4493d40a-92aa-4162-9dfc-bfc4ec0996e6
/
polardbxengine
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
polardbxengine/mysql-test/t/grant_alter_user_qa.test

1292 lines
52 KiB
Plaintext
Raw Blame History

######################## t/grant_alter_user_qa.test ###################################
# Testing CREATE/ALTER/GRANT USER new syntax and #
# new variable "log-builtin-as-identified-by-password" default value "OFF" #
# #
# Test for WL#6409 #
# Created : 2014-12-15 #
# Modified: 2014-02-02 WL#6054 #
# Author : Lalit Choudhary #
#######################################################################################
# reset master only support by debug version
--source include/have_debug_new.inc
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
--source include/have_plugin_auth.inc
--source include/have_log_bin.inc
--echo #
--echo # WL#6409: CREATE/ALTER USER
--echo #
call mtr.add_suppression("\\[Warning\\] \\[[^]]*\\] Server shutdown in progress");
# Official builds include separate debug enabled plugins to be used by
# the debug enabled server. But the non-debug *client* should not use them.
let PLUGIN_AUTH_OPT=`SELECT TRIM(TRAILING '/debug' FROM '$PLUGIN_AUTH_OPT')`;
--echo # CREATE USER
--echo
CREATE USER user1;
query_vertical SELECT host,user,plugin FROM mysql.user
WHERE USER='user1';
--echo
--error ER_PARSE_ERROR
CREATE USER user3@%;
# Sequence of the attributes. provide password first and auth_plugin later on
--error ER_PARSE_ERROR
CREATE USER user3@localhost BY 'auth_string' WITH 'sha_256_password';
CREATE USER "user2"@'%';
query_vertical SELECT host,user,plugin FROM mysql.user
WHERE USER='user2';
# IDENTIFIED WITH 'mysql_native_password' AS with plaintest
--error ER_PASSWORD_FORMAT
CREATE USER user9@localhost IDENTIFIED WITH 'mysql_native_password' AS 'auth_string';
--echo
# IDENTIFIED WITH 'mysql_native_password' AS with hash_string password
CREATE USER user10@localhost
IDENTIFIED WITH 'caching_sha2_password' AS '$A$005$ABCDEFGHIJKLMNOPQRSTabcdefgh01234567ijklmnop89012345ABCDEFGH678';
--echo
CREATE USER u1@localhost;
query_vertical SELECT User,plugin FROM mysql.user
WHERE USER='u1';
CREATE USER u2@localhost IDENTIFIED BY 'auth_string';
query_vertical SELECT User,plugin FROM mysql.user
WHERE USER='u2';
--echo
--error ER_PARSE_ERROR
CREATE USER user5@localhost IDENTIFIED AS 'auth_string';
CREATE USER u3@localhost IDENTIFIED WITH 'sha256_password';
query_vertical SELECT User,plugin FROM mysql.user
WHERE USER='u3';
CREATE USER u4@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
query_vertical SELECT User,plugin FROM mysql.user
WHERE USER='u4';
# Testing connection
--connect(con1, localhost, u4,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
--echo
CREATE USER user4@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
query_vertical SELECT User,plugin FROM mysql.user
WHERE USER='user4';
--echo
CREATE USER user6@localhost IDENTIFIED WITH 'mysql_native_password';
query_vertical SELECT User,plugin FROM mysql.user
WHERE USER='user6';
--echo
CREATE USER user7@localhost
IDENTIFIED WITH 'mysql_native_password' BY 'auth_string#%y';
query_vertical SELECT User,plugin FROM mysql.user
WHERE USER='user7';
--echo
# Testing connection
--connect(con1, localhost, user7, 'auth_string#%y')
SELECT USER();
connection default;
disconnect con1;
CREATE USER user8@localhost
IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
PASSWORD EXPIRE NEVER;
query_vertical SELECT User,plugin,password_expired,
password_lifetime FROM mysql.user WHERE USER='user8';
# Testing connection
--connect(con1, localhost, user8,'auth_string')
SELECT USER();
connection default;
disconnect con1;
--echo # Tesing with test_plugin_server plugin
CREATE USER tu1@localhost IDENTIFIED WITH 'test_plugin_server';
query_vertical SELECT User,plugin,password_expired,
password_expired FROM mysql.user WHERE USER='tu1';
CREATE USER tu2@localhost IDENTIFIED WITH 'test_plugin_server'
BY 'auth_@13*' PASSWORD EXPIRE;
query_vertical SELECT User,plugin,password_expired
FROM mysql.user WHERE USER='tu2';
--echo
CREATE USER tu3@localhost IDENTIFIED WITH 'test_plugin_server' AS '%auth_O0s-tring';
query_vertical SELECT User,plugin,password_expired
FROM mysql.user WHERE USER='tu3';
--echo
CREATE USER u5@localhost REQUIRE SSL;
query_vertical SELECT User,plugin,ssl_type
FROM mysql.user WHERE USER='u5';
CREATE USER u6@localhost IDENTIFIED BY 'auth_string' REQUIRE X509;
query_vertical SELECT User,plugin,ssl_type
FROM mysql.user WHERE USER='u6';
CREATE USER tu4@localhost IDENTIFIED WITH 'test_plugin_server' BY 'djgsj743$'
REQUIRE SSL;
query_vertical SELECT User,plugin,ssl_type
FROM mysql.user WHERE USER='tu4';
CREATE USER tu5@localhost IDENTIFIED WITH 'test_plugin_server' AS 'dwh@#ghd$!'
