803 lines
26 KiB
Plaintext
803 lines
26 KiB
Plaintext
--source include/no_valgrind_without_big.inc
|
||
--source include/have_plugin_auth.inc
|
||
--source include/mysql_upgrade_preparation.inc
|
||
|
||
CALL mtr.add_suppression("Plugin test_plugin_server reported: 'Wrong password supplied for plug_dest'");
|
||
|
||
# Official builds include separate debug enabled plugins to be used by
|
||
# the debug enabled server. But the non-debug *client* should not use them.
|
||
|
||
let PLUGIN_AUTH_OPT=`SELECT TRIM(TRAILING '/debug' FROM '$PLUGIN_AUTH_OPT')`;
|
||
|
||
query_vertical SELECT PLUGIN_STATUS, PLUGIN_TYPE, PLUGIN_DESCRIPTION
|
||
FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='test_plugin_server';
|
||
|
||
SET @old_log_output= @@global.log_output;
|
||
SET @old_general_log= @@global.general_log;
|
||
|
||
SET GLOBAL log_output = 'TABLE';
|
||
SET GLOBAL general_log= 'ON';
|
||
|
||
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
||
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
|
||
--echo ## test plugin auth
|
||
--disable_query_log
|
||
# This should fail, no grant
|
||
--error ER_ACCESS_DENIED_ERROR
|
||
connect(plug_con,localhost,plug,plug_dest);
|
||
--enable_query_log
|
||
|
||
GRANT PROXY ON plug_dest TO plug;
|
||
--echo test proxies_priv columns
|
||
--replace_column 1 xx 7 xx
|
||
SELECT * FROM mysql.proxies_priv WHERE user !='root';
|
||
--echo test mysql.proxies_priv;
|
||
SHOW CREATE TABLE mysql.proxies_priv;
|
||
|
||
connect(plug_con,localhost,plug,plug_dest);
|
||
|
||
connection plug_con;
|
||
select USER(),CURRENT_USER();
|
||
|
||
--echo ## test SET PASSWORD
|
||
#--error ER_SET_PASSWORD_AUTH_PLUGIN
|
||
--echo Setting password is allowed but it won't affect the authentication mechanism.
|
||
SET PASSWORD = 'plug_dest';
|
||
|
||
connection default;
|
||
disconnect plug_con;
|
||
|
||
--echo ## test bad credentials
|
||
--disable_query_log
|
||
--error ER_ACCESS_DENIED_ERROR
|
||
connect(plug_con,localhost,plug,bad_credentials);
|
||
--enable_query_log
|
||
|
||
--echo ## test bad default plugin : should get CR_AUTH_PLUGIN_CANNOT_LOAD
|
||
--disable_result_log
|
||
--disable_query_log
|
||
--error 2059
|
||
connect(plug_con_wrongp,localhost,plug,plug_dest,,,,,wrong_plugin_name);
|
||
--enable_query_log
|
||
--enable_result_log
|
||
|
||
--echo ## test correct default plugin
|
||
connect(plug_con_rightp,localhost,plug,plug_dest,,,,,auth_test_plugin);
|
||
connection plug_con_rightp;
|
||
select USER(),CURRENT_USER();
|
||
connection default;
|
||
disconnect plug_con_rightp;
|
||
|
||
--echo ## test utf-8 user name
|
||
CREATE USER `Ÿ` IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
|
||
GRANT PROXY ON plug_dest TO `Ÿ`;
|
||
|
||
connect(non_ascii,localhost,Ÿ,plug_dest);
|
||
connection non_ascii;
|
||
select USER(),CURRENT_USER();
|
||
|
||
connection default;
|
||
disconnect non_ascii;
|
||
DROP USER `Ÿ`;
|
||
CREATE DATABASE test_grant_db;
|
||
|
||
--error ER_PARSE_ERROR
|
||
REVOKE SELECT on test_grant_db.* FROM joro
|
||
INDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
|
||
--error ER_PARSE_ERROR
|
||
REVOKE SELECT on test_grant_db.* FROM joro
|
||
INDENTIFIED BY 'plug_dest_passwd';
|
||
|
||
--error ER_PARSE_ERROR
|
||
REVOKE SELECT on test_grant_db.* FROM joro
|
||
INDENTIFIED BY PASSWORD 'plug_dest_passwd';
|
||
|
||
DROP DATABASE test_grant_db;
