MCPcopy
hub / github.com/go-sql-driver/mysql / TestAuthFastCachingSHA256PasswordFullSecure

Function TestAuthFastCachingSHA256PasswordFullSecure

auth_test.go:273–327  ·  auth_test.go::TestAuthFastCachingSHA256PasswordFullSecure
(t *testing.T)

Source from the content-addressed store, hash-verified

271}
272
273func TestAuthFastCachingSHA256PasswordFullSecure(t *testing.T) {
274 conn, mc := newRWMockConn(1)
275 mc.cfg.User = "root"
276 mc.cfg.Passwd = "secret"
277
278 authData := []byte{6, 81, 96, 114, 14, 42, 50, 30, 76, 47, 1, 95, 126, 81,
279 62, 94, 83, 80, 52, 85}
280 plugin := "caching_sha2_password"
281
282 // Send Client Authentication Packet
283 authResp, err := mc.auth(authData, plugin)
284 if err != nil {
285 t.Fatal(err)
286 }
287 err = mc.writeHandshakeResponsePacket(authResp, plugin)
288 if err != nil {
289 t.Fatal(err)
290 }
291
292 // Hack to make the caching_sha2_password plugin believe that the connection
293 // is secure
294 mc.cfg.TLS = &tls.Config{InsecureSkipVerify: true}
295
296 // check written auth response
297 authRespStart := 4 + 4 + 4 + 1 + 23 + len(mc.cfg.User) + 1
298 authRespEnd := authRespStart + 1 + len(authResp)
299 writtenAuthRespLen := conn.written[authRespStart]
300 writtenAuthResp := conn.written[authRespStart+1 : authRespEnd]
301 expectedAuthResp := []byte{171, 201, 138, 146, 89, 159, 11, 170, 0, 67, 165,
302 49, 175, 94, 218, 68, 177, 109, 110, 86, 34, 33, 44, 190, 67, 240, 70,
303 110, 40, 139, 124, 41}
304 if writtenAuthRespLen != 32 || !bytes.Equal(writtenAuthResp, expectedAuthResp) {
305 t.Fatalf("unexpected written auth response (%d bytes): %v", writtenAuthRespLen, writtenAuthResp)
306 }
307 conn.written = nil
308
309 // auth response
310 conn.data = []byte{
311 2, 0, 0, 2, 1, 4, // Perform Full Authentication
312 }
313 conn.queuedReplies = [][]byte{
314 // OK
315 {7, 0, 0, 4, 0, 0, 0, 2, 0, 0, 0},
316 }
317 conn.maxReads = 3
318
319 // Handle response to auth packet
320 if err := mc.handleAuthResult(authData, plugin); err != nil {
321 t.Errorf("got error: %v", err)
322 }
323
324 if !bytes.Equal(conn.written, []byte{7, 0, 0, 3, 115, 101, 99, 114, 101, 116, 0}) {
325 t.Errorf("unexpected written data: %v", conn.written)
326 }
327}
328
329func TestAuthFastCleartextPasswordNotAllowed(t *testing.T) {
330 _, mc := newRWMockConn(1)

Callers

nothing calls this directly

Calls 4

newRWMockConnFunction · 0.85
authMethod · 0.80
handleAuthResultMethod · 0.80

Tested by

no test coverage detected