--SKIPIF-- 6<?php 7ob_start(); 8phpinfo(INFO_MODULES); 9$tmp = ob_get_contents(); 10ob_end_clean(); 11if (!stristr($tmp, "auth_plugin_sha256_password")) 12 die("skip SHA256 auth plugin not built-in to mysqlnd"); 13 14require_once 'connect.inc'; 15if (!$link = @my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) 16 die(sprintf("skip Can't connect to MySQL Server - [%d] %s", mysqli_connect_errno(), mysqli_connect_error())); 17 18if (mysqli_get_server_version($link) < 50606) 19 die("skip: SHA-256 requires MySQL 5.6.6+"); 20 21if (!($res = $link->query("SHOW PLUGINS"))) { 22 die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); 23} 24 25$found = false; 26while ($row = $res->fetch_assoc()) { 27 if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) { 28 $found = true; 29 break; 30 } 31} 32if (!$found) 33 die("skip SHA-256 server plugin unavailable"); 34 35if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) { 36 die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); 37} 38 39if (!($row = $res->fetch_assoc())) { 40 die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error)); 41} 42 43if (strlen($row['Value']) < 100) { 44 die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error)); 45} 46 47/* date changes may give false positive */ 48$file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); 49if ((file_exists($file) && !unlink($file)) || !($fp = @fopen($file, "w"))) { 50 die(sprintf("skip Cannot create RSA pub key file '%s'", $file)); 51} 52if (strlen($row['Value']) != fwrite($fp, $row['Value'])) { 53 die(sprintf("skip Failed to create pub key file")); 54} 55 56// Ignore errors because this variable exists only in MySQL 5.6 and 5.7 57$link->query("SET @@session.old_passwords=2"); 58 59$link->query('DROP USER shatest'); 60$link->query("DROP USER shatest@localhost"); 61 62 63if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') || 64 !$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) { 65 die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error)); 66} 67 68if (!$link->query('SET PASSWORD FOR shatest@"%" = "shatest"') || 69 !$link->query('SET PASSWORD FOR shatest@"localhost" = "shatest"')) { 70 die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error)); 71} 72 73if (!$link->query("DROP TABLE IF EXISTS test") || 74 !$link->query("CREATE TABLE test (id INT)") || 75 !$link->query("INSERT INTO test(id) VALUES (1), (2), (3)")) 76 die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error)); 77 78 79if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) || 80 !$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) { 81 die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link))); 82} 83 84$link->close(); 85echo "nocache"; 86?> 87--FILE-- 88<?php 89 require_once "connect.inc"; 90 91 function sha_connect($offset, $host, $db, $port, $socket, $file) { 92 93 $link = mysqli_init(); 94 if (!($link->options(MYSQLI_SERVER_PUBLIC_KEY, $file))) { 95 printf("[%03d + 001] mysqli_options failed, [%d] %s\n", $offset, $link->errno, $link->error); 96 return false; 97 } 98 99 if (!$link->real_connect($host, 'shatest', 'shatest', $db, $port, $socket)) { 100 printf("[%03d + 002] [%d] %s\n", $offset, $link->connect_errno, $link->connect_error); 101 return false; 102 } 103 104 if (!$res = $link->query("SELECT id FROM test WHERE id = 1")) 105 printf("[%03d + 003] [%d] %s\n", $offset, $link->errno, $link->error); 106 return false; 107 108 if (!$row = mysqli_fetch_assoc($res)) { 109 printf("[%03d + 004] [%d] %s\n", $offset, $link->errno, $link->error); 110 return false; 111 } 112 113 if ($row['id'] != 1) { 114 printf("[%03d + 005] Expecting 1 got %s/'%s'", $offset, gettype($row['id']), $row['id']); 115 return false; 116 } 117 118 $res->close(); 119 $link->close(); 120 return true; 121 } 122 123 $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); 124 if (file_exists($file) && is_readable($file)) { 125 126 /* valid key */ 127 sha_connect(100, $host, $db, $port, $socket, $file); 128 129 /* invalid key */ 130 $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd")); 131 132 $key = file_get_contents($file); 133 $key = str_replace("A", "a", $key); 134 $key = str_replace("M", "m", $key); 135 @unlink($file_wrong); 136 if (!($fp = fopen($file_wrong, "w"))) { 137 printf("[002] Can't write public key file."); 138 } else { 139 fwrite($fp, $key); 140 fclose($fp); 141 sha_connect(200, $host, $db, $port, $socket, $file_wrong); 142 } 143 144 /* empty file */ 145 @unlink($file_wrong); 146 if (!($fp = fopen($file_wrong, "w"))) { 147 printf("[003] Can't write public key file."); 148 } else { 149 fwrite($fp, ""); 150 fclose($fp); 151 sha_connect(300, $host, $db, $port, $socket, $file_wrong); 152 } 153 154 /* file does not exist */ 155 @unlink($file_wrong); 156 sha_connect(400, $host, $db, $port, $socket, $file_wrong); 157 158 } else { 159 printf("[001] Cannot read public key file."); 160 } 161 162 print "done!"; 163?> 164--CLEAN-- 165<?php 166 require_once "clean_table.inc"; 167 $link->query('DROP USER shatest'); 168 $link->query('DROP USER shatest@localhost'); 169 $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); 170 @unlink($file); 171 $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd")); 172 @unlink($file_wrong); 173?> 174--EXPECTF-- 175Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d 176[200 + 002] [1045] %s 177 178Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d 179[300 + 002] [1045] %s 180 181Warning: mysqli::real_connect(%sest_sha256_wrong_%d): Failed to open stream: No such file or directory in %s on line %d 182 183Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d 184[400 + 002] [1045] %s 185done! 186