REQUIRE X509;
query_vertical SELECT User,plugin,ssl_type
FROM mysql.user WHERE USER='tu5';
CREATE USER u7@localhost IDENTIFIED WITH 'sha256_password' REQUIRE CIPHER 'cipher';
query_vertical SELECT User,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject FROM mysql.user WHERE USER='u7';
CREATE USER u8@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE ISSUER '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA'
PASSWORD EXPIRE NEVER;
query_vertical SELECT User,plugin,ssl_type,ssl_cipher,x509_issuer,
x509_subject,password_expired,password_lifetime FROM mysql.user WHERE USER='u8';
# Testing connection
--connect(con1, localhost, u8,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER u9@localhost REQUIRE SUBJECT 'sub';
query_vertical SELECT User,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject FROM mysql.user WHERE USER='u9';
CREATE USER u10@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string#y'
REQUIRE CIPHER "DHE-RSA-AES256-SHA" AND
SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
PASSWORD EXPIRE DEFAULT;
query_vertical SELECT User,plugin,ssl_type,ssl_cipher,x509_issuer,
x509_subject,password_expired,password_lifetime FROM mysql.user WHERE USER='u10';
# Testing connection
--connect(con1, localhost, u10,'auth_string#y',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER tu6@localhost IDENTIFIED WITH 'test_plugin_server' AS '#hGrt0O6'
REQUIRE CIPHER "DHE-RSA-AES256-SHA" AND
SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2;
query_vertical SELECT User,plugin,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections FROM mysql.user WHERE USER='tu6';
CREATE USER u11@localhost WITH MAX_QUERIES_PER_HOUR 2;
query_vertical SELECT User,plugin,max_questions
FROM mysql.user WHERE USER='u11';
CREATE USER u12@localhost IDENTIFIED BY 'auth_string'
WITH MAX_QUERIES_PER_HOUR 2 PASSWORD EXPIRE NEVER;
query_vertical SELECT User,plugin,max_questions,
password_expired,password_lifetime FROM mysql.user WHERE USER='u12';
CREATE USER u13@localhost IDENTIFIED WITH 'sha256_password'
WITH MAX_CONNECTIONS_PER_HOUR 2;
query_vertical SELECT User,plugin,max_connections
FROM mysql.user WHERE USER='u13';
CREATE USER u14@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
WITH MAX_USER_CONNECTIONS 2 PASSWORD EXPIRE INTERVAL 999 DAY;
query_vertical SELECT User,plugin,max_user_connections,
password_expired,password_lifetime FROM mysql.user WHERE USER='u14';
CREATE USER u15@localhost,
u16@localhost IDENTIFIED BY 'auth_string',
u17@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,password_lifetime
FROM mysql.user WHERE USER='u15';
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,password_lifetime
FROM mysql.user WHERE USER='u16';
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,password_lifetime
FROM mysql.user WHERE USER='u17';
CREATE USER u18@localhost,
u19@localhost IDENTIFIED BY 'auth_string',
u20@localhost IDENTIFIED WITH 'sha256_password',
u21@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string',
u22@localhost IDENTIFIED WITH 'test_plugin_server',
u23@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_&string'
REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2;
query_vertical SELECT User,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections,password_expired,
password_lifetime FROM mysql.user WHERE USER='u18';
query_vertical SELECT User,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections,password_expired,
password_lifetime FROM mysql.user WHERE USER='u19';
query_vertical SELECT User,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections,password_expired,
password_lifetime FROM mysql.user WHERE USER='u20';
query_vertical SELECT User,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections,password_expired,
password_lifetime FROM mysql.user WHERE USER='u21';
query_vertical SELECT User,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections,password_expired,
password_lifetime FROM mysql.user WHERE USER='u22';
query_vertical SELECT User,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections,password_expired,
password_lifetime FROM mysql.user WHERE USER='u23';
DROP USER tu1@localhost,tu2@localhost,tu3@localhost,tu4@localhost,tu5@localhost,
tu6@localhost,user1@'%',user2@'%',user4@localhost,user6@localhost,
user7@localhost,user8@localhost,user10@localhost,u1@localhost,u2@localhost,
u3@localhost,u4@localhost,u5@localhost,u6@localhost,u7@localhost,u8@localhost,
u9@localhost,u10@localhost,u11@localhost,u12@localhost,u13@localhost,
u14@localhost,u15@localhost,u16@localhost,u17@localhost,u18@localhost,
u19@localhost,u20@localhost,u21@localhost,u22@localhost,u23@localhost;
--echo # ALTER USER
CREATE USER u1@localhost;
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime
FROM mysql.user WHERE USER='u1';
--echo # Its a no op
ALTER USER u1@localhost;
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime
FROM mysql.user WHERE USER='u1';
CREATE USER u2@localhost IDENTIFIED WITH 'mysql_native_password';
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u2';
ALTER USER u2@localhost IDENTIFIED WITH 'mysql_native_password' PASSWORD EXPIRE NEVER;
# Look for auth_string and password last changed field
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u2';
# Testing connection
--connect(con1, localhost, u2)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
--disable_ps_protocol
ALTER USER USER() IDENTIFIED BY 'abc';
--enable_ps_protocol
connection default;
disconnect con1;
--echo
CREATE USER u3@localhost IDENTIFIED WITH 'sha256_password';
