def skip_checks(system_manager):
# test to ensure we have a debug build
cmd = "%s --help" %system_manager.xtrabackup_path
output_path = os.path.join(system_manager.workdir, 'innobackupex.out')
exec_path = system_manager.workdir
retcode, output = execute_cmd(cmd, output_path, exec_path, True)
for line in output:
if 'debug-sync' in line and 'TRUE' in line:
return False, ''
else:
return True, "Requires --debug-sync support."
def skip_checks(system_manager):
# test to ensure we have a debug build
cmd = "%s --help" % system_manager.xtrabackup_path
output_path = os.path.join(system_manager.workdir, 'innobackupex.out')
exec_path = system_manager.workdir
retcode, output = execute_cmd(cmd, output_path, exec_path, True)
for line in output:
if 'debug-sync' in line and 'TRUE' in line:
return False, ''
else:
return True, "Requires --debug-sync support."
def test_pam_basic(self):
percent_string = '%'
opt_matrix_req = ['pam_plugin_dir']
self.servers = servers
logging = test_executor.logging
master_server = servers[0]
output_path = os.path.join(master_server.vardir, 'pam.out')
test_executor.matrix_manager.matrix_check_req(opt_matrix_req)
# This is a master
if (test_executor.matrix_manager.option_matrix['pam_user']):
pam_user = test_executor.matrix_manager.option_matrix['pam_user']
else:
pam_user = '******'
# Create UNIX system account
if (test_executor.system_manager.user_exists(pam_user)):
pass
else:
subprocess.call(["useradd", pam_user])
# Create PAM config
if (os.path.isfile(pamcfg)):
os.remove(pamcfg)
pamcfg_fh = open("/etc/pam.d/mysqld", "wb")
pamcfg_fh.write("auth\trequired\tpam_permit.so\n")
pamcfg_fh.close()
# Stop server
master_server.stop()
# Specify mysql plugin dir
master_server.server_options.append(
'--plugin-dir=%s' %
(test_executor.matrix_manager.option_matrix['pam_plugin_dir']))
# Start server with new options
master_server.start()
self.assertEqual(master_server.status,
1,
msg='Server failed to restart')
# Install plugin
query = "INSTALL PLUGIN auth_pam SONAME \'auth_pam.so\'"
expected_result = ''
cmd = "%s --protocol=tcp --port=%d -uroot -e \"%s\"" % (
master_server.mysql_client, master_server.master_port, query)
retcode, output = execute_cmd(cmd, output_path, None, True)
self.assertEqual(retcode, 0, msg=cmd)
self.assertEqual(output,
expected_result,
msg="%s || %s" % (output, expected_result))
# Create user
query = "CREATE USER \'%s\'@\'%s\' IDENTIFIED WITH auth_pam;" % (
pam_user, percent_string)
expected_result = ''
cmd = "%s --protocol=tcp --port=%d -uroot -e \"%s\"" % (
master_server.mysql_client, master_server.master_port, query)
retcode, output = execute_cmd(cmd, output_path, None, True)
self.assertEqual(retcode, 0, msg=output)
self.assertEqual(output,
expected_result,
msg="%s || %s" % (output, expected_result))
# Grant permissions
query = "GRANT ALL ON test.* TO \'%s\'@\'%s\';" % (pam_user,
percent_string)
expected_result = ''
cmd = "%s --protocol=tcp --port=%d --user=root -e \"%s\"" % (
master_server.mysql_client, master_server.master_port, query)
retcode, output = execute_cmd(cmd, output_path, None, True)
self.assertEqual(retcode, 0, msg=output)
self.assertEqual(output,
expected_result,
msg="%s || %s" % (output, expected_result))
# Test user login
query = "SHOW TABLES;"
expected_result = ''
cmd = "%s --plugin-dir=/usr/lib/mysql/plugin/ --protocol=tcp --port=%d --user=%s --password=\'\' -e \"%s\" test" % (
master_server.mysql_client, master_server.master_port, pam_user,
query)
retcode, output = execute_cmd(cmd, output_path, None, True)
self.assertEqual(retcode, 0, msg=output)
self.assertEqual(output,
expected_result,
msg="%s || %s" % (output, expected_result))
def test_pam_basic(self):
percent_string = '%'
opt_matrix_req = ['pam_plugin_dir']
self.servers = servers
logging = test_executor.logging
master_server = servers[0]
output_path = os.path.join(master_server.vardir, 'pam.out')
test_executor.matrix_manager.matrix_check_req(opt_matrix_req)
# This is a master
if test_executor.matrix_manager.option_matrix['pam_user']:
