Files
apache--brpc/test/README_mysql_auth.md
2026-07-13 13:29:29 +08:00

93 lines
3.8 KiB
Markdown

# MySQL auth handshake — end-to-end test plan
The server integration tests in `brpc_mysql_auth_handshake_unittest.cpp`
(`MysqlHandshakeServerTest.*`) run in one of two modes, selected by the
`-mysql_use_running_server` gflag.
There are four server tests:
| Test | What it checks |
|---|---|
| `ParsesRealServerGreeting` | HandshakeV10 parse of a real greeting |
| `GeneratesScramblesFromRealSalt` | scramble from a real salt, parameterized on password length (zero → empty response; non-zero → 20B native / 32B caching_sha2) |
| `PerformsFullAuthentication` | uncached login takes the **full-auth** path; asserts the response carries `AuthMoreData 0x04` (perform_full_authentication) and the RSA exchange yields `OK` |
| `CachesCredentialOnSecondLogin` | logs in twice; the **second** login must reuse the cache (fast-auth), never `0x04` |
## Mode 1 — self-spawned server (default; CI)
When `-mysql_use_running_server` is **not** set, the fixture brings up its
own throwaway `mysqld` (the `which`-then-spawn pattern from
`brpc_redis_unittest.cpp`) with an empty-password root, and tears it down
on exit. `caching_sha2_password` then completes via its empty-password
fast path. `PerformsFullAuthentication` skips here (an empty password
never triggers full auth); the other three run. Tests self-skip entirely
when `mysqld` is absent.
```sh
cd test && ./brpc_mysql_auth_handshake_unittest
```
## Mode 2 — already-running server (recommended for development & future CLs)
You start a `mysqld` yourself, with verbose logging so you can watch the
handshake, and point the tests at it with flags. The test neither starts
nor stops it. Reuse this workflow as more of the MySQL protocol lands
(text protocol, prepared statements, transactions).
### 1. Initialize a data directory (one time per fresh instance)
```sh
export MYSQL_DATA=/tmp/brpc_mysql_e2e
export MYSQL_PORT=13306
rm -rf "$MYSQL_DATA" && mkdir -p "$MYSQL_DATA"
mysqld --initialize-insecure --datadir="$MYSQL_DATA" --log-error="$MYSQL_DATA/init.err"
```
### 2. Start the server in your terminal (verbose, foreground)
```sh
mysqld --datadir="$MYSQL_DATA" --port="$MYSQL_PORT" \
--socket="$MYSQL_DATA/mysqld.sock" --bind-address=127.0.0.1 \
--mysqlx=OFF --log-error-verbosity=3 \
--general-log=1 --general-log-file="$MYSQL_DATA/general.log"
```
### 3. Create the `root` / `root` account reachable over TCP
```sh
mysql --socket="$MYSQL_DATA/mysqld.sock" -u root <<'SQL'
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'root';
CREATE USER IF NOT EXISTS 'root'@'%' IDENTIFIED WITH caching_sha2_password BY 'root';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
DELETE FROM mysql.user WHERE user='';
FLUSH PRIVILEGES;
SQL
```
### 4. Run the tests against that server
```sh
cd test && ./brpc_mysql_auth_handshake_unittest \
-mysql_use_running_server \
-mysql_host=127.0.0.1 -mysql_port=13306 \
-mysql_user=root -mysql_password=root
```
`PerformsFullAuthentication` requires a **cold** caching_sha2 cache — i.e.
a credential that has not authenticated since the server started. It is
the first authenticating test, so against a **freshly started** server it
sees the full-auth path. If you re-run without restarting the server, the
credential is already cached and that test will report fast-auth; restart
the server (or use a never-authenticated account) to exercise full auth
again.
## Flags
| Flag | Default | Meaning |
|---|---|---|
| `-mysql_use_running_server` | `false` | `true` → use an already-running server (no spawn/teardown); `false` → self-spawn |
| `-mysql_host` | `127.0.0.1` | running-server host |
| `-mysql_port` | `13306` | server TCP port (running server, and the port the spawned server binds) |
| `-mysql_user` | `root` | login user |
| `-mysql_password` | (empty) | login password |