Domů Procházet Nápověda
Registrovat se Přihlásit se
publics
/
go-sql-driver__mysql
0
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Větev: auth_tests
Větve Značky
go-sql-drive...
/
auth_test.go

auth_test.go 24 KB
Trvalý odkaz Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776 
  1. // Go MySQL Driver - A MySQL-Driver for Go's database/sql package
    2. 

  2. //
    3. 

  3. // Copyright 2018 The Go-MySQL-Driver Authors. All rights reserved.
    4. 

  4. //
    5. 

  5. // This Source Code Form is subject to the terms of the Mozilla Public
    6. 

  6. // License, v. 2.0. If a copy of the MPL was not distributed with this file,
    7. 

  7. // You can obtain one at http://mozilla.org/MPL/2.0/.
    8. 

  8. 

  9. package mysql
    10. 

  10. 

  11. import (
    12. 

  12. 	"bytes"
    13. 

  13. 	"crypto/tls"
    14. 

  14. 	"testing"
    15. 

  15. )
    16. 

  16. 

  17. var serverPubKey = []byte{1, 45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 80, 85,
    18. 

  18. 	66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 10, 77, 73, 73, 66, 73,
    19. 

  19. 	106, 65, 78, 66, 103, 107, 113, 104, 107, 105, 71, 57, 119, 48, 66, 65, 81,
    20. 

  20. 	69, 70, 65, 65, 79, 67, 65, 81, 56, 65, 77, 73, 73, 66, 67, 103, 75, 67, 65,
    21. 

  21. 	81, 69, 65, 51, 72, 115, 120, 83, 53, 80, 47, 72, 97, 88, 80, 118, 109, 51,
    22. 

  22. 	109, 50, 65, 68, 110, 10, 98, 117, 54, 71, 81, 102, 112, 83, 71, 111, 55,
    23. 

  23. 	104, 50, 103, 104, 56, 49, 112, 109, 97, 120, 107, 67, 110, 68, 67, 119,
    24. 

  24. 	102, 54, 109, 109, 101, 72, 55, 76, 75, 104, 115, 110, 89, 110, 78, 52, 81,
    25. 

  25. 	48, 99, 122, 49, 81, 69, 47, 98, 104, 100, 80, 117, 54, 106, 115, 43, 86,
    26. 

  26. 	97, 89, 52, 10, 67, 99, 77, 117, 98, 80, 78, 49, 103, 79, 75, 97, 89, 118,
    27. 

  27. 	78, 99, 103, 69, 87, 112, 116, 73, 67, 105, 50, 88, 84, 116, 116, 66, 55,
    28. 

  28. 	117, 104, 43, 118, 67, 77, 106, 76, 118, 106, 65, 77, 100, 54, 47, 68, 109,
    29. 

  29. 	120, 100, 98, 85, 66, 48, 122, 80, 71, 113, 68, 79, 103, 105, 76, 68, 10,
    30. 

  30. 	75, 82, 79, 79, 53, 113, 100, 55, 115, 104, 98, 55, 49, 82, 47, 88, 74, 69,
    31. 

  31. 	70, 118, 76, 120, 71, 88, 69, 70, 48, 90, 116, 104, 72, 101, 78, 111, 57,
    32. 

  32. 	102, 69, 118, 120, 70, 81, 111, 109, 98, 49, 107, 90, 57, 74, 56, 110, 66,
    33. 

  33. 	119, 116, 101, 53, 83, 70, 53, 89, 108, 113, 86, 50, 10, 66, 66, 53, 113,
    34. 

  34. 	108, 97, 122, 43, 51, 81, 83, 78, 118, 109, 67, 49, 105, 87, 102, 108, 106,
    35. 

  35. 	88, 98, 89, 53, 107, 51, 47, 97, 54, 109, 107, 77, 47, 76, 97, 87, 104, 97,
    36. 

  36. 	117, 78, 53, 80, 82, 51, 115, 67, 120, 53, 85, 117, 49, 77, 102, 100, 115,
    37. 

  37. 	86, 105, 107, 53, 102, 88, 77, 77, 10, 100, 120, 107, 102, 70, 43, 88, 51,
    38. 

  38. 	99, 104, 107, 65, 110, 119, 73, 51, 70, 117, 119, 119, 50, 87, 71, 109, 87,
    39. 

  39. 	79, 71, 98, 75, 116, 109, 73, 101, 85, 109, 51, 98, 73, 82, 109, 100, 70,
    40. 

  40. 	85, 113, 97, 108, 81, 105, 70, 104, 113, 101, 90, 50, 105, 107, 106, 104,
    41. 

  41. 	103, 86, 73, 57, 112, 76, 10, 119, 81, 73, 68, 65, 81, 65, 66, 10, 45, 45,
    42. 

  42. 	45, 45, 45, 69, 78, 68, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45,
    43. 

  43. 	45, 45, 45, 10}
    44. 

  44. 

  45. func TestAuthFastCachingSHA256PasswordCached(t *testing.T) {
    46. 

  46. 	conn, mc := newRWMockConn(1)
    47. 

  47. 	mc.cfg.User = "root"
    48. 

  48. 	mc.cfg.Passwd = "secret"
    49. 

  49. 

  50. 	authData := []byte{90, 105, 74, 126, 30, 48, 37, 56, 3, 23, 115, 127, 69,
    51. 

  51. 		22, 41, 84, 32, 123, 43, 118}
    52. 

  52. 	plugin := "caching_sha2_password"
    53. 

  53. 

  54. 	// Send Client Authentication Packet
    55. 

  55. 	if err := mc.writeAuthPacket(authData, plugin); err != nil {
    56. 

  56. 		t.Fatal(err)
    57. 

  57. 	}
    58. 

  58. 

  59. 	// check written auth response
    60. 

  60. 	authRespStart := 4 + 4 + 4 + 1 + 23 + len(mc.cfg.User) + 1
    61. 

  61. 	authRespEnd := authRespStart + 1 + 32
    62. 

  62. 	writtenAuthRespLen := conn.written[authRespStart]
    63. 

  63. 	writtenAuthResp := conn.written[authRespStart+1 : authRespEnd]
    64. 

  64. 	expectedAuthResp := []byte{102, 32, 5, 35, 143, 161, 140, 241, 171, 232, 56,
    65. 

