| Current Path : /home/usr.opt/mysql57/mysql-test/t/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
| Current File : //home/usr.opt/mysql57/mysql-test/t/plugin_auth_sha256_server_default_tls.test |
--source include/not_embedded.inc --source include/have_ssl.inc set @orig_sql_mode_session= @@SESSION.sql_mode; set @orig_sql_mode_global= @@GLOBAL.sql_mode; set GLOBAL sql_mode= (select replace(@@GLOBAL.sql_mode,'NO_AUTO_CREATE_USER','')); set SESSION sql_mode= (select replace(@@SESSION.sql_mode,'NO_AUTO_CREATE_USER','')); CREATE USER 'kristofer'; # Bootstrap did not follow the startup variables while creating root account, # hence need to change old_passwords variable. SET old_passwords=2; ALTER USER 'kristofer' IDENTIFIED BY 'secret'; SELECT user, plugin FROM mysql.user ORDER BY user; connect(con1,localhost,kristofer,secret,,,,SSL); connection con1; SELECT USER(),CURRENT_USER(); connection default; disconnect con1; DROP USER 'kristofer'; GRANT ALL ON *.* TO 'kristofer'@'localhost' IDENTIFIED WITH 'sha256_password'; GRANT ALL ON *.* TO 'kristofer2'@'localhost' IDENTIFIED WITH 'sha256_password'; ALTER USER 'kristofer'@'localhost' IDENTIFIED BY 'secret2'; ALTER USER 'kristofer2'@'localhost' IDENTIFIED BY 'secret2'; connect(con2,localhost,kristofer,secret2,,,,SSL); connection con2; SELECT USER(),CURRENT_USER(); SHOW GRANTS FOR 'kristofer'@'localhost'; --echo Change user (should succeed) change_user kristofer2,secret2; SELECT USER(),CURRENT_USER(); connection default; disconnect con2; --echo **** Client default_auth=sha_256_password and server default auth=sha256_password # Why using sha256_password requires --ssl=1 ? # The current client library can't know if SSL was attempted or not # when the default client auth is switched and hence it will only report # that the connection is unencrypted forcing the client to ask for RSA keys. # However, it is possible to inform the client library to enforce SSL using # MYSQL_OPT_ENFORCE_SSL (or --ssl=1) and this will be enough for the # sha256_password plugin to safely assume a secure connection despite it hasn't # really been established yet. --exec $MYSQL -ukristofer -psecret2 --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-mode=VERIFY_CA -e "select user(), current_user()" --echo **** Client default_auth=native and server default auth=sha256_password --exec $MYSQL -ukristofer -psecret2 --default_auth=mysql_native_password --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "select user(), current_user()" DROP USER 'kristofer'@'localhost'; DROP USER 'kristofer2'@'localhost'; GRANT ALL ON *.* TO 'kristofer'@'localhost'; ALTER USER 'kristofer'@'localhost' IDENTIFIED BY ''; connect(con3,localhost,kristofer,,,,,SSL); connection con3; SELECT USER(),CURRENT_USER(); SHOW GRANTS FOR 'kristofer'@'localhost'; connection default; disconnect con3; DROP USER 'kristofer'@'localhost'; GRANT ALL ON *.* TO 'kristofer'@'33.33.33.33'; ALTER USER 'kristofer'@'33.33.33.33' IDENTIFIED BY ''; --echo Connection should fail for localhost --replace_result $MASTER_MYSOCK MASTER_MYSOCK --disable_query_log --error ER_ACCESS_DENIED_ERROR connect(con4,127.0.0.1,kristofer,,,,,SSL); --enable_query_log DROP USER 'kristofer'@'33.33.33.33'; GRANT ALL ON *.* TO 'kristofer'@'localhost' IDENTIFIED BY 'awesomeness'; connect(con3,localhost,kristofer,awesomeness,,,,SSL); connection con3; SELECT USER(),CURRENT_USER(); SHOW GRANTS FOR 'kristofer'@'localhost'; connection default; disconnect con3; # Setting password for kristofer@localhost using old_passwords=0 will fail. ALTER USER 'kristofer'@'localhost' IDENTIFIED BY ''; DROP USER 'kristofer'@'localhost'; set GLOBAL sql_mode= @orig_sql_mode_global; set SESSION sql_mode= @orig_sql_mode_session;