|
||
|
||
--echo ## GRANT PROXY tests
|
||
|
||
# Test effect of variabled on the plugin tested here (WL#7724).
|
||
SELECT @@global.check_proxy_users;
|
||
SELECT @@global.mysql_native_password_proxy_users;
|
||
SELECT @@global.sha256_password_proxy_users;
|
||
|
||
SET @@global.check_proxy_users=ON;
|
||
SET @@global.mysql_native_password_proxy_users=ON;
|
||
SET @@global.sha256_password_proxy_users=ON;
|
||
|
||
|
||
CREATE USER grant_plug IDENTIFIED WITH 'test_plugin_server'
|
||
AS 'grant_plug_dest';
|
||
CREATE USER grant_plug_dest IDENTIFIED BY 'grant_plug_dest_passwd';
|
||
CREATE USER grant_plug_dest2 IDENTIFIED BY 'grant_plug_dest_passwd2';
|
||
|
||
--echo # ALL PRIVILEGES doesn't include PROXY
|
||
GRANT ALL PRIVILEGES ON *.* TO grant_plug;
|
||
REVOKE SYSTEM_USER ON *.* FROM grant_plug;
|
||
--disable_query_log
|
||
# This should fail, no grant
|
||
--error ER_ACCESS_DENIED_ERROR
|
||
connect(grant_plug_con,localhost,grant_plug,grant_plug_dest);
|
||
--enable_query_log
|
||
|
||
# This should fail, can't combine PROXY
|
||
--error ER_PARSE_ERROR
|
||
GRANT ALL PRIVILEGES,PROXY ON grant_plug_dest TO grant_plug;
|
||
|
||
--echo this should fail : can't combine PROXY
|
||
--error ER_PARSE_ERROR
|
||
GRANT ALL SELECT,PROXY ON grant_plug_dest TO grant_plug;
|
||
|
||
--echo # this should fail : no such grant
|
||
--error ER_NONEXISTING_GRANT
|
||
REVOKE PROXY ON grant_plug_dest FROM grant_plug;
|
||
|
||
connect(grant_plug_dest_con,localhost,grant_plug_dest,grant_plug_dest_passwd);
|
||
connection grant_plug_dest_con;
|
||
--echo in grant_plug_dest_con
|
||
|
||
--echo ## testing what an ordinary user can grant
|
||
--echo this should fail : no rights to grant all
|
||
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
|
||
GRANT PROXY ON ''@'' TO grant_plug;
|
||
|
||
--echo this should fail : not the same user
|
||
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
|
||
GRANT PROXY ON grant_plug TO grant_plug_dest;
|
||
|
||
# Security context in THD contains two pairs of (user,host)
|
||
# 1. (user,host) pair referring to inbound connection
|
||
# 2. (priv_user,priv_host) pair obtained from mysql.user table after doing
|
||
# authnetication of incoming connection.
|
||
# Granting/revoking proxy privileges, privileges should be checked wrt
|
||
# (priv_user, priv_host) tuple that is obtained from mysql.user table
|
||
# Following is a valid grant because effective user of connection is
|
||
# grant_plug_dest@% and statement is trying to grant proxy on the same
|
||
# user.
|
||
--echo This is a valid grant
|
||
GRANT PROXY ON grant_plug_dest TO grant_plug;
|
||
REVOKE PROXY ON grant_plug_dest FROM grant_plug;
|
||
|
||
--echo this should work : same user
|
||
GRANT PROXY ON grant_plug_dest TO grant_plug_dest2;
|
||
REVOKE PROXY ON grant_plug_dest FROM grant_plug_dest2;
|
||
|
||
# grant_plug_dest@localhost is not the same as grant_plug_dest@%
|
||
# so following grant/revoke should fail
|
||
--echo this should fail : not the same user
|
||
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
|
||
GRANT PROXY ON grant_plug_dest@localhost TO grant_plug WITH GRANT OPTION;
|
||
--echo this should fail : not the same user
|
||
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
|
||
REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug;
|
||
|
||
--echo this should fail : can't create users
|
||
--error ER_CANT_CREATE_USER_WITH_GRANT
|
||
GRANT PROXY ON grant_plug_dest TO grant_plug@localhost;
|
||
|
||
connection default;
|
||
--echo in default connection
|
||
disconnect grant_plug_dest_con;
|
||
|
||
--echo # test what root can grant
|
||
|
||
--echo should work : root has PROXY to all users
|
||
GRANT PROXY ON ''@'' TO grant_plug;
|
||
REVOKE PROXY ON ''@'' FROM grant_plug;
|
||
|
||
--echo should work : root has PROXY to all users
|
||
CREATE USER proxy_admin IDENTIFIED BY 'test';
|
||
GRANT PROXY ON ''@'' TO proxy_admin WITH GRANT OPTION;
|
||
|
||
--echo need USAGE : PROXY doesn't contain it.