  65. 		139, 43, 14, 107, 196, 249, 170, 147, 60, 220, 204, 120, 178, 214, 15,
    66. 

  66. 		184, 150, 26, 61, 57, 235}
    67. 

  67. 	if writtenAuthRespLen != 32 || !bytes.Equal(writtenAuthResp, expectedAuthResp) {
    68. 

  68. 		t.Fatalf("unexpected written auth response (%d bytes): %v", writtenAuthRespLen, writtenAuthResp)
    69. 

  69. 	}
    70. 

  70. 	conn.written = nil
    71. 

  71. 

  72. 	// auth response
    73. 

  73. 	conn.data = []byte{
    74. 

  74. 		2, 0, 0, 2, 1, 3, // Fast Auth Success
    75. 

  75. 		7, 0, 0, 3, 0, 0, 0, 2, 0, 0, 0, // OK
    76. 

  76. 	}
    77. 

  77. 	conn.maxReads = 1
    78. 

  78. 

  79. 	// Handle response to auth packet
    80. 

  80. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    81. 

  81. 		t.Errorf("got error: %v", err)
    82. 

  82. 	}
    83. 

  83. }
    84. 

  84. 

  85. func TestAuthFastCachingSHA256PasswordEmpty(t *testing.T) {
    86. 

  86. 	conn, mc := newRWMockConn(1)
    87. 

  87. 	mc.cfg.User = "root"
    88. 

  88. 	mc.cfg.Passwd = ""
    89. 

  89. 

  90. 	authData := []byte{90, 105, 74, 126, 30, 48, 37, 56, 3, 23, 115, 127, 69,
    91. 

  91. 		22, 41, 84, 32, 123, 43, 118}
    92. 

  92. 	plugin := "caching_sha2_password"
    93. 

  93. 

  94. 	// Send Client Authentication Packet
    95. 

  95. 	if err := mc.writeAuthPacket(authData, plugin); err != nil {
    96. 

  96. 		t.Fatal(err)
    97. 

  97. 	}
    98. 

  98. 

  99. 	// check written auth response
    100. 

  100. 	authRespStart := 4 + 4 + 4 + 1 + 23 + len(mc.cfg.User) + 1
    101. 

  101. 	authRespEnd := authRespStart + 1 + 0
    102. 

  102. 	writtenAuthRespLen := conn.written[authRespStart]
    103. 

  103. 	writtenAuthResp := conn.written[authRespStart+1 : authRespEnd]
    104. 

  104. 	if writtenAuthRespLen != 0 {
    105. 

  105. 		t.Fatalf("unexpected written auth response (%d bytes): %v",
    106. 

  106. 			writtenAuthRespLen, writtenAuthResp)
    107. 

  107. 	}
    108. 

  108. 	conn.written = nil
    109. 

  109. 

  110. 	// auth response
    111. 

  111. 	conn.data = []byte{
    112. 

  112. 		7, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, // OK
    113. 

  113. 	}
    114. 

  114. 	conn.maxReads = 1
    115. 

  115. 

  116. 	// Handle response to auth packet
    117. 

  117. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    118. 

  118. 		t.Errorf("got error: %v", err)
    119. 

  119. 	}
    120. 

  120. }
    121. 

  121. 

  122. func TestAuthFastCachingSHA256PasswordFullRSA(t *testing.T) {
    123. 

  123. 	conn, mc := newRWMockConn(1)
    124. 

  124. 	mc.cfg.User = "root"
    125. 

  125. 	mc.cfg.Passwd = "secret"
    126. 

  126. 

  127. 	authData := []byte{6, 81, 96, 114, 14, 42, 50, 30, 76, 47, 1, 95, 126, 81,
    128. 

  128. 		62, 94, 83, 80, 52, 85}
    129. 

  129. 	plugin := "caching_sha2_password"
    130. 

  130. 

  131. 	// Send Client Authentication Packet
    132. 

  132. 	if err := mc.writeAuthPacket(authData, plugin); err != nil {
    133. 

  133. 		t.Fatal(err)
    134. 

  134. 	}
    135. 

  135. 

  136. 	// check written auth response
    137. 

  137. 	authRespStart := 4 + 4 + 4 + 1 + 23 + len(mc.cfg.User) + 1
    138. 

  138. 	authRespEnd := authRespStart + 1 + 32
    139. 

  139. 	writtenAuthRespLen := conn.written[authRespStart]
    140. 

  140. 	writtenAuthResp := conn.written[authRespStart+1 : authRespEnd]
    141. 

  141. 	expectedAuthResp := []byte{171, 201, 138, 146, 89, 159, 11, 170, 0, 67, 165,
    142. 

  142. 		49, 175, 94, 218, 68, 177, 109, 110, 86, 34, 33, 44, 190, 67, 240, 70,
    143. 

  143. 		110, 40, 139, 124, 41}
    144. 

  144. 	if writtenAuthRespLen != 32 || !bytes.Equal(writtenAuthResp, expectedAuthResp) {
    145. 

  145. 		t.Fatalf("unexpected written auth response (%d bytes): %v", writtenAuthRespLen, writtenAuthResp)
    146. 

  146. 	}
    147. 

  147. 	conn.written = nil
    148. 

  148. 

  149. 	// auth response
    150. 

  150. 	conn.data = []byte{
    151. 

  151. 		2, 0, 0, 2, 1, 4, // Perform Full Authentication
    152. 

  152. 	}
    153. 

  153. 	conn.queuedReplies = [][]byte{
    154. 

  154. 		// pub key response
    155. 

  155. 		append([]byte{byte(len(serverPubKey)), 1, 0, 4}, serverPubKey...),
    156. 

  156. 

  157. 		// OK
    158. 

  158. 		{7, 0, 0, 6, 0, 0, 0, 2, 0, 0, 0},
    159. 

  159. 	}
    160. 

  160. 	conn.maxReads = 3
    161. 

  161. 

  162. 	// Handle response to auth packet
    163. 

  163. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    164. 

  164. 		t.Errorf("got error: %v", err)
    165. 

  165. 	}
    166. 

  166. 

  167. 	if !bytes.HasPrefix(conn.written, []byte{1, 0, 0, 3, 2, 0, 1, 0, 5}) {
    168. 

