MXS-2414: Add test case

Added a test that checks the host blocking is triggered and it blocks even successful authentication attemps.
2019-04-29 11:28:35 +03:00 · 2019-04-29 11:28:35 +03:00 · 9e85389b80
commit 9e85389b80
parent 59be841939
3 changed files with 56 additions and 0 deletions
--- a/maxscale-system-test/CMakeLists.txt
+++ b/maxscale-system-test/CMakeLists.txt
@ -952,6 +952,9 @@ add_test_executable(mxs1662_pam_admin.cpp mxs1662_pam_admin mxs1662_pam_admin LA
 # MXS-2441: Add support for read-only slaves to galeramon
 add_test_executable(mxs2441_galera_slaves.cpp mxs2441_galera_slaves mxs2441_galera_slaves LABELS REPL_BACKEND GALERA_BACKEND)

+# MXS-2414: Block host after repeated authentication failures
+add_test_executable(mxs2414_host_blocking.cpp mxs2414_host_blocking replication LABELS REPL_BACKEND)
+
 ############################################
 # BEGIN: binlogrouter and avrorouter tests #
 ############################################
--- a/maxscale-system-test/mariadb_func.h
+++ b/maxscale-system-test/mariadb_func.h
@ -342,6 +342,12 @@ public:
        return change_user(m_user, m_pw, m_db);
    }

+    void set_credentials(const std::string& user, const std::string pw)
+    {
+        m_user = user;
+        m_pw = pw;
+    }
+
 private:
    std::string m_host;
    int         m_port;
--- a/maxscale-system-test/mxs2414_host_blocking.cpp
+++ b/maxscale-system-test/mxs2414_host_blocking.cpp
@ -0,0 +1,47 @@
+/**
+ * MXS-2414: Block host after repeated authentication failures
+ * https://jira.mariadb.org/browse/MXS-2414
+ */
+
+#include "testconnections.h"
+
+int main(int argc, char* argv[])
+{
+    TestConnections test(argc, argv);
+    bool found = false;
+
+    for (int i = 0; i < 1000; i++)
+    {
+        test.set_timeout(30);
+        auto c = test.maxscales->rwsplit();
+        c.set_credentials("wrong-user", "wrong-pw");
+        test.expect(!c.connect(), "Connection should fail");
+
+        if (strstr(c.error(), "temporarily blocked due to too many authentication failures"))
+        {
+            test.tprintf("Got correct error: %s", c.error());
+            found = true;
+
+            // Make sure some valid logins are blocked.  Note that this part is not fully deterministic which
+            // means we cannot interpret a lack of authentication failures as a sign of a problem. The only
+            // thing we can check is that, in case an authentication failure occurs, the correct error is
+            // returned.
+            for (int j = 0; j < 100; j++)
+            {
+                auto c2 = test.maxscales->rwsplit();
+
+                if (!c2.connect())
+                {
+                    test.expect(strstr(c2.error(), "temporarily blocked due to too many authentication failures"),
+                                "The same error should be returned: %s", c2.error());
+                    break;
+                }
+            }
+            break;
+        }
+    }
+
+    test.expect(found, "Host should be blocked");
+
+    return test.global_result;
+}