|
||
GRANT USAGE on *.* TO proxy_admin;
|
||
|
||
connect (proxy_admin_con,localhost,proxy_admin,test);
|
||
connection proxy_admin_con;
|
||
--echo in proxy_admin_con;
|
||
|
||
--echo should work : proxy_admin has proxy to ''@''
|
||
GRANT PROXY ON future_user TO grant_plug;
|
||
|
||
connection default;
|
||
--echo in default connection
|
||
disconnect proxy_admin_con;
|
||
|
||
SHOW GRANTS FOR grant_plug;
|
||
REVOKE PROXY ON future_user FROM grant_plug;
|
||
SHOW GRANTS FOR grant_plug;
|
||
|
||
--echo ## testing drop user
|
||
CREATE USER test_drop@localhost;
|
||
GRANT PROXY ON future_user TO test_drop@localhost;
|
||
SHOW GRANTS FOR test_drop@localhost;
|
||
DROP USER test_drop@localhost;
|
||
SELECT * FROM mysql.proxies_priv WHERE Host = 'test_drop' AND User = 'localhost';
|
||
|
||
DROP USER proxy_admin;
|
||
|
||
DROP USER grant_plug,grant_plug_dest,grant_plug_dest2;
|
||
|
||
--echo ## END GRANT PROXY tests
|
||
|
||
--echo ## cleanup
|
||
DROP USER plug;
|
||
DROP USER plug_dest;
|
||
|
||
--echo ## @@proxy_user tests
|
||
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
||
GRANT PROXY ON plug_dest TO plug;
|
||
|
||
SELECT USER(),CURRENT_USER(),@@LOCAL.proxy_user;
|
||
|
||
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
SELECT @@GLOBAL.proxy_user;
|
||
SELECT @@LOCAL.proxy_user;
|
||
|
||
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
SET GLOBAL proxy_user = 'test';
|
||
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
SET LOCAL proxy_user = 'test';
|
||
SELECT @@LOCAL.proxy_user;
|
||
|
||
connect(plug_con,localhost,plug,plug_dest);
|
||
connection plug_con;
|
||
--echo # in connection plug_con
|
||
SELECT @@LOCAL.proxy_user;
|
||
connection default;
|
||
--echo # in connection default
|
||
disconnect plug_con;
|
||
|
||
SET @@global.check_proxy_users=0;
|
||
SET @@global.mysql_native_password_proxy_users=0;
|
||
SET @@global.sha256_password_proxy_users=0;
|
||
|
||
--echo ## cleanup
|
||
DROP USER plug;
|
||
DROP USER plug_dest;
|
||
--echo ## END @@proxy_user tests
|
||
|
||
--echo ## @@external_user tests
|
||
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
|
||
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
|
||
GRANT PROXY ON plug_dest TO plug;
|
||
SELECT USER(),CURRENT_USER(),@@LOCAL.external_user;
|
||
|
||
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
SELECT @@GLOBAL.external_user;
|
||
SELECT @@LOCAL.external_user;
|
||
|
||
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
SET GLOBAL external_user = 'test';
|
||
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
|
||
SET LOCAL external_user = 'test';
|
||
SELECT @@LOCAL.external_user;
|
||
|
||
connect(plug_con,localhost,plug,plug_dest);
|
||
connection plug_con;
|
||
--echo # in connection plug_con
|
||
SELECT @@LOCAL.external_user;
|
||
connection default;
|
||
--echo # in connection default
|
||
disconnect plug_con;
|
||
|
||
--echo WL#5706 -- show the above got logged/rewritten correctly
|
||
SELECT argument FROM mysql.general_log WHERE argument LIKE CONCAT('CREATE USER %') AND
|
||
command_type NOT LIKE 'Prepare';
|
||
|
||
--echo ## cleanup
|
||
DROP USER plug;
|
||
DROP USER plug_dest;
|
||
|
||
SET GLOBAL log_output= @old_log_output;
|
||
SET GLOBAL general_log= @old_general_log;
|
||
--echo ## END @@external_user tests
|
||
|
||
--echo #
|
||
--echo # Bug #56798 : Wrong credentials assigned when using a proxy user.
