499 lines
20 KiB
Plaintext
499 lines
20 KiB
Plaintext
# Save the initial number of concurrent sessions
|
|
--source include/count_sessions.inc
|
|
# For non built-in plugin tests
|
|
--source include/have_plugin_auth.inc
|
|
|
|
--source include/have_log_bin.inc
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Setup : Create users, grant privileges, create connections
|
|
|
|
# Create test users
|
|
CREATE USER arthurdent@localhost IDENTIFIED BY 'abcd';
|
|
CREATE USER marvintheparanoidandroid@localhost IDENTIFIED BY 'efghi';
|
|
CREATE USER zaphodbeeblebrox@localhost IDENTIFIED BY 'xyz';
|
|
|
|
# Grant privileges to test users
|
|
GRANT CREATE USER ON *.* TO arthurdent@localhost;
|
|
GRANT UPDATE ON mysql.* TO zaphodbeeblebrox@localhost;
|
|
GRANT APPLICATION_PASSWORD_ADMIN ON *.* TO marvintheparanoidandroid@localhost;
|
|
|
|
# Create connections
|
|
|
|
--connect(arthur_conn, localhost, arthurdent, abcd,,,,)
|
|
--connect(marvin_conn, localhost, marvintheparanoidandroid, efghi,,,,)
|
|
--connect(zaphod_conn, localhost, zaphodbeeblebrox, xyz,,,,)
|
|
|
|
--connection default
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 1: Use RETAIN CURRENT PASSWORD with ALTER USER
|
|
|
|
# No entry in mysql.user for arthurdent@localhost
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_ARTHURDENT FROM mysql.user
|
|
WHERE user LIKE 'arthurdent';
|
|
|
|
# Change password
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'efghi' RETAIN CURRENT PASSWORD;
|
|
|
|
# Entry should be present in mysql.user for arthurdent@localhost
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_ARTHURDENT FROM mysql.user
|
|
WHERE user LIKE 'arthurdent';
|
|
|
|
SET @additional_password_1=(SELECT JSON_EXTRACT(mysql.user.user_attributes,
|
|
'$.additional_password') FROM mysql.user WHERE user LIKE 'arthurdent');
|
|
|
|
# Change password
|
|
ALTER USER arthurdent@localhost IDENTIFIED by 'xyz' RETAIN CURRENT PASSWORD;
|
|
|
|
# Entry should be present in mysql.user for arthurdent@localhost
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_ARTHURDENT FROM mysql.user
|
|
WHERE user LIKE 'arthurdent';
|
|
|
|
SET @additional_password_2=(SELECT JSON_EXTRACT(mysql.user.user_attributes,
|
|
'$.additional_password') FROM mysql.user WHERE user LIKE 'arthurdent');
|
|
|
|
# Assert that password stored in mysql.user.user_attributes changed
|
|
SELECT @additional_password_1 <> @additional_password_2 AS
|
|
ADDITIONAL_PASSWORD_CHANGED;
|
|
|
|
# Change password without RETAIN CURRENT PASSWORD
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'abcd';
|
|
|
|
# Entry should still be present int mysql.user for arthurdent@localhost
|
|
SELECT COUNT(*) AS ADDITIONAL_PASSWORD_FOR_ARTHURDENT FROM mysql.user
|
|
WHERE user LIKE 'arthurdent';
|
|
|
|
SET @additional_password_3=(SELECT JSON_EXTRACT(mysql.user.user_attributes,
|
|
'$.additional_password') FROM mysql.user WHERE user LIKE 'arthurdent');
|
|
|
|
# Assert that password stored in mysql.user did not change
|
|
SELECT @additional_password_2 = @additional_password_3 AS
|
|
ADDITIONAL_PASSWORD_NOT_CHANGED;
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 2: Use DISCARD OLD PASSWORD with ALTER USER
|
|
|
|
# No entry in mysql.user for marvintheparanoidandroid@localhost
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITONAL_PASSWORD_FOR_MARVINTHEPARANOIDANDROID FROM
|
|
mysql.user WHERE user LIKE 'marvintheparanoidandroid';
|
|
|
|
# Change password
|
|
ALTER USER marvintheparanoidandroid@localhost IDENTIFIED BY 'abcd'
|
|
RETAIN CURRENT PASSWORD;
|
|
|
|
# Entry should be present in mysql.user for marvintheparanoidandroid@localhost
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITONAL_PASSWORD_FOR_MARVINTHEPARANOIDANDROID FROM
|
|
mysql.user WHERE user LIKE 'marvintheparanoidandroid';
|
|
|
|
# Discard old password
|
|
ALTER USER marvintheparanoidandroid@localhost DISCARD OLD PASSWORD;
|
|
|
|
# Entry should not be present in mysql.user for marvintheparanoidandroid@localhost
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITONAL_PASSWORD_FOR_MARVINTHEPARANOIDANDROID FROM