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u3';
ALTER USER u3@localhost IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF';
# Look for plugin,auth_string and password expired field
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u3';
# Testing connection
--connect(con1, localhost, u3, 'auth_string')
SELECT USER();
connection default;
disconnect con1;
ALTER USER u3@localhost IDENTIFIED WITH 'test_plugin_server' BY 'auth_string';
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u3';
ALTER USER u3@localhost
REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2
PASSWORD EXPIRE NEVER;
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u3';
CREATE USER u4@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u4';
ALTER USER u4@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
# Look for plugin,auth_string field
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u4';
CREATE USER u5@localhost REQUIRE SSL;
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u5';
ALTER USER u5@localhost IDENTIFIED WITH 'sha256_password';
# Look for plugin,auth_string, password expired field
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u5';
# Testing connection
--connect(con1, localhost, u5,,,,,SSL)
SET PASSWORD='new_auth_string';
SELECT USER();
connection default;
disconnect con1;
CREATE USER u6@localhost IDENTIFIED BY 'auth_string' REQUIRE X509;
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u6';
ALTER USER u6@localhost IDENTIFIED WITH 'test_plugin_server'
AS 'new_auth_string' REQUIRE SSL;
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u6';
CREATE USER u7@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE CIPHER 'DHE-RSA-AES256-SHA';
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u7';
ALTER USER u7@localhost IDENTIFIED WITH 'sha256_password' BY 'new_auth_string'
REQUIRE ISSUER '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA';
# Look for plugin,auth_string, password expired, SSL type field
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u7';
# Testing connection
--connect(con1, localhost, u7,'new_auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER u8@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE ISSUER '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA';
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u8';
ALTER USER u8@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE CIPHER "DHE-RSA-AES256-SHA";
# Look for plugin,auth_string, password expired, SSL fields
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u8';
# Testing connection
--connect(con1, localhost, u8,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER tu1@localhost IDENTIFIED WITH 'mysql_native_password'
BY 'auth_string' REQUIRE ISSUER 'issuer';
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='tu1';
ALTER USER tu1@localhost IDENTIFIED WITH 'sha256_password'
REQUIRE CIPHER "DHE-RSA-AES256-SHA";
# Look for plugin,auth_string, password expired, SSL fields
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='tu1';
CREATE USER u9@localhost REQUIRE SUBJECT 'sub';
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u9';
ALTER USER u9@localhost
REQUIRE ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u9';
ALTER USER u9@localhost IDENTIFIED WITH 'test_plugin_server' BY 'auth_string77hg'
REQUIRE ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u9';
CREATE USER u10@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE CIPHER "DHE-RSA-AES256-SHA" AND
SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u10';
ALTER USER u10@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE SSL;
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u10';
# Testing connection
--connect(con1, localhost, u10,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER u11@localhost WITH MAX_QUERIES_PER_HOUR 2;
--replace_column 8 #
query_vertical SELECT User,max_questions FROM mysql.user WHERE USER='u11';
ALTER USER u11@localhost WITH MAX_QUERIES_PER_HOUR 6;
--replace_column 8 #
query_vertical SELECT User,max_questions FROM mysql.user WHERE USER='u11';
CREATE USER u12@localhost IDENTIFIED BY 'auth_string'
WITH MAX_QUERIES_PER_HOUR 2;
--replace_column 8 #
query_vertical SELECT User,max_questions FROM mysql.user WHERE USER='u12';
ALTER USER u12@localhost IDENTIFIED WITH 'sha256_password'
WITH MAX_QUERIES_PER_HOUR 8;
--replace_column 8 #
query_vertical SELECT User,max_questions FROM mysql.user WHERE USER='u12';
ALTER USER u12@localhost IDENTIFIED WITH 'test_plugin_server'
WITH MAX_QUERIES_PER_HOUR 1000;
--replace_column 8 #
query_vertical SELECT User,max_questions FROM mysql.user WHERE USER='u12';
CREATE USER u13@localhost IDENTIFIED WITH 'sha256_password'
WITH MAX_CONNECTIONS_PER_HOUR 2;
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u13';
ALTER USER u13@localhost PASSWORD EXPIRE;
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u13';
# Testing connection
--connect(con1, localhost, u13,,,,,SSL)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
--disable_ps_protocol
ALTER USER USER() IDENTIFIED BY 'new_pwd_string';
--enable_ps_protocol
disconnect con1;
--connect(con1, localhost, u13,'new_pwd_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER u14@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
WITH MAX_USER_CONNECTIONS 2;
--replace_column 9 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u14';
ALTER USER u14@localhost WITH MAX_USER_CONNECTIONS 12 PASSWORD EXPIRE INTERVAL 365 DAY;
--replace_column 9 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u14';
CREATE USER tu2@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
