From 05fe3f1c186a221c4455b4d83a9d59f09f2dfadb Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Sat, 10 Aug 2024 21:27:58 +0200
Subject: [PATCH] Two problems with auth_parsec.so

1. it links with ${SSL_LIBRARIES}, in WolfSSL builds it's a static
   library, so when a plugin is loaded there will be two copies of
   wolfssl in the same address space. It breaks odr (at least).
2. Plugin can linked with OpenSSL and the server with WolfSSL or
   vice versa. It might load, but then we'll have both WolfSSL and
   OpenSSL at the same time. Kind of risky.

Fix: link the plugin statically into the server if it's a WolfSSL build

adjust tests to work with static and dynamic parsec
---
 mysql-test/main/mysqld--help.test             |  2 +-
 mysql-test/suite/plugins/r/parsec.result      |  2 -
 mysql-test/suite/plugins/r/rpl_auth.result    | 16 ++------
 mysql-test/suite/plugins/t/parsec.opt         |  2 +
 mysql-test/suite/plugins/t/parsec.test        |  8 ++--
 .../suite/plugins/t/rpl_auth.combinations     |  5 +++
 mysql-test/suite/plugins/t/rpl_auth.test      | 37 ++++++-------------
 plugin/auth_parsec/CMakeLists.txt             |  7 +++-
 8 files changed, 32 insertions(+), 47 deletions(-)

diff --git a/mysql-test/main/mysqld--help.test b/mysql-test/main/mysqld--help.test
index 05739197331..273ea0b9118 100644
--- a/mysql-test/main/mysqld--help.test
+++ b/mysql-test/main/mysqld--help.test
@@ -42,7 +42,7 @@ perl;
               wsrep file-key-management cracklib-password-check user-variables
               provider-bzip2 provider-lzma provider-lzo
               thread-pool-groups thread-pool-queues thread-pool-stats
-              thread-pool-waits hashicorp provider gssapi/;
+              thread-pool-waits hashicorp provider gssapi parsec/;
 
   # And substitute the content some environment variables with their
   # names:
diff --git a/mysql-test/suite/plugins/r/parsec.result b/mysql-test/suite/plugins/r/parsec.result
index 58b430e660c..512c066e2d7 100644
--- a/mysql-test/suite/plugins/r/parsec.result
+++ b/mysql-test/suite/plugins/r/parsec.result
@@ -1,4 +1,3 @@
-install soname 'auth_parsec';
 create user test1@'%' identified via parsec using 'pwd';
 ERROR HY000: Operation CREATE USER failed for 'test1'@'%'
 create user test1@'%' identified via parsec using PASSWORD('pwd');
@@ -29,4 +28,3 @@ test.have_ssl()
 yes
 drop function have_ssl;
 drop user test1@'%';
-uninstall soname 'auth_parsec';
diff --git a/mysql-test/suite/plugins/r/rpl_auth.result b/mysql-test/suite/plugins/r/rpl_auth.result
index 010458ceb62..007d609f678 100644
--- a/mysql-test/suite/plugins/r/rpl_auth.result
+++ b/mysql-test/suite/plugins/r/rpl_auth.result
@@ -1,25 +1,15 @@
 install soname 'CLIENT_PLUGIN';
 Got one of the listed errors
-include/master-slave.inc
-[connection master]
-connection slave;
-install soname 'auth_PLUGIN';
-connection master;
-install soname 'auth_plugin';
 create user rpluser@'%' identified via PLUGIN using PASSWORD('rpl_pass');
 grant replication slave on *.* to rpluser@'%';
-connection master;
+include/master-slave.inc
+[connection master]
 connection slave;
 include/stop_slave.inc
 change master to master_user='rpluser', master_password='rpl_pass';
 include/start_slave.inc
-# Cleanup
 include/stop_slave.inc
 change master to master_user='root', master_password='';
 include/start_slave.inc
-include/stop_slave.inc
+include/rpl_end.inc
 drop user rpluser@'%';
-uninstall soname 'auth_plugin';
-connection master;
-drop user rpluser@'%';
-uninstall soname 'auth_plugin';
diff --git a/mysql-test/suite/plugins/t/parsec.opt b/mysql-test/suite/plugins/t/parsec.opt
index b3a45ea8eac..6662d22fd68 100644
--- a/mysql-test/suite/plugins/t/parsec.opt
+++ b/mysql-test/suite/plugins/t/parsec.opt
@@ -1,3 +1,5 @@
 --ssl-key=
 --ssl-cert=
 --ssl-ca=
+--plugin-load-add=$AUTH_PARSEC_SO
+--loose-parsec
diff --git a/mysql-test/suite/plugins/t/parsec.test b/mysql-test/suite/plugins/t/parsec.test
index d1fc6f8d869..2374d66dac4 100644
--- a/mysql-test/suite/plugins/t/parsec.test
+++ b/mysql-test/suite/plugins/t/parsec.test
@@ -1,13 +1,14 @@
 source include/platform.inc;
 source include/not_embedded.inc;
 