|
|
mysql.user WHERE user LIKE 'marvintheparanoidandroid';
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 3: Use RETAIN CURRENT PASSWORD with SET PASSWORD
|
|
|
|
# No entry in mysql.user for zaphodbeeblebrox@localhost
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_ZAPHODBEEBLEBROX FROM
|
|
mysql.user WHERE user LIKE 'zaphodbeeblebrox';
|
|
|
|
# Change password
|
|
SET PASSWORD FOR zaphodbeeblebrox@localhost = 'abcd' RETAIN CURRENT PASSWORD;
|
|
|
|
# Entry should be present in mysql.user for zaphodbeeblebrox@localhost
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_ZAPHODBEEBLEBROX FROM
|
|
mysql.user WHERE user LIKE 'zaphodbeeblebrox';
|
|
|
|
SET @additional_password_1=(SELECT JSON_EXTRACT(mysql.user.user_attributes,
|
|
'$.additional_password') FROM mysql.user WHERE user LIKE 'zaphodbeeblebrox');
|
|
|
|
# Change password
|
|
SET PASSWORD FOR zaphodbeeblebrox@localhost = 'efghi' RETAIN CURRENT PASSWORD;
|
|
|
|
# Entry should be present in mysql.user for zaphodbeeblebrox@localhost
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_ZAPHODBEEBLEBROX FROM
|
|
mysql.user WHERE user LIKE 'zaphodbeeblebrox';
|
|
|
|
SET @additional_password_2=(SELECT JSON_EXTRACT(mysql.user.user_attributes,
|
|
'$.additional_password') FROM mysql.user WHERE user LIKE 'zaphodbeeblebrox');
|
|
|
|
# Assert that password stored in mysql.user changed
|
|
SELECT @additional_password_1 <> @additional_password_2 AS
|
|
ADDITIONAL_PASSWORD_CHANGED;
|
|
|
|
# Change password without RETAIN CURRENT PASSWORD
|
|
SET PASSWORD FOR zaphodbeeblebrox@localhost='xyz';
|
|
|
|
# Entry should be present in mysql.user for zaphodbeeblebrox@localhost
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_ZAPHODBEEBLEBROX FROM
|
|
mysql.user WHERE user LIKE 'zaphodbeeblebrox';
|
|
|
|
SET @additional_password_3=(SELECT JSON_EXTRACT(mysql.user.user_attributes,
|
|
'$.additional_password') FROM mysql.user WHERE user LIKE 'zaphodbeeblebrox');
|
|
|
|
# Assert that password stored in mysql.user did not change
|
|
SELECT @additional_password_2 = @additional_password_3 AS
|
|
ADDITIONAL_PASSWORD_NOT_CHANGED;
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 4: RENAME USER
|
|
|
|
# Rename a user
|
|
RENAME USER arthurdent@localhost TO arthurdent1@localhost;
|
|
|
|
# Check effect on mysql.user
|
|
SELECT COUNT(JSON_KEYS(mysql.user.user_attributes)) AS
|
|
ADDITIONAL_PASSWORD_FOR_ARTHURDENT FROM mysql.user
|
|
WHERE user LIKE 'arthurdent';
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_ARTHURDENT1 FROM mysql.user
|
|
WHERE user LIKE 'arthurdent1';
|
|
|
|
# Rename once again
|
|
RENAME USER arthurdent1@localhost TO arthurdent@localhost;
|
|
|
|
# Check effect on mysql.user
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_ARTHURDENT FROM mysql.user
|
|
WHERE user LIKE 'arthurdent';
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_ARTHURDENT1 FROM mysql.user
|
|
WHERE user LIKE 'arthurdent1';
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 5: DROP USER
|
|
|
|
CREATE USER u1@localhost IDENTIFIED BY 'abcd';
|
|
CREATE USER u2@localhost IDENTIFIED BY 'abcd';
|
|
|
|
# Change passwords
|
|
ALTER USER u1@localhost IDENTIFIED BY 'efghi' RETAIN CURRENT PASSWORD,
|
|
u2@localhost IDENTIFIED BY 'efghi' RETAIN CURRENT PASSWORD;
|
|
|
|
# Check that additional passwords are present in mysql.user
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_U1 FROM mysql.user WHERE user LIKE 'u1';
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_U2 FROM mysql.user WHERE user LIKE 'u2';
|
|
|
|
# Drop users
|
|
DROP USER u1@localhost, u2@localhost;
|
|
|
|
# Check that passwords are removed from mysql.user
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_U1 FROM mysql.user WHERE user LIKE 'u1';
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ADDITIONAL_PASSWORD_FOR_U2 FROM mysql.user WHERE user LIKE 'u2';
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 6: Syntax
|
|
|
|
# Clean slate
|
|
