Search in sources :

Example 6 with NativePacketPayload

use of com.mysql.cj.protocol.a.NativePacketPayload in project aws-mysql-jdbc by awslabs.

the class AuthenticationTest method authLdapSaslCliPluginChallengeBadProof.

/**
 * Test wrong 'server-final-message' due to bad proof.
 * Data based on test vector from <a href="https://tools.ietf.org/html/rfc5802#section-5">RFC 5802, Section 5</a>.
 *
 * @throws Exception
 */
@Test
public void authLdapSaslCliPluginChallengeBadProof() throws Exception {
    AuthenticationPlugin<NativePacketPayload> authPlugin = new AuthenticationLdapSaslClientPlugin();
    // Initialize plugin with some protocol (none is needed).
    authPlugin.init(null);
    // Set authentication parameters.
    authPlugin.setAuthenticationParameters("user", "pencil");
    // Initial server packet: Protocol::AuthSwitchRequest
    // [authentication_ldap_sasl_client.SCRAM-SHA-1]
    // ;; "." --> 0 byte.
    // ;; first part of the packet is already processed.
    NativePacketPayload challenge = new NativePacketPayload("SCRAM-SHA-1".getBytes("ASCII"));
    // Expected 'client-first-message':
    // [n,,n=user,r=<CNONCE>]
    // ;; <CNONCE> is generated internally and needs to be replaced by the expected value from the test vector in order to continue the test.
    List<NativePacketPayload> response = new ArrayList<>();
    authPlugin.nextAuthenticationStep(challenge, response);
    assertEquals(1, response.size());
    String data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
    assertTrue(data.startsWith("n,,n=user,r="));
    assertEquals("n,,n=user,r=".length() + 32, data.length());
    // Replace the internal plugin data in order to match the expected 'client-first-message':
    // [n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL]
    overrideSaslClientData(authPlugin, "fyko+d2lbbFgONRv9qkxdawL");
    // Server's 'server-first-message':
    // [r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096]
    challenge = new NativePacketPayload("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes("UTF-8"));
    // Expected 'client-final-message':
    // [c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=]
    authPlugin.nextAuthenticationStep(challenge, response);
    assertEquals(1, response.size());
    data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
    assertEquals("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=", data);
    // Server's 'server-final-message':
    // [v=XXXXXXXXXXXXXXXXXXXXXXXXXXXX]
    // ;; Bad 'v' attribute.
    NativePacketPayload badChallenge = new NativePacketPayload("v=XXXXXXXXXXXXXXXXXXXXXXXXXXXX".getBytes("UTF-8"));
    // Expected Exception.
    CJException ex = assertThrows(CJException.class, "Error while processing an authentication iteration for the authentication mechanism 'SCRAM-SHA-1'\\.", () -> authPlugin.nextAuthenticationStep(badChallenge, response));
    assertEquals(SaslException.class, ex.getCause().getClass());
    assertEquals("SCRAM-SHA-1 server signature could not be verified.", ex.getCause().getMessage());
}
Also used : ArrayList(java.util.ArrayList) AuthenticationLdapSaslClientPlugin(com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin) NativePacketPayload(com.mysql.cj.protocol.a.NativePacketPayload) CJException(com.mysql.cj.exceptions.CJException) Test(org.junit.jupiter.api.Test)

Example 7 with NativePacketPayload

use of com.mysql.cj.protocol.a.NativePacketPayload in project aws-mysql-jdbc by awslabs.

the class AuthenticationTest method authLdapSaslCliPluginChallengeMissingProof.