|
||
--echo #
|
||
|
||
CREATE USER power_user;
|
||
GRANT ALL PRIVILEGES ON *.* TO power_user;
|
||
CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'power_user';
|
||
GRANT USAGE ON anonymous_db.* TO ''@'';
|
||
GRANT PROXY ON power_user TO ''@'';
|
||
CREATE DATABASE confidential_db;
|
||
|
||
connect(plug_con,localhost, test_login_user, power_user, confidential_db);
|
||
SELECT user(),current_user(),@@proxy_user;
|
||
|
||
connection default;
|
||
disconnect plug_con;
|
||
|
||
DROP USER power_user;
|
||
DROP USER ''@'';
|
||
DROP DATABASE confidential_db;
|
||
|
||
--echo # Test case #2 (crash with double grant proxy)
|
||
|
||
CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user';
|
||
CREATE USER standard_user;
|
||
CREATE DATABASE shared;
|
||
GRANT ALL PRIVILEGES ON shared.* TO standard_user;
|
||
GRANT PROXY ON standard_user TO ''@'';
|
||
--echo #should not crash
|
||
GRANT PROXY ON standard_user TO ''@'';
|
||
|
||
DROP USER ''@'';
|
||
DROP USER standard_user;
|
||
DROP DATABASE shared;
|
||
|
||
--echo #
|
||
--echo # Bug#58139 : default-auth option not recognized in MySQL standard
|
||
--echo # command line clients
|
||
--echo #
|
||
|
||
--echo # Executing 'mysql'
|
||
--exec $MYSQL -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT --default-auth=auth_test_plugin $PLUGIN_AUTH_OPT -e "SELECT 1"
|
||
|
||
--echo # Executing 'mysqladmin'
|
||
--exec $MYSQLADMIN --no-defaults -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT --default-auth=auth_test_plugin $PLUGIN_AUTH_OPT ping
|
||
|
||
--echo # Executing 'mysqldump'
|
||
--exec $MYSQL_DUMP -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT --compact --default-auth=auth_test_plugin $PLUGIN_AUTH_OPT test
|
||
|
||
--echo #
|
||
--echo # Bug #59657: Move the client authentication_pam plugin into the
|
||
--echo # server repository
|
||
--echo #
|
||
|
||
CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
|
||
AS 'cleartext_test';
|
||
|
||
--echo ## test plugin auth
|
||
--disable_query_log
|
||
# This should fail, no grant
|
||
--error ER_ACCESS_DENIED_ERROR
|
||
connect(cleartext_fail_con,localhost,uplain,cleartext_test2,,,,CLEARTEXT);
|
||
--enable_query_log
|
||
|
||
connect(cleartext_con,localhost,uplain,cleartext_test,,,,CLEARTEXT);
|
||
connection cleartext_con;
|
||
select USER(),CURRENT_USER();
|
||
|
||
connection default;
|
||
disconnect cleartext_con;
|
||
DROP USER uplain@localhost;
|
||
|
||
--echo #
|
||
--echo # Bug #59038 : mysql.user.authentication_string column
|
||
--echo # causes configuration wizard to fail
|
||
|
||
INSERT INTO mysql.user(
|
||
Host,
|
||
User,
|
||
Select_priv,
|
||
Insert_priv,
|
||
Update_priv,
|
||
Delete_priv,
|
||
Create_priv,
|
||
Drop_priv,
|
||
Reload_priv,
|
||
Shutdown_priv,
|
||
Process_priv,
|
||
File_priv,
|
||
Grant_priv,
|
||
References_priv,
|
||
Index_priv,
|
||
Alter_priv,
|
||
Show_db_priv,
|
||
Super_priv,
|
||
Create_tmp_table_priv,
|
||
Lock_tables_priv,
|
||
Execute_priv,
|
||
Repl_slave_priv,
|
||
Repl_client_priv,
|
||
/*!50001
|
||
Create_view_priv,
|
||
Show_view_priv,
|
||
Create_routine_priv,
|
||
Alter_routine_priv,
|
||
Create_user_priv,
|
||
*/
|
||
ssl_type,
|
||
ssl_cipher,
|
||
x509_issuer,
|
||
x509_subject,
|
||
max_questions,
|
||
max_updates,
|
||
max_connections)
|
||
VALUES (
|
||
'localhost',
|
||
'inserttest',
|
||
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y',
|
||
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y',
|
||
/*!50001 'Y', 'Y', 'Y', 'Y', 'Y', */'', '', '', '', '0', '0', '0');
