polardbxengine/mysql-test/suite/auth_sec/t/password_expiry.test

197 lines
7.5 KiB
Plaintext

#############################################################
# Purpose : To check authentication cases for WL#7131
# Author : Prabeen Pradhan
# Date : 25th Feb 2014
#############################################################
--echo ######################################################
--echo Authentication cases
--echo ######################################################
--echo #### Honouring the value of password_lifetime, below test checks if
--echo #### password expiry is working when expiry date passed. Use SET PASSWORD
--echo #### for an expired user which honours the value of password_lifetime
CREATE USER u1 IDENTIFIED by 'u1';
UPDATE mysql.user SET password_last_changed=DATE_SUB(NOW(), INTERVAL 3 DAY),
password_lifetime=2 WHERE user='u1';
FLUSH PRIVILEGES;
--echo #### Connection with u1 will succeed in sand box mode, but no statements
--echo #### can be executed except SET PASSWORD
connect (conn_u1,localhost,u1,u1,,,,SSL);
--echo # Setting variables should work
--error 1820
SELECT 'Password_Expired_SandBoxMode_Test';
SET PASSWORD = 'u1_new';
SELECT 'Normal_Statement_Can_Be_Executed';
disconnect conn_u1;
connect (conn_root,localhost,root,,);
SELECT password_expired FROM mysql.user WHERE user='u1';
DROP USER u1;
--echo #### Honouring the value of password_lifetime, check if password expiry
--echo #### is working when password is active.
CREATE USER u1 IDENTIFIED by 'u1';
UPDATE mysql.user SET password_last_changed=DATE_SUB(NOW(), INTERVAL 2 DAY),
password_lifetime=3 WHERE user='u1';
FLUSH PRIVILEGES;
--echo #### Connection will succeed, user should be able to execute statements
connect (conn_u1,localhost,u1,u1,,,,SSL);
--echo # Setting variables should work
SELECT 'Normal_Statement_Can_Be_Executed';
disconnect conn_u1;
connection conn_root;
SELECT password_expired FROM mysql.user WHERE user='u1';
DROP USER u1;
--echo #### Set the value of password_lifetime to 0 and check its validity.
CREATE USER u1 IDENTIFIED by 'u1';
UPDATE mysql.user SET password_last_changed=DATE_SUB(NOW(), INTERVAL 2 DAY),
password_lifetime=0 WHERE user='u1';
FLUSH PRIVILEGES;
--echo #### Connection will succeed, user should be able to execute statements
connect (conn_u1,localhost,u1,u1,,,,SSL);
--echo # Setting variables should work
SELECT 'Normal_Statement_Can_Be_Executed';
disconnect conn_u1;
connection conn_root;
SELECT password_expired FROM mysql.user WHERE user='u1';
DROP USER u1;
--echo #### Honouring the value of default_password_lifetime, check if password
--echo #### expiry is working when password is expired.
CREATE USER u1 IDENTIFIED by 'u1';
UPDATE mysql.user SET password_last_changed=DATE_SUB(NOW(), INTERVAL 3 DAY),
password_lifetime=null WHERE user='u1';
SET GLOBAL default_password_lifetime = 2;
FLUSH PRIVILEGES;
--echo #### Connection will succeed, user should be able to execute statements
connect (conn_u1,localhost,u1,u1,,,,SSL);
--error 1820
SELECT 'Password_Expired_SandBoxMode_Test';
disconnect conn_u1;
connection conn_root;
SELECT password_expired FROM mysql.user WHERE user='u1';
DROP USER u1;
--echo #### Honouring the value of default_password_lifetime, check if
--echo #### password expiry is working when password is expired.
CREATE USER u1 IDENTIFIED by 'u1';
UPDATE mysql.user SET password_last_changed=DATE_SUB(NOW(), INTERVAL 2 DAY),
password_lifetime=null WHERE user='u1';
SET GLOBAL default_password_lifetime = 3;
FLUSH PRIVILEGES;
--echo #### Connection will succeed, user should be able to execute statements
connect (conn_u1,localhost,u1,u1,,,,SSL);
--echo # Setting variables should work
SELECT 'Normal_Statement_Can_Be_Executed';
disconnect conn_u1;
connection conn_root;
SELECT password_expired FROM mysql.user WHERE user='u1';
DROP USER u1;
--echo #### Check if NULL value can be set to default_password_lifetime
--error 1232
SET GLOBAL default_password_lifetime = null;
--echo #### Ensure that existing sessions are not disturbed due to change in
--echo #### global value of default_password_lifetime.
