From 05fe3f1c186a221c4455b4d83a9d59f09f2dfadb Mon Sep 17 00:00:00 2001 From: Sergei Golubchik <serg@mariadb.org> Date: Sat, 10 Aug 2024 21:27:58 +0200 Subject: [PATCH] Two problems with auth_parsec.so 1. it links with ${SSL_LIBRARIES}, in WolfSSL builds it's a static library, so when a plugin is loaded there will be two copies of wolfssl in the same address space. It breaks odr (at least). 2. Plugin can linked with OpenSSL and the server with WolfSSL or vice versa. It might load, but then we'll have both WolfSSL and OpenSSL at the same time. Kind of risky. Fix: link the plugin statically into the server if it's a WolfSSL build adjust tests to work with static and dynamic parsec --- mysql-test/main/mysqld--help.test | 2 +- mysql-test/suite/plugins/r/parsec.result | 2 - mysql-test/suite/plugins/r/rpl_auth.result | 16 ++------ mysql-test/suite/plugins/t/parsec.opt | 2 + mysql-test/suite/plugins/t/parsec.test | 8 ++-- .../suite/plugins/t/rpl_auth.combinations | 5 +++ mysql-test/suite/plugins/t/rpl_auth.test | 37 ++++++------------- plugin/auth_parsec/CMakeLists.txt | 7 +++- 8 files changed, 32 insertions(+), 47 deletions(-) diff --git a/mysql-test/main/mysqld--help.test b/mysql-test/main/mysqld--help.test index 05739197331..273ea0b9118 100644 --- a/mysql-test/main/mysqld--help.test +++ b/mysql-test/main/mysqld--help.test @@ -42,7 +42,7 @@ perl; wsrep file-key-management cracklib-password-check user-variables provider-bzip2 provider-lzma provider-lzo thread-pool-groups thread-pool-queues thread-pool-stats - thread-pool-waits hashicorp provider gssapi/; + thread-pool-waits hashicorp provider gssapi parsec/; # And substitute the content some environment variables with their # names: diff --git a/mysql-test/suite/plugins/r/parsec.result b/mysql-test/suite/plugins/r/parsec.result index 58b430e660c..512c066e2d7 100644 --- a/mysql-test/suite/plugins/r/parsec.result +++ b/mysql-test/suite/plugins/r/parsec.result @@ -1,4 +1,3 @@ -install soname 'auth_parsec'; create user test1@'%' identified via parsec using 'pwd'; ERROR HY000: Operation CREATE USER failed for 'test1'@'%' create user test1@'%' identified via parsec using PASSWORD('pwd'); @@ -29,4 +28,3 @@ test.have_ssl() yes drop function have_ssl; drop user test1@'%'; -uninstall soname 'auth_parsec'; diff --git a/mysql-test/suite/plugins/r/rpl_auth.result b/mysql-test/suite/plugins/r/rpl_auth.result index 010458ceb62..007d609f678 100644 --- a/mysql-test/suite/plugins/r/rpl_auth.result +++ b/mysql-test/suite/plugins/r/rpl_auth.result @@ -1,25 +1,15 @@ install soname 'CLIENT_PLUGIN'; Got one of the listed errors -include/master-slave.inc -[connection master] -connection slave; -install soname 'auth_PLUGIN'; -connection master; -install soname 'auth_plugin'; create user rpluser@'%' identified via PLUGIN using PASSWORD('rpl_pass'); grant replication slave on *.* to rpluser@'%'; -connection master; +include/master-slave.inc +[connection master] connection slave; include/stop_slave.inc change master to master_user='rpluser', master_password='rpl_pass'; include/start_slave.inc -# Cleanup include/stop_slave.inc change master to master_user='root', master_password=''; include/start_slave.inc -include/stop_slave.inc +include/rpl_end.inc drop user rpluser@'%'; -uninstall soname 'auth_plugin'; -connection master; -drop user rpluser@'%'; -uninstall soname 'auth_plugin'; diff --git a/mysql-test/suite/plugins/t/parsec.opt b/mysql-test/suite/plugins/t/parsec.opt index b3a45ea8eac..6662d22fd68 100644 --- a/mysql-test/suite/plugins/t/parsec.opt +++ b/mysql-test/suite/plugins/t/parsec.opt @@ -1,3 +1,5 @@ --ssl-key= --ssl-cert= --ssl-ca= +--plugin-load-add=$AUTH_PARSEC_SO +--loose-parsec diff --git a/mysql-test/suite/plugins/t/parsec.test b/mysql-test/suite/plugins/t/parsec.test index d1fc6f8d869..2374d66dac4 100644 --- a/mysql-test/suite/plugins/t/parsec.test +++ b/mysql-test/suite/plugins/t/parsec.test @@ -1,13 +1,14 @@ source include/platform.inc; source include/not_embedded.inc; -if (!