/**
 * Test wrong 'server-final-message' due to missing proof.
 * Data based on test vector from <a href="https://tools.ietf.org/html/rfc5802#section-5">RFC 5802, Section 5</a>.
 *
 * @throws Exception
 */
@Test
public void authLdapSaslCliPluginChallengeMissingProof() throws Exception {
    AuthenticationPlugin<NativePacketPayload> authPlugin = new AuthenticationLdapSaslClientPlugin();
    // Initialize plugin with some protocol (none is needed).
    authPlugin.init(null);
    // Set authentication parameters.
    authPlugin.setAuthenticationParameters("user", "pencil");
    // Initial server packet: Protocol::AuthSwitchRequest
    // [authentication_ldap_sasl_client.SCRAM-SHA-1]
    // ;; "." --> 0 byte.
    // ;; first part of the packet is already processed.
    NativePacketPayload challenge = new NativePacketPayload("SCRAM-SHA-1".getBytes("ASCII"));
    // Expected 'client-first-message':
    // [n,,n=user,r=<CNONCE>]
    // ;; <CNONCE> is generated internally and needs to be replaced by the expected value from the test vector in order to continue the test.
    List<NativePacketPayload> response = new ArrayList<>();
    authPlugin.nextAuthenticationStep(challenge, response);
    assertEquals(1, response.size());
    String data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
    assertTrue(data.startsWith("n,,n=user,r="));
    assertEquals("n,,n=user,r=".length() + 32, data.length());
    // Replace the internal plugin data in order to match the expected 'client-first-message':
    // [n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL]
    overrideSaslClientData(authPlugin, "fyko+d2lbbFgONRv9qkxdawL");
    // Server's 'server-first-message':
    // [r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096]
    challenge = new NativePacketPayload("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes("UTF-8"));
    // Expected 'client-final-message':
    // [c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=]
    authPlugin.nextAuthenticationStep(challenge, response);
    assertEquals(1, response.size());
    data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
    assertEquals("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=", data);
    // Server's 'server-final-message':
    // [x=rmF9pqV8S7suAoZWja4dJRkFsKQ=]
    // ;; Missing 'v' attribute.
    NativePacketPayload badChallenge = new NativePacketPayload("x=rmF9pqV8S7suAoZWja4dJRkFsKQ=".getBytes("UTF-8"));
    // Expected Exception.
    CJException ex = assertThrows(CJException.class, "Error while processing an authentication iteration for the authentication mechanism 'SCRAM-SHA-1'\\.", () -> authPlugin.nextAuthenticationStep(badChallenge, response));
    assertEquals(SaslException.class, ex.getCause().getClass());
    assertEquals("Missing required SCRAM attribute from server final message.", ex.getCause().getMessage());
}
Also used : ArrayList(java.util.ArrayList) AuthenticationLdapSaslClientPlugin(com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin) NativePacketPayload(com.mysql.cj.protocol.a.NativePacketPayload) CJException(com.mysql.cj.exceptions.CJException) Test(org.junit.jupiter.api.Test)

Example 8 with NativePacketPayload

use of com.mysql.cj.protocol.a.NativePacketPayload in project aws-mysql-jdbc by awslabs.

the class AuthenticationTest method authLdapSaslCliPluginChallengeUnsupportedMech.

/**
 * Test unsupported SASL mechanism.
 *
 * @throws Exception
 */
@Test
public void authLdapSaslCliPluginChallengeUnsupportedMech() throws Exception {
    assertThrows(CJException.class, "Unsupported SASL authentication mechanism 'UNKNOWN-MECH'\\.", () -> {
        AuthenticationPlugin<NativePacketPayload> ap = new AuthenticationLdapSaslClientPlugin();
        ap.init(null);
        ap.nextAuthenticationStep(new NativePacketPayload("UNKNOWN-MECH".getBytes("ASCII")), new ArrayList<>());
        // Must do it twice because there's a chance to run the first iteration with a hashing seed instead of an authentication mechanism.
        ap.nextAuthenticationStep(new NativePacketPayload("UNKNOWN-MECH".getBytes("ASCII")), new ArrayList<>());
        return null;
    });
}
Also used : AuthenticationLdapSaslClientPlugin(com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin) NativePacketPayload(com.mysql.cj.protocol.a.NativePacketPayload) Test(org.junit.jupiter.api.Test)

Example 9 with NativePacketPayload

use of com.mysql.cj.protocol.a.NativePacketPayload in project aws-mysql-jdbc by awslabs.

the class NativeSession method getProcessHost.

