config root man

Current Path : /home/usr.opt/mysql57/mysql-test/suite/auth_sec/t/

FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64
Upload File :
Current File : //home/usr.opt/mysql57/mysql-test/suite/auth_sec/t/password_expired.test

###############################################################################
#                                                                             #
# Password expiry scenarios catering to all the authentication plugin         #
# and handled by the flag "password_expired" in the mysql.user table          #
#                                                                             #
#                                                                             #
#                                                                             #
# Creation Date: 2012-12-28                                                   #
# Author : Tanjot Singh Uppal                                                 #
#                                                                             #
#                                                                             #
# Description:Test Cases of password expiry validated the access to the       # 
# users under scenarios with expired password.                                #
#                                                                             #
###############################################################################

--source include/not_embedded.inc
--source include/have_ssl.inc
--source include/have_sha256_rsa_auth.inc
--source include/mysql_upgrade_preparation.inc

# This test will intentionally generate errors in the server error log
# when a broken password is inserted into the mysql.user table.
# The below suppression is to clear those errors.

--disable_query_log
call mtr.add_suppression(".*Password salt for user.*");
--enable_query_log

## By default the server is started with the mysql_native_password plugin.

--echo
--echo 
--echo =======================================================================================
--echo Checking the password expiry with the users created with all 3 plugable authentication
--echo =======================================================================================
--echo

## Creating a user with respect to all the 2 password authentication plugin

--echo Creating a user with respect to all the 2 password authentication plugin


# User with mysql_native_password plugin
--echo **** Creating user with mysql_native_password plugin

CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED BY 'abc';


# User with sha256_password plugin
--echo **** Creating user with sha256_password plugin

CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password';
SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc';


## Validating the plugin assigned for the above 2 users in the user table

--echo **** Validating the plugin names

select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password';
--echo 1 Expected

select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password';
--echo 1 Expected


## Validating the password expiry flag in the mysql.user table

--echo **** Validating the password expiry flag in the mysql.user table


select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected 


## Expirying password from user login for the 2 created users

--echo **** Expirying password from root login for the 2 created users


--disable_warnings
connect(con1,localhost,Tanjotuser1,abc,,);
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
Alter user 'Tanjotuser1'@'localhost' password expire;
select 1;
--echo 1 Expected
--enable_warnings


--disable_warnings
connect(con3,localhost,Tanjotuser3,abc,,);
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
Alter user 'Tanjotuser3'@'localhost' password expire;
select 1;
--echo 1 Expected
--enable_warnings



## The password expiry flag in the mysql.user table should not be altered

--echo **** Validating the password expiry flag in the mysql.user table should not be altered

connection default;

select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected 



## These 2 users still should be able to login and work properly

--echo **** These 2 users still should be able to login and work properly

--disable_warnings
connect(con4,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected

connect(con6,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected

--enable_warnings

## Disconnecting the last 2 connections

disconnect con4;
disconnect con6;

## Expirying password from root login for the 2 created users using Alter user

--echo **** Expirying password from root login for the 2 created users using Alter user

connection default;

Alter user 'Tanjotuser1'@'localhost' password expire;

Alter user 'Tanjotuser3'@'localhost' password expire;


## Validating the password expiry flag in the mysql.user table

--echo **** Validating the password expiry flag in the mysql.user table


select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='Y';
--echo 1 Expected

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='Y';
--echo 1 Expected 


## checking user access after password expiry

--echo **** checking user access after password expiry

--disable_warnings

connect(con7,localhost,Tanjotuser1,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;


connect(con9,localhost,Tanjotuser3,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;

--enable_warnings


## At the same time the open sessions for these users should able to work properly 

--echo At the same time the open sessions for these users should able to work properly.

connection con1;

select 1;
--echo 1 Expected


connection con3;

select 1;
--echo 1 Expected


## setting passwords from the new connections.

--echo setting passwords from the new connections.

connection con7;


--error ER_MUST_CHANGE_PASSWORD
select 1;

set password='abcd';

select 1;
--echo 1 Expected

connection default;

select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected


connection con9;