  168. 		t.Errorf("unexpected written data: %v", conn.written)
    169. 

  169. 	}
    170. 

  170. }
    171. 

  171. 

  172. func TestAuthFastCachingSHA256PasswordFullSecure(t *testing.T) {
    173. 

  173. 	conn, mc := newRWMockConn(1)
    174. 

  174. 	mc.cfg.User = "root"
    175. 

  175. 	mc.cfg.Passwd = "secret"
    176. 

  176. 

  177. 	authData := []byte{6, 81, 96, 114, 14, 42, 50, 30, 76, 47, 1, 95, 126, 81,
    178. 

  178. 		62, 94, 83, 80, 52, 85}
    179. 

  179. 	plugin := "caching_sha2_password"
    180. 

  180. 

  181. 	// Send Client Authentication Packet
    182. 

  182. 	if err := mc.writeAuthPacket(authData, plugin); err != nil {
    183. 

  183. 		t.Fatal(err)
    184. 

  184. 	}
    185. 

  185. 

  186. 	// Hack to make the caching_sha2_password plugin believe that the connection
    187. 

  187. 	// is secure
    188. 

  188. 	mc.cfg.tls = &tls.Config{InsecureSkipVerify: true}
    189. 

  189. 

  190. 	// check written auth response
    191. 

  191. 	authRespStart := 4 + 4 + 4 + 1 + 23 + len(mc.cfg.User) + 1
    192. 

  192. 	authRespEnd := authRespStart + 1 + 32
    193. 

  193. 	writtenAuthRespLen := conn.written[authRespStart]
    194. 

  194. 	writtenAuthResp := conn.written[authRespStart+1 : authRespEnd]
    195. 

  195. 	expectedAuthResp := []byte{171, 201, 138, 146, 89, 159, 11, 170, 0, 67, 165,
    196. 

  196. 		49, 175, 94, 218, 68, 177, 109, 110, 86, 34, 33, 44, 190, 67, 240, 70,
    197. 

  197. 		110, 40, 139, 124, 41}
    198. 

  198. 	if writtenAuthRespLen != 32 || !bytes.Equal(writtenAuthResp, expectedAuthResp) {
    199. 

  199. 		t.Fatalf("unexpected written auth response (%d bytes): %v", writtenAuthRespLen, writtenAuthResp)
    200. 

  200. 	}
    201. 

  201. 	conn.written = nil
    202. 

  202. 

  203. 	// auth response
    204. 

  204. 	conn.data = []byte{
    205. 

  205. 		2, 0, 0, 2, 1, 4, // Perform Full Authentication
    206. 

  206. 	}
    207. 

  207. 	conn.queuedReplies = [][]byte{
    208. 

  208. 		// OK
    209. 

  209. 		{7, 0, 0, 4, 0, 0, 0, 2, 0, 0, 0},
    210. 

  210. 	}
    211. 

  211. 	conn.maxReads = 3
    212. 

  212. 

  213. 	// Handle response to auth packet
    214. 

  214. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    215. 

  215. 		t.Errorf("got error: %v", err)
    216. 

  216. 	}
    217. 

  217. 

  218. 	if !bytes.Equal(conn.written, []byte{7, 0, 0, 3, 115, 101, 99, 114, 101, 116, 0}) {
    219. 

  219. 		t.Errorf("unexpected written data: %v", conn.written)
    220. 

  220. 	}
    221. 

  221. }
    222. 

  222. 

  223. func TestAuthFastCleartextPasswordNotAllowed(t *testing.T) {
    224. 

  224. 	_, mc := newRWMockConn(1)
    225. 

  225. 	mc.cfg.User = "root"
    226. 

  226. 	mc.cfg.Passwd = "secret"
    227. 

  227. 

  228. 	authData := []byte{70, 114, 92, 94, 1, 38, 11, 116, 63, 114, 23, 101, 126,
    229. 

  229. 		103, 26, 95, 81, 17, 24, 21}
    230. 

  230. 	plugin := "mysql_clear_password"
    231. 

  231. 

  232. 	// Send Client Authentication Packet
    233. 

  233. 	err := mc.writeAuthPacket(authData, plugin)
    234. 

  234. 	if err != ErrCleartextPassword {
    235. 

  235. 		t.Errorf("expected ErrCleartextPassword, got %v", err)
    236. 

  236. 	}
    237. 

  237. }
    238. 

  238. 

  239. func TestAuthFastCleartextPassword(t *testing.T) {
    240. 

  240. 	conn, mc := newRWMockConn(1)
    241. 

  241. 	mc.cfg.User = "root"
    242. 

  242. 	mc.cfg.Passwd = "secret"
    243. 

  243. 	mc.cfg.AllowCleartextPasswords = true
    244. 

  244. 

  245. 	authData := []byte{70, 114, 92, 94, 1, 38, 11, 116, 63, 114, 23, 101, 126,
    246. 

  246. 		103, 26, 95, 81, 17, 24, 21}
    247. 

  247. 	plugin := "mysql_clear_password"
    248. 

  248. 

  249. 	// Send Client Authentication Packet
    250. 

  250. 	if err := mc.writeAuthPacket(authData, plugin); err != nil {
    251. 

  251. 		t.Fatal(err)
    252. 

  252. 	}
    253. 

  253. 

  254. 	// check written auth response
    255. 

  255. 	authRespStart := 4 + 4 + 4 + 1 + 23 + len(mc.cfg.User) + 1
    256. 

  256. 	authRespEnd := authRespStart + 1 + 6
    257. 

  257. 	writtenAuthRespLen := conn.written[authRespStart]
    258. 

  258. 	writtenAuthResp := conn.written[authRespStart+1 : authRespEnd]
    259. 

  259. 	expectedAuthResp := []byte{115, 101, 99, 114, 101, 116}
    260. 

  260. 	if writtenAuthRespLen != 6 || !bytes.Equal(writtenAuthResp, expectedAuthResp) {
    261. 

  261. 		t.Fatalf("unexpected written auth response (%d bytes): %v", writtenAuthRespLen, writtenAuthResp)
    262. 

  262. 	}
    263. 

  263. 	conn.written = nil
    264. 

  264. 

  265. 	// auth response
    266. 

  266. 	conn.data = []byte{
    267. 

