| Current Path : /home/usr.opt/mysql57/mysql-test/t/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
| Current File : //home/usr.opt/mysql57/mysql-test/t/grant_user_lock_qa.test |
######################### t/grant_user_lock_qa.test ########################
# Testing CREATE/ALTER UESR with ACCOUNT UNLOCK,ACCOUNT LOCK options. #
# Test for WL#6054 #
# Created: 2014-01-27 #
# Author : Lalit Choudhary #
############################################################################
-- source include/not_embedded.inc
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
--echo
--echo # CREATE USER,ALTER USER,SHOW CREATE USER tests with ACCOUNT UNLOCK/LOCK
connection default;
FLUSH STATUS;
CREATE USER user1;
--replace_column 4 #
query_vertical SELECT host,user,plugin,authentication_string,account_locked
FROM mysql.user WHERE USER='user1';
# Testing connection
--connect(con1, localhost, user1)
SELECT USER();
connection default;
disconnect con1;
ALTER USER user1;
--replace_column 4 #
query_vertical SELECT host,user,plugin,authentication_string,account_locked
FROM mysql.user WHERE USER='user1';
--echo
SHOW CREATE USER user1;
# Testing connection
--connect(con1, localhost, user1)
SELECT USER();
connection default;
disconnect con1;
CREATE USER user2@localhost ACCOUNT UNLOCK;
--replace_column 4 #
query_vertical SELECT host,user,plugin,authentication_string,account_locked
FROM mysql.user WHERE USER='user2';
--echo # Current user ACCOUNT LOCK within own running session.
# Using user()
# Testing connection
--connect(con1, localhost, user2)
SELECT USER();
--error ER_PARSE_ERROR
ALTER USER user() IDENTIFIED BY 'auth_string' ACCOUNT LOCK;
connection default;
disconnect con1;
# Using user_name
GRANT CREATE USER ON *.* TO user2@localhost;
FLUSH PRIVILEGES;
# Testing connection
--connect(con1, localhost, user2)
SELECT USER();
ALTER USER user2@localhost IDENTIFIED BY 'auth_string' ACCOUNT LOCK;
SELECT USER();
connection default;
disconnect con1;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, user2,'auth_string')
connection default;
ALTER USER user2@localhost ACCOUNT LOCK;
--replace_column 4 #
query_vertical SELECT host,user,plugin,authentication_string,account_locked
FROM mysql.user WHERE USER='user2';
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, user2,'auth_string')
connection default;
CREATE USER 'user8'@'localhost'
IDENTIFIED BY PASSWORD '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
ACCOUNT UNLOCK;
ALTER USER 'user8'@'localhost' ACCOUNT LOCK PASSWORD EXPIRE NEVER;
CREATE USER 'user9'@'localhost'
IDENTIFIED BY PASSWORD '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
ACCOUNT LOCK;
CREATE USER 'user10'@'localhost'
IDENTIFIED BY PASSWORD '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
PASSWORD EXPIRE NEVER ACCOUNT UNLOCK;
ALTER USER 'user10'@'localhost' PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
CREATE USER 'user11'@'localhost'
IDENTIFIED BY PASSWORD '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
ACCOUNT LOCK PASSWORD EXPIRE NEVER;
ALTER USER 'user11'@'localhost' PASSWORD EXPIRE INTERVAL 10 DAY ACCOUNT LOCK;
# Testing invalid syntax
--error ER_PARSE_ERROR
CREATE USER ACCOUNT UNLOCK user5@localhost;
--error ER_PARSE_ERROR
CREATE USER ACCOUNT LOCK user6@localhost;
--error ER_PARSE_ERROR
ALTER USER ACCOUNT LOCK user2@localhost;
--error ER_PARSE_ERROR
ALTER USER ACCOUNT UNLOCK user2@localhot;
# CREATE/ALTER USER with Using masks with multiple user.
CREATE USER user3,user4@localhost ACCOUNT LOCK;
CREATE USER user6@'%',user7@localhost ACCOUNT LOCK;
ALTER USER user3,user4@localhost ACCOUNT UNLOCK;
ALTER USER user7@localhost,user6@'%' ACCOUNT UNLOCK;
--replace_column 4 #
query_vertical SELECT host,user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='user3';
--replace_column 4 #
query_vertical SELECT host,user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='user4';
ALTER USER user4@localhost,user3 ACCOUNT LOCK;
--replace_column 4 #
query_vertical SELECT host,user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='user3';
--replace_column 4 #
query_vertical SELECT host,user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='user4';
SHOW STATUS LIKE 'locked_connects';
FLUSH STATUS;
