Current Path : /home/usr.opt/mysql57/mysql-test/suite/auth_sec/t/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
Current File : //home/usr.opt/mysql57/mysql-test/suite/auth_sec/t/password_expired.test |
############################################################################### # # # Password expiry scenarios catering to all the authentication plugin # # and handled by the flag "password_expired" in the mysql.user table # # # # # # # # Creation Date: 2012-12-28 # # Author : Tanjot Singh Uppal # # # # # # Description:Test Cases of password expiry validated the access to the # # users under scenarios with expired password. # # # ############################################################################### --source include/not_embedded.inc --source include/have_ssl.inc --source include/have_sha256_rsa_auth.inc --source include/mysql_upgrade_preparation.inc # This test will intentionally generate errors in the server error log # when a broken password is inserted into the mysql.user table. # The below suppression is to clear those errors. --disable_query_log call mtr.add_suppression(".*Password salt for user.*"); --enable_query_log ## By default the server is started with the mysql_native_password plugin. --echo --echo --echo ======================================================================================= --echo Checking the password expiry with the users created with all 3 plugable authentication --echo ======================================================================================= --echo ## Creating a user with respect to all the 2 password authentication plugin --echo Creating a user with respect to all the 2 password authentication plugin # User with mysql_native_password plugin --echo **** Creating user with mysql_native_password plugin CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED BY 'abc'; # User with sha256_password plugin --echo **** Creating user with sha256_password plugin CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password'; SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc'; ## Validating the plugin assigned for the above 2 users in the user table --echo **** Validating the plugin names select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password'; --echo 1 Expected select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password'; --echo 1 Expected ## Validating the password expiry flag in the mysql.user table --echo **** Validating the password expiry flag in the mysql.user table select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N'; --echo 1 Expected select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N'; --echo 1 Expected ## Expirying password from user login for the 2 created users --echo **** Expirying password from root login for the 2 created users --disable_warnings connect(con1,localhost,Tanjotuser1,abc,,); --error ER_SPECIFIC_ACCESS_DENIED_ERROR Alter user 'Tanjotuser1'@'localhost' password expire; select 1; --echo 1 Expected --enable_warnings --disable_warnings connect(con3,localhost,Tanjotuser3,abc,,); --error ER_SPECIFIC_ACCESS_DENIED_ERROR Alter user 'Tanjotuser3'@'localhost' password expire; select 1; --echo 1 Expected --enable_warnings ## The password expiry flag in the mysql.user table should not be altered --echo **** Validating the password expiry flag in the mysql.user table should not be altered connection default; select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N'; --echo 1 Expected select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N'; --echo 1 Expected ## These 2 users still should be able to login and work properly --echo **** These 2 users still should be able to login and work properly --disable_warnings connect(con4,localhost,Tanjotuser1,abc,,); select 1; --echo 1 Expected connect(con6,localhost,Tanjotuser3,abc,,); select 1; --echo 1 Expected --enable_warnings ## Disconnecting the last 2 connections disconnect con4; disconnect con6; ## Expirying password from root login for the 2 created users using Alter user --echo **** Expirying password from root login for the 2 created users using Alter user connection default; Alter user 'Tanjotuser1'@'localhost' password expire; Alter user 'Tanjotuser3'@'localhost' password expire; ## Validating the password expiry flag in the mysql.user table --echo **** Validating the password expiry flag in the mysql.user table select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='Y'; --echo 1 Expected select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='Y'; --echo 1 Expected ## checking user access after password expiry --echo **** checking user access after password expiry --disable_warnings connect(con7,localhost,Tanjotuser1,abc,,); --error ER_MUST_CHANGE_PASSWORD select 1; connect(con9,localhost,Tanjotuser3,abc,,); --error ER_MUST_CHANGE_PASSWORD select 1; --enable_warnings ## At the same time the open sessions for these users should able to work properly --echo At the same time the open sessions for these users should able to work properly. connection con1; select 1; --echo 1 Expected connection con3; select 1; --echo 1 Expected ## setting passwords from the new connections. --echo setting passwords from the new connections. connection con7; --error ER_MUST_CHANGE_PASSWORD select 1; set password='abcd'; select 1; --echo 1 Expected connection