|
||
FLUSH PRIVILEGES;
|
||
DROP USER inserttest@localhost;
|
||
SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE
|
||
COLUMN_NAME IN ('authentication_string', 'plugin') AND
|
||
TABLE_NAME='user' AND
|
||
TABLE_SCHEMA='mysql'
|
||
ORDER BY COLUMN_NAME;
|
||
|
||
|
||
--echo #
|
||
--echo # Bug #11936829: diff. between mysql.user (authentication_string)
|
||
--echo # in fresh and upgraded 5.5.11
|
||
--echo #
|
||
|
||
SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
|
||
WHERE TABLE_SCHEMA= 'mysql' AND TABLE_NAME= 'user' AND
|
||
COLUMN_NAME IN ('plugin', 'authentication_string')
|
||
ORDER BY COLUMN_NAME;
|
||
ALTER TABLE mysql.user MODIFY plugin char(64) DEFAULT '' NOT NULL;
|
||
ALTER TABLE mysql.user MODIFY authentication_string TEXT NOT NULL;
|
||
|
||
--echo Run mysql_upgrade on a 5.5.10 external authentication column layout
|
||
# Filter out ndb_binlog_index to mask differences due to running with or
|
||
# without ndb. Always report check-for-upgrade status as OK, as it depends
|
||
# on the order in which tests are run.
|
||
--let $restart_parameters = restart:--upgrade=FORCE
|
||
--let $wait_counter= 10000
|
||
--source include/restart_mysqld.inc
|
||
|
||
SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
|
||
WHERE TABLE_SCHEMA= 'mysql' AND TABLE_NAME= 'user' AND
|
||
COLUMN_NAME IN ('plugin', 'authentication_string')
|
||
ORDER BY COLUMN_NAME;
|
||
|
||
--echo #
|
||
--echo # Bug #12610784: SET PASSWORD INCORRECTLY KEEP AN OLD EMPTY PASSWORD
|
||
--echo #
|
||
|
||
CREATE USER bug12610784@localhost;
|
||
SET PASSWORD FOR bug12610784@localhost = 'secret';
|
||
--disable_query_log
|
||
--error ER_ACCESS_DENIED_ERROR
|
||
connect(b12610784,localhost,bug12610784,,test);
|
||
--enable_query_log
|
||
connect(b12610784,localhost,bug12610784,secret,test);
|
||
connection default;
|
||
disconnect b12610784;
|
||
DROP USER bug12610784@localhost;
|
||
|
||
--echo #
|
||
--echo # Bug # 11766641: 59792: BIN/MYSQL -UUNKNOWN -PUNKNOWN
|
||
--echo # .-> USING PASSWORD: NO
|
||
|
||
--echo # should contain "using password=yes"
|
||
--error 1
|
||
--exec $MYSQL -uunknown -punknown --ssl-mode=REQUIRED 2>&1
|
||
|
||
--echo # should contain "using password=no"
|
||
--error 1
|
||
--exec $MYSQL -uunknown --ssl-mode=REQUIRED 2>&1
|
||
|
||
--echo #
|
||
--echo # Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM
|
||
--echo # AUTHENTICATION SETTINGS
|
||
--echo #
|
||
|
||
CREATE USER bug12818542@localhost
|
||
IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
|
||
CREATE USER bug12818542_dest@localhost
|
||
IDENTIFIED BY 'bug12818542_dest_passwd';
|
||
GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
|
||
|
||
connect(bug12818542_con,localhost,bug12818542,bug12818542_dest);
|
||
connection bug12818542_con;
|
||
SELECT USER(),CURRENT_USER();
|
||
|
||
SET PASSWORD = 'bruhaha';
|
||
|
||
connection default;
|
||
disconnect bug12818542_con;
|
||
|
||
connect(bug12818542_con2,localhost,bug12818542,bug12818542_dest);
|
||
connection bug12818542_con2;
|
||
SELECT USER(),CURRENT_USER();
|
||
|
||
connection default;
|
||
disconnect bug12818542_con2;
|
||
|
||
DROP USER bug12818542@localhost;
|
||
DROP USER bug12818542_dest@localhost;
|
||
|
||
--echo #
|
||
--echo # Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM
|
||
--echo # AUTHENTICATION SETTINGS
|
||
--echo #
|
||
|
||
CREATE USER bug12818542@localhost
|
||
IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
|
||
CREATE USER bug12818542_dest@localhost
|
||