  267. 		7, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, // OK
    268. 

  268. 	}
    269. 

  269. 	conn.maxReads = 1
    270. 

  270. 

  271. 	// Handle response to auth packet
    272. 

  272. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    273. 

  273. 		t.Errorf("got error: %v", err)
    274. 

  274. 	}
    275. 

  275. }
    276. 

  276. 

  277. func TestAuthFastCleartextPasswordEmpty(t *testing.T) {
    278. 

  278. 	conn, mc := newRWMockConn(1)
    279. 

  279. 	mc.cfg.User = "root"
    280. 

  280. 	mc.cfg.Passwd = ""
    281. 

  281. 	mc.cfg.AllowCleartextPasswords = true
    282. 

  282. 

  283. 	authData := []byte{70, 114, 92, 94, 1, 38, 11, 116, 63, 114, 23, 101, 126,
    284. 

  284. 		103, 26, 95, 81, 17, 24, 21}
    285. 

  285. 	plugin := "mysql_clear_password"
    286. 

  286. 

  287. 	// Send Client Authentication Packet
    288. 

  288. 	if err := mc.writeAuthPacket(authData, plugin); err != nil {
    289. 

  289. 		t.Fatal(err)
    290. 

  290. 	}
    291. 

  291. 

  292. 	// check written auth response
    293. 

  293. 	authRespStart := 4 + 4 + 4 + 1 + 23 + len(mc.cfg.User) + 1
    294. 

  294. 	authRespEnd := authRespStart + 1 + 0
    295. 

  295. 	writtenAuthRespLen := conn.written[authRespStart]
    296. 

  296. 	writtenAuthResp := conn.written[authRespStart+1 : authRespEnd]
    297. 

  297. 	if writtenAuthRespLen != 0 {
    298. 

  298. 		t.Fatalf("unexpected written auth response (%d bytes): %v",
    299. 

  299. 			writtenAuthRespLen, writtenAuthResp)
    300. 

  300. 	}
    301. 

  301. 	conn.written = nil
    302. 

  302. 

  303. 	// auth response
    304. 

  304. 	conn.data = []byte{
    305. 

  305. 		7, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, // OK
    306. 

  306. 	}
    307. 

  307. 	conn.maxReads = 1
    308. 

  308. 

  309. 	// Handle response to auth packet
    310. 

  310. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    311. 

  311. 		t.Errorf("got error: %v", err)
    312. 

  312. 	}
    313. 

  313. }
    314. 

  314. 

  315. func TestAuthFastNativePasswordNotAllowed(t *testing.T) {
    316. 

  316. 	_, mc := newRWMockConn(1)
    317. 

  317. 	mc.cfg.User = "root"
    318. 

  318. 	mc.cfg.Passwd = "secret"
    319. 

  319. 	mc.cfg.AllowNativePasswords = false
    320. 

  320. 

  321. 	authData := []byte{70, 114, 92, 94, 1, 38, 11, 116, 63, 114, 23, 101, 126,
    322. 

  322. 		103, 26, 95, 81, 17, 24, 21}
    323. 

  323. 	plugin := "mysql_native_password"
    324. 

  324. 

  325. 	// Send Client Authentication Packet
    326. 

  326. 	err := mc.writeAuthPacket(authData, plugin)
    327. 

  327. 	if err != ErrNativePassword {
    328. 

  328. 		t.Errorf("expected ErrNativePassword, got %v", err)
    329. 

  329. 	}
    330. 

  330. }
    331. 

  331. 

  332. func TestAuthFastNativePassword(t *testing.T) {
    333. 

  333. 	conn, mc := newRWMockConn(1)
    334. 

  334. 	mc.cfg.User = "root"
    335. 

  335. 	mc.cfg.Passwd = "secret"
    336. 

  336. 

  337. 	authData := []byte{70, 114, 92, 94, 1, 38, 11, 116, 63, 114, 23, 101, 126,
    338. 

  338. 		103, 26, 95, 81, 17, 24, 21}
    339. 

  339. 	plugin := "mysql_native_password"
    340. 

  340. 

  341. 	// Send Client Authentication Packet
    342. 

  342. 	if err := mc.writeAuthPacket(authData, plugin); err != nil {
    343. 

  343. 		t.Fatal(err)
    344. 

  344. 	}
    345. 

  345. 

  346. 	// check written auth response
    347. 

  347. 	authRespStart := 4 + 4 + 4 + 1 + 23 + len(mc.cfg.User) + 1
    348. 

  348. 	authRespEnd := authRespStart + 1 + 20
    349. 

  349. 	writtenAuthRespLen := conn.written[authRespStart]
    350. 

  350. 	writtenAuthResp := conn.written[authRespStart+1 : authRespEnd]
    351. 

  351. 	expectedAuthResp := []byte{53, 177, 140, 159, 251, 189, 127, 53, 109, 252,
    352. 

  352. 		172, 50, 211, 192, 240, 164, 26, 48, 207, 45}
    353. 

  353. 	if writtenAuthRespLen != 20 || !bytes.Equal(writtenAuthResp, expectedAuthResp) {
    354. 

  354. 		t.Fatalf("unexpected written auth response (%d bytes): %v", writtenAuthRespLen, writtenAuthResp)
    355. 

  355. 	}
    356. 

  356. 	conn.written = nil
    357. 

  357. 

  358. 	// auth response
    359. 

  359. 	conn.data = []byte{
    360. 

  360. 		7, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, // OK
    361. 

  361. 	}
    362. 

  362. 	conn.maxReads = 1
    363. 

  363. 

  364. 	// Handle response to auth packet
    365. 

  365. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    366. 

  366. 		t.Errorf("got error: %v", err)
    367. 

  367. 	}
    368. 

  368. }
    369. 

  369. 

  370. func TestAuthFastNativePasswordEmpty(t *testing.T) {
    371. 

  371. 	conn, mc := newRWMockConn(1)
    372. 

  372. 	mc.cfg.User = "root"
    373. 

  373. 	mc.cfg.Passwd = ""
    374. 

  374. 

  375. 	authData := []byte{70, 114, 92, 94, 1, 38, 11, 116, 63, 114, 23, 101, 126,
    376. 

  376. 		103, 26, 95, 81, 17, 24, 21}
    377. 

