From 3b17a24effa6ba40ef4c3a8e14f2ffefc1997bdf Mon Sep 17 00:00:00 2001 From: Rafal Somla Date: Wed, 14 Sep 2011 16:10:18 +0200 Subject: [PATCH] Bug#12897501 REPLICATION DOES NOT SUPPORT WINDOWS AUTH PLUG-IN Connection of slave to master using a replication account which authenticates with an external plugin was not possible. Fixed by making sure that the CLIENT_PLUGIN_AUTH capability is set when client connects using mysql_real_connect(). Also, a plugin-dir path used by client library to locate authentication plugins is set based on the analogous server setting. This is done in connect_to_master() function before a call to mysql_real_connect(). --- libmysql/client_settings.h | 5 +++ mysql-test/r/auth_rpl.result | 22 +++++++++++ mysql-test/t/auth_rpl-master.opt | 2 + mysql-test/t/auth_rpl-slave.opt | 4 ++ mysql-test/t/auth_rpl.test | 64 ++++++++++++++++++++++++++++++++ sql/client_settings.h | 15 ++++++-- sql/slave.cc | 4 ++ 7 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 mysql-test/r/auth_rpl.result create mode 100644 mysql-test/t/auth_rpl-master.opt create mode 100644 mysql-test/t/auth_rpl-slave.opt create mode 100644 mysql-test/t/auth_rpl.test diff --git a/libmysql/client_settings.h b/libmysql/client_settings.h index d04d61067f2..ecc9a7773ca 100644 --- a/libmysql/client_settings.h +++ b/libmysql/client_settings.h @@ -22,6 +22,11 @@ extern uint mysql_port; extern char * mysql_unix_port; +/* + Note: CLIENT_CAPABILITIES is also defined in sql/client_settings.h. + When adding capabilities here, consider if they should be also added to + the server's version. +*/ #define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | \ CLIENT_LONG_FLAG | \ CLIENT_TRANSACTIONS | \ diff --git a/mysql-test/r/auth_rpl.result b/mysql-test/r/auth_rpl.result new file mode 100644 index 00000000000..1c03461df9b --- /dev/null +++ b/mysql-test/r/auth_rpl.result @@ -0,0 +1,22 @@ +include/master-slave.inc +[connection master] +[connection slave] +include/stop_slave.inc +[connection master] +CREATE USER 'plug_user' IDENTIFIED WITH 'test_plugin_server' AS 'plug_user'; +GRANT REPLICATION SLAVE ON *.* TO plug_user; +FLUSH PRIVILEGES; +[connection slave] +CHANGE MASTER TO MASTER_USER= 'plug_user'; +include/start_slave.inc +# Slave in-sync with master now. +SELECT user, plugin, authentication_string FROM mysql.user WHERE user LIKE 'plug_user'; +user plugin authentication_string +plug_user test_plugin_server plug_user +# Cleanup (on slave). +include/stop_slave.inc +CHANGE MASTER TO MASTER_USER='root'; +DROP USER 'plug_user'; +# Cleanup (on master). +DROP USER 'plug_user'; +include/rpl_end.inc diff --git a/mysql-test/t/auth_rpl-master.opt b/mysql-test/t/auth_rpl-master.opt new file mode 100644 index 00000000000..3536d102387 --- /dev/null +++ b/mysql-test/t/auth_rpl-master.opt @@ -0,0 +1,2 @@ +$PLUGIN_AUTH_OPT +$PLUGIN_AUTH_LOAD diff --git a/mysql-test/t/auth_rpl-slave.opt b/mysql-test/t/auth_rpl-slave.opt new file mode 100644 index 00000000000..3f4af6e59bb --- /dev/null +++ b/mysql-test/t/auth_rpl-slave.opt @@ -0,0 +1,4 @@ +--master-retry-count=1 +$PLUGIN_AUTH_OPT +$PLUGIN_AUTH_LOAD + diff --git a/mysql-test/t/auth_rpl.test b/mysql-test/t/auth_rpl.test new file mode 100644 index 00000000000..9947d463acd --- /dev/null +++ b/mysql-test/t/auth_rpl.test @@ -0,0 +1,64 @@ +--source