IDENTIFIED BY 'bug12818542_dest_passwd';
|
||
GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
|
||
|
||
connect(bug12818542_con,localhost,bug12818542,bug12818542_dest);
|
||
connection bug12818542_con;
|
||
SELECT USER(),CURRENT_USER();
|
||
|
||
SET PASSWORD = 'bruhaha';
|
||
|
||
connection default;
|
||
disconnect bug12818542_con;
|
||
|
||
connect(bug12818542_con2,localhost,bug12818542,bug12818542_dest);
|
||
connection bug12818542_con2;
|
||
SELECT USER(),CURRENT_USER();
|
||
|
||
connection default;
|
||
disconnect bug12818542_con2;
|
||
|
||
DROP USER bug12818542@localhost;
|
||
DROP USER bug12818542_dest@localhost;
|
||
|
||
|
||
--echo End of 5.5 tests
|
||
|
||
--echo #
|
||
--echo # Bug #18057562: PROXY USERS LOCKED OUT WHEN UNDERLYING PROXIED USER
|
||
--echo # PASSWORD IS EXPIRED
|
||
--echo #
|
||
|
||
--echo # Restart server with disconnect_on_expired_password OFF;
|
||
|
||
--let $restart_parameters=restart:--disconnect_on_expired_password=0
|
||
--let $shutdown_server_timeout= 300
|
||
--source include/restart_mysqld.inc
|
||
|
||
CREATE USER 'empl_external'@'localhost' IDENTIFIED WITH test_plugin_server AS 'employee';
|
||
CREATE USER 'employee'@'localhost' IDENTIFIED BY 'passkey';
|
||
GRANT PROXY ON 'employee'@'localhost' TO 'empl_external'@'localhost';
|
||
|
||
--echo # Expiring the proxied user's password
|
||
ALTER USER employee@localhost PASSWORD EXPIRE;
|
||
|
||
--echo # Connecting with the proxied user and executing a query after the
|
||
--echo # proxied user's password is expired
|
||
--error 1, ER_MUST_CHANGE_PASSWORD
|
||
--exec $MYSQL -S $MASTER_MYSOCK -u employee --password=passkey -e "SELECT current_user();SELECT user();" 2>&1
|
||
|
||
--echo # Connecting with the proxy user and executing a query after the proxied
|
||
--echo # user's password is expired. Here we are not supposed to get error.
|
||
--exec $MYSQL -S $MASTER_MYSOCK -u empl_external $PLUGIN_AUTH_OPT --password=employee -e "SELECT current_user();SELECT user();" 2>&1
|
||
|
||
#Cleanup
|
||
DROP USER 'empl_external'@'localhost', 'employee'@'localhost';
|
||
|
||
--source include/mysql_upgrade_cleanup.inc
|
||
|
||
--echo #
|
||
--echo # Bug #20537246: SERVER CRASH WHILE CONNECTING WITH CLEARTEXT-PLUGIN
|
||
--echo # USER WITH BLANK PWD
|
||
--echo #
|
||
|
||
CREATE USER bug20537246@localhost
|
||
IDENTIFIED WITH 'cleartext_plugin_server' AS '';
|
||
|
||
--echo ## test connection
|
||
connect(cleartext_con,localhost,bug20537246,,,,,CLEARTEXT);
|
||
select USER(),CURRENT_USER();
|
||
|
||
connection default;
|
||
disconnect cleartext_con;
|
||
DROP USER bug20537246@localhost;
|
||
|
||
--echo #
|
||
--echo # Bug #20599280 PASSWORD EXPIRED FLAG SET FOR PROXY USER SESSION WHEN
|
||
--echo # IT SET FOR PROXIED USER
|
||
--echo #
|
||
|
||
CREATE USER 'empl_external'@'localhost' IDENTIFIED WITH test_plugin_server AS 'employee';
|
||
CREATE USER 'employee'@'localhost' IDENTIFIED BY 'passkey';
|
||
GRANT ALL ON *.* TO 'employee'@'localhost';
|
||
GRANT PROXY ON 'employee'@'localhost' TO 'empl_external'@'localhost';
|
||
|
||
connect(plugin_con, localhost, empl_external, employee);
|
||
SELECT USER(), CURRENT_USER, @@PROXY_USER;
|
||
ALTER USER 'employee'@'localhost' PASSWORD EXPIRE;
|
||
SELECT USER(), CURRENT_USER, @@PROXY_USER;
|
||
disconnect plugin_con;
|
||
|
||
connect(plugin_con, localhost, empl_external, employee);
|
||
SELECT USER(), CURRENT_USER, @@PROXY_USER;
|
||
disconnect plugin_con;
|
||
|
||
connect(plugin_con, localhost, employee, passkey);
|
||
--error ER_MUST_CHANGE_PASSWORD