CREATE USER u1 IDENTIFIED by 'u1';
--echo #### Connection will succeed, user should be able to execute statements
connect (conn_u1,localhost,u1,u1,,,,SSL);
--echo # Setting variables should work
SELECT 'Normal_Statement_Can_Be_Executed';
connection conn_root;
UPDATE mysql.user SET password_last_changed=DATE_SUB(NOW(), INTERVAL 3 DAY),
password_lifetime=null WHERE user='u1';
SET GLOBAL default_password_lifetime = 2;
FLUSH PRIVILEGES;
connection conn_u1;
--echo # Setting variables should work
SELECT 'Normal_Statement_Can_Be_Executed';
disconnect conn_u1;
connection conn_root;
SELECT password_expired FROM mysql.user WHERE user='u1';
DROP USER u1;
--echo #### Use SET PASSWORD for an expired user which honours the value of
--echo #### variable default_password_lifetime.
CREATE USER u1 IDENTIFIED by 'u1';
UPDATE mysql.user SET password_last_changed=DATE_SUB(NOW(), INTERVAL 3 DAY),
password_lifetime=null WHERE user='u1';
SET GLOBAL default_password_lifetime = 2;
FLUSH PRIVILEGES;
--echo #### Connection will succeed in sand box mode,
--echo #### but no statements can be executed except SET PASSWORD
connect (conn_u1,localhost,u1,u1,,,,SSL);
--error 1820
SELECT 'Password_Expired_SandBoxMode_Test';
SET PASSWORD = 'u1_new';
--echo # Setting variables should work
SELECT 'Normal_Statement_Can_Be_Executed';
disconnect conn_u1;
connection conn_root;
SELECT password_expired FROM mysql.user WHERE user='u1';
DROP USER u1;
--echo #### For an expired user where password_expired is Y, ensure that it
--echo #### does not execute anything except SET PASSWORD.
CREATE USER u1 IDENTIFIED by 'u1';
UPDATE mysql.user SET password_expired='Y' WHERE user='u1';
FLUSH PRIVILEGES;
--echo #Below statement should not affect the value of password_expired column
ALTER USER 'u1' PASSWORD EXPIRE INTERVAL 5 DAY;
SELECT password_expired FROM mysql.user WHERE user='u1';
DROP USER u1;
--echo #### Check if SET PASSWORD resets the value of column
--echo #### password_expired to N when it is Y.
CREATE USER u1 IDENTIFIED by 'u1';
ALTER USER 'u1' PASSWORD EXPIRE;
--echo #Expiry status of u1 should be Y
SELECT password_expired FROM mysql.user WHERE user='u1';
connect (conn_u1,localhost,u1,u1,,,,SSL);
SET PASSWORD = 'u1_new';
disconnect conn_u1;
connection conn_root;
--echo #Expiry status of u1 should be N
SELECT password_expired FROM mysql.user WHERE user='u1';
DROP USER u1;
--echo #### Try updating the newly introduced columns and try setting the
--echo #### global variable default_password_lifetime with an user having
--echo #### insufficient privilege.
CREATE USER u1 IDENTIFIED by 'u1';
connect (conn_u1,localhost,u1,u1,,,,SSL);
--error 1227
SET GLOBAL default_password_lifetime = 2;
--error 1142
UPDATE mysql.user SET password_last_changed=DATE_SUB(NOW(), INTERVAL 3 DAY),
password_lifetime=null WHERE user='u1';
disconnect conn_u1;
connection conn_root;
DROP USER u1;
--echo #### One year password expiration check
CREATE USER u1 IDENTIFIED by 'u1';
UPDATE mysql.user SET password_last_changed=DATE_SUB(NOW(), INTERVAL 361 DAY),
password_lifetime=null WHERE user='u1';
SET GLOBAL default_password_lifetime = 360;
FLUSH PRIVILEGES;
--echo # Connection will succeed in sand box mode,
--echo # but no statements can be executed except SET PASSWORD
connect (conn_u1,localhost,u1,u1,,,,SSL);
--error 1820
SELECT 'Password_Expired_SandBoxMode_Test';
SET PASSWORD = 'u1_new';
--echo # Setting variables should work
SELECT 'Normal_Statement_Can_Be_Executed';
disconnect conn_u1;
connection conn_root;
SELECT password_expired FROM mysql.user WHERE user='u1';
DROP USER u1;
--echo #### Cleanup statements
connection conn_root;
SET GLOBAL default_password_lifetime = default;
disconnect conn_root;