WITH MAX_USER_CONNECTIONS 2 ;
--replace_column 10 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,max_questions,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='tu2';
ALTER USER tu2@localhost WITH MAX_USER_CONNECTIONS 12 MAX_QUERIES_PER_HOUR 543
PASSWORD EXPIRE INTERVAL 365 DAY;
--replace_column 10 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,max_questions,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='tu2';
# Testing connection
--connect(con1, localhost, tu2,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER u15@localhost,
u16@localhost IDENTIFIED WITH 'sha256_password',
u17@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
--replace_column 7 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,password_lifetime
FROM mysql.user WHERE USER='u15';
--replace_column 7 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,password_lifetime
FROM mysql.user WHERE USER='u16';
--replace_column 7 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,password_lifetime
FROM mysql.user WHERE USER='u17';
ALTER USER u15@localhost IDENTIFIED WITH 'sha256_password',
u16@localhost,
u17@localhost IDENTIFIED BY 'new_auth_string'
PASSWORD EXPIRE DEFAULT;
--replace_column 7 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,password_lifetime
FROM mysql.user WHERE USER='u15';
--replace_column 7 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,password_lifetime
FROM mysql.user WHERE USER='u16';
--replace_column 7 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,password_lifetime
FROM mysql.user WHERE USER='u17';
CREATE USER u18@localhost,
u19@localhost IDENTIFIED BY 'auth_string',
u20@localhost IDENTIFIED WITH 'sha256_password',
u21@localhost IDENTIFIED WITH 'sha256_password' BY '!Y_TOdh6)',
u22@localhost IDENTIFIED WITH 'sha256_password',
u23@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_&string'
REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2;
--replace_column 10 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER BETWEEN 'u18' AND 'u23' order by 1;
ALTER USER u18@localhost,
u19@localhost,
u20@localhost,
u21@localhost,
u22@localhost,
u23@localhost
REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2
PASSWORD EXPIRE NEVER;
--replace_column 10 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER BETWEEN 'u18' AND 'u23' order by 1;
DROP USER tu1@localhost,tu2@localhost,u1@localhost, u2@localhost, u3@localhost,
u4@localhost, u5@localhost,u6@localhost, u7@localhost, u8@localhost,
u9@localhost, u10@localhost,u11@localhost, u12@localhost, u13@localhost,
u14@localhost,u15@localhost, u16@localhost, u17@localhost, u18@localhost,
u19@localhost, u20@localhost, u21@localhost,u22@localhost,u23@localhost;
--echo # ALTER USER with current user
CREATE USER u1@localhost IDENTIFIED BY 'abc';
--connect(con1, localhost, u1, abc)
SELECT USER();
connection default;
ALTER USER u1@localhost PASSWORD EXPIRE;
disconnect con1;
--connect(con1, localhost, u1, abc)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
SET PASSWORD = 'def';
--disable_warnings
connection default;
disconnect con1;
--enable_warnings
--connect(con1, localhost, u1, def)
SELECT USER();
connection default;
ALTER USER u1@localhost PASSWORD EXPIRE;
disconnect con1;
--connect(con1, localhost, u1, def)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
# Password set to current user
--disable_ps_protocol
--error ER_PARSE_ERROR
ALTER USER IDENTIFIED BY 'npwd';
ALTER USER USER() IDENTIFIED BY 'abc';
--enable_ps_protocol
disconnect con1;
--connect(con1, localhost, u1, abc)
SELECT USER();
connection default;
ALTER USER u1@localhost PASSWORD EXPIRE;
disconnect con1;
--connect(con1, localhost, u1, abc)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
connection default;
ALTER USER u1@localhost IDENTIFIED BY 'def';
disconnect con1;
--connect(con1, localhost, u1, def)
SELECT USER();
connection default;
DROP USER u1@localhost;
disconnect con1;
--echo # ALTER USER with current user is allowed to set only credential information
CREATE USER u1@localhost, u2@localhost IDENTIFIED BY 'abc';
GRANT ALL ON *.* TO u2@localhost;
--connect(con1, localhost, u2, abc)
--error ER_PARSE_ERROR
ALTER USER USER() IDENTIFIED WITH 'sha256_password';
--error ER_PARSE_ERROR
ALTER USER USER() IDENTIFIED BY 'def', u2@localhost PASSWORD EXPIRE;
--error ER_PARSE_ERROR
ALTER USER USER() IDENTIFIED BY 'def' PASSWORD EXPIRE;
--error ER_PARSE_ERROR
ALTER USER ;
ALTER USER u2@localhost IDENTIFIED BY 'auth_string'
PASSWORD EXPIRE INTERVAL 45 DAY;
--replace_column 8 #
query_vertical SELECT User,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u2';
connection default;
disconnect con1;
DROP USER u1@localhost, u2@localhost;
# Wait till all disconnects are completed
--source include/wait_until_count_sessions.inc
--echo # SHOW CREATE USER
CREATE USER u1@localhost;
SHOW CREATE USER u1@localhost;
CREATE USER u2@localhost IDENTIFIED BY 'auth_string';
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u2@localhost;
--echo # DDL output for SHOW CREATE USER u2@localhost and recreating user
DROP USER u2@localhost;
CREATE USER 'u2'@'localhost' IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
REQUIRE NONE;
--connect(con1,localhost,u2,auth_string)
SELECT USER();
connection default;
disconnect con1;
--echo
CREATE USER u3@localhost IDENTIFIED WITH 'sha256_password';
SHOW CREATE USER u3@localhost;
ALTER USER u3@localhost IDENTIFIED BY 'auth_string';
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u3@localhost;
CREATE USER u4@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u4@localhost;