default; select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N'; --echo 1 Expected connection con9; --error ER_MUST_CHANGE_PASSWORD select 1; set password='abcd'; select 1; --echo 1 Expected connection default; select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N'; --echo 1 Expected ## logging the 2 users with the new passwords --echo **** logging the 2 users with the new passwords --disable_warnings connect(con10,localhost,Tanjotuser1,abcd,,); select 1; --echo 1 Expected connect(con12,localhost,Tanjotuser3,abcd,,); select 1; --echo 1 Expected --enable_warnings ## Disconnecting the open sessions and dropping the created users. connection default; --echo Disconnecting the open sessions and dropping the created users disconnect con1; disconnect con3; disconnect con7; disconnect con9; disconnect con10; disconnect con12; drop user 'Tanjotuser1'@'localhost'; drop user 'Tanjotuser3'@'localhost'; --echo --echo --echo ======================================================================================= --echo Checking the password expiry using the update command on mysql.user table --echo ======================================================================================= --echo ## Creating a user with respect to all the 2 password authentication plugin --echo Creating a user with respect to all the 2 password authentication plugin connection default; # User with mysql_native_password plugin --echo **** Creating user with mysql_native_password plugin CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED BY 'abc'; # User with sha256_password plugin --echo **** Creating user with sha256_password plugin CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password'; SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc'; ## Validating the plugin assigned for the above 2 users in the user table --echo **** Validating the plugin names select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password'; --echo 1 Expected select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password'; --echo 1 Expected ## Validating the password expiry flag in the mysql.user table --echo **** Validating the password expiry flag in the mysql.user table select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N'; --echo 1 Expected select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N'; --echo 1 Expected ## Making connections from each of these created users --echo **** Making connections from each of these created users --disable_warnings connect(con13,localhost,Tanjotuser1,abc,,); select 1; --echo 1 Expected connect(con15,localhost,Tanjotuser3,abc,,); select 1; --echo 1 Expected --enable_warnings ## Expirying password from user login for the 2 created users using update command --echo **** Expirying password from root login for the 2 created users using update command connection default; update mysql.user set password_expired='Y' where User='Tanjotuser1' and Host='localhost'; update mysql.user set password_expired='Y' where User='Tanjotuser3' and Host='localhost'; ## connecting client before flush privileges --echo **** connecting client before flush privileges --disable_warnings connect(con16,localhost,Tanjotuser1,abc,,); select 1; --echo 1 Expected connect(con18,localhost,Tanjotuser3,abc,,); select 1; --echo 1 Expected --enable_warnings ## flush privileges --echo **** flush privileges connection default; flush privileges; ## connecting client after flush privileges --echo **** connecting client after flush privileges --disable_warnings connect(con19,localhost,Tanjotuser1,abc,,); --error ER_MUST_CHANGE_PASSWORD select 1; connect(con21,localhost,Tanjotuser3,abc,,); --error ER_MUST_CHANGE_PASSWORD select 1; --enable_warnings ## checking the previous open connections --echo **** checking the previous open connections connection con13; select 1; --echo 1 Expected connection con15; select 1; --echo 1 Expected ## Resetting the password --echo **** Resetting the password connection con16; select 1; --echo 1 Expected set password='abcd'; select 1; --echo 1 Expected connection default; select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N'; --echo 1 Expected connection con18; select 1; --echo 1 Expected set password='abcd'; select 1; --echo 1 Expected connection default; select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N'; --echo 1 Expected ## Logging with the new password --echo **** Logging with the new password --disable_warnings connect(con22,localhost,Tanjotuser1,abcd,,); select 1; --echo 1 Expected connect(con24,localhost,Tanjotuser3,abcd,,); select 1; --echo 1 Expected --enable_warnings ## Below section is hashed till Bug #16054065 is fixed ## connecting client after resetting the password --echo **** connecting client after resetting the password #--disable_warnings #connection con19; #select 1; #--echo 1 Expected #connection con21; #select 1; #--echo 1 Expected #--enable_warnings ## Disconnecting the open sessions and dropping the created users. connection default; --echo Disconnecting the open sessions and dropping the created users disconnect con13; disconnect con15; disconnect con16; disconnect con18; disconnect con19; disconnect con21; disconnect con22; disconnect con24; drop user 'Tanjotuser1'@'localhost'; drop user 'Tanjotuser3'@'localhost'; --echo --echo --echo ================================================================================================= --echo