  377. 	plugin := "mysql_native_password"
    378. 

  378. 

  379. 	// Send Client Authentication Packet
    380. 

  380. 	if err := mc.writeAuthPacket(authData, plugin); err != nil {
    381. 

  381. 		t.Fatal(err)
    382. 

  382. 	}
    383. 

  383. 

  384. 	// check written auth response
    385. 

  385. 	authRespStart := 4 + 4 + 4 + 1 + 23 + len(mc.cfg.User) + 1
    386. 

  386. 	authRespEnd := authRespStart + 1 + 0
    387. 

  387. 	writtenAuthRespLen := conn.written[authRespStart]
    388. 

  388. 	writtenAuthResp := conn.written[authRespStart+1 : authRespEnd]
    389. 

  389. 	if writtenAuthRespLen != 0 {
    390. 

  390. 		t.Fatalf("unexpected written auth response (%d bytes): %v",
    391. 

  391. 			writtenAuthRespLen, writtenAuthResp)
    392. 

  392. 	}
    393. 

  393. 	conn.written = nil
    394. 

  394. 

  395. 	// auth response
    396. 

  396. 	conn.data = []byte{
    397. 

  397. 		7, 0, 0, 2, 0, 0, 0, 2, 0, 0, 0, // OK
    398. 

  398. 	}
    399. 

  399. 	conn.maxReads = 1
    400. 

  400. 

  401. 	// Handle response to auth packet
    402. 

  402. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    403. 

  403. 		t.Errorf("got error: %v", err)
    404. 

  404. 	}
    405. 

  405. }
    406. 

  406. 

  407. func TestAuthSwitchCachingSHA256PasswordCached(t *testing.T) {
    408. 

  408. 	conn, mc := newRWMockConn(2)
    409. 

  409. 	mc.cfg.Passwd = "secret"
    410. 

  410. 

  411. 	// auth switch request
    412. 

  412. 	conn.data = []byte{44, 0, 0, 2, 254, 99, 97, 99, 104, 105, 110, 103, 95,
    413. 

  413. 		115, 104, 97, 50, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0, 101,
    414. 

  414. 		11, 26, 18, 94, 97, 22, 72, 2, 46, 70, 106, 29, 55, 45, 94, 76, 90, 84,
    415. 

  415. 		50, 0}
    416. 

  416. 

  417. 	// auth response
    418. 

  418. 	conn.queuedReplies = [][]byte{
    419. 

  419. 		{7, 0, 0, 4, 0, 0, 0, 2, 0, 0, 0}, // OK
    420. 

  420. 	}
    421. 

  421. 	conn.maxReads = 3
    422. 

  422. 

  423. 	authData := []byte{123, 87, 15, 84, 20, 58, 37, 121, 91, 117, 51, 24, 19,
    424. 

  424. 		47, 43, 9, 41, 112, 67, 110}
    425. 

  425. 	plugin := "mysql_native_password"
    426. 

  426. 

  427. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    428. 

  428. 		t.Errorf("got error: %v", err)
    429. 

  429. 	}
    430. 

  430. 

  431. 	expectedReply := []byte{
    432. 

  432. 		// 1. Packet: Hash
    433. 

  433. 		32, 0, 0, 3, 129, 93, 132, 95, 114, 48, 79, 215, 128, 62, 193, 118, 128,
    434. 

  434. 		54, 75, 208, 159, 252, 227, 215, 129, 15, 242, 97, 19, 159, 31, 20, 58,
    435. 

  435. 		153, 9, 130,
    436. 

  436. 	}
    437. 

  437. 	if !bytes.Equal(conn.written, expectedReply) {
    438. 

  438. 		t.Errorf("got unexpected data: %v", conn.written)
    439. 

  439. 	}
    440. 

  440. }
    441. 

  441. 

  442. func TestAuthSwitchCachingSHA256PasswordEmpty(t *testing.T) {
    443. 

  443. 	conn, mc := newRWMockConn(2)
    444. 

  444. 	mc.cfg.Passwd = ""
    445. 

  445. 

  446. 	// auth switch request
    447. 

  447. 	conn.data = []byte{44, 0, 0, 2, 254, 99, 97, 99, 104, 105, 110, 103, 95,
    448. 

  448. 		115, 104, 97, 50, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0, 101,
    449. 

  449. 		11, 26, 18, 94, 97, 22, 72, 2, 46, 70, 106, 29, 55, 45, 94, 76, 90, 84,
    450. 

  450. 		50, 0}
    451. 

  451. 

  452. 	// auth response
    453. 

  453. 	conn.queuedReplies = [][]byte{{7, 0, 0, 4, 0, 0, 0, 2, 0, 0, 0}}
    454. 

  454. 	conn.maxReads = 2
    455. 

  455. 

  456. 	authData := []byte{123, 87, 15, 84, 20, 58, 37, 121, 91, 117, 51, 24, 19,
    457. 

  457. 		47, 43, 9, 41, 112, 67, 110}
    458. 

  458. 	plugin := "mysql_native_password"
    459. 

  459. 

  460. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    461. 

  461. 		t.Errorf("got error: %v", err)
    462. 

  462. 	}
    463. 

  463. 

  464. 	expectedReply := []byte{0, 0, 0, 3}
    465. 

  465. 	if !bytes.Equal(conn.written, expectedReply) {
    466. 

  466. 		t.Errorf("got unexpected data: %v", conn.written)
    467. 

  467. 	}
    468. 

  468. }
    469. 

  469. 

  470. func TestAuthSwitchCachingSHA256PasswordFullRSA(t *testing.T) {
    471. 

  471. 	conn, mc := newRWMockConn(2)
    472. 

  472. 	mc.cfg.Passwd = "secret"
    473. 

  473. 

  474. 	// auth switch request
    475. 

  475. 	conn.data = []byte{44, 0, 0, 2, 254, 99, 97, 99, 104, 105, 110, 103, 95,
    476. 

  476. 		115, 104, 97, 50, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0, 101,
    477. 

  477. 		11, 26, 18, 94, 97, 22, 72, 2, 46, 70, 106, 29, 55, 45, 94, 76, 90, 84,
    478. 

  478. 		50, 0}
    479. 

  479. 

  480. 	conn.queuedReplies = [][]byte{
    481. 