|
||
SELECT USER(), CURRENT_USER, @@PROXY_USER;
|
||
disconnect plugin_con;
|
||
|
||
connection default;
|
||
DROP USER 'employee'@'localhost', 'empl_external'@'localhost';
|
||
|
||
--echo #
|
||
--echo # WL#2284: Increase the length of a user name
|
||
--echo #
|
||
|
||
--echo # Testing 32 proxy users
|
||
|
||
CREATE USER user_name_len_22_01234 IDENTIFIED WITH 'test_plugin_server' AS 'user_name_len_22_0dest';
|
||
CREATE USER user_name_len_22_0dest IDENTIFIED BY 'plug_dest_passwd';
|
||
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
|
||
--echo ## test plugin auth
|
||
--disable_query_log
|
||
# This should fail, no grant
|
||
--error ER_ACCESS_DENIED_ERROR
|
||
connect(plug_user22,localhost,user_name_len_22_01234,user_name_len_22_0dest);
|
||
--enable_query_log
|
||
|
||
GRANT PROXY ON user_name_len_22_0dest TO user_name_len_22_01234;
|
||
--echo test proxies_priv columns
|
||
--replace_column 1 xx 7 xx
|
||
SELECT * FROM mysql.proxies_priv WHERE user !='root';
|
||
--echo test mysql.proxies_priv;
|
||
SHOW CREATE TABLE mysql.proxies_priv;
|
||
|
||
connect(plug_user22,localhost,user_name_len_22_01234,user_name_len_22_0dest);
|
||
|
||
connection plug_user22;
|
||
SELECT USER(),CURRENT_USER();
|
||
connection default;
|
||
|
||
--character_set utf8
|
||
SET NAMES utf8;
|
||
|
||
# 32 characters user name
|
||
CREATE USER очень_очень_очень_длинный_юзер__ IDENTIFIED WITH 'test_plugin_server' AS 'очень_очень_очень_длинный_дест__';
|
||
CREATE USER очень_очень_очень_длинный_дест__ IDENTIFIED BY 'plug_dest_passwd';
|
||
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
|
||
--echo ## test plugin auth
|
||
--disable_query_log
|
||
# This should fail, no grant
|
||
--error ER_ACCESS_DENIED_ERROR
|
||
connect(plug_user32,localhost,очень_очень_очень_длинный_юзер__,очень_очень_очень_длинный_дест__);
|
||
--enable_query_log
|
||
|
||
GRANT PROXY ON очень_очень_очень_длинный_дест__ TO очень_очень_очень_длинный_юзер__;
|
||
--echo test proxies_priv columns
|
||
--replace_column 1 xx 7 xx
|
||
SELECT * FROM mysql.proxies_priv WHERE user !='root';
|
||
--echo test mysql.proxies_priv;
|
||
SHOW CREATE TABLE mysql.proxies_priv;
|
||
|
||
connect(plug_user32,localhost,очень_очень_очень_длинный_юзер__,очень_очень_очень_длинный_дест__);
|
||
|
||
connection plug_user32;
|
||
SELECT USER(),CURRENT_USER();
|
||
connection default;
|
||
|
||
--echo # Testing 32 proxy users cleanup
|
||
|
||
disconnect plug_user22;
|
||
disconnect plug_user32;
|
||
DROP USER user_name_len_22_01234;
|
||
DROP USER user_name_len_22_0dest;
|
||
DROP USER очень_очень_очень_длинный_юзер__;
|
||
DROP USER очень_очень_очень_длинный_дест__;
|
||
SET NAMES default;
|
||
|
||
--echo # Testing 32 users with different authentication plugins
|
||
|
||
CREATE USER user_name_len_22_01234@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
|
||
--connect(con_user22_sha,localhost, user_name_len_22_01234,'auth_string',,,,SSL)
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user22_sha
|
||
DROP USER user_name_len_22_01234@localhost;
|
||
|
||
CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
|
||
--connect(con_user32_native,localhost, user_name_len_32_012345678901234,'auth_string')
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user32_native
|
||
DROP USER user_name_len_32_012345678901234@localhost;
|
||
|
||
CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string';
|
||
--connect(con_user32_cleartext,localhost, user_name_len_32_012345678901234,'auth_string',,,,CLEARTEXT)