include/have_plugin_auth.inc +--source include/not_embedded.inc +--source include/master-slave.inc + +# +# Check that replication slave can connect to master using an account +# which authenticates with an external authentication plugin (bug#12897501). + +# +# First stop the slave to guarantee that nothing is replicated. +# +--connection slave +--echo [connection slave] +--source include/stop_slave.inc +# +# Create an replication account on the master. +# +--connection master +--echo [connection master] +CREATE USER 'plug_user' IDENTIFIED WITH 'test_plugin_server' AS 'plug_user'; +GRANT REPLICATION SLAVE ON *.* TO plug_user; +FLUSH PRIVILEGES; + +# +# Now go to slave and change the replication user. +# +--connection slave +--echo [connection slave] +--let $master_user= query_get_value(SHOW SLAVE STATUS, Master_User, 1) +CHANGE MASTER TO MASTER_USER= 'plug_user'; + +# +# Start slave with new replication account - this should trigger connection +# to the master server. +# +--source include/start_slave.inc + +# Replicate all statements executed on master, in this case, +# (creation of the plug_user account). +# +--connection master +--sync_slave_with_master +--echo # Slave in-sync with master now. + +SELECT user, plugin, authentication_string FROM mysql.user WHERE user LIKE 'plug_user'; + +# +# Now we can stop the slave and clean up. +# +# Note: it is important that slave is stopped at this +# moment - otherwise master's cleanup statements +# would be replicated on slave! +# +--echo # Cleanup (on slave). +--source include/stop_slave.inc +eval CHANGE MASTER TO MASTER_USER='$master_user'; +DROP USER 'plug_user'; + +--echo # Cleanup (on master). +--connection master +DROP USER 'plug_user'; + +--let $rpl_only_running_threads= 1 +--source include/rpl_end.inc diff --git a/sql/client_settings.h b/sql/client_settings.h index d9145bcce26..acae7907aa5 100644 --- a/sql/client_settings.h +++ b/sql/client_settings.h @@ -23,9 +23,18 @@ #include #include -#define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | \ - CLIENT_SECURE_CONNECTION | CLIENT_TRANSACTIONS | \ - CLIENT_PROTOCOL_41 | CLIENT_SECURE_CONNECTION) +/* + Note: CLIENT_CAPABILITIES is also defined in libmysql/client_settings.h. + When adding capabilities here, consider if they should be also added to + the libmysql version. +*/ +#define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | \ + CLIENT_LONG_FLAG | \ + CLIENT_SECURE_CONNECTION | \ + CLIENT_TRANSACTIONS | \ + CLIENT_PROTOCOL_41 | \ + CLIENT_SECURE_CONNECTION | \ + CLIENT_PLUGIN_AUTH) #define read_user_name(A) {} #undef HAVE_SMEM diff --git a/sql/slave.cc b/sql/slave.cc index d0b123c5c6f..7a3eee952c3 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -4204,6 +4204,10 @@ static int connect_to_master(THD* thd, MYSQL* mysql, Master_info* mi, /* This one is not strictly needed but we have it here for completeness */ mysql_options(mysql, MYSQL_SET_CHARSET_DIR, (char *) charsets_dir); + /* Set MYSQL_PLUGIN_DIR in case master asks for an external authentication plugin */ + if (opt_plugin_dir_ptr && *opt_plugin_dir_ptr) + mysql_options(mysql, MYSQL_PLUGIN_DIR, opt_plugin_dir_ptr); + while (!(slave_was_killed = io_slave_killed(thd,mi)) && (reconnect ? mysql_reconnect(mysql) != 0 : mysql_real_connect(mysql, mi->host, mi->user, mi->password, 0,