# Account access permission information for a user should NOT be available
# through INFORMATION_SCHEMA.user_privileges. The LOGIN permission is NOT a privilege.
SELECT * FROM INFORMATION_SCHEMA.user_privileges WHERE GRANTEE LIKE '%user%' AND GRANTEE NOT IN ("'mysql.session'@'localhost'");
# Cleanup
DROP USER user1,user2@localhost,user3,user4@localhost,user6,user7@localhost,
user8@localhost,user9@localhost,user10@localhost,user11@localhost;
--echo
--echo
CREATE USER u1@localhost ACCOUNT LOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,account_locked
FROM mysql.user WHERE USER='u1';
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u1)
connection default;
ALTER USER u1@localhost;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,account_locked
FROM mysql.user WHERE USER='u1';
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u1)
connection default;
CREATE USER u2@localhost IDENTIFIED BY 'auth_string' ACCOUNT LOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,account_locked
FROM mysql.user WHERE USER='u2';
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u2,'auth_string')
connection default;
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u2@localhost;
--echo # Recreating user using SHOW CREATE USER output for u2@localhost
DROP USER u2@localhost;
CREATE USER 'u2'@'localhost' IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u2,'auth_string')
connection default;
ALTER USER u2@localhost IDENTIFIED BY 'auth_string' ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,account_locked
FROM mysql.user WHERE USER='u2';
# Testing connection
--connect(con1, localhost, u2,'auth_string')
SELECT USER();
connection default;
disconnect con1;
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u2@localhost;
CREATE USER u3@localhost IDENTIFIED WITH 'sha256_password'
ACCOUNT UNLOCK ACCOUNT LOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u3';
--echo
SHOW CREATE USER u3@localhost;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u3,,,,,SSL)
connection default;
ALTER USER u3@localhost IDENTIFIED WITH 'sha256_password'
ACCOUNT LOCK ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u3';
# Testing connection
--connect(con1, localhost, u3,,,,,SSL)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
--enable_warnings
SET PASSWORD = 'def';
--disable_warnings
connection default;
disconnect con1;
--enable_warnings
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u3@localhost;
CREATE USER u4@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u4';
ALTER USER u4@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u4';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u4@localhost;
# Testing connection
--connect(con1, localhost, u4,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
--echo
CREATE USER user4@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
ACCOUNT LOCK PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK PASSWORD EXPIRE INTERVAL 90 DAY;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='user4';
CREATE USER user5@localhost IDENTIFIED BY PASSWORD '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
ACCOUNT UNLOCK PASSWORD EXPIRE NEVER;
# Testing connection
--connect(con1, localhost, user5, 'auth_string')
SELECT USER();
connection default;
disconnect con1;
--echo
CREATE USER user6@localhost IDENTIFIED WITH 'mysql_native_password'
ACCOUNT UNLOCK ACCOUNT LOCK PASSWORD EXPIRE NEVER;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='user6';
--echo
SHOW CREATE USER user6@localhost;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, user6)
connection default;
ALTER USER user6@localhost IDENTIFIED WITH 'mysql_native_password'
ACCOUNT LOCK ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='user6';