pam_user = test_executor.matrix_manager.option_matrix['pam_user']
else:
pam_user = '******'
groups = ['grp%d' % (n) for n in xrange(3)]
users = ['user1%d' % (n) for n in xrange(3)]
for grp in groups:
if not group_exists(grp):
subprocess.call(["groupadd", grp])
# Create UNIX system account
if not test_executor.system_manager.user_exists(pam_user):
subprocess.call(["useradd", pam_user, "-g", groups[0], "-G", ",".join(groups[1:]) ])
else:
subprocess.call(["usermod", "-g", groups[0], "-G", ",".join(groups[1:]), pam_user ])
# Create PAM config
if (os.path.isfile(pamcfg)):
os.remove(pamcfg)
pamcfg_fh = open("/etc/pam.d/mysqld", "wb")
pamcfg_fh.write("auth\trequired\tpam_permit.so\n")
pamcfg_fh.write("account\trequired\tpam_permit.so\n")
pamcfg_fh.close();
master_server.stop()
# setup plugin, users, privileges
groups.reverse()
groups = [ "grp21", "grp22" ] + groups
users = [ "usr21", "usr22" ] + users
queries = [ "INSTALL PLUGIN auth_pam SONAME 'auth_pam.so';" ] + \
[ "CREATE USER '%s'@'localhost';" % (user) for user in users ] + \
[ "CREATE USER ''@'' IDENTIFIED WITH auth_pam AS 'mysqld, %s';" \
% ( ",".join([ user + "=" + group for user, group in zip(groups, users) ] ) ) ] + \
[ "GRANT PROXY ON '%s'@'localhost' TO ''@'';" % (user) for user in users ] + \
[ "SELECT user, host, authentication_string FROM mysql.user;", \
"FLUSH PRIVILEGES;", "SHOW VARIABLES LIKE 'plugin%'" ]
master_server.server_options.append('--plugin-dir=%s' %(test_executor.matrix_manager.option_matrix['pam_plugin_dir']))
master_server.start()
self.assertEqual( master_server.status, 1, msg = 'Server failed to restart')
cmd = "%s --protocol=tcp --port=%d -uroot -e \"%s\"" %(master_server.mysql_client
, master_server.master_port
, "\n".join(queries) )
retcode, output = execute_cmd(cmd, output_path, None, True)
query = "SELECT CONCAT(USER(), CURRENT_USER(), @@PROXY_USER) as res;"
expected_result = "res%s@localhostuser10@localhost''@''" % (pam_user)
cmd = "%s --plugin-dir=/usr/lib/mysql/plugin/ --protocol=tcp --port=%d --user=%s --password=\'\' -e \"%s\" test" %(master_server.mysql_client
, master_server.master_port
, pam_user
, query )
retcode, output = execute_cmd(cmd, output_path, None, True)
output = re.sub(r'\s+', '', output)
self.assertEqual(retcode, 0, msg = output)
self.assertEqual(output, expected_result, msg = "%s || %s" %(output, expected_result))
def test_pam_basic(self):
percent_string = '%'
opt_matrix_req = ['pam_plugin_dir']
self.servers = servers
logging = test_executor.logging
master_server = servers[0]
output_path = os.path.join(master_server.vardir, 'pam.out')
test_executor.matrix_manager.matrix_check_req(opt_matrix_req)
# This is a master
if (test_executor.matrix_manager.option_matrix['pam_user']):
pam_user = test_executor.matrix_manager.option_matrix['pam_user']
else:
pam_user = '******'
# Create UNIX system account
if (test_executor.system_manager.user_exists(pam_user)):
pass
else:
subprocess.call(["useradd", pam_user])
# Create PAM config
if (os.path.isfile(pamcfg)):
os.remove(pamcfg)
pamcfg_fh = open("/etc/pam.d/mysqld", "wb")
pamcfg_fh.write("auth\trequired\tpam_deny.so\n")
pamcfg_fh.close();
# Stop server
master_server.stop()
# Specify mysql plugin dir
master_server.server_options.append('--plugin-dir=%s' %(test_executor.matrix_manager.option_matrix['pam_plugin_dir']))
# Start server with new options
master_server.start()
self.assertEqual( master_server.status, 1, msg = 'Server failed to restart')
# Install plugin
query = "INSTALL PLUGIN auth_pam SONAME \'auth_pam.so\'"
expected_result = ''
cmd = "%s --protocol=tcp --port=%d -uroot -e \"%s\"" %(master_server.mysql_client
, master_server.master_port
, query )
retcode, output = execute_cmd(cmd, output_path, None, True)
self.assertEqual(retcode, 0, msg = cmd)
self.assertEqual(output, expected_result, msg = "%s || %s" %(output, expected_result))
# Create user
query = "CREATE USER \'%s\'@\'%s\' IDENTIFIED WITH auth_pam;" %(pam_user, percent_string)
expected_result = ''
