From 9e85389b80ec1f5f145a06680d06d5571f24b37f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Mon, 29 Apr 2019 11:28:35 +0300
Subject: [PATCH] MXS-2414: Add test case

Added a test that checks the host blocking is triggered and it blocks even
successful authentication attemps.
---
 maxscale-system-test/CMakeLists.txt           |  3 ++
 maxscale-system-test/mariadb_func.h           |  6 +++
 .../mxs2414_host_blocking.cpp                 | 47 +++++++++++++++++++
 3 files changed, 56 insertions(+)
 create mode 100644 maxscale-system-test/mxs2414_host_blocking.cpp

diff --git a/maxscale-system-test/CMakeLists.txt b/maxscale-system-test/CMakeLists.txt
index f0f029950..da6192b3e 100644
--- a/maxscale-system-test/CMakeLists.txt
+++ b/maxscale-system-test/CMakeLists.txt
@@ -952,6 +952,9 @@ add_test_executable(mxs1662_pam_admin.cpp mxs1662_pam_admin mxs1662_pam_admin LA
 # MXS-2441: Add support for read-only slaves to galeramon
 add_test_executable(mxs2441_galera_slaves.cpp mxs2441_galera_slaves mxs2441_galera_slaves LABELS REPL_BACKEND GALERA_BACKEND)
 
+# MXS-2414: Block host after repeated authentication failures
+add_test_executable(mxs2414_host_blocking.cpp mxs2414_host_blocking replication LABELS REPL_BACKEND)
+
 ############################################
 # BEGIN: binlogrouter and avrorouter tests #
 ############################################
diff --git a/maxscale-system-test/mariadb_func.h b/maxscale-system-test/mariadb_func.h
index e53bad9b4..0fac77f74 100644
--- a/maxscale-system-test/mariadb_func.h
+++ b/maxscale-system-test/mariadb_func.h
@@ -342,6 +342,12 @@ public:
         return change_user(m_user, m_pw, m_db);
     }
 
+    void set_credentials(const std::string& user, const std::string pw)
+    {
+        m_user = user;
+        m_pw = pw;
+    }
+
 private:
     std::string m_host;
     int         m_port;
diff --git a/maxscale-system-test/mxs2414_host_blocking.cpp b/maxscale-system-test/mxs2414_host_blocking.cpp
new file mode 100644
index 000000000..d80dbb90c
--- /dev/null
+++ b/maxscale-system-test/mxs2414_host_blocking.cpp
@@ -0,0 +1,47 @@
+/**
+ * MXS-2414: Block host after repeated authentication failures
+ * https://jira.mariadb.org/browse/MXS-2414
+ */
+
+#include "testconnections.h"
+
+int main(int argc, char* argv[])
+{
+    TestConnections test(argc, argv);
+    bool found = false;
+
+    for (int i = 0; i < 1000; i++)
+    {
+        test.set_timeout(30);
+        auto c = test.maxscales->rwsplit();
+        c.set_credentials("wrong-user", "wrong-pw");
+        test.expect(!c.connect(), "Connection should fail");
+
+        if (strstr(c.error(), "temporarily blocked due to too many authentication failures"))
+        {
+            test.tprintf("Got correct error: %s", c.error());
+            found = true;
+
+            // Make sure some valid logins are blocked.  Note that this part is not fully deterministic which
+            // means we cannot interpret a lack of authentication failures as a sign of a problem. The only
+            // thing we can check is that, in case an authentication failure occurs, the correct error is
+            // returned.
+            for (int j = 0; j < 100; j++)
+            {
+                auto c2 = test.maxscales->rwsplit();
+
+                if (!c2.connect())
+                {
+                    test.expect(strstr(c2.error(), "temporarily blocked due to too many authentication failures"),
+                                "The same error should be returned: %s", c2.error());
+                    break;
+                }
+            }
+            break;
+        }
+    }
+
+    test.expect(found, "Host should be blocked");
+
+    return test.global_result;
+}