1--TEST--
2PAM: SHA-256, option: MYSQLI_SERVER_PUBLIC_KEY (invalid)
3--EXTENSIONS--
4mysqli
5--SKIPIF--
6<?php
7ob_start();
8phpinfo(INFO_MODULES);
9$tmp = ob_get_contents();
10ob_end_clean();
11if (!stristr($tmp, "auth_plugin_sha256_password"))
12    die("skip SHA256 auth plugin not built-in to mysqlnd");
13
14require_once 'connect.inc';
15if (!$link = @my_mysqli_connect($host, $user, $passwd, $db, $port, $socket))
16    die(sprintf("skip Can't connect to MySQL Server - [%d] %s", mysqli_connect_errno(), mysqli_connect_error()));
17
18if (mysqli_get_server_version($link) < 50606)
19    die("skip: SHA-256 requires MySQL 5.6.6+");
20
21if (!($res = $link->query("SHOW PLUGINS"))) {
22    die(sprintf("skip [%d] %s\n", $link->errno, $link->error));
23}
24
25$found = false;
26while ($row = $res->fetch_assoc()) {
27    if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) {
28        $found = true;
29        break;
30    }
31}
32if (!$found)
33    die("skip SHA-256 server plugin unavailable");
34
35if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) {
36    die(sprintf("skip [%d] %s\n", $link->errno, $link->error));
37}
38
39if (!($row = $res->fetch_assoc())) {
40    die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error));
41}
42
43if (strlen($row['Value']) < 100) {
44    die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error));
45}
46
47/* date changes may give false positive */
48$file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd"));
49if ((file_exists($file) && !unlink($file)) || !($fp = @fopen($file, "w"))) {
50    die(sprintf("skip Cannot create RSA pub key file '%s'", $file));
51}
52if (strlen($row['Value']) != fwrite($fp, $row['Value'])) {
53    die(sprintf("skip Failed to create pub key file"));
54}
55
56// Ignore errors because this variable exists only in MySQL 5.6 and 5.7
57$link->query("SET @@session.old_passwords=2");
58
59$link->query('DROP USER shatest');
60$link->query("DROP USER shatest@localhost");
61
62
63if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') ||
64    !$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) {
65    die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error));
66}
67
68if (!$link->query('SET PASSWORD FOR shatest@"%" = "shatest"') ||
69    !$link->query('SET PASSWORD FOR shatest@"localhost" = "shatest"')) {
70    die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error));
71}
72
73if (!$link->query("DROP TABLE IF EXISTS test") ||
74    !$link->query("CREATE TABLE test (id INT)") ||
75    !$link->query("INSERT INTO test(id) VALUES (1), (2), (3)"))
76    die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error));
77
78
79if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) ||
80    !$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) {
81    die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link)));
82}
83
84$link->close();
85echo "nocache";
86?>
87--FILE--
88<?php
89    require_once 'connect.inc';
90
91    function sha_connect($offset, $host, $db, $port, $socket, $file) {
92
93        $link = mysqli_init();
94        if (!($link->options(MYSQLI_SERVER_PUBLIC_KEY, $file))) {
95            printf("[%03d + 001] mysqli_options failed, [%d] %s\n", $offset, $link->errno, $link->error);
96            return false;
97        }
98
99        if (!$link->real_connect($host, 'shatest', 'shatest', $db, $port, $socket)) {
100            printf("[%03d + 002] [%d] %s\n", $offset, $link->connect_errno, $link->connect_error);
101            return false;
102        }
103
104        if (!$res = $link->query("SELECT id FROM test WHERE id = 1")) {
105            printf("[%03d + 003] [%d] %s\n", $offset, $link->errno, $link->error);
106            return false;
107        }
108
109        if (!$row = mysqli_fetch_assoc($res)) {
110            printf("[%03d + 004] [%d] %s\n", $offset, $link->errno, $link->error);
111            return false;
112        }
113
114        if ($row['id'] != 1) {
115            printf("[%03d + 005] Expecting 1 got %s/'%s'", $offset, gettype($row['id']), $row['id']);
116            return false;
117        }
118
119        $res->close();
120        $link->close();
121        return true;
122    }
123
124    $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd"));
125    if (file_exists($file) && is_readable($file)) {
126
127        /* valid key */
128        sha_connect(100, $host, $db, $port, $socket, $file);
129
130        /* invalid key */
131        $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd"));
132
133        $key = file_get_contents($file);
134        $key = str_replace("A", "a", $key);
135        $key = str_replace("M", "m", $key);
136        @unlink($file_wrong);
137        if (!($fp = fopen($file_wrong, "w"))) {
138            printf("[002] Can't write public key file.");
139        } else {
140            fwrite($fp, $key);
141            fclose($fp);
142            sha_connect(200, $host, $db, $port, $socket, $file_wrong);
143        }
144
145        /* empty file */
146        @unlink($file_wrong);
147        if (!($fp = fopen($file_wrong, "w"))) {
148            printf("[003] Can't write public key file.");
149        } else {
150            fwrite($fp, "");
151            fclose($fp);
152            sha_connect(300, $host, $db, $port, $socket, $file_wrong);
153        }
154
155        /* file does not exist */
156        @unlink($file_wrong);
157        sha_connect(400, $host, $db, $port, $socket, $file_wrong);
158
159    } else {
160        printf("[001] Cannot read public key file.");
161    }
162
163    print "done!";
164?>
165--CLEAN--
166<?php
167    require_once 'clean_table.inc';
168    $link->query('DROP USER shatest');
169    $link->query('DROP USER shatest@localhost');
170    $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd"));
171    @unlink($file);
172    $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd"));
173    @unlink($file_wrong);
174?>
175--EXPECTF--
176Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d
177[200 + 002] [1045] %s
178
179Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d
180[300 + 002] [1045] %s
181
182Warning: mysqli::real_connect(%sest_sha256_wrong_%d): Failed to open stream: No such file or directory in %s on line %d
183
184Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d
185[400 + 002] [1045] %s
186done!
187