ALTER USER arthurdent@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER marvintheparanoidandroid@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER zaphodbeeblebrox@localhost DISCARD OLD PASSWORD;
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS NO_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
# RETAIN CURRENT PASSWORD for multiple users
|
|
ALTER USER arthurdent@localhost IDENTIFIED by '1234' RETAIN CURRENT PASSWORD,
|
|
marvintheparanoidandroid@localhost IDENTIFIED BY '5678',
|
|
zaphodbeeblebrox@localhost IDENTIFIED BY '9012' RETAIN CURRENT PASSWORD;
|
|
|
|
# 2 additional passwords
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS TWO_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
# MIX-N-MATCH
|
|
ALTER USER arthurdent@localhost DISCARD OLD PASSWORD,
|
|
marvintheparanoidandroid@localhost IDENTIFIED BY '5678'
|
|
RETAIN CURRENT PASSWORD,
|
|
zaphodbeeblebrox@localhost IDENTIFIED BY '9012';
|
|
|
|
# 2 additional passwords
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS TWO_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
# DISCARD CURRENT PASSWORD for multiple users
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY '5678',
|
|
marvintheparanoidandroid@localhost DISCARD OLD PASSWORD,
|
|
zaphodbeeblebrox@localhost DISCARD OLD PASSWORD;
|
|
|
|
# No additional passwords
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS NO_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 7: Permission
|
|
|
|
--connection arthur_conn
|
|
SET PASSWORD FOR arthurdent@localhost = 'abcd' RETAIN CURRENT PASSWORD;
|
|
ALTER USER marvintheparanoidandroid@localhost DISCARD OLD PASSWORD;
|
|
|
|
--connection zaphod_conn
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'efghi' RETAIN CURRENT PASSWORD;
|
|
SET PASSWORD = 'abcd' RETAIN CURRENT PASSWORD;
|
|
ALTER USER arthurdent@localhost DISCARD OLD PASSWORD,
|
|
zaphodbeeblebrox@localhost DISCARD OLD PASSWORD;
|
|
|
|
--connection marvin_conn
|
|
SET PASSWORD = 'xyz' RETAIN CURRENT PASSWORD;
|
|
ALTER USER marvintheparanoidandroid@localhost
|
|
IDENTIFIED BY 'abcd' RETAIN CURRENT PASSWORD;
|
|
ALTER USER marvintheparanoidandroid@localhost DISCARD OLD PASSWORD;
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
ALTER USER marvintheparanoidandroid@localhost
|
|
IDENTIFIED BY 'efgh' RETAIN CURRENT PASSWORD,
|
|
arthurdent@localhost DISCARD OLD PASSWORD;
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 8: Non built-in plugin
|
|
|
|
--connection default
|
|
CREATE USER plug IDENTIFIED WITH test_plugin_server BY '123';
|
|
ALTER USER plug IDENTIFIED BY '123' RETAIN CURRENT PASSWORD;
|
|
ALTER USER plug DISCARD OLD PASSWORD;
|
|
DROP USER plug;
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 9: Plugin change
|
|
|
|
--connection default
|
|
ALTER USER arthurdent@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER marvintheparanoidandroid@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER zaphodbeeblebrox@localhost DISCARD OLD PASSWORD;
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ZERO_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'abcd' RETAIN CURRENT PASSWORD;
|
|
ALTER USER marvintheparanoidandroid@localhost IDENTIFIED BY 'efgh'
|
|
RETAIN CURRENT PASSWORD;
|
|
ALTER USER zaphodbeeblebrox@localhost IDENTIFIED BY 'ijkl'
|
|
RETAIN CURRENT PASSWORD;
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS THREE_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
ALTER USER arthurdent@localhost IDENTIFIED WITH 'mysql_native_password'
|
|
BY 'abcd';
|
|
ALTER USER marvintheparanoidandroid@localhost IDENTIFIED WITH 'sha256_password'
|
|
BY 'efgh';
|
|
ALTER USER zaphodbeeblebrox@localhost IDENTIFIED WITH 'mysql_native_password'
|
|
BY 'ijkl';
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ZERO_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 10: Empty first password
|
|
|
|
--connection default
|
|
SET PASSWORD FOR arthurdent@localhost = '';
|
|
--error ER_SECOND_PASSWORD_CANNOT_BE_EMPTY
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'abcd' RETAIN CURRENT PASSWORD;