--error ER_MUST_CHANGE_PASSWORD
select 1;

set password='abcd';

select 1;
--echo 1 Expected

connection default;

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected



## logging the 2 users with the new passwords

--echo **** logging the 2 users with the new passwords


--disable_warnings

connect(con10,localhost,Tanjotuser1,abcd,,);
select 1;
--echo 1 Expected

connect(con12,localhost,Tanjotuser3,abcd,,);
select 1;
--echo 1 Expected

--enable_warnings


## Disconnecting the open sessions and dropping the created users.

connection default;

--echo Disconnecting the open sessions and dropping the created users

disconnect con1;
disconnect con3;

disconnect con7;
disconnect con9;

disconnect con10;
disconnect con12;

drop user 'Tanjotuser1'@'localhost';
drop user 'Tanjotuser3'@'localhost';


--echo
--echo 
--echo =======================================================================================
--echo Checking the password expiry using the update command on mysql.user table
--echo =======================================================================================
--echo


## Creating a user with respect to all the 2 password authentication plugin

--echo Creating a user with respect to all the 2 password authentication plugin

connection default;

# User with mysql_native_password plugin
--echo **** Creating user with mysql_native_password plugin

CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED BY 'abc';


# User with sha256_password plugin
--echo **** Creating user with sha256_password plugin

CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password';
SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc';


## Validating the plugin assigned for the above 2 users in the user table

--echo **** Validating the plugin names

select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password';
--echo 1 Expected

select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password';
--echo 1 Expected


## Validating the password expiry flag in the mysql.user table

--echo **** Validating the password expiry flag in the mysql.user table


select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected 


## Making connections from each of these created users

--echo **** Making connections from each of these created users

--disable_warnings

connect(con13,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected

connect(con15,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected

--enable_warnings



## Expirying password from user login for the 2 created users using update command

--echo **** Expirying password from root login for the 2 created users using update command

connection default;

update mysql.user set password_expired='Y' where User='Tanjotuser1' and Host='localhost';

update mysql.user set password_expired='Y' where User='Tanjotuser3' and Host='localhost';


## connecting client before flush privileges

--echo **** connecting client before flush privileges

--disable_warnings

connect(con16,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected

connect(con18,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected

--enable_warnings


## flush privileges

--echo **** flush privileges

connection default;
flush privileges;


## connecting client after flush privileges

--echo **** connecting client after flush privileges

--disable_warnings

connect(con19,localhost,Tanjotuser1,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;

connect(con21,localhost,Tanjotuser3,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;

--enable_warnings


## checking the previous open connections

--echo **** checking the previous open connections


connection con13;
select 1;
--echo 1 Expected

connection con15;
select 1;
--echo 1 Expected


## Resetting the password

--echo **** Resetting the password

connection con16;

select 1;
--echo 1 Expected

set password='abcd';

select 1;
--echo 1 Expected

connection default;

select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected


connection con18;


select 1;
--echo 1 Expected

set password='abcd';

select 1;
--echo 1 Expected

connection default;

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected


## Logging with the new password

--echo **** Logging with the new password


--disable_warnings

connect(con22,localhost,Tanjotuser1,abcd,,);

select 1;
--echo 1 Expected

connect(con24,localhost,Tanjotuser3,abcd,,);

select 1;
--echo 1 Expected

--enable_warnings

## Below section is hashed till Bug #16054065 is fixed

## connecting client after resetting the password

--echo **** connecting client after resetting the password

#--disable_warnings

#connection con19;
#select 1;
#--echo 1 Expected

#connection con21;
#select 1;
#--echo 1 Expected

#--enable_warnings


## Disconnecting the open sessions and dropping the created users.

connection default;

--echo Disconnecting the open sessions and dropping the created users

disconnect con13;
disconnect con15;

disconnect con16;
disconnect con18;

disconnect con19;
disconnect con21;

disconnect con22;
disconnect con24;

drop user 'Tanjotuser1'@'localhost';
drop user 'Tanjotuser3'@'localhost';