CREATE USER user1@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER user1@localhost;
--echo
CREATE USER user2@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER user2@localhost;
--echo
CREATE USER u5@localhost REQUIRE SSL;
SHOW CREATE USER u5@localhost;
ALTER USER u5@localhost REQUIRE X509;
--echo # SHOW CREATE USER after ALTER user attributes
SHOW CREATE USER u5@localhost;
CREATE USER u6@localhost IDENTIFIED BY 'auth_string'
REQUIRE X509 PASSWORD EXPIRE INTERVAL 5 DAY;
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u6@localhost;
ALTER USER u6@localhost IDENTIFIED BY 'auth_string'
REQUIRE X509 PASSWORD EXPIRE INTERVAL 19 DAY;
--echo # SHOW CREATE USER after ALTER user attributes
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u6@localhost;
--echo # Recreating user from SHOW CREATE output
DROP USER u6@localhost;
CREATE USER 'u6'@'localhost' IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
REQUIRE X509 PASSWORD EXPIRE INTERVAL 19 DAY;
CREATE USER u7@localhost IDENTIFIED WITH 'sha256_password'
REQUIRE CIPHER 'cipher';
SHOW CREATE USER u7@localhost;
CREATE USER u8@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE ISSUER 'issuer';
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u8@localhost;
CREATE USER u9@localhost REQUIRE SUBJECT 'sub';
SHOW CREATE USER u9@localhost;
CREATE USER u10@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE CIPHER "DHE-RSA-AES256-SHA" AND
SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u10@localhost;
ALTER USER u10@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE CIPHER "DHE-RSA-AES256-SHA" AND
SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
WITH MAX_CONNECTIONS_PER_HOUR 1000
MAX_USER_CONNECTIONS 20 MAX_QUERIES_PER_HOUR 60
MAX_UPDATES_PER_HOUR 100;
--echo # SHOW CREATE USER after ALTER user attributes
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u10@localhost;
CREATE USER u11@localhost WITH MAX_QUERIES_PER_HOUR 2;
SHOW CREATE USER u11@localhost;
CREATE USER u12@localhost IDENTIFIED BY 'auth_string'
WITH MAX_QUERIES_PER_HOUR 2;
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u12@localhost;
CREATE USER u13@localhost IDENTIFIED WITH 'sha256_password'
WITH MAX_CONNECTIONS_PER_HOUR 2;
SHOW CREATE USER u13@localhost;
CREATE USER u14@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
WITH MAX_USER_CONNECTIONS 2;
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u14@localhost;
CREATE USER u15@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
CIPHER 'cipher' WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2;
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u15@localhost;
ALTER USER u15@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
WITH MAX_CONNECTIONS_PER_HOUR 1000
MAX_USER_CONNECTIONS 20 MAX_QUERIES_PER_HOUR 60
MAX_UPDATES_PER_HOUR 100;
--echo # SHOW CREATE USER after ALTER user attributes
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u15@localhost;
--echo # Recreating user from SHOW CREATE output
DROP USER u15@localhost;
CREATE USER 'u15'@'localhost' IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
ISSUER '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA'
CIPHER 'cipher'
WITH MAX_QUERIES_PER_HOUR 60 MAX_UPDATES_PER_HOUR 100
MAX_CONNECTIONS_PER_HOUR 1000 MAX_USER_CONNECTIONS 20
PASSWORD EXPIRE DEFAULT;
DROP USER user1@localhost,u1@localhost, u2@localhost, u3@localhost, u4@localhost,
u5@localhost,u6@localhost, u7@localhost, u8@localhost, u9@localhost,
u10@localhost,u11@localhost, u12@localhost, u13@localhost,
u14@localhost,u15@localhost;
CREATE USER user1@localhost IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
WITH MAX_CONNECTIONS_PER_HOUR 1000 MAX_USER_CONNECTIONS 20
MAX_QUERIES_PER_HOUR 60 MAX_UPDATES_PER_HOUR 100;
--replace_column 3 #
query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_user_connections,
max_questions,max_updates,max_connections FROM mysql.user
WHERE USER='user1';
--echo
GRANT SELECT ON *.* TO user1@localhost;
GRANT SELECT,INSERT,UPDATE ON mysql.* TO user1@localhost;
--echo
SHOW GRANTS FOR user1@localhost;
--echo
REVOKE INSERT,UPDATE ON mysql.* FROM user1@localhost;
SHOW GRANTS FOR user1@localhost;
--echo
CREATE USER user3@localhost IDENTIFIED BY 'auth_string';
--echo # Cleanup
DROP USER user1@localhost,user2@localhost,user3@localhost;
--echo
--echo # SET PASSWORD Tests
--echo
CREATE USER user1@localhost IDENTIFIED BY 'auth_string';
CREATE USER user2@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string1';
SET PASSWORD FOR user1@localhost='auth_xyz@';
SET PASSWORD FOR user2@localhost='gd636@gj';
--echo
CREATE USER user4@localhost;
ALTER USER user4@localhost PASSWORD EXPIRE;
SET PASSWORD FOR user4@localhost='';
CREATE USER user3@localhost IDENTIFIED BY 'auth_string';
CREATE USER user5@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string1';
SET PASSWORD FOR user3@localhost='auth_abc';
GRANT SELECT ON *.* TO user3@localhost;
--connect(con1, localhost, user3, auth_abc)
SELECT USER();
SET PASSWORD='auth_xyz';
--replace_column 3 #
query_vertical SELECT user,plugin,ssl_type,password_expired,
password_lifetime FROM mysql.user where user='user3';
connection default;
disconnect con1;
--echo
SET PASSWORD FOR user4@localhost='auth_xyz';
--replace_column 3 #
query_vertical SELECT user,plugin,ssl_type,
password_expired,password_lifetime FROM mysql.user where user='user4';
--echo
SET PASSWORD FOR user5@localhost='auth_dhsga5';
--replace_column 3 #
query_vertical SELECT user,plugin,ssl_type,
password_expired,password_lifetime FROM mysql.user where user='user5';