  481. 		// Perform Full Authentication
    482. 

  482. 		{2, 0, 0, 4, 1, 4},
    483. 

  483. 

  484. 		// Pub Key Response
    485. 

  485. 		append([]byte{byte(len(serverPubKey)), 1, 0, 6}, serverPubKey...),
    486. 

  486. 

  487. 		// OK
    488. 

  488. 		{7, 0, 0, 8, 0, 0, 0, 2, 0, 0, 0},
    489. 

  489. 	}
    490. 

  490. 	conn.maxReads = 4
    491. 

  491. 

  492. 	authData := []byte{123, 87, 15, 84, 20, 58, 37, 121, 91, 117, 51, 24, 19,
    493. 

  493. 		47, 43, 9, 41, 112, 67, 110}
    494. 

  494. 	plugin := "mysql_native_password"
    495. 

  495. 

  496. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    497. 

  497. 		t.Errorf("got error: %v", err)
    498. 

  498. 	}
    499. 

  499. 

  500. 	expectedReplyPrefix := []byte{
    501. 

  501. 		// 1. Packet: Hash
    502. 

  502. 		32, 0, 0, 3, 129, 93, 132, 95, 114, 48, 79, 215, 128, 62, 193, 118, 128,
    503. 

  503. 		54, 75, 208, 159, 252, 227, 215, 129, 15, 242, 97, 19, 159, 31, 20, 58,
    504. 

  504. 		153, 9, 130,
    505. 

  505. 

  506. 		// 2. Packet: Pub Key Request
    507. 

  507. 		1, 0, 0, 5, 2,
    508. 

  508. 

  509. 		// 3. Packet: Encrypted Password
    510. 

  510. 		0, 1, 0, 7, // [changing bytes]
    511. 

  511. 	}
    512. 

  512. 	if !bytes.HasPrefix(conn.written, expectedReplyPrefix) {
    513. 

  513. 		t.Errorf("got unexpected data: %v", conn.written)
    514. 

  514. 	}
    515. 

  515. }
    516. 

  516. 

  517. func TestAuthSwitchCachingSHA256PasswordFullSecure(t *testing.T) {
    518. 

  518. 	conn, mc := newRWMockConn(2)
    519. 

  519. 	mc.cfg.Passwd = "secret"
    520. 

  520. 

  521. 	// Hack to make the caching_sha2_password plugin believe that the connection
    522. 

  522. 	// is secure
    523. 

  523. 	mc.cfg.tls = &tls.Config{InsecureSkipVerify: true}
    524. 

  524. 

  525. 	// auth switch request
    526. 

  526. 	conn.data = []byte{44, 0, 0, 2, 254, 99, 97, 99, 104, 105, 110, 103, 95,
    527. 

  527. 		115, 104, 97, 50, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0, 101,
    528. 

  528. 		11, 26, 18, 94, 97, 22, 72, 2, 46, 70, 106, 29, 55, 45, 94, 76, 90, 84,
    529. 

  529. 		50, 0}
    530. 

  530. 

  531. 	// auth response
    532. 

  532. 	conn.queuedReplies = [][]byte{
    533. 

  533. 		{2, 0, 0, 4, 1, 4},                // Perform Full Authentication
    534. 

  534. 		{7, 0, 0, 6, 0, 0, 0, 2, 0, 0, 0}, // OK
    535. 

  535. 	}
    536. 

  536. 	conn.maxReads = 3
    537. 

  537. 

  538. 	authData := []byte{123, 87, 15, 84, 20, 58, 37, 121, 91, 117, 51, 24, 19,
    539. 

  539. 		47, 43, 9, 41, 112, 67, 110}
    540. 

  540. 	plugin := "mysql_native_password"
    541. 

  541. 

  542. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    543. 

  543. 		t.Errorf("got error: %v", err)
    544. 

  544. 	}
    545. 

  545. 

  546. 	expectedReply := []byte{
    547. 

  547. 		// 1. Packet: Hash
    548. 

  548. 		32, 0, 0, 3, 129, 93, 132, 95, 114, 48, 79, 215, 128, 62, 193, 118, 128,
    549. 

  549. 		54, 75, 208, 159, 252, 227, 215, 129, 15, 242, 97, 19, 159, 31, 20, 58,
    550. 

  550. 		153, 9, 130,
    551. 

  551. 

  552. 		// 2. Packet: Cleartext password
    553. 

  553. 		6, 0, 0, 5, 115, 101, 99, 114, 101, 116,
    554. 

  554. 	}
    555. 

  555. 	if !bytes.Equal(conn.written, expectedReply) {
    556. 

  556. 		t.Errorf("got unexpected data: %v", conn.written)
    557. 

  557. 	}
    558. 

  558. }
    559. 

  559. 

  560. func TestAuthSwitchCleartextPasswordNotAllowed(t *testing.T) {
    561. 

  561. 	conn, mc := newRWMockConn(2)
    562. 

  562. 

  563. 	conn.data = []byte{22, 0, 0, 2, 254, 109, 121, 115, 113, 108, 95, 99, 108,
    564. 

  564. 		101, 97, 114, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0}
    565. 

  565. 	conn.maxReads = 1
    566. 

  566. 	authData := []byte{123, 87, 15, 84, 20, 58, 37, 121, 91, 117, 51, 24, 19,
    567. 

  567. 		47, 43, 9, 41, 112, 67, 110}
    568. 

  568. 	plugin := "mysql_native_password"
    569. 

  569. 	err := handleAuthResult(mc, authData, plugin)
    570. 

  570. 	if err != ErrCleartextPassword {
    571. 

  571. 		t.Errorf("expected ErrCleartextPassword, got %v", err)
    572. 

  572. 	}
    573. 

  573. }
    574. 

  574. 

  575. func TestAuthSwitchCleartextPassword(t *testing.T) {
    576. 

  576. 	conn, mc := newRWMockConn(2)
    577. 

  577. 	mc.cfg.AllowCleartextPasswords = true
    578. 

  578. 	mc.cfg.Passwd = "secret"
    579. 

  579. 

  580. 	// auth switch request
    581. 

  581. 	conn.data = []byte{22, 0, 0, 2, 254, 109, 121, 115, 113, 108, 95, 99, 108,
    582. 