cmd = "%s --protocol=tcp --port=%d -uroot -e \"%s\"" %(master_server.mysql_client
, master_server.master_port
, query )
retcode, output = execute_cmd(cmd, output_path, None, True)
self.assertEqual(retcode, 0, msg = output)
self.assertEqual(output, expected_result, msg = "%s || %s" %(output, expected_result))
# Grant permissions
query = "GRANT ALL ON test.* TO \'%s\'@\'%s\';" %(pam_user, percent_string)
expected_result = ''
cmd = "%s --protocol=tcp --port=%d --user=root -e \"%s\"" %(master_server.mysql_client
, master_server.master_port
, query )
retcode, output = execute_cmd(cmd, output_path, None, True)
self.assertEqual(retcode, 0, msg = output)
self.assertEqual(output, expected_result, msg = "%s || %s" %(output, expected_result))
# Test user login
query = "SHOW TABLES;"
expected_result = 'ERROR 1698 (28000): Access denied for user \'%s\'@\'localhost\'\n' %(pam_user)
cmd = "%s --plugin-dir=/usr/lib/mysql/plugin/ --protocol=tcp --port=%d --user=%s --password=\'\' -e \"%s\" test" %(master_server.mysql_client
, master_server.master_port
, pam_user
, query )
retcode, output = execute_cmd(cmd, output_path, None, True)
self.assertEqual(retcode, 1, msg = output)
self.assertEqual(output, expected_result, msg = "%s || %s" %(output, expected_result))
def test_pam_basic(self):
percent_string = '%'
opt_matrix_req = ['pam_plugin_dir']
self.servers = servers
logging = test_executor.logging
master_server = servers[0]
output_path = os.path.join(master_server.vardir, 'pam.out')
test_executor.matrix_manager.matrix_check_req(opt_matrix_req)
# This is a master
if test_executor.matrix_manager.option_matrix['pam_user']:
pam_user = test_executor.matrix_manager.option_matrix['pam_user']
else:
pam_user = '******'
groups = ['grp%d' % (n) for n in xrange(3)]
users = ['user1%d' % (n) for n in xrange(3)]
for grp in groups:
if not group_exists(grp):
subprocess.call(["groupadd", grp])
# Create UNIX system account
if not test_executor.system_manager.user_exists(pam_user):
subprocess.call([
"useradd", pam_user, "-g", groups[0], "-G",
",".join(groups[1:])
])
else:
subprocess.call([
"usermod", "-g", groups[0], "-G", ",".join(groups[1:]),
pam_user
])
# Create PAM config
if (os.path.isfile(pamcfg)):
os.remove(pamcfg)
pamcfg_fh = open("/etc/pam.d/mysqld", "wb")
pamcfg_fh.write("auth\trequired\tpam_permit.so\n")
pamcfg_fh.write("account\trequired\tpam_permit.so\n")
pamcfg_fh.close()
master_server.stop()
# setup plugin, users, privileges
groups.reverse()
groups = ["grp21", "grp22"] + groups
users = ["usr21", "usr22"] + users
queries = [ "INSTALL PLUGIN auth_pam SONAME 'auth_pam.so';" ] + \
[ "CREATE USER '%s'@'localhost';" % (user) for user in users ] + \
[ "CREATE USER ''@'' IDENTIFIED WITH auth_pam AS 'mysqld, %s';" \
% ( ",".join([ user + "=" + group for user, group in zip(groups, users) ] ) ) ] + \
[ "GRANT PROXY ON '%s'@'localhost' TO ''@'';" % (user) for user in users ] + \
[ "SELECT user, host, authentication_string FROM mysql.user;", \
"FLUSH PRIVILEGES;", "SHOW VARIABLES LIKE 'plugin%'" ]
master_server.server_options.append(
'--plugin-dir=%s' %
(test_executor.matrix_manager.option_matrix['pam_plugin_dir']))
master_server.start()
self.assertEqual(master_server.status,
1,
msg='Server failed to restart')
cmd = "%s --protocol=tcp --port=%d -uroot -e \"%s\"" % (
master_server.mysql_client, master_server.master_port,
"\n".join(queries))
retcode, output = execute_cmd(cmd, output_path, None, True)
query = "SELECT CONCAT(USER(), CURRENT_USER(), @@PROXY_USER) as res;"
expected_result = "res%s@localhostuser10@localhost''@''" % (pam_user)
cmd = "%s --plugin-dir=/usr/lib/mysql/plugin/ --protocol=tcp --port=%d --user=%s --password=\'\' -e \"%s\" test" % (
master_server.mysql_client, master_server.master_port, pam_user,
query)
retcode, output = execute_cmd(cmd, output_path, None, True)
output = re.sub(r'\s+', '', output)
self.assertEqual(retcode, 0, msg=output)
self.assertEqual(output,
expected_result,
msg="%s || %s" % (output, expected_result))
