9e85389b80
Added a test that checks the host blocking is triggered and it blocks even successful authentication attemps.
48 lines
1.5 KiB
C++
48 lines
1.5 KiB
C++
/**
|
|
* MXS-2414: Block host after repeated authentication failures
|
|
* https://jira.mariadb.org/browse/MXS-2414
|
|
*/
|
|
|
|
#include "testconnections.h"
|
|
|
|
int main(int argc, char* argv[])
|
|
{
|
|
TestConnections test(argc, argv);
|
|
bool found = false;
|
|
|
|
for (int i = 0; i < 1000; i++)
|
|
{
|
|
test.set_timeout(30);
|
|
auto c = test.maxscales->rwsplit();
|
|
c.set_credentials("wrong-user", "wrong-pw");
|
|
test.expect(!c.connect(), "Connection should fail");
|
|
|
|
if (strstr(c.error(), "temporarily blocked due to too many authentication failures"))
|
|
{
|
|
test.tprintf("Got correct error: %s", c.error());
|
|
found = true;
|
|
|
|
// Make sure some valid logins are blocked. Note that this part is not fully deterministic which
|
|
// means we cannot interpret a lack of authentication failures as a sign of a problem. The only
|
|
// thing we can check is that, in case an authentication failure occurs, the correct error is
|
|
// returned.
|
|
for (int j = 0; j < 100; j++)
|
|
{
|
|
auto c2 = test.maxscales->rwsplit();
|
|
|
|
if (!c2.connect())
|
|
{
|
|
test.expect(strstr(c2.error(), "temporarily blocked due to too many authentication failures"),
|
|
"The same error should be returned: %s", c2.error());
|
|
break;
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
test.expect(found, "Host should be blocked");
|
|
|
|
return test.global_result;
|
|
}
|