93 lines
3.8 KiB
Markdown
93 lines
3.8 KiB
Markdown
# MySQL auth handshake — end-to-end test plan
|
|
|
|
The server integration tests in `brpc_mysql_auth_handshake_unittest.cpp`
|
|
(`MysqlHandshakeServerTest.*`) run in one of two modes, selected by the
|
|
`-mysql_use_running_server` gflag.
|
|
|
|
There are four server tests:
|
|
|
|
| Test | What it checks |
|
|
|---|---|
|
|
| `ParsesRealServerGreeting` | HandshakeV10 parse of a real greeting |
|
|
| `GeneratesScramblesFromRealSalt` | scramble from a real salt, parameterized on password length (zero → empty response; non-zero → 20B native / 32B caching_sha2) |
|
|
| `PerformsFullAuthentication` | uncached login takes the **full-auth** path; asserts the response carries `AuthMoreData 0x04` (perform_full_authentication) and the RSA exchange yields `OK` |
|
|
| `CachesCredentialOnSecondLogin` | logs in twice; the **second** login must reuse the cache (fast-auth), never `0x04` |
|
|
|
|
## Mode 1 — self-spawned server (default; CI)
|
|
|
|
When `-mysql_use_running_server` is **not** set, the fixture brings up its
|
|
own throwaway `mysqld` (the `which`-then-spawn pattern from
|
|
`brpc_redis_unittest.cpp`) with an empty-password root, and tears it down
|
|
on exit. `caching_sha2_password` then completes via its empty-password
|
|
fast path. `PerformsFullAuthentication` skips here (an empty password
|
|
never triggers full auth); the other three run. Tests self-skip entirely
|
|
when `mysqld` is absent.
|
|
|
|
```sh
|
|
cd test && ./brpc_mysql_auth_handshake_unittest
|
|
```
|
|
|
|
## Mode 2 — already-running server (recommended for development & future CLs)
|
|
|
|
You start a `mysqld` yourself, with verbose logging so you can watch the
|
|
handshake, and point the tests at it with flags. The test neither starts
|
|
nor stops it. Reuse this workflow as more of the MySQL protocol lands
|
|
(text protocol, prepared statements, transactions).
|
|
|
|
### 1. Initialize a data directory (one time per fresh instance)
|
|
|
|
```sh
|
|
export MYSQL_DATA=/tmp/brpc_mysql_e2e
|
|
export MYSQL_PORT=13306
|
|
rm -rf "$MYSQL_DATA" && mkdir -p "$MYSQL_DATA"
|
|
mysqld --initialize-insecure --datadir="$MYSQL_DATA" --log-error="$MYSQL_DATA/init.err"
|
|
```
|
|
|
|
### 2. Start the server in your terminal (verbose, foreground)
|
|
|
|
```sh
|
|
mysqld --datadir="$MYSQL_DATA" --port="$MYSQL_PORT" \
|
|
--socket="$MYSQL_DATA/mysqld.sock" --bind-address=127.0.0.1 \
|
|
--mysqlx=OFF --log-error-verbosity=3 \
|
|
--general-log=1 --general-log-file="$MYSQL_DATA/general.log"
|
|
```
|
|
|
|
### 3. Create the `root` / `root` account reachable over TCP
|
|
|
|
```sh
|
|
mysql --socket="$MYSQL_DATA/mysqld.sock" -u root <<'SQL'
|
|
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'root';
|
|
CREATE USER IF NOT EXISTS 'root'@'%' IDENTIFIED WITH caching_sha2_password BY 'root';
|
|
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
|
|
DELETE FROM mysql.user WHERE user='';
|
|
FLUSH PRIVILEGES;
|
|
SQL
|
|
```
|
|
|
|
### 4. Run the tests against that server
|
|
|
|
```sh
|
|
cd test && ./brpc_mysql_auth_handshake_unittest \
|
|
-mysql_use_running_server \
|
|
-mysql_host=127.0.0.1 -mysql_port=13306 \
|
|
-mysql_user=root -mysql_password=root
|
|
```
|
|
|
|
`PerformsFullAuthentication` requires a **cold** caching_sha2 cache — i.e.
|
|
a credential that has not authenticated since the server started. It is
|
|
the first authenticating test, so against a **freshly started** server it
|
|
sees the full-auth path. If you re-run without restarting the server, the
|
|
credential is already cached and that test will report fast-auth; restart
|
|
the server (or use a never-authenticated account) to exercise full auth
|
|
again.
|
|
|
|
## Flags
|
|
|
|
| Flag | Default | Meaning |
|
|
|---|---|---|
|
|
| `-mysql_use_running_server` | `false` | `true` → use an already-running server (no spawn/teardown); `false` → self-spawn |
|
|
| `-mysql_host` | `127.0.0.1` | running-server host |
|
|
| `-mysql_port` | `13306` | server TCP port (running server, and the port the spawned server binds) |
|
|
| `-mysql_user` | `root` | login user |
|
|
| `-mysql_password` | (empty) | login password |
|