# Resetting password with a non-ssl connection using mysqladmin,it should throw warning.
GRANT ALL ON *.* TO user4@localhost;
--exec $MYSQLADMIN --no-defaults -S $MASTER_MYSOCK -P $MASTER_MYPORT -uuser4 --password=auth_xyz password new_auth 2>&1
# Testing connection
--connect(con1, localhost, user4, new_auth)
SELECT USER();
connection default;
disconnect con1;
# With ssl connection
--exec $MYSQLADMIN --no-defaults -S $MASTER_MYSOCK -P $MASTER_MYPORT -uuser4 --password=new_auth password new_auth_ssl --ssl-mode=REQUIRED 2>&1
# Testing connection
--connect(con1, localhost, user4, new_auth_ssl)
SELECT USER();
--replace_column 3 #
query_vertical SELECT user,plugin,ssl_type,
password_expired,password_lifetime FROM mysql.user where user='user4';
connection default;
disconnect con1;
--echo
CREATE USER user6@localhost IDENTIFIED BY 'auth_string';
--replace_column 3 #
query_vertical SELECT user,plugin,
password_expired FROM mysql.user WHERE USER='user6';
ALTER USER user6@localhost IDENTIFIED WITH 'sha256_password';
--replace_column 3 #
query_vertical SELECT user,plugin,
password_expired FROM mysql.user WHERE USER='user6';
SET PASSWORD FOR user6@localhost='plaintext_password';
--replace_column 3 #
query_vertical SELECT user,plugin
FROM mysql.user WHERE USER='user6';
# Testing connection
--connect(con1, localhost, user6, 'plaintext_password',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
--echo
--echo # Cleanup
DROP USER user1@localhost,user2@localhost,user3@localhost,
user4@localhost,user5@localhost,user6@localhost;
# Write file to make mysql-test-run.pl wait for the server to stop
let $expect_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
--exec echo "wait" > $expect_file
# Request shutdown
--send_shutdown
# Call script that will poll the server waiting for it to disapear
--source include/wait_until_disconnected.inc
--echo # Restart server.
--exec echo "restart:" > $expect_file
# Turn on reconnect
--enable_reconnect
# Call script that will poll the server waiting for it to be back online again
--source include/wait_until_connected_again.inc
SHOW GLOBAL VARIABLES LIKE 'log_bin';
# Get rid of previous tests binlog
--disable_query_log
reset master;
--enable_query_log
CREATE USER u1 IDENTIFIED WITH 'mysql_native_password' BY 'azundris1';
CREATE USER user8@localhost IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF';
CREATE USER user1@localhost IDENTIFIED WITH 'sha256_password'
REQUIRE SSL;
CREATE USER user11@localhost IDENTIFIED WITH 'mysql_native_password'
PASSWORD EXPIRE NEVER ACCOUNT LOCK;
CREATE USER user12@localhost IDENTIFIED WITH 'sha256_password'
PASSWORD EXPIRE NEVER;
CREATE USER u2@localhost IDENTIFIED BY 'meow';
CREATE USER u10@localhost IDENTIFIED WITH 'sha256_password'
REQUIRE CIPHER "DHE-RSA-AES256-SHA" AND
SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2;
ALTER USER u10@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
REQUIRE SSL;
ALTER USER user11@localhost IDENTIFIED WITH 'sha256_password'
REQUIRE CIPHER "DHE-RSA-AES256-SHA" AND
SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
ALTER USER user12@localhost IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
ACCOUNT UNLOCK PASSWORD EXPIRE INTERVAL 90 DAY;
CREATE USER user13@localhost IDENTIFIED BY 'auth_string' ACCOUNT UNLOCK;
ALTER USER user13@localhost WITH MAX_QUERIES_PER_HOUR 22
MAX_USER_CONNECTIONS 4 ACCOUNT LOCK PASSWORD EXPIRE NEVER;
CREATE USER user14@localhost IDENTIFIED WITH 'mysql_native_password' AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
ACCOUNT LOCK;
CREATE USER user15@localhost IDENTIFIED WITH 'mysql_native_password' BY 'azundris1'
PASSWORD EXPIRE NEVER ACCOUNT UNLOCK;
ALTER USER user15@localhost PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
CREATE USER user16@localhost IDENTIFIED WITH 'mysql_native_password' AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
ACCOUNT LOCK PASSWORD EXPIRE NEVER;
ALTER USER user16@localhost PASSWORD EXPIRE INTERVAL 10 DAY ACCOUNT LOCK;
--connect(con1, localhost, u1, 'azundris1')
SELECT USER();
ALTER USER USER() IDENTIFIED BY 'new-auth';
connection default;
disconnect con1;
CREATE USER user10@localhost
IDENTIFIED WITH 'mysql_native_password' AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF';
--echo # Show binlog events
--let $mask_user_password_events= 1
--source include/show_binlog_events.inc
--let $mask_user_password_events= 0
# Cleanup
DROP USER user1@localhost,user8@localhost,user10@localhost,user11@localhost,
user12@localhost,user13@localhost,user14@localhost,user15@localhost,
user16@localhost,u10@localhost,u1,u2@localhost;