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 11: Binary log
|
|
|
|
--connection default
|
|
CREATE USER userX IDENTIFIED BY 'abcd', userY IDENTIFIED BY 'efgh';
|
|
--source include/save_binlog_position.inc
|
|
ALTER USER userX IDENTIFIED BY 'efgh' RETAIN CURRENT PASSWORD,
|
|
userY IDENTIFIED BY 'ijkl' RETAIN CURRENT PASSWORD;
|
|
--let $event= !Q(ALTER USER.*userX.*RETAIN CURRENT PASSWORD.*userY.*RETAIN CURRENT PASSWORD.*)
|
|
--source ../include/auth_sec_assert_binlog_events.inc
|
|
--source include/save_binlog_position.inc
|
|
ALTER USER userX DISCARD OLD PASSWORD,
|
|
userY IDENTIFIED BY 'mnop' RETAIN CURRENT PASSWORD;
|
|
--let $event= !Q(ALTER USER.*userX.*DISCARD OLD PASSWORD.*userY.*RETAIN CURRENT PASSWORD.*)
|
|
--source ../include/auth_sec_assert_binlog_events.inc
|
|
--source include/save_binlog_position.inc
|
|
ALTER USER userX IDENTIFIED BY 'qrst' RETAIN CURRENT PASSWORD,
|
|
userY DISCARD OLD PASSWORD PASSWORD REQUIRE CURRENT;
|
|
--let $event= !Q(ALTER USER.*userX.*RETAIN CURRENT PASSWORD.*userY.*DISCARD OLD PASSWORD.*PASSWORD REQUIRE CURRENT.*)
|
|
--source ../include/auth_sec_assert_binlog_events.inc
|
|
--source include/save_binlog_position.inc
|
|
DROP USER userX;
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 12: With REPLACE clause
|
|
|
|
--connection default
|
|
ALTER USER arthurdent@localhost DISCARD OLD PASSWORD;
|
|
|
|
# Force user to provide current password while changing the password
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'abcd' PASSWORD REQUIRE CURRENT;
|
|
|
|
# Now change passwords and retain existing ones
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'efgh' RETAIN CURRENT PASSWORD;
|
|
|
|
--connection arthur_conn
|
|
# should work
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'ijkl' REPLACE 'efgh';
|
|
SET PASSWORD = 'mnop' REPLACE 'ijkl';
|
|
SET PASSWORD = 'qrst' REPLACE 'mnop' RETAIN CURRENT PASSWORD;
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'uvwx' REPLACE 'qrst' RETAIN CURRENT PASSWORD;
|
|
# should not work
|
|
--error ER_INCORRECT_CURRENT_PASSWORD
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'abcd' REPLACE 'qrst';
|
|
--error ER_INCORRECT_CURRENT_PASSWORD
|
|
SET PASSWORD = 'efgh' REPLACE 'qrst';
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 13: ALTER USER with USER() function
|
|
|
|
--connection default
|
|
ALTER USER arthurdent@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER marvintheparanoidandroid@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER zaphodbeeblebrox@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'abcd';
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'efgh' RETAIN CURRENT PASSWORD;
|
|
|
|
--connection arthur_conn
|
|
# should work
|
|
ALTER USER USER() IDENTIFIED BY 'ijkl' RETAIN CURRENT PASSWORD;
|
|
ALTER USER USER() DISCARD OLD PASSWORD;
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 14: Plugin change and retained password
|
|
|
|
--connection default
|
|
ALTER USER arthurdent@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER marvintheparanoidandroid@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER zaphodbeeblebrox@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER arthurdent@localhost IDENTIFIED WITH 'caching_sha2_password' BY 'abcd';
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'efgh' RETAIN CURRENT PASSWORD;
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ONE_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
# Retained password is not cleared if plugin is not changed
|
|
ALTER USER arthurdent@localhost IDENTIFIED WITH caching_sha2_password BY 'ijkl';
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ONE_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
# Retained password is cleared if plugin is changed
|
|
ALTER USER arthurdent@localhost IDENTIFIED WITH 'mysql_native_password' BY 'mnop';
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ZERO_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
--error ER_PASSWORD_CANNOT_BE_RETAINED_ON_PLUGIN_CHANGE
|
|