Starting the server with the default authentication sha256_password --echo ================================================================================================= --echo --echo # Restart server with default-authentication-plugin=sha256_password; let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect; --exec echo "wait" > $restart_file --shutdown_server --source include/wait_until_disconnected.inc -- exec echo "restart:--default-authentication-plugin=sha256_password " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect -- enable_reconnect -- source include/wait_until_connected_again.inc --echo --echo --echo ======================================================================================= --echo Checking the password expiry with the users created with all 2 plugable authentication --echo ======================================================================================= --echo ## Creating a user with respect to all the 2 password authentication plugin --echo Creating a user with respect to all the 2 password authentication plugin # User with mysql_native_password plugin --echo **** Creating user with mysql_native_password plugin CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_native_password'; SET PASSWORD for 'Tanjotuser1'@'localhost' = 'abc'; # User with sha256_password plugin --echo **** Creating user with sha256_password plugin CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password'; SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc'; ## Validating the plugin assigned for the above 2 users in the user table --echo **** Validating the plugin names select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password'; --echo 1 Expected select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password'; --echo 1 Expected ## Validating the password expiry flag in the mysql.user table --echo **** Validating the password expiry flag in the mysql.user table select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N'; --echo 1 Expected select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N'; --echo 1 Expected ## Expirying password from user login for the 2 created users --echo **** Expirying password from root login for the 2 created users --disable_warnings connect(con1,localhost,Tanjotuser1,abc,,); --error ER_SPECIFIC_ACCESS_DENIED_ERROR Alter user 'Tanjotuser1'@'localhost' password expire; select 1; --echo 1 Expected --enable_warnings --disable_warnings connect(con3,localhost,Tanjotuser3,abc,,); --error ER_SPECIFIC_ACCESS_DENIED_ERROR Alter user 'Tanjotuser3'@'localhost' password expire; select 1; --echo 1 Expected --enable_warnings ## The password expiry flag in the mysql.user table should not be altered --echo **** Validating the password expiry flag in the mysql.user table should not be altered connection default; select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N'; --echo 1 Expected select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N'; --echo 1 Expected ## These 2 users still should be able to login and work properly --echo **** These 2 users still should be able to login and work properly --disable_warnings connect(con4,localhost,Tanjotuser1,abc,,); select 1; --echo 1 Expected connect(con6,localhost,Tanjotuser3,abc,,); select 1; --echo 1 Expected --enable_warnings ## Disconnecting the last 2 connections disconnect con4; disconnect con6; ## Expirying password from root login for the 2 created users using Alter user --echo **** Expirying password from root login for the 2 created users using Alter user connection default; Alter user 'Tanjotuser1'@'localhost' password expire; Alter user 'Tanjotuser3'@'localhost' password expire; ## Validating the password expiry flag in the mysql.user table --echo **** Validating the password expiry flag in the mysql.user table select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='Y'; --echo 1 Expected select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='Y'; --echo 1 Expected ## checking user access after password expiry --echo **** checking user access after password expiry --disable_warnings connect(con7,localhost,Tanjotuser1,abc,,); --error ER_MUST_CHANGE_PASSWORD select 1; connect(con9,localhost,Tanjotuser3,abc,,); --error ER_MUST_CHANGE_PASSWORD select 1; --enable_warnings ## At the same time the open sessions for these users should able to work properly --echo At the same time the open sessions for these users should able to work properly. connection con1; select 1; --echo 1 Expected connection con3; select 1; --echo 1 Expected ## setting passwords from the new connections. --echo setting passwords from the new connections. connection con7; --error ER_MUST_CHANGE_PASSWORD select 1; set password='abcd'; select 1; --echo 1 Expected connection default; select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N'; --echo 1 Expected connection con9; --error ER_MUST_CHANGE_PASSWORD select 1; set password='abcd'; select 1; --echo 1 Expected connection default; select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N'; --echo 1 Expected ## logging the 2 users with the new passwords --echo **** logging the 2 users with the new passwords --disable_warnings connect(con10,localhost,Tanjotuser1,abcd,,); select 1; --echo 1 Expected connect(con12,localhost,Tanjotuser3,abcd,,); select 