78 lines
3.2 KiB
Plaintext
78 lines
3.2 KiB
Plaintext
|
|
set @orig_sql_mode_session= @@SESSION.sql_mode;
|
|
set @orig_sql_mode_global= @@GLOBAL.sql_mode;
|
|
|
|
CREATE USER 'kristofer';
|
|
ALTER USER 'kristofer' IDENTIFIED BY 'secret';
|
|
SELECT user, plugin FROM mysql.user ORDER BY user;
|
|
connect(con1,localhost,kristofer,secret,,,,SSL);
|
|
connection con1;
|
|
SELECT USER(),CURRENT_USER();
|
|
connection default;
|
|
disconnect con1;
|
|
DROP USER 'kristofer';
|
|
|
|
CREATE USER 'kristofer'@'localhost' IDENTIFIED WITH 'sha256_password';
|
|
CREATE USER 'kristofer2'@'localhost' IDENTIFIED WITH 'sha256_password';
|
|
ALTER USER 'kristofer'@'localhost' IDENTIFIED BY 'secret2';
|
|
ALTER USER 'kristofer2'@'localhost' IDENTIFIED BY 'secret2';
|
|
connect(con2,localhost,kristofer,secret2,,,,SSL);
|
|
connection con2;
|
|
SELECT USER(),CURRENT_USER();
|
|
SHOW GRANTS FOR 'kristofer'@'localhost';
|
|
|
|
--echo Change user (should succeed)
|
|
change_user kristofer2,secret2;
|
|
SELECT USER(),CURRENT_USER();
|
|
|
|
connection default;
|
|
disconnect con2;
|
|
--echo **** Client default_auth=sha_256_password and server default auth=sha256_password
|
|
# Why using sha256_password requires --ssl=1 ?
|
|
# The current client library can't know if SSL was attempted or not
|
|
# when the default client auth is switched and hence it will only report
|
|
# that the connection is unencrypted forcing the client to ask for RSA keys.
|
|
# However, it is possible to inform the client library to enforce SSL using
|
|
# MYSQL_OPT_ENFORCE_SSL (or --ssl=1) and this will be enough for the
|
|
# sha256_password plugin to safely assume a secure connection despite it hasn't
|
|
# really been established yet.
|
|
--exec $MYSQL -ukristofer -psecret2 --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-mode=VERIFY_CA -e "select user(), current_user()"
|
|
--echo **** Client default_auth=native and server default auth=sha256_password
|
|
--exec $MYSQL -ukristofer -psecret2 --default_auth=mysql_native_password --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "select user(), current_user()"
|
|
|
|
DROP USER 'kristofer'@'localhost';
|
|
DROP USER 'kristofer2'@'localhost';
|
|
|
|
CREATE USER 'kristofer'@'localhost';
|
|
ALTER USER 'kristofer'@'localhost' IDENTIFIED BY '';
|
|
connect(con3,localhost,kristofer,,,,,SSL);
|
|
connection con3;
|
|
SELECT USER(),CURRENT_USER();
|
|
SHOW GRANTS FOR 'kristofer'@'localhost';
|
|
connection default;
|
|
disconnect con3;
|
|
DROP USER 'kristofer'@'localhost';
|
|
|
|
CREATE USER 'kristofer'@'33.33.33.33';
|
|
ALTER USER 'kristofer'@'33.33.33.33' IDENTIFIED BY '';
|
|
--echo Connection should fail for localhost
|
|
--replace_result $MASTER_MYSOCK MASTER_MYSOCK
|
|
--disable_query_log
|
|
--error ER_ACCESS_DENIED_ERROR
|
|
connect(con4,127.0.0.1,kristofer,,,,,SSL);
|
|
--enable_query_log
|
|
DROP USER 'kristofer'@'33.33.33.33';
|
|
|
|
CREATE USER 'kristofer'@'localhost' IDENTIFIED BY 'awesomeness';
|
|
connect(con3,localhost,kristofer,awesomeness,,,,SSL);
|
|
connection con3;
|
|
SELECT USER(),CURRENT_USER();
|
|
SHOW GRANTS FOR 'kristofer'@'localhost';
|
|
connection default;
|
|
disconnect con3;
|
|
ALTER USER 'kristofer'@'localhost' IDENTIFIED BY '';
|
|
DROP USER 'kristofer'@'localhost';
|
|
|
|
set GLOBAL sql_mode= @orig_sql_mode_global;
|
|
set SESSION sql_mode= @orig_sql_mode_session;
|