--echo
--echo 
--echo =================================================================================================
--echo Starting the server with the default authentication sha256_password
--echo =================================================================================================
--echo 

--echo # Restart server with default-authentication-plugin=sha256_password;

let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
--exec echo "wait" > $restart_file
--shutdown_server 
--source include/wait_until_disconnected.inc
-- exec echo "restart:--default-authentication-plugin=sha256_password  " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
-- enable_reconnect
-- source include/wait_until_connected_again.inc

--echo
--echo 
--echo =======================================================================================
--echo Checking the password expiry with the users created with all 2 plugable authentication
--echo =======================================================================================
--echo

## Creating a user with respect to all the 2 password authentication plugin

--echo Creating a user with respect to all the 2 password authentication plugin


# User with mysql_native_password plugin
--echo **** Creating user with mysql_native_password plugin

CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_native_password';
SET PASSWORD for 'Tanjotuser1'@'localhost' = 'abc';

# User with sha256_password plugin
--echo **** Creating user with sha256_password plugin

CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password';
SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc';


## Validating the plugin assigned for the above 2 users in the user table

--echo **** Validating the plugin names

select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password';
--echo 1 Expected

select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password';
--echo 1 Expected


## Validating the password expiry flag in the mysql.user table

--echo **** Validating the password expiry flag in the mysql.user table


select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected 


## Expirying password from user login for the 2 created users

--echo **** Expirying password from root login for the 2 created users


--disable_warnings
connect(con1,localhost,Tanjotuser1,abc,,);
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
Alter user 'Tanjotuser1'@'localhost' password expire;
select 1;
--echo 1 Expected
--enable_warnings


--disable_warnings
connect(con3,localhost,Tanjotuser3,abc,,);
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
Alter user 'Tanjotuser3'@'localhost' password expire;
select 1;
--echo 1 Expected
--enable_warnings



## The password expiry flag in the mysql.user table should not be altered

--echo **** Validating the password expiry flag in the mysql.user table should not be altered

connection default;

select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected 



## These 2 users still should be able to login and work properly

--echo **** These 2 users still should be able to login and work properly

--disable_warnings
connect(con4,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected

connect(con6,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected

--enable_warnings

## Disconnecting the last 2 connections

disconnect con4;
disconnect con6;

## Expirying password from root login for the 2 created users using Alter user

--echo **** Expirying password from root login for the 2 created users using Alter user

connection default;

Alter user 'Tanjotuser1'@'localhost' password expire;

Alter user 'Tanjotuser3'@'localhost' password expire;


## Validating the password expiry flag in the mysql.user table

--echo **** Validating the password expiry flag in the mysql.user table


select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='Y';
--echo 1 Expected

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='Y';
--echo 1 Expected 


## checking user access after password expiry

--echo **** checking user access after password expiry

--disable_warnings

connect(con7,localhost,Tanjotuser1,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;


connect(con9,localhost,Tanjotuser3,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;

--enable_warnings


## At the same time the open sessions for these users should able to work properly 

--echo At the same time the open sessions for these users should able to work properly.

connection con1;

select 1;
--echo 1 Expected


connection con3;

select 1;
--echo 1 Expected


## setting passwords from the new connections.

--echo setting passwords from the new connections.

connection con7;

--error ER_MUST_CHANGE_PASSWORD
select 1;

set password='abcd';

select 1;
--echo 1 Expected

connection default;

select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected


connection con9;

--error ER_MUST_CHANGE_PASSWORD
select 1;

set password='abcd';

select 1;
--echo 1 Expected

connection default;

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected



## logging the 2 users with the new passwords

--echo **** logging the 2 users with the new passwords


--disable_warnings

connect(con10,localhost,Tanjotuser1,abcd,,);
select 1;
--echo 1 Expected

connect(con12,localhost,Tanjotuser3,abcd,,);
select 1;
--echo 1 Expected

--enable_warnings


## Disconnecting the open sessions and dropping the created users.

connection default;

--echo Disconnecting the open sessions and dropping the created users

disconnect con1;
disconnect con3;

disconnect con7;
disconnect con9;

disconnect con10;
disconnect con12;

drop user 'Tanjotuser1'@'localhost';
drop user 'Tanjotuser3'@'localhost';