# Make sure we start with a clean slate. log_tables.test says this is OK.
TRUNCATE TABLE mysql.general_log;
--echo --------------- general log ---------------------------------------
SET @old_log_output= @@global.log_output;
SET @old_general_log= @@global.general_log;
SET @old_general_log_file= @@global.general_log_file;
let $general_file_off = $MYSQLTEST_VARDIR/log/create_or_alter_user.log;
--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
eval SET GLOBAL general_log_file = '$general_file_off';
SET GLOBAL log_output = 'FILE,TABLE';
SET GLOBAL general_log= 'ON';
CREATE USER u1 IDENTIFIED WITH 'mysql_native_password' BY 'azundris1';
CREATE USER user8@localhost IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF';
CREATE USER user1@localhost IDENTIFIED WITH 'sha256_password' REQUIRE SSL;
CREATE USER user11@localhost IDENTIFIED WITH 'mysql_native_password'
PASSWORD EXPIRE NEVER ACCOUNT LOCK;
CREATE USER user12@localhost IDENTIFIED WITH 'sha256_password'
PASSWORD EXPIRE NEVER;
CREATE USER u2@localhost IDENTIFIED BY 'meow';
CREATE USER u10@localhost IDENTIFIED WITH 'sha256_password'
REQUIRE CIPHER "DHE-RSA-AES256-SHA" AND
SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2;
ALTER USER u10@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
REQUIRE SSL;
ALTER USER user11@localhost IDENTIFIED WITH 'sha256_password'
REQUIRE CIPHER "DHE-RSA-AES256-SHA" AND
SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
ALTER USER user12@localhost IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
ACCOUNT UNLOCK PASSWORD EXPIRE INTERVAL 90 DAY;
CREATE USER user13@localhost IDENTIFIED BY 'auth_string' ACCOUNT UNLOCK;
ALTER USER user13@localhost WITH MAX_QUERIES_PER_HOUR 22
MAX_USER_CONNECTIONS 4 ACCOUNT LOCK PASSWORD EXPIRE NEVER;
CREATE USER user14@localhost IDENTIFIED WITH 'mysql_native_password' AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
ACCOUNT LOCK;
CREATE USER user15@localhost IDENTIFIED WITH 'mysql_native_password' BY 'azundris1'
PASSWORD EXPIRE NEVER ACCOUNT UNLOCK;
ALTER USER user15@localhost PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
CREATE USER user16@localhost IDENTIFIED WITH 'mysql_native_password' AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
ACCOUNT LOCK PASSWORD EXPIRE NEVER;
ALTER USER user16@localhost PASSWORD EXPIRE INTERVAL 10 DAY ACCOUNT LOCK;
--connect(con1, localhost, u1, 'azundris1')
SELECT USER();
ALTER USER USER() IDENTIFIED BY 'new-auth';
connection default;
disconnect con1;
CREATE USER user10@localhost IDENTIFIED WITH 'mysql_native_password' AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF';
--echo Show what is logged:
--echo ------ rewrite ------
SELECT argument FROM mysql.general_log WHERE argument LIKE 'CREATE USER %' AND
command_type NOT LIKE 'Prepare';
SELECT argument FROM mysql.general_log WHERE argument LIKE 'ALTER USER %' AND
command_type NOT LIKE 'Prepare';
SELECT argument FROM mysql.general_log WHERE argument LIKE 'SET PASSWORD %';
SELECT argument FROM mysql.general_log WHERE argument LIKE 'GRANT %'AND
command_type NOT LIKE 'Prepare';
--echo ------ done ------
# Cleanup
DROP USER user1@localhost,user8@localhost,user10@localhost,user11@localhost,
user12@localhost,user13@localhost,user14@localhost,user15@localhost,
user16@localhost,u10@localhost,u1,u2@localhost;
--remove_file $general_file_off
SET GLOBAL general_log_file= @old_general_log_file;
SET GLOBAL general_log= @old_general_log;
SET GLOBAL log_output= @old_log_output;
--echo
--echo Bug #20602525 ALTER USER DOES NOT VERIFY AUTH PLUGIN
--echo
CREATE USER u1;
--error ER_PLUGIN_IS_NOT_LOADED
ALTER USER u1 IDENTIFIED WITH 'invalid_plugin';
--error ER_PLUGIN_IS_NOT_LOADED
ALTER USER u1 IDENTIFIED WITH 'invalid_plugin' BY 'secret';
--error ER_PLUGIN_IS_NOT_LOADED
ALTER USER u1 IDENTIFIED WITH 'invalid_plugin' AS 'secret';
#cleanup
DROP USER u1;
--echo
--echo Bug #20364862 MYSQLADMIN PASSWORD AFFECTS EXTERNAL AUTH ACCOUNTS
--echo
connection default;
CREATE USER bug20364862_user@localhost IDENTIFIED WITH test_plugin_server AS 'bug20364862_dest';
CREATE USER bug20364862_dest@localhost IDENTIFIED BY 'dest_password';
GRANT PROXY ON bug20364862_dest@localhost TO bug20364862_user@localhost;
CREATE DATABASE db1;
GRANT ALL PRIVILEGES ON db1.* TO bug20364862_dest@localhost WITH GRANT OPTION;
# An unprivileged user trying to alter credentials through ALTER USER should get error
# if plugin puts restriction over who can alter credentials
--error 1
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u bug20364862_user --password=bug20364862_dest -e "ALTER USER USER() IDENTIFIED BY 'qa_test_2_dest';" 2>&1
# SET PASSWORD does not make any sense if mysql.user.authentication_string is
# not used as password store
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u bug20364862_user --password=bug20364862_dest -e "SET PASSWORD = 'qa_test_2_dest'; SHOW WARNINGS;" 2>&1
connection default;
# Make sure that previous SET PASSWORD didn't modify anything
SELECT USER, AUTHENTICATION_STRING FROM mysql.user WHERE user like 'bug20364862_user';