1; --echo 1 Expected --enable_warnings ## Disconnecting the open sessions and dropping the created users. connection default; --echo Disconnecting the open sessions and dropping the created users disconnect con1; disconnect con3; disconnect con7; disconnect con9; disconnect con10; disconnect con12; drop user 'Tanjotuser1'@'localhost'; drop user 'Tanjotuser3'@'localhost'; --echo --echo --echo ======================================================================================= --echo Checking the password expiry using the update command on mysql.user table --echo ======================================================================================= --echo ## Creating a user with respect to all the 2 password authentication plugin --echo Creating a user with respect to all the 2 password authentication plugin connection default; # User with mysql_native_password plugin --echo **** Creating user with mysql_native_password plugin CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_native_password'; SET PASSWORD for 'Tanjotuser1'@'localhost' = 'abc'; # User with sha256_password plugin --echo **** Creating user with sha256_password plugin CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password'; SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc'; ## Validating the plugin assigned for the above 2 users in the user table --echo **** Validating the plugin names select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password'; --echo 1 Expected select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password'; --echo 1 Expected ## Validating the password expiry flag in the mysql.user table --echo **** Validating the password expiry flag in the mysql.user table select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N'; --echo 1 Expected select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N'; --echo 1 Expected ## Making connections from each of these created users --echo **** Making connections from each of these created users --disable_warnings connect(con13,localhost,Tanjotuser1,abc,,); select 1; --echo 1 Expected connect(con15,localhost,Tanjotuser3,abc,,); select 1; --echo 1 Expected --enable_warnings ## Expirying password from user login for the 2 created users using update command --echo **** Expirying password from root login for the 2 created users using update command connection default; update mysql.user set password_expired='Y' where User='Tanjotuser1' and Host='localhost'; update mysql.user set password_expired='Y' where User='Tanjotuser3' and Host='localhost'; ## connecting client before flush privileges --echo **** connecting client before flush privileges --disable_warnings connect(con16,localhost,Tanjotuser1,abc,,); select 1; --echo 1 Expected connect(con18,localhost,Tanjotuser3,abc,,); select 1; --echo 1 Expected --enable_warnings ## flush privileges --echo **** flush privileges connection default; flush privileges; ## connecting client after flush privileges --echo **** connecting client after flush privileges --disable_warnings connect(con19,localhost,Tanjotuser1,abc,,); --error ER_MUST_CHANGE_PASSWORD select 1; connect(con21,localhost,Tanjotuser3,abc,,); --error ER_MUST_CHANGE_PASSWORD select 1; --enable_warnings ## checking the previous open connections --echo **** checking the previous open connections connection con13; select 1; --echo 1 Expected connection con15; select 1; --echo 1 Expected ## Resetting the password --echo **** Resetting the password connection con16; select 1; --echo 1 Expected set password='abcd'; select 1; --echo 1 Expected connection default; select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N'; --echo 1 Expected connection con18; select 1; --echo 1 Expected set password='abcd'; select 1; --echo 1 Expected connection default; select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N'; --echo 1 Expected ## Logging with the new password --echo **** Logging with the new password --disable_warnings connect(con22,localhost,Tanjotuser1,abcd,,); select 1; --echo 1 Expected connect(con24,localhost,Tanjotuser3,abcd,,); select 1; --echo 1 Expected --enable_warnings ## Below section is hashed till Bug #16054065 is fixed ## connecting client after resetting the password --echo **** connecting client after resetting the password #--disable_warnings #connection con19; #select 1; #--echo 1 Expected #connection con21; #select 1; #--echo 1 Expected #--enable_warnings ## Disconnecting the open sessions and dropping the created users. --echo # --echo # WL#2284: Increase the length of a user name --echo # connection default; CREATE USER user_name_len_25_01234567@localhost IDENTIFIED BY 'password' PASSWORD EXPIRE; connect (con_user25,localhost,user_name_len_25_01234567,'password',); --error ER_MUST_CHANGE_PASSWORD SELECT 1; SET PASSWORD FOR user_name_len_25_01234567@localhost = 'abc'; disconnect con_user25; connect (con_user25_new_pass,localhost,user_name_len_25_01234567,'abc',); SELECT 1; connection default; --echo Disconnecting the open sessions and dropping the created users disconnect con_user25_new_pass; disconnect con13; disconnect con15; disconnect con16; disconnect con18; disconnect con19; disconnect con21; disconnect con22; disconnect con24; DROP USER user_name_len_25_01234567@localhost; drop user 'Tanjotuser1'@'localhost'; drop user 'Tanjotuser3'@'localhost';