public String getProcessHost() {
    try {
        long threadId = getThreadId();
        String processHost = findProcessHost(threadId);
        if (processHost == null) {
            // http://bugs.mysql.com/bug.php?id=44167 - connection ids on the wire wrap at 4 bytes even though they're 64-bit numbers
            this.log.logWarn(String.format("Connection id %d not found in \"SHOW PROCESSLIST\", assuming 32-bit overflow, using SELECT CONNECTION_ID() instead", threadId));
            NativePacketPayload resultPacket = sendCommand(this.commandBuilder.buildComQuery(null, "SELECT CONNECTION_ID()"), false, 0);
            Resultset rs = ((NativeProtocol) this.protocol).readAllResults(-1, false, resultPacket, false, null, new ResultsetFactory(Type.FORWARD_ONLY, null));
            ValueFactory<Long> lvf = new LongValueFactory(getPropertySet());
            Row r;
            if ((r = rs.getRows().next()) != null) {
                threadId = r.getValue(0, lvf);
                processHost = findProcessHost(threadId);
            } else {
                this.log.logError("No rows returned for statement \"SELECT CONNECTION_ID()\", local connection check will most likely be incorrect");
            }
        }
        if (processHost == null) {
            this.log.logWarn(String.format("Cannot find process listing for connection %d in SHOW PROCESSLIST output, unable to determine if locally connected", threadId));
        }
        return processHost;
    } catch (IOException e) {
        throw ExceptionFactory.createException(e.getMessage(), e);
    }
}
Also used : LongValueFactory(com.mysql.cj.result.LongValueFactory) Resultset(com.mysql.cj.protocol.Resultset) NativeProtocol(com.mysql.cj.protocol.a.NativeProtocol) Row(com.mysql.cj.result.Row) IOException(java.io.IOException) NativePacketPayload(com.mysql.cj.protocol.a.NativePacketPayload) ResultsetFactory(com.mysql.cj.protocol.a.ResultsetFactory)

Example 10 with NativePacketPayload

use of com.mysql.cj.protocol.a.NativePacketPayload in project aws-mysql-jdbc by awslabs.

the class NativeSession method findProcessHost.

private String findProcessHost(long threadId) {
    try {
        String processHost = null;
        String ps = this.protocol.getServerSession().getServerVariable("performance_schema");
        NativePacketPayload resultPacket = // performance_schema.threads in MySQL 5.5 does not contain PROCESSLIST_HOST column
        versionMeetsMinimum(5, 6, 0) && ps != null && ("1".contentEquals(ps) || "ON".contentEquals(ps)) ? sendCommand(this.commandBuilder.buildComQuery(null, "select PROCESSLIST_ID, PROCESSLIST_USER, PROCESSLIST_HOST from performance_schema.threads where PROCESSLIST_ID=" + threadId), false, 0) : sendCommand(this.commandBuilder.buildComQuery(null, "SHOW PROCESSLIST"), false, 0);
        Resultset rs = ((NativeProtocol) this.protocol).readAllResults(-1, false, resultPacket, false, null, new ResultsetFactory(Type.FORWARD_ONLY, null));
        ValueFactory<Long> lvf = new LongValueFactory(getPropertySet());
        ValueFactory<String> svf = new StringValueFactory(this.propertySet);
        Row r;
        while ((r = rs.getRows().next()) != null) {
            long id = r.getValue(0, lvf);
            if (threadId == id) {
                processHost = r.getValue(2, svf);
                break;
            }
        }
        return processHost;
    } catch (IOException e) {
        throw ExceptionFactory.createException(e.getMessage(), e);
    }
}
Also used : StringValueFactory(com.mysql.cj.result.StringValueFactory) NativeProtocol(com.mysql.cj.protocol.a.NativeProtocol) IOException(java.io.IOException) NativePacketPayload(com.mysql.cj.protocol.a.NativePacketPayload) ResultsetFactory(com.mysql.cj.protocol.a.ResultsetFactory) LongValueFactory(com.mysql.cj.result.LongValueFactory) Resultset(com.mysql.cj.protocol.Resultset) Row(com.mysql.cj.result.Row)

Aggregations

NativePacketPayload (com.mysql.cj.protocol.a.NativePacketPayload)30 Test (org.junit.jupiter.api.Test)10 CJException (com.mysql.cj.exceptions.CJException)9 AuthenticationLdapSaslClientPlugin (com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin)8 ArrayList (java.util.ArrayList)7 NativeProtocol (com.mysql.cj.protocol.a.NativeProtocol)6 Resultset (com.mysql.cj.protocol.Resultset)5 ResultsetFactory (com.mysql.cj.protocol.a.ResultsetFactory)5 Row (com.mysql.cj.result.Row)5 IOException (java.io.IOException)5 StringValueFactory (com.mysql.cj.result.StringValueFactory)4 HashMap (java.util.HashMap)3 MysqlConnection (com.mysql.cj.MysqlConnection)2 NativeSession (com.mysql.cj.NativeSession)2 UnableToConnectException (com.mysql.cj.exceptions.UnableToConnectException)2 JdbcConnection (com.mysql.cj.jdbc.JdbcConnection)2 NativePacketHeader (com.mysql.cj.protocol.a.NativePacketHeader)2 ValueEncoder (com.mysql.cj.protocol.a.ValueEncoder)2 LongValueFactory (com.mysql.cj.result.LongValueFactory)2 PrivilegedActionException (java.security.PrivilegedActionException)2