(t *testing.T)
| 271 | } |
| 272 | |
| 273 | func TestAuthFastCachingSHA256PasswordFullSecure(t *testing.T) { |
| 274 | conn, mc := newRWMockConn(1) |
| 275 | mc.cfg.User = "root" |
| 276 | mc.cfg.Passwd = "secret" |
| 277 | |
| 278 | authData := []byte{6, 81, 96, 114, 14, 42, 50, 30, 76, 47, 1, 95, 126, 81, |
| 279 | 62, 94, 83, 80, 52, 85} |
| 280 | plugin := "caching_sha2_password" |
| 281 | |
| 282 | // Send Client Authentication Packet |
| 283 | authResp, err := mc.auth(authData, plugin) |
| 284 | if err != nil { |
| 285 | t.Fatal(err) |
| 286 | } |
| 287 | err = mc.writeHandshakeResponsePacket(authResp, plugin) |
| 288 | if err != nil { |
| 289 | t.Fatal(err) |
| 290 | } |
| 291 | |
| 292 | // Hack to make the caching_sha2_password plugin believe that the connection |
| 293 | // is secure |
| 294 | mc.cfg.TLS = &tls.Config{InsecureSkipVerify: true} |
| 295 | |
| 296 | // check written auth response |
| 297 | authRespStart := 4 + 4 + 4 + 1 + 23 + len(mc.cfg.User) + 1 |
| 298 | authRespEnd := authRespStart + 1 + len(authResp) |
| 299 | writtenAuthRespLen := conn.written[authRespStart] |
| 300 | writtenAuthResp := conn.written[authRespStart+1 : authRespEnd] |
| 301 | expectedAuthResp := []byte{171, 201, 138, 146, 89, 159, 11, 170, 0, 67, 165, |
| 302 | 49, 175, 94, 218, 68, 177, 109, 110, 86, 34, 33, 44, 190, 67, 240, 70, |
| 303 | 110, 40, 139, 124, 41} |
| 304 | if writtenAuthRespLen != 32 || !bytes.Equal(writtenAuthResp, expectedAuthResp) { |
| 305 | t.Fatalf("unexpected written auth response (%d bytes): %v", writtenAuthRespLen, writtenAuthResp) |
| 306 | } |
| 307 | conn.written = nil |
| 308 | |
| 309 | // auth response |
| 310 | conn.data = []byte{ |
| 311 | 2, 0, 0, 2, 1, 4, // Perform Full Authentication |
| 312 | } |
| 313 | conn.queuedReplies = [][]byte{ |
| 314 | // OK |
| 315 | {7, 0, 0, 4, 0, 0, 0, 2, 0, 0, 0}, |
| 316 | } |
| 317 | conn.maxReads = 3 |
| 318 | |
| 319 | // Handle response to auth packet |
| 320 | if err := mc.handleAuthResult(authData, plugin); err != nil { |
| 321 | t.Errorf("got error: %v", err) |
| 322 | } |
| 323 | |
| 324 | if !bytes.Equal(conn.written, []byte{7, 0, 0, 3, 115, 101, 99, 114, 101, 116, 0}) { |
| 325 | t.Errorf("unexpected written data: %v", conn.written) |
| 326 | } |
| 327 | } |
| 328 | |
| 329 | func TestAuthFastCleartextPasswordNotAllowed(t *testing.T) { |
| 330 | _, mc := newRWMockConn(1) |
nothing calls this directly
no test coverage detected