# Grant a user ability to update mysql.*
GRANT UPDATE ON mysql.* TO bug20364862_dest@localhost;
FLUSH PRIVILEGES;
# ALTER should work now
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u bug20364862_user --password=bug20364862_dest -e "ALTER USER USER() IDENTIFIED BY 'qa_test_2_dest'; ALTER USER USER() IDENTIFIED BY 'bug20364862_dest';" 2>&1
# SET PASSWORD should still show warning because we want to retain old behavior
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u bug20364862_user --password=bug20364862_dest -e "SET PASSWORD = 'qa_test_2_dest'; SHOW WARNINGS;" 2>&1
connection default;
# Make sure that previous SET PASSWORD didn't modify anything
SELECT USER, AUTHENTICATION_STRING FROM mysql.user WHERE user like 'bug20364862_user';
# Grant a user ability to create user
REVOKE UPDATE ON mysql.* FROM bug20364862_dest@localhost;
GRANT CREATE USER ON *.* TO bug20364862_dest@localhost;
FLUSH PRIVILEGES;
# ALTER should work now
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u bug20364862_user --password=bug20364862_dest -e "ALTER USER USER() IDENTIFIED BY 'qa_test_2_dest'; ALTER USER USER() IDENTIFIED BY 'bug20364862_dest';" 2>&1
# SET PASSWORD should still show warning because we want to retain old behavior
--exec $MYSQL $PLUGIN_AUTH_OPT -h localhost -P $MASTER_MYPORT -u bug20364862_user --password=bug20364862_dest -e "SET PASSWORD = 'qa_test_2_dest'; SHOW WARNINGS;" 2>&1
connection default;
# Make sure that previous SET PASSWORD didn't modify anything
SELECT USER, AUTHENTICATION_STRING FROM mysql.user WHERE user like 'bug20364862_user';
DROP DATABASE db1;
DROP USER bug20364862_user@localhost;
DROP USER bug20364862_dest@localhost;
--echo
--echo Bug #20625566 SHOW CREATE USER ALLOWS ACCESS TO OTHER USERS PASSWORD HASH
--echo
--echo # Restarting the server
# Write file to make mysql-test-run.pl wait for the server to stop
let $expect_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
--exec echo "wait" > $expect_file
# Request shutdown
--send_shutdown
# Call script that will poll the server waiting for it to disapear
--source include/wait_until_disconnected.inc
--echo # Restart server.
--exec echo "restart:" > $expect_file
# Turn on reconnect
--enable_reconnect
# Call script that will poll the server waiting for it to be back online again
--source include/wait_until_connected_again.inc
CREATE USER user1@localhost;
CREATE USER user1@47.9.9.9 IDENTIFIED BY 'pass1';
CREATE USER user2 IDENTIFIED BY 'pass2';
--echo # case1 without any privileges
--connect(con1, localhost, user1,)
SELECT USER(), CURRENT_USER();
SHOW CREATE USER user1@localhost;
--error ER_DBACCESS_DENIED_ERROR
SHOW CREATE USER user1@47.9.9.9;
--error ER_DBACCESS_DENIED_ERROR
SHOW CREATE USER user2;
--error ER_DBACCESS_DENIED_ERROR
SHOW CREATE USER invalid_user;
disconnect con1;
connection default;
--echo # case2 with SELECT privilege on mysql db
GRANT SELECT ON mysql.* TO user1@localhost;
--connect(con1, localhost, user1,)
SELECT USER(), CURRENT_USER();
SHOW CREATE USER user1@localhost;
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER user1@47.9.9.9;
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER user2;
--error ER_CANNOT_USER
SHOW CREATE USER invalid_user;
disconnect con1;
connection default;
--echo # case3 with all global privileges except SELECT
GRANT ALL ON *.* TO user1@localhost;
REVOKE SELECT ON *.* FROM user1@localhost;
REVOKE CREATE USER ON *.* FROM user1@localhost;
REVOKE SELECT ON mysql.* FROM user1@localhost;
SHOW GRANTS FOR user1@localhost;
--connect(con1, localhost, user1,)
SELECT USER(), CURRENT_USER();
SHOW CREATE USER user1@localhost;
--error ER_DBACCESS_DENIED_ERROR
SHOW CREATE USER user1@47.9.9.9;
disconnect con1;
connection default;
--echo # case4 with irrelevant privilege on mysql db
REVOKE ALL ON *.* FROM user1@localhost;
SHOW GRANTS FOR user1@localhost;
GRANT UPDATE ON mysql.* TO user1@localhost;
SHOW GRANTS FOR user1@localhost;
--connect(con1, localhost, user1,)
SELECT USER(), CURRENT_USER();
SHOW CREATE USER user1@localhost;
--error ER_DBACCESS_DENIED_ERROR
SHOW CREATE USER user1@47.9.9.9;
--error ER_DBACCESS_DENIED_ERROR
SHOW CREATE USER user2;
--error ER_DBACCESS_DENIED_ERROR
SHOW CREATE USER invalid_user;
disconnect con1;
connection default;
--echo # case4 test for proxy user
CREATE USER bug20625566_user@localhost IDENTIFIED WITH test_plugin_server
AS 'bug20625566_dest';
CREATE USER bug20625566_dest@localhost IDENTIFIED BY 'dest_password';
GRANT PROXY ON bug20625566_dest@localhost TO bug20625566_user@localhost;
--connect(con1, localhost, bug20625566_user,bug20625566_dest)
SELECT USER(), CURRENT_USER();
--error ER_DBACCESS_DENIED_ERROR
SHOW CREATE USER bug20625566_user@localhost;
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER bug20625566_dest@localhost;
disconnect con1;
connection default;
# cleanup
DROP USER user1@localhost, user1@47.9.9.9, user2,
bug20625566_user@localhost, bug20625566_dest@localhost;
Reference in New Issue View Git Blame Copy Permalink