MySQL auth handshake — end-to-end test plan

The server integration tests in brpc_mysql_auth_handshake_unittest.cpp (MysqlHandshakeServerTest.*) run in one of two modes, selected by the -mysql_use_running_server gflag.

There are four server tests:

TestWhat it checks
ParsesRealServerGreetingHandshakeV10 parse of a real greeting
GeneratesScramblesFromRealSaltscramble from a real salt, parameterized on password length (zero → empty response; non-zero → 20B native / 32B caching_sha2)
PerformsFullAuthenticationuncached login takes the full-auth path; asserts the response carries AuthMoreData 0x04 (perform_full_authentication) and the RSA exchange yields OK
CachesCredentialOnSecondLoginlogs in twice; the second login must reuse the cache (fast-auth), never 0x04

Mode 1 — self-spawned server (default; CI)

When -mysql_use_running_server is not set, the fixture brings up its own throwaway mysqld (the which-then-spawn pattern from brpc_redis_unittest.cpp) with an empty-password root, and tears it down on exit. caching_sha2_password then completes via its empty-password fast path. PerformsFullAuthentication skips here (an empty password never triggers full auth); the other three run. Tests self-skip entirely when mysqld is absent.

cd test && ./brpc_mysql_auth_handshake_unittest

Mode 2 — already-running server (recommended for development & future CLs)

You start a mysqld yourself, with verbose logging so you can watch the handshake, and point the tests at it with flags. The test neither starts nor stops it. Reuse this workflow as more of the MySQL protocol lands (text protocol, prepared statements, transactions).

1. Initialize a data directory (one time per fresh instance)

export MYSQL_DATA=/tmp/brpc_mysql_e2e
export MYSQL_PORT=13306
rm -rf "$MYSQL_DATA" && mkdir -p "$MYSQL_DATA"
mysqld --initialize-insecure --datadir="$MYSQL_DATA" --log-error="$MYSQL_DATA/init.err"

2. Start the server in your terminal (verbose, foreground)

mysqld --datadir="$MYSQL_DATA" --port="$MYSQL_PORT" \
       --socket="$MYSQL_DATA/mysqld.sock" --bind-address=127.0.0.1 \
       --mysqlx=OFF --log-error-verbosity=3 \
       --general-log=1 --general-log-file="$MYSQL_DATA/general.log"

3. Create the root / root account reachable over TCP

mysql --socket="$MYSQL_DATA/mysqld.sock" -u root <<'SQL'
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'root';
CREATE USER IF NOT EXISTS 'root'@'%' IDENTIFIED WITH caching_sha2_password BY 'root';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
DELETE FROM mysql.user WHERE user='';
FLUSH PRIVILEGES;
SQL

4. Run the tests against that server

cd test && ./brpc_mysql_auth_handshake_unittest \
    -mysql_use_running_server \
    -mysql_host=127.0.0.1 -mysql_port=13306 \
    -mysql_user=root -mysql_password=root

PerformsFullAuthentication requires a cold caching_sha2 cache — i.e. a credential that has not authenticated since the server started. It is the first authenticating test, so against a freshly started server it sees the full-auth path. If you re-run without restarting the server, the credential is already cached and that test will report fast-auth; restart the server (or use a never-authenticated account) to exercise full auth again.

Flags

FlagDefaultMeaning
-mysql_use_running_serverfalsetrue → use an already-running server (no spawn/teardown); false → self-spawn
-mysql_host127.0.0.1running-server host
-mysql_port13306server TCP port (running server, and the port the spawned server binds)
-mysql_userrootlogin user
-mysql_password(empty)login password