Bug#12897501 REPLICATION DOES NOT SUPPORT WINDOWS AUTH PLUG-IN

Connection of slave to master using a replication account which authenticates
with an external plugin was not possible.

Fixed by making sure that the CLIENT_PLUGIN_AUTH capability is set when client connects using mysql_real_connect(). Also, a plugin-dir path used by client library to locate authentication plugins is set based on the analogous server setting. This is done in connect_to_master() function before a call to mysql_real_connect().
This commit is contained in:
Rafal Somla 2011-09-14 16:10:18 +02:00
parent 0e034eaad3
commit 3b17a24eff
7 changed files with 113 additions and 3 deletions

View file

@ -22,6 +22,11 @@
extern uint mysql_port; extern uint mysql_port;
extern char * mysql_unix_port; extern char * mysql_unix_port;
/*
Note: CLIENT_CAPABILITIES is also defined in sql/client_settings.h.
When adding capabilities here, consider if they should be also added to
the server's version.
*/
#define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | \ #define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | \
CLIENT_LONG_FLAG | \ CLIENT_LONG_FLAG | \
CLIENT_TRANSACTIONS | \ CLIENT_TRANSACTIONS | \

View file

@ -0,0 +1,22 @@
include/master-slave.inc
[connection master]
[connection slave]
include/stop_slave.inc
[connection master]
CREATE USER 'plug_user' IDENTIFIED WITH 'test_plugin_server' AS 'plug_user';
GRANT REPLICATION SLAVE ON *.* TO plug_user;
FLUSH PRIVILEGES;
[connection slave]
CHANGE MASTER TO MASTER_USER= 'plug_user';
include/start_slave.inc
# Slave in-sync with master now.
SELECT user, plugin, authentication_string FROM mysql.user WHERE user LIKE 'plug_user';
user plugin authentication_string
plug_user test_plugin_server plug_user
# Cleanup (on slave).
include/stop_slave.inc
CHANGE MASTER TO MASTER_USER='root';
DROP USER 'plug_user';
# Cleanup (on master).
DROP USER 'plug_user';
include/rpl_end.inc

View file

@ -0,0 +1,2 @@
$PLUGIN_AUTH_OPT
$PLUGIN_AUTH_LOAD

View file

@ -0,0 +1,4 @@
--master-retry-count=1
$PLUGIN_AUTH_OPT
$PLUGIN_AUTH_LOAD

View file

@ -0,0 +1,64 @@
--source include/have_plugin_auth.inc
--source include/not_embedded.inc
--source include/master-slave.inc
#
# Check that replication slave can connect to master using an account
# which authenticates with an external authentication plugin (bug#12897501).
#
# First stop the slave to guarantee that nothing is replicated.
#
--connection slave
--echo [connection slave]
--source include/stop_slave.inc
#
# Create an replication account on the master.
#
--connection master
--echo [connection master]
CREATE USER 'plug_user' IDENTIFIED WITH 'test_plugin_server' AS 'plug_user';
GRANT REPLICATION SLAVE ON *.* TO plug_user;
FLUSH PRIVILEGES;
#
# Now go to slave and change the replication user.
#
--connection slave
--echo [connection slave]
--let $master_user= query_get_value(SHOW SLAVE STATUS, Master_User, 1)
CHANGE MASTER TO MASTER_USER= 'plug_user';
#
# Start slave with new replication account - this should trigger connection
# to the master server.
#
--source include/start_slave.inc
# Replicate all statements executed on master, in this case,
# (creation of the plug_user account).
#
--connection master
--sync_slave_with_master
--echo # Slave in-sync with master now.
SELECT user, plugin, authentication_string FROM mysql.user WHERE user LIKE 'plug_user';
#
# Now we can stop the slave and clean up.
#
# Note: it is important that slave is stopped at this
# moment - otherwise master's cleanup statements
# would be replicated on slave!
#
--echo # Cleanup (on slave).
--source include/stop_slave.inc
eval CHANGE MASTER TO MASTER_USER='$master_user';
DROP USER 'plug_user';
--echo # Cleanup (on master).
--connection master
DROP USER 'plug_user';
--let $rpl_only_running_threads= 1
--source include/rpl_end.inc

View file

@ -23,9 +23,18 @@
#include <thr_alarm.h> #include <thr_alarm.h>
#include <sql_common.h> #include <sql_common.h>
#define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | \ /*
CLIENT_SECURE_CONNECTION | CLIENT_TRANSACTIONS | \ Note: CLIENT_CAPABILITIES is also defined in libmysql/client_settings.h.
CLIENT_PROTOCOL_41 | CLIENT_SECURE_CONNECTION) When adding capabilities here, consider if they should be also added to
the libmysql version.
*/
#define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | \
CLIENT_LONG_FLAG | \
CLIENT_SECURE_CONNECTION | \
CLIENT_TRANSACTIONS | \
CLIENT_PROTOCOL_41 | \
CLIENT_SECURE_CONNECTION | \
CLIENT_PLUGIN_AUTH)
#define read_user_name(A) {} #define read_user_name(A) {}
#undef HAVE_SMEM #undef HAVE_SMEM

View file

@ -4204,6 +4204,10 @@ static int connect_to_master(THD* thd, MYSQL* mysql, Master_info* mi,
/* This one is not strictly needed but we have it here for completeness */ /* This one is not strictly needed but we have it here for completeness */
mysql_options(mysql, MYSQL_SET_CHARSET_DIR, (char *) charsets_dir); mysql_options(mysql, MYSQL_SET_CHARSET_DIR, (char *) charsets_dir);
/* Set MYSQL_PLUGIN_DIR in case master asks for an external authentication plugin */
if (opt_plugin_dir_ptr && *opt_plugin_dir_ptr)
mysql_options(mysql, MYSQL_PLUGIN_DIR, opt_plugin_dir_ptr);
while (!(slave_was_killed = io_slave_killed(thd,mi)) && while (!(slave_was_killed = io_slave_killed(thd,mi)) &&
(reconnect ? mysql_reconnect(mysql) != 0 : (reconnect ? mysql_reconnect(mysql) != 0 :
mysql_real_connect(mysql, mi->host, mi->user, mi->password, 0, mysql_real_connect(mysql, mi->host, mi->user, mi->password, 0,