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user32_cleartext
|
||
DROP USER user_name_len_32_012345678901234@localhost;
|
||
|
||
--connection default
|
||
|
||
--echo # Testing 32 users with different authentication plugins WITH REQUIRE SSL
|
||
|
||
CREATE USER user_name_len_22_01234@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string' REQUIRE SSL;
|
||
--connect(con_user22_sha,localhost, user_name_len_22_01234,'auth_string',,,,SSL)
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user22_sha
|
||
DROP USER user_name_len_22_01234@localhost;
|
||
|
||
CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string' REQUIRE SSL;
|
||
--connect(con_user32_native,localhost, user_name_len_32_012345678901234,'auth_string',,,,SSL)
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user32_native
|
||
DROP USER user_name_len_32_012345678901234@localhost;
|
||
|
||
CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string' REQUIRE SSL;
|
||
--connect(con_user32_cleartext,localhost, user_name_len_32_012345678901234,'auth_string',,,,SSL CLEARTEXT)
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user32_cleartext
|
||
DROP USER user_name_len_32_012345678901234@localhost;
|
||
|
||
--echo # Testing 32 utf users with different authentication plugins
|
||
|
||
--character_set utf8
|
||
SET NAMES utf8;
|
||
|
||
# 32 characters user name
|
||
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
|
||
--connect(con_user32_utf_sha,localhost, очень_очень_очень_длинный_юзер__,'auth_string',,,,SSL)
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user32_utf_sha
|
||
DROP USER очень_очень_очень_длинный_юзер__@localhost;
|
||
|
||
# 32 characters user name
|
||
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
|
||
--connect(con_user32_utf_native,localhost, очень_очень_очень_длинный_юзер__,'auth_string')
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user32_utf_native
|
||
DROP USER очень_очень_очень_длинный_юзер__@localhost;
|
||
|
||
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string';
|
||
--connect(con_user32_utf_cleartext,localhost, очень_очень_очень_длинный_юзер__,'auth_string',,,,CLEARTEXT)
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user32_utf_cleartext
|
||
DROP USER очень_очень_очень_длинный_юзер__@localhost;
|
||
|
||
--connection default
|
||
|
||
--echo # Testing 32 utf users with different authentication plugins WITH REQUIRE SSL
|
||
|
||
# 32 characters user name
|
||
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string' REQUIRE SSL;
|
||
--connect(con_user32_utf_sha,localhost, очень_очень_очень_длинный_юзер__,'auth_string',,,,SSL)
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user32_utf_sha
|
||
DROP USER очень_очень_очень_длинный_юзер__@localhost;
|
||
|
||
# 32 characters user name
|
||
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string' REQUIRE SSL;
|
||
--connect(con_user32_utf_native,localhost, очень_очень_очень_длинный_юзер__,'auth_string',,,,SSL)
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user32_utf_native
|
||
DROP USER очень_очень_очень_длинный_юзер__@localhost;
|
||
|
||
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string' REQUIRE SSL;
|
||
--connect(con_user32_utf_cleartext,localhost, очень_очень_очень_длинный_юзер__,'auth_string',,,,SSL CLEARTEXT)
|
||
SELECT CURRENT_USER();
|
||
|
||
--connection default
|
||
--disconnect con_user32_utf_cleartext
|
||
DROP USER очень_очень_очень_длинный_юзер__@localhost;
|
||
|
||
--connection default
|
||
SET NAMES default;
|