$AUTH_PARSEC_SO) { - skip No auth_parsec plugin; +if (`select count(*) = 0 from information_schema.plugins where plugin_name = 'parsec'`) +{ + --skip Needs parsec plugin } + if (!$PARSEC_SO) { skip No auth_parsec plugin; } -install soname 'auth_parsec'; --error ER_CANNOT_USER create user test1@'%' identified via parsec using 'pwd'; create user test1@'%' identified via parsec using PASSWORD('pwd'); @@ -42,4 +43,3 @@ if ($MTR_COMBINATION_WIN) { drop function have_ssl; drop user test1@'%'; -uninstall soname 'auth_parsec'; diff --git a/mysql-test/suite/plugins/t/rpl_auth.combinations b/mysql-test/suite/plugins/t/rpl_auth.combinations index 799567fca67..6f406a35a49 100644 --- a/mysql-test/suite/plugins/t/rpl_auth.combinations +++ b/mysql-test/suite/plugins/t/rpl_auth.combinations @@ -1,2 +1,7 @@ [parsec] +--plugin-load-add=$AUTH_PARSEC_SO +--loose-parsec + [ed25519] +--plugin-load-add=$AUTH_ED25519_SO +--loose-ed25519 diff --git a/mysql-test/suite/plugins/t/rpl_auth.test b/mysql-test/suite/plugins/t/rpl_auth.test index cd188212a70..24d321aede9 100644 --- a/mysql-test/suite/plugins/t/rpl_auth.test +++ b/mysql-test/suite/plugins/t/rpl_auth.test @@ -2,21 +2,20 @@ source include/not_msan.inc; if ($MTR_COMBINATION_ED25519) { - if (!$AUTH_ED25519_SO) { - skip No auth_ed25519 plugin; - } let $AUTH_PLUGIN = ed25519; let $CLIENT_PLUGIN=client_ed25519; } if ($MTR_COMBINATION_PARSEC) { - if (!$AUTH_PARSEC_SO) { - skip No auth_parsec plugin; - } let $AUTH_PLUGIN = parsec; let $CLIENT_PLUGIN=parsec; } +if (`select count(*) = 0 from information_schema.plugins where plugin_name = '$AUTH_PLUGIN'`) +{ + --skip Needs $AUTH_PLUGIN plugin +} + --replace_result $CLIENT_PLUGIN CLIENT_PLUGIN --error ER_CANT_OPEN_LIBRARY,ER_CANT_FIND_DL_ENTRY eval install soname '$CLIENT_PLUGIN'; @@ -25,36 +24,22 @@ if ($errno == 1126) { skip $CLIENT_PLUGIN is not found or contains unresolved symbols; } -source include/master-slave.inc; - -sync_slave_with_master; ---replace_result $AUTH_PLUGIN PLUGIN -eval install soname 'auth_$AUTH_PLUGIN'; # create a user for replication with auth plugin -connection master; ---replace_result $AUTH_PLUGIN plugin -eval install soname 'auth_$AUTH_PLUGIN'; - --replace_result $AUTH_PLUGIN PLUGIN eval create user rpluser@'%' identified via $AUTH_PLUGIN using PASSWORD('rpl_pass'); grant replication slave on *.* to rpluser@'%'; -connection master; -sync_slave_with_master; + +source include/master-slave.inc; +connection slave; + # Set the slave to connect using the user created with the auth plugin for replication source include/stop_slave.inc; --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR change master to master_user='rpluser', master_password='rpl_pass'; source include/start_slave.inc; - ---echo # Cleanup source include/stop_slave.inc; change master to master_user='root', master_password=''; source include/start_slave.inc; -source include/stop_slave.inc; + +source include/rpl_end.inc; drop user rpluser@'%'; ---replace_result $AUTH_PLUGIN plugin -eval uninstall soname 'auth_$AUTH_PLUGIN'; -connection master; -drop user rpluser@'%'; ---replace_result $AUTH_PLUGIN plugin -eval uninstall soname 'auth_$AUTH_PLUGIN'; diff --git a/plugin/auth_parsec/CMakeLists.txt b/plugin/auth_parsec/CMakeLists.txt index 6c43bc041d3..5bdad444809 100644 --- a/plugin/auth_parsec/CMakeLists.txt +++ b/plugin/auth_parsec/CMakeLists.txt @@ -1,4 +1,9 @@ IF (HAVE_evp_pkey) ADD_DEFINITIONS(${SSL_DEFINES}) - MYSQL_ADD_PLUGIN(auth_parsec server_parsec.cc LINK_LIBRARIES ${SSL_LIBRARIES}) + IF(WITH_SSL STREQUAL "bundled") + MYSQL_ADD_PLUGIN(auth_parsec server_parsec.cc STATIC_ONLY DEFAULT) + ELSE() + MYSQL_ADD_PLUGIN(auth_parsec server_parsec.cc + LINK_LIBRARIES ${SSL_LIBRARIES}) + ENDIF() ENDIF()