  582. 		101, 97, 114, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0}
    583. 

  583. 

  584. 	// auth response
    585. 

  585. 	conn.queuedReplies = [][]byte{{7, 0, 0, 4, 0, 0, 0, 2, 0, 0, 0}}
    586. 

  586. 	conn.maxReads = 2
    587. 

  587. 

  588. 	authData := []byte{123, 87, 15, 84, 20, 58, 37, 121, 91, 117, 51, 24, 19,
    589. 

  589. 		47, 43, 9, 41, 112, 67, 110}
    590. 

  590. 	plugin := "mysql_native_password"
    591. 

  591. 

  592. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    593. 

  593. 		t.Errorf("got error: %v", err)
    594. 

  594. 	}
    595. 

  595. 

  596. 	expectedReply := []byte{7, 0, 0, 3, 115, 101, 99, 114, 101, 116, 0}
    597. 

  597. 	if !bytes.Equal(conn.written, expectedReply) {
    598. 

  598. 		t.Errorf("got unexpected data: %v", conn.written)
    599. 

  599. 	}
    600. 

  600. }
    601. 

  601. 

  602. func TestAuthSwitchCleartextPasswordEmpty(t *testing.T) {
    603. 

  603. 	conn, mc := newRWMockConn(2)
    604. 

  604. 	mc.cfg.AllowCleartextPasswords = true
    605. 

  605. 	mc.cfg.Passwd = ""
    606. 

  606. 

  607. 	// auth switch request
    608. 

  608. 	conn.data = []byte{22, 0, 0, 2, 254, 109, 121, 115, 113, 108, 95, 99, 108,
    609. 

  609. 		101, 97, 114, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0}
    610. 

  610. 

  611. 	// auth response
    612. 

  612. 	conn.queuedReplies = [][]byte{{7, 0, 0, 4, 0, 0, 0, 2, 0, 0, 0}}
    613. 

  613. 	conn.maxReads = 2
    614. 

  614. 

  615. 	authData := []byte{123, 87, 15, 84, 20, 58, 37, 121, 91, 117, 51, 24, 19,
    616. 

  616. 		47, 43, 9, 41, 112, 67, 110}
    617. 

  617. 	plugin := "mysql_native_password"
    618. 

  618. 

  619. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    620. 

  620. 		t.Errorf("got error: %v", err)
    621. 

  621. 	}
    622. 

  622. 

  623. 	expectedReply := []byte{1, 0, 0, 3, 0}
    624. 

  624. 	if !bytes.Equal(conn.written, expectedReply) {
    625. 

  625. 		t.Errorf("got unexpected data: %v", conn.written)
    626. 

  626. 	}
    627. 

  627. }
    628. 

  628. 

  629. func TestAuthSwitchNativePasswordNotAllowed(t *testing.T) {
    630. 

  630. 	conn, mc := newRWMockConn(2)
    631. 

  631. 	mc.cfg.AllowNativePasswords = false
    632. 

  632. 

  633. 	conn.data = []byte{44, 0, 0, 2, 254, 109, 121, 115, 113, 108, 95, 110, 97,
    634. 

  634. 		116, 105, 118, 101, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0, 96,
    635. 

  635. 		71, 63, 8, 1, 58, 75, 12, 69, 95, 66, 60, 117, 31, 48, 31, 89, 39, 55,
    636. 

  636. 		31, 0}
    637. 

  637. 	conn.maxReads = 1
    638. 

  638. 	authData := []byte{96, 71, 63, 8, 1, 58, 75, 12, 69, 95, 66, 60, 117, 31,
    639. 

  639. 		48, 31, 89, 39, 55, 31}
    640. 

  640. 	plugin := "caching_sha2_password"
    641. 

  641. 	err := handleAuthResult(mc, authData, plugin)
    642. 

  642. 	if err != ErrNativePassword {
    643. 

  643. 		t.Errorf("expected ErrNativePassword, got %v", err)
    644. 

  644. 	}
    645. 

  645. }
    646. 

  646. 

  647. func TestAuthSwitchNativePassword(t *testing.T) {
    648. 

  648. 	conn, mc := newRWMockConn(2)
    649. 

  649. 	mc.cfg.AllowNativePasswords = true
    650. 

  650. 	mc.cfg.Passwd = "secret"
    651. 

  651. 

  652. 	// auth switch request
    653. 

  653. 	conn.data = []byte{44, 0, 0, 2, 254, 109, 121, 115, 113, 108, 95, 110, 97,
    654. 

  654. 		116, 105, 118, 101, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0, 96,
    655. 

  655. 		71, 63, 8, 1, 58, 75, 12, 69, 95, 66, 60, 117, 31, 48, 31, 89, 39, 55,
    656. 

  656. 		31, 0}
    657. 

  657. 

  658. 	// auth response
    659. 

  659. 	conn.queuedReplies = [][]byte{{7, 0, 0, 4, 0, 0, 0, 2, 0, 0, 0}}
    660. 

  660. 	conn.maxReads = 2
    661. 

  661. 

  662. 	authData := []byte{96, 71, 63, 8, 1, 58, 75, 12, 69, 95, 66, 60, 117, 31,
    663. 

  663. 		48, 31, 89, 39, 55, 31}
    664. 

  664. 	plugin := "caching_sha2_password"
    665. 

  665. 

  666. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    667. 

  667. 		t.Errorf("got error: %v", err)
    668. 

  668. 	}
    669. 

  669. 

  670. 	expectedReply := []byte{20, 0, 0, 3, 202, 41, 195, 164, 34, 226, 49, 103,
    671. 

  671. 		21, 211, 167, 199, 227, 116, 8, 48, 57, 71, 149, 146}
    672. 

  672. 	if !bytes.Equal(conn.written, expectedReply) {
    673. 

  673. 		t.Errorf("got unexpected data: %v", conn.written)
    674. 

  674. 	}
    675. 

  675. }
    676. 

  676. 

  677. func TestAuthSwitchNativePasswordEmpty(t *testing.T) {
    678. 

  678. 	conn, mc := newRWMockConn(2)
    679. 

  679. 	mc.cfg.AllowNativePasswords = true
    680. 

  680. 	mc.cfg.Passwd = ""
    681. 

  681. 

  682. 	// auth switch request
    683. 