-if (!$AUTH_PARSEC_SO) {
-  skip No auth_parsec plugin;
+if (`select count(*) = 0 from information_schema.plugins where plugin_name = 'parsec'`)
+{
+  --skip Needs parsec plugin
 }
+
 if (!$PARSEC_SO) {
   skip No auth_parsec plugin;
 }
-install soname 'auth_parsec';
 --error ER_CANNOT_USER
 create user test1@'%' identified via parsec using 'pwd';
 create user test1@'%' identified via parsec using PASSWORD('pwd');
@@ -42,4 +43,3 @@ if ($MTR_COMBINATION_WIN) {
 
 drop function have_ssl;
 drop user test1@'%';
-uninstall soname 'auth_parsec';
diff --git a/mysql-test/suite/plugins/t/rpl_auth.combinations b/mysql-test/suite/plugins/t/rpl_auth.combinations
index 799567fca67..6f406a35a49 100644
--- a/mysql-test/suite/plugins/t/rpl_auth.combinations
+++ b/mysql-test/suite/plugins/t/rpl_auth.combinations
@@ -1,2 +1,7 @@
 [parsec]
+--plugin-load-add=$AUTH_PARSEC_SO
+--loose-parsec
+
 [ed25519]
+--plugin-load-add=$AUTH_ED25519_SO
+--loose-ed25519
diff --git a/mysql-test/suite/plugins/t/rpl_auth.test b/mysql-test/suite/plugins/t/rpl_auth.test
index cd188212a70..24d321aede9 100644
--- a/mysql-test/suite/plugins/t/rpl_auth.test
+++ b/mysql-test/suite/plugins/t/rpl_auth.test
@@ -2,21 +2,20 @@
 source include/not_msan.inc;
 
 if ($MTR_COMBINATION_ED25519) {
-  if (!$AUTH_ED25519_SO) {
-    skip No auth_ed25519 plugin;
-  }
   let $AUTH_PLUGIN = ed25519;
   let $CLIENT_PLUGIN=client_ed25519;
 }
 
 if ($MTR_COMBINATION_PARSEC) {
-  if (!$AUTH_PARSEC_SO) {
-    skip No auth_parsec plugin;
-  }
   let $AUTH_PLUGIN = parsec;
   let $CLIENT_PLUGIN=parsec;
 }
 
+if (`select count(*) = 0 from information_schema.plugins where plugin_name = '$AUTH_PLUGIN'`)
+{
+  --skip Needs $AUTH_PLUGIN plugin
+}
+
 --replace_result $CLIENT_PLUGIN CLIENT_PLUGIN
 --error ER_CANT_OPEN_LIBRARY,ER_CANT_FIND_DL_ENTRY
 eval install soname '$CLIENT_PLUGIN';
@@ -25,36 +24,22 @@ if ($errno == 1126) {
   skip $CLIENT_PLUGIN is not found or contains unresolved symbols;
 }
 
-source include/master-slave.inc;
-
-sync_slave_with_master;
---replace_result $AUTH_PLUGIN PLUGIN
-eval install soname 'auth_$AUTH_PLUGIN';
 # create a user for replication with auth plugin
-connection master;
---replace_result $AUTH_PLUGIN plugin
-eval install soname 'auth_$AUTH_PLUGIN';
-
 --replace_result $AUTH_PLUGIN PLUGIN
 eval create user rpluser@'%' identified via $AUTH_PLUGIN using PASSWORD('rpl_pass');
 grant replication slave on *.* to rpluser@'%';
-connection master;
-sync_slave_with_master;
+
+source include/master-slave.inc;
+connection slave;
+
 # Set the slave to connect using the user created with the auth plugin for replication
 source include/stop_slave.inc;
 --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
 change master to master_user='rpluser', master_password='rpl_pass';
 source include/start_slave.inc;
-
---echo # Cleanup
 source include/stop_slave.inc;
 change master to master_user='root', master_password='';
 source include/start_slave.inc;
-source include/stop_slave.inc;
+
+source include/rpl_end.inc;
 drop user rpluser@'%';
---replace_result $AUTH_PLUGIN plugin
-eval uninstall soname 'auth_$AUTH_PLUGIN';
-connection master;
-drop user rpluser@'%';
---replace_result $AUTH_PLUGIN plugin
-eval uninstall soname 'auth_$AUTH_PLUGIN';
diff --git a/plugin/auth_parsec/CMakeLists.txt b/plugin/auth_parsec/CMakeLists.txt
index 6c43bc041d3..5bdad444809 100644
--- a/plugin/auth_parsec/CMakeLists.txt
+++ b/plugin/auth_parsec/CMakeLists.txt
@@ -1,4 +1,9 @@
 IF (HAVE_evp_pkey)
   ADD_DEFINITIONS(${SSL_DEFINES})
-  MYSQL_ADD_PLUGIN(auth_parsec server_parsec.cc LINK_LIBRARIES ${SSL_LIBRARIES})
+  IF(WITH_SSL STREQUAL "bundled")
+    MYSQL_ADD_PLUGIN(auth_parsec server_parsec.cc STATIC_ONLY DEFAULT)
+  ELSE()
+    MYSQL_ADD_PLUGIN(auth_parsec server_parsec.cc
+      LINK_LIBRARIES ${SSL_LIBRARIES})
+  ENDIF()
 ENDIF()