--echo
--echo 
--echo =======================================================================================
--echo Checking the password expiry using the update command on mysql.user table
--echo =======================================================================================
--echo


## Creating a user with respect to all the 2 password authentication plugin

--echo Creating a user with respect to all the 2 password authentication plugin

connection default;

# User with mysql_native_password plugin
--echo **** Creating user with mysql_native_password plugin

CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_native_password';
SET PASSWORD for 'Tanjotuser1'@'localhost' = 'abc';


# User with sha256_password plugin
--echo **** Creating user with sha256_password plugin

CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password';
SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc';


## Validating the plugin assigned for the above 2 users in the user table

--echo **** Validating the plugin names

select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password';
--echo 1 Expected

select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password';
--echo 1 Expected


## Validating the password expiry flag in the mysql.user table

--echo **** Validating the password expiry flag in the mysql.user table


select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected 


## Making connections from each of these created users

--echo **** Making connections from each of these created users

--disable_warnings

connect(con13,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected

connect(con15,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected

--enable_warnings



## Expirying password from user login for the 2 created users using update command

--echo **** Expirying password from root login for the 2 created users using update command

connection default;

update mysql.user set password_expired='Y' where User='Tanjotuser1' and Host='localhost';

update mysql.user set password_expired='Y' where User='Tanjotuser3' and Host='localhost';


## connecting client before flush privileges

--echo **** connecting client before flush privileges

--disable_warnings

connect(con16,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected

connect(con18,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected

--enable_warnings


## flush privileges

--echo **** flush privileges

connection default;
flush privileges;


## connecting client after flush privileges

--echo **** connecting client after flush privileges

--disable_warnings

connect(con19,localhost,Tanjotuser1,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;

connect(con21,localhost,Tanjotuser3,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;

--enable_warnings


## checking the previous open connections

--echo **** checking the previous open connections


connection con13;
select 1;
--echo 1 Expected

connection con15;
select 1;
--echo 1 Expected


## Resetting the password

--echo **** Resetting the password

connection con16;

select 1;
--echo 1 Expected

set password='abcd';

select 1;
--echo 1 Expected

connection default;

select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected


connection con18;


select 1;
--echo 1 Expected

set password='abcd';

select 1;
--echo 1 Expected

connection default;

select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected


## Logging with the new password

--echo **** Logging with the new password


--disable_warnings

connect(con22,localhost,Tanjotuser1,abcd,,);

select 1;
--echo 1 Expected

connect(con24,localhost,Tanjotuser3,abcd,,);

select 1;
--echo 1 Expected

--enable_warnings

## Below section is hashed till Bug #16054065 is fixed

## connecting client after resetting the password

--echo **** connecting client after resetting the password

#--disable_warnings

#connection con19;
#select 1;
#--echo 1 Expected

#connection con21;
#select 1;
#--echo 1 Expected

#--enable_warnings


## Disconnecting the open sessions and dropping the created users.

--echo #
--echo # WL#2284: Increase the length of a user name
--echo #

connection default;
CREATE USER user_name_len_25_01234567@localhost IDENTIFIED BY 'password' PASSWORD EXPIRE;

connect (con_user25,localhost,user_name_len_25_01234567,'password',);

--error ER_MUST_CHANGE_PASSWORD
SELECT 1;

SET PASSWORD FOR user_name_len_25_01234567@localhost = 'abc';

disconnect con_user25;
connect (con_user25_new_pass,localhost,user_name_len_25_01234567,'abc',);

SELECT 1;

connection default;

--echo Disconnecting the open sessions and dropping the created users

disconnect con_user25_new_pass;
disconnect con13;
disconnect con15;

disconnect con16;
disconnect con18;

disconnect con19;
disconnect con21;

disconnect con22;
disconnect con24;

DROP USER user_name_len_25_01234567@localhost;
drop user 'Tanjotuser1'@'localhost';
drop user 'Tanjotuser3'@'localhost';


Man Man