  683. 	conn.data = []byte{44, 0, 0, 2, 254, 109, 121, 115, 113, 108, 95, 110, 97,
    684. 

  684. 		116, 105, 118, 101, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0, 96,
    685. 

  685. 		71, 63, 8, 1, 58, 75, 12, 69, 95, 66, 60, 117, 31, 48, 31, 89, 39, 55,
    686. 

  686. 		31, 0}
    687. 

  687. 

  688. 	// auth response
    689. 

  689. 	conn.queuedReplies = [][]byte{{7, 0, 0, 4, 0, 0, 0, 2, 0, 0, 0}}
    690. 

  690. 	conn.maxReads = 2
    691. 

  691. 

  692. 	authData := []byte{96, 71, 63, 8, 1, 58, 75, 12, 69, 95, 66, 60, 117, 31,
    693. 

  693. 		48, 31, 89, 39, 55, 31}
    694. 

  694. 	plugin := "caching_sha2_password"
    695. 

  695. 

  696. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    697. 

  697. 		t.Errorf("got error: %v", err)
    698. 

  698. 	}
    699. 

  699. 

  700. 	expectedReply := []byte{0, 0, 0, 3}
    701. 

  701. 	if !bytes.Equal(conn.written, expectedReply) {
    702. 

  702. 		t.Errorf("got unexpected data: %v", conn.written)
    703. 

  703. 	}
    704. 

  704. }
    705. 

  705. 

  706. func TestAuthSwitchOldPasswordNotAllowed(t *testing.T) {
    707. 

  707. 	conn, mc := newRWMockConn(2)
    708. 

  708. 

  709. 	conn.data = []byte{41, 0, 0, 2, 254, 109, 121, 115, 113, 108, 95, 111, 108,
    710. 

  710. 		100, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0, 95, 84, 103, 43, 61,
    711. 

  711. 		49, 123, 61, 91, 50, 40, 113, 35, 84, 96, 101, 92, 123, 121, 107, 0}
    712. 

  712. 	conn.maxReads = 1
    713. 

  713. 	authData := []byte{95, 84, 103, 43, 61, 49, 123, 61, 91, 50, 40, 113, 35,
    714. 

  714. 		84, 96, 101, 92, 123, 121, 107}
    715. 

  715. 	plugin := "mysql_native_password"
    716. 

  716. 	err := handleAuthResult(mc, authData, plugin)
    717. 

  717. 	if err != ErrOldPassword {
    718. 

  718. 		t.Errorf("expected ErrOldPassword, got %v", err)
    719. 

  719. 	}
    720. 

  720. }
    721. 

  721. 

  722. func TestAuthSwitchOldPassword(t *testing.T) {
    723. 

  723. 	conn, mc := newRWMockConn(2)
    724. 

  724. 	mc.cfg.AllowOldPasswords = true
    725. 

  725. 	mc.cfg.Passwd = "secret"
    726. 

  726. 

  727. 	// auth switch request
    728. 

  728. 	conn.data = []byte{41, 0, 0, 2, 254, 109, 121, 115, 113, 108, 95, 111, 108,
    729. 

  729. 		100, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0, 95, 84, 103, 43, 61,
    730. 

  730. 		49, 123, 61, 91, 50, 40, 113, 35, 84, 96, 101, 92, 123, 121, 107, 0}
    731. 

  731. 

  732. 	// auth response
    733. 

  733. 	conn.queuedReplies = [][]byte{{8, 0, 0, 4, 0, 0, 0, 2, 0, 0, 0, 0}}
    734. 

  734. 	conn.maxReads = 2
    735. 

  735. 

  736. 	authData := []byte{95, 84, 103, 43, 61, 49, 123, 61, 91, 50, 40, 113, 35,
    737. 

  737. 		84, 96, 101, 92, 123, 121, 107}
    738. 

  738. 	plugin := "mysql_native_password"
    739. 

  739. 

  740. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    741. 

  741. 		t.Errorf("got error: %v", err)
    742. 

  742. 	}
    743. 

  743. 

  744. 	expectedReply := []byte{9, 0, 0, 3, 86, 83, 83, 79, 74, 78, 65, 66, 0}
    745. 

  745. 	if !bytes.Equal(conn.written, expectedReply) {
    746. 

  746. 		t.Errorf("got unexpected data: %v", conn.written)
    747. 

  747. 	}
    748. 

  748. }
    749. 

  749. 

  750. func TestAuthSwitchOldPasswordEmpty(t *testing.T) {
    751. 

  751. 	conn, mc := newRWMockConn(2)
    752. 

  752. 	mc.cfg.AllowOldPasswords = true
    753. 

  753. 	mc.cfg.Passwd = ""
    754. 

  754. 

  755. 	// auth switch request
    756. 

  756. 	conn.data = []byte{41, 0, 0, 2, 254, 109, 121, 115, 113, 108, 95, 111, 108,
    757. 

  757. 		100, 95, 112, 97, 115, 115, 119, 111, 114, 100, 0, 95, 84, 103, 43, 61,
    758. 

  758. 		49, 123, 61, 91, 50, 40, 113, 35, 84, 96, 101, 92, 123, 121, 107, 0}
    759. 

  759. 

  760. 	// auth response
    761. 

  761. 	conn.queuedReplies = [][]byte{{8, 0, 0, 4, 0, 0, 0, 2, 0, 0, 0, 0}}
    762. 

  762. 	conn.maxReads = 2
    763. 

  763. 

  764. 	authData := []byte{95, 84, 103, 43, 61, 49, 123, 61, 91, 50, 40, 113, 35,
    765. 

  765. 		84, 96, 101, 92, 123, 121, 107}
    766. 

  766. 	plugin := "mysql_native_password"
    767. 

  767. 

  768. 	if err := handleAuthResult(mc, authData, plugin); err != nil {
    769. 

  769. 		t.Errorf("got error: %v", err)
    770. 

  770. 	}
    771. 

  771. 

  772. 	expectedReply := []byte{1, 0, 0, 3, 0}
    773. 

  773. 	if !bytes.Equal(conn.written, expectedReply) {
    774. 

  774. 		t.Errorf("got unexpected data: %v", conn.written)
    775. 

  775. 	}
    776. 

  776. }
    777.