# ALTER USER ... ACCOUNT UNLOCK will set password_expired=Y and
# user has to SET PASSWORD after login.
# Only for user with blank password.
# Testing connection
--connect(con1, localhost, user6)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
connection default;
disconnect con1;
--echo
CREATE USER user7@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string#%y'
PASSWORD EXPIRE DEFAULT ACCOUNT LOCK PASSWORD EXPIRE NEVER ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='user7';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER user7@localhost;
# Testing connection
--connect(con1, localhost, user7, 'auth_string#%y')
SELECT USER();
connection default;
disconnect con1;
ALTER USER user7@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string_sha256'
PASSWORD EXPIRE NEVER ACCOUNT LOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='user7';
--echo
--echo # Testing connection with wrong password and ACCOUNT LOCK state
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
--connect(con1, localhost, user7, 'auth_string#%y',,,,SSL)
connection default;
--echo # Testing connection with correct password and ACCOUNT LOCK state
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, user7,'auth_string_sha256',,,,SSL)
connection default;
CREATE USER user8@localhost IDENTIFIED WITH 'mysql_native_password'
AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF' ACCOUNT UNLOCK PASSWORD EXPIRE NEVER;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='user8';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER user8@localhost;
# Testing connection
--connect(con1, localhost, user8,'auth_string')
SELECT USER();
connection default;
disconnect con1;
ALTER USER user8@localhost IDENTIFIED WITH 'mysql_native_password' BY 'new_auth_string'
ACCOUNT UNLOCK PASSWORD EXPIRE;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='user8';
# Testing connection
--connect(con1, localhost, user8,'new_auth_string')
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
SET PASSWORD='auth_string';
SELECT USER();
connection default;
disconnect con1;
--echo
CREATE USER u5@localhost REQUIRE SSL ACCOUNT LOCK PASSWORD EXPIRE;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u5';
--echo
SHOW CREATE USER u5@localhost;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u5,,,,,SSL)
connection default;
ALTER USER u5@localhost REQUIRE SSL PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
--connect(con1, localhost, u5,,,,,SSL)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
connection default;
disconnect con1;
CREATE USER u6@localhost IDENTIFIED BY 'auth_string' REQUIRE X509
ACCOUNT LOCK PASSWORD EXPIRE PASSWORD EXPIRE NEVER;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u6';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u6@localhost;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u6,'auth_string',,,,SSL)
connection default;
ALTER USER u6@localhost ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u6';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u6@localhost;
# Testing connection
--connect(con1, localhost, u6,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER u7@localhost IDENTIFIED WITH 'sha256_password'
REQUIRE CIPHER "DHE-RSA-AES256-SHA"
PASSWORD EXPIRE NEVER PASSWORD EXPIRE NEVER;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,password_expired,password_lifetime,account_locked FROM mysql.user WHERE USER='u7';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u7@localhost;
# Testing connection
--connect(con1, localhost, u7,,,,,SSL)
SELECT USER();
connection default;
disconnect con1;
ALTER USER u7@localhost IDENTIFIED WITH 'mysql_native_password'
PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,password_expired,password_lifetime,account_locked FROM mysql.user WHERE USER='u7';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u7@localhost;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u7,,,,,SSL)
connection default;
CREATE USER u8@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE ISSUER '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA'
PASSWORD EXPIRE NEVER ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,password_expired,password_lifetime,account_locked FROM mysql.user WHERE USER='u8';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u8@localhost;
# Testing connection
--connect(con1, localhost, u8,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
ALTER USER u8@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE ISSUER '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA'
PASSWORD EXPIRE NEVER ACCOUNT LOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,password_expired,password_lifetime,account_locked FROM mysql.user WHERE USER='u8';
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u8,'auth_string',,,,SSL)
connection default;
CREATE USER u9@localhost
REQUIRE SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ACCOUNT LOCK PASSWORD EXPIRE NEVER;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,password_expired,password_lifetime,account_locked FROM mysql.user WHERE USER='u9';
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u9,,,,,SSL)
connection default;
ALTER USER u9@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string' ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,password_expired,password_lifetime,account_locked FROM mysql.user WHERE USER='u9';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u9@localhost;
# Testing connection
--connect(con1, localhost, u9,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER u10@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string#y'
REQUIRE CIPHER "DHE-RSA-AES256-SHA"
SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
ACCOUNT LOCK PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,password_expired,password_lifetime,account_locked FROM mysql.user WHERE USER='u10';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u10@localhost;
# Testing connection
--connect(con1, localhost, u10,'auth_string#y',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
ALTER USER u10@localhost REQUIRE CIPHER "DHE-RSA-AES256-SHA"
ACCOUNT UNLOCK PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,password_expired,password_lifetime,account_locked FROM mysql.user WHERE USER='u10';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u10@localhost;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u10,auth_string#y,,,,SSL)
connection default;
CREATE USER u11@localhost WITH MAX_QUERIES_PER_HOUR 2 ACCOUNT LOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,max_questions,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u11';
--echo
SHOW CREATE USER u11@localhost;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u11)
connection default;
ALTER USER u11@localhost WITH MAX_QUERIES_PER_HOUR 6 ACCOUNT UNLOCK ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,max_questions,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u11';
--echo
SHOW CREATE USER u11@localhost;