ALTER USER arthurdent@localhost IDENTIFIED WITH 'sha256_password' BY 'qrst' RETAIN CURRENT PASSWORD;
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 15: Setting empty password
|
|
--connection default
|
|
ALTER USER arthurdent@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER marvintheparanoidandroid@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'abcd';
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'efgh' RETAIN CURRENT PASSWORD;
|
|
ALTER USER marvintheparanoidandroid@localhost IDENTIFIED BY 'abcd';
|
|
ALTER USER marvintheparanoidandroid@localhost IDENTIFIED BY 'efgh' RETAIN CURRENT PASSWORD;
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS TWO_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY '';
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ONE_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
SET PASSWORD FOR marvintheparanoidandroid@localhost = '';
|
|
|
|
SELECT count(JSON_EXTRACT(mysql.user.user_attributes, '$.additional_password'))
|
|
AS ZERO_ADDITIONAL_PASSWORDS FROM mysql.user;
|
|
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'abcd';
|
|
--error ER_CURRENT_PASSWORD_CANNOT_BE_RETAINED
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY '' RETAIN CURRENT PASSWORD;
|
|
--error ER_CURRENT_PASSWORD_CANNOT_BE_RETAINED
|
|
SET PASSWORD FOR arthurdent@localhost = '' RETAIN CURRENT PASSWORD;
|
|
|
|
CREATE USER userX;
|
|
--error ER_SECOND_PASSWORD_CANNOT_BE_EMPTY
|
|
SET PASSWORD FOR userX = 'abcd' RETAIN CURRENT PASSWORD;
|
|
DROP USER userX;
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Test 16: General log
|
|
|
|
# Keep this test at the end as it modifies many user properities
|
|
|
|
--connection default
|
|
ALTER USER arthurdent@localhost DISCARD OLD PASSWORD;
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'abcd';
|
|
|
|
# Make sure we start with a clean slate. log_tables.test says this is OK.
|
|
TRUNCATE TABLE mysql.general_log;
|
|
|
|
SET @old_log_output = @@global.log_output;
|
|
SET @old_general_log = @@global.general_log;
|
|
SET @old_general_log_file = @@global.general_log_file;
|
|
|
|
let $general_file_off = $MYSQLTEST_VARDIR/log/multiple_passwords_general.log;
|
|
--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
|
|
eval SET GLOBAL general_log_file = '$general_file_off';
|
|
SET GLOBAL log_output = 'FILE,TABLE';
|
|
SET GLOBAL general_log= 'ON';
|
|
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'efgh' RETAIN CURRENT PASSWORD;
|
|
ALTER USER arthurdent@localhost DISCARD OLD PASSWORD;
|
|
SET PASSWORD FOR arthurdent@localhost = 'abcd' RETAIN CURRENT PASSWORD;
|
|
--connection arthur_conn
|
|
SET PASSWORD = 'efgh' REPLACE 'abcd' RETAIN CURRENT PASSWORD;
|
|
--connection default
|
|
ALTER USER arthurdent@localhost IDENTIFIED BY 'efgh' RETAIN CURRENT PASSWORD,
|
|
marvintheparanoidandroid@localhost DISCARD OLD PASSWORD,
|
|
zaphodbeeblebrox@localhost IDENTIFIED BY 'abcd'
|
|
REQUIRE SSL WITH MAX_QUERIES_PER_HOUR 22 PASSWORD EXPIRE DEFAULT
|
|
PASSWORD HISTORY 10 PASSWORD REUSE INTERVAL 10 DAY
|
|
PASSWORD REQUIRE CURRENT OPTIONAL ACCOUNT UNLOCK;
|
|
|
|
--echo Show what is logged:
|
|
--echo ------ rewrite ------
|
|
SELECT argument FROM mysql.general_log WHERE argument LIKE 'ALTER USER %' AND
|
|
command_type NOT LIKE 'Prepare';
|
|
SELECT argument FROM mysql.general_log WHERE argument LIKE 'SET PASSWORD %';
|
|
--echo ------ done ------
|
|
|
|
|
|
--echo #-----------------------------------------------------------------------
|
|
--echo # Cleanup : Destroy connections, Drop users
|
|
|
|
# Destroy connections
|
|
--connection default
|
|
--disconnect arthur_conn
|
|
--disconnect marvin_conn
|
|
--disconnect zaphod_conn
|
|
|
|
# Drop test users
|
|
DROP USER arthurdent@localhost;
|
|
DROP USER marvintheparanoidandroid@localhost;
|
|
DROP USER zaphodbeeblebrox@localhost;
|
|
|
|
# Wait till all disconnects are completed
|
|
--source include/wait_until_count_sessions.inc
|
|
--source include/force_restart.inc
|
|
|
|
--echo #-----------------------------------------------------------------------
|