# Recreating user from SHOW CREATE USER output.
DROP USER u11@localhost;
CREATE USER 'u11'@'localhost' IDENTIFIED WITH 'mysql_native_password'
REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 6 PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,max_questions,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u11';
# Testing connection
--connect(con1, localhost, u11)
SELECT USER();
connection default;
disconnect con1;
CREATE USER u12@localhost IDENTIFIED BY 'auth_string'
WITH MAX_QUERIES_PER_HOUR 4
ACCOUNT LOCK PASSWORD EXPIRE NEVER PASSWORD EXPIRE ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,max_questions,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u12';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u12@localhost;
# Testing connection
--connect(con1, localhost, u12,'auth_string')
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
# Password set to current user
ALTER USER USER() IDENTIFIED BY 'abc';
SELECT USER();
connection default;
disconnect con1;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,max_questions,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u12';
ALTER USER u12@localhost ACCOUNT LOCK PASSWORD EXPIRE NEVER
PASSWORD EXPIRE NEVER ACCOUNT UNLOCK
ACCOUNT LOCK ACCOUNT LOCK ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,max_questions,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u12';
--echo
SHOW CREATE USER u12@localhost;
# Testing connection
--connect(con1, localhost, u12,'abc')
SELECT USER();
connection default;
disconnect con1;
CREATE USER u13@localhost IDENTIFIED WITH 'sha256_password'
WITH MAX_CONNECTIONS_PER_HOUR 2 ACCOUNT LOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,max_connections,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u13';
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u13,,,,,SSL)
connection default;
ALTER USER u13@localhost PASSWORD EXPIRE INTERVAL 20 DAY ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,max_connections,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u13';
--echo
SHOW CREATE USER u13@localhost;
# Testing connection
--connect(con1, localhost, u13,,,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER u14@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
REQUIRE CIPHER "DHE-RSA-AES256-SHA"
WITH MAX_USER_CONNECTIONS 2 ACCOUNT LOCK PASSWORD EXPIRE INTERVAL 999 DAY ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_user_connections,password_expired,password_lifetime,account_locked
FROM mysql.user WHERE USER='u14';
# Testing connection
--connect(con1, localhost, u14,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
ALTER USER u14@localhost
REQUIRE SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
WITH MAX_USER_CONNECTIONS 2 ACCOUNT LOCK PASSWORD EXPIRE INTERVAL 999 DAY ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_user_connections,password_expired,password_lifetime,account_locked
FROM mysql.user WHERE USER='u14';
--echo
--replace_regex /AS .* REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u14@localhost;
# Testing connection
--connect(con1, localhost, u14,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER u15@localhost,
u16@localhost IDENTIFIED BY 'auth_string',
u17@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string'
ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,account_locked
FROM mysql.user WHERE USER='u15';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,account_locked
FROM mysql.user WHERE USER='u16';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,account_locked
FROM mysql.user WHERE USER='u17';
# Testing connection
--connect(con1, localhost, u15)
SELECT USER();
connection default;
disconnect con1;
# Testing connection
--connect(con1, localhost, u16,'auth_string')
SELECT USER();
connection default;
disconnect con1;
# Testing connection
--connect(con1, localhost, u17,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
CREATE USER u18@localhost,
u19@localhost IDENTIFIED BY 'auth_string',
u20@localhost IDENTIFIED WITH 'sha256_password',
u21@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string',
u22@localhost IDENTIFIED WITH 'mysql_native_password',
u23@localhost IDENTIFIED WITH 'mysql_native_password'
AS '*318C29553A414C4A571A077BC9E9A9F67D5E5634'
REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2 ACCOUNT LOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections,password_expired,password_lifetime,
account_locked FROM mysql.user WHERE USER='u18';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections,password_expired,password_lifetime,
account_locked FROM mysql.user WHERE USER='u19';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections,password_expired,password_lifetime,
account_locked FROM mysql.user WHERE USER='u20';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections,password_expired,password_lifetime,
account_locked FROM mysql.user WHERE USER='u21';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u22';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections,password_expired,
password_lifetime,account_locked FROM mysql.user WHERE USER='u23';
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u18,,,,,SSL)
connection default;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u19,'auth_string',,,,SSL)
connection default;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u20,,,,,SSL)
connection default;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u21,'auth_string',,,,SSL)
connection default;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u22,,,,,SSL)
connection default;
# Testing connection
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
--connect(con1, localhost, u23,'auth_&string',,,,SSL)
connection default;
ALTER USER u18@localhost,
u19@localhost IDENTIFIED BY 'auth_string',
u20@localhost IDENTIFIED WITH 'sha256_password',
u21@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string',
u22@localhost IDENTIFIED WITH 'mysql_native_password',
u23@localhost IDENTIFIED WITH 'mysql_native_password'
AS '*318C29553A414C4A571A077BC9E9A9F67D5E5634'
REQUIRE CIPHER "DHE-RSA-AES256-SHA"
ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
ACCOUNT UNLOCK;
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections,password_expired,password_lifetime,
account_locked FROM mysql.user WHERE USER='u18';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections,password_expired,password_lifetime,
account_locked FROM mysql.user WHERE USER='u19';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections,password_expired,password_lifetime,
account_locked FROM mysql.user WHERE USER='u20';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections,password_expired,password_lifetime,
account_locked FROM mysql.user WHERE USER='u21';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections,password_expired,password_lifetime,
account_locked FROM mysql.user WHERE USER='u22';
--replace_column 3 #
query_vertical SELECT user,plugin,authentication_string,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections,password_expired,password_lifetime,
account_locked FROM mysql.user WHERE USER='u23';
# Testing connection
--connect(con1, localhost, u18,,,,,SSL)
SELECT USER();
connection default;
disconnect con1;
# Testing connection
--connect(con1, localhost, u19,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
# Testing connection
--connect(con1, localhost, u20,,,,,SSL)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
connection default;
disconnect con1;
# Testing connection
--connect(con1, localhost, u21,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
# Testing connection
--connect(con1, localhost, u22,,,,,SSL)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
connection default;
disconnect con1;
# Testing connection
--connect(con1, localhost, u23,'auth_&string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;
--echo # Locked_connects variable count
SHOW STATUS LIKE 'Locked_connects';
SHOW GLOBAL STATUS LIKE 'LOCKED_Connects';
SHOW SESSION STATUS LIKE 'locked_connects';
FLUSH STATUS;
--echo # Cleanup
DROP USER user4@localhost,user5@localhost,user6@localhost,user7@localhost,user8@localhost,
u1@localhost, u2@localhost, u3@localhost, u4@localhost, u5@localhost,
u6@localhost, u7@localhost, u8@localhost, u9@localhost, u10@localhost,
u11@localhost, u12@localhost, u13@localhost, u14@localhost,
u15@localhost, u16@localhost, u17@localhost, u18@localhost,
u19@localhost, u20@localhost, u21@localhost,u22@localhost,u23@localhost;
--echo # Create stored procedure,trigger,function and test with lock/unlock users.
connection default;
CREATE USER u1@localhost IDENTIFIED BY 'pass';
CREATE USER u2@localhost IDENTIFIED BY 'pass';
GRANT ALL ON *.* TO u1@localhost;
CREATE TABLE test.t1(counter INT);
INSERT INTO test.t1 VALUES(0);
CREATE TABLE test.t2(update_count INT);
--echo # TRIGGER
DELIMITER |;
CREATE DEFINER = u1@localhost TRIGGER test.t1_update_count
BEFORE UPDATE ON test.t1 FOR EACH ROW
BEGIN
UPDATE test.t2 SET update_count = update_count + 1;
END|
DELIMITER ;|
--echo # PROCEDURE
DELIMITER |;
CREATE DEFINER = u1@localhost PROCEDURE test.p1()
BEGIN
UPDATE test.t1 SET counter= counter + 1;
UPDATE test.t1 SET counter= counter + 1;
UPDATE test.t1 SET counter= counter + 1;
SELECT counter FROM test.t1;
END|
DELIMITER ;|
CALL test.p1();
SELECT update_count FROM test.t2;
--echo # FUNCTION
DELIMITER |;
CREATE DEFINER = u1@localhost FUNCTION test.myfunc() RETURNS CHAR(50)
BEGIN
RETURN 'wl6054_test';
END|
DELIMITER ;|
GRANT EXECUTE ON PROCEDURE test.p1 TO u2@localhost;
GRANT EXECUTE ON FUNCTION test.myfunc TO u2@localhost;
ALTER USER u1@localhost ACCOUNT LOCK;
--echo # Login for u1@localhost should fail.
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCOUNT_HAS_BEEN_LOCKED
connect(u1_con,localhost,u1,pass);
--echo # Login as u2 and run stored procedure and trigger as u1.
connect(u2_con,localhost,u2,pass);
SELECT CURRENT_USER();
CALL test.p1();
SELECT update_count FROM test.t2;
SELECT update_count,myfunc() FROM test.t2;
connection default;
disconnect u2_con;
--echo # Cleanup
DROP PROCEDURE IF EXISTS test.p1;
DROP TRIGGER IF EXISTS t1_update_count;
DROP FUNCTION IF EXISTS test.myfunc;
DROP TABLE test.t1,test.t2;
DROP USER u1@localhost,u2@localhost;
# Wait till all disconnects are completed
--source include/wait_until_count_sessions.inc
--echo
--echo End of 5.7 tests!
--echo