Current Path : /usr/opt/mysql57/mysql-test/r/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
Current File : //usr/opt/mysql57/mysql-test/r/grant_user_lock.result |
CREATE USER unlocked_user@localhost IDENTIFIED BY 'pas'; SELECT account_locked FROM mysql.user WHERE user='unlocked_user' and host = 'localhost'; account_locked N SELECT CURRENT_USER(); CURRENT_USER() unlocked_user@localhost # lock the user in the database UPDATE mysql.user SET account_locked='Y' WHERE user='unlocked_user' and host = 'localhost'; # without FLUSH the field has no effect # must not throw an error SELECT CURRENT_USER(); CURRENT_USER() unlocked_user@localhost FLUSH PRIVILEGES; # existing connections continue as before even after flush # must not throw an error SELECT CURRENT_USER(); CURRENT_USER() unlocked_user@localhost # Lowercase 'y' should disable login as well UPDATE mysql.user SET account_locked='y' WHERE user='unlocked_user' and host = 'localhost'; FLUSH PRIVILEGES; connect(localhost,unlocked_user,pas,test,MASTER_PORT,MASTER_SOCKET); ERROR HY000: Access denied for user 'unlocked_user'@'localhost'. Account is locked. # new connections are blocked connect(localhost,unlocked_user,pas,test,MASTER_PORT,MASTER_SOCKET); ERROR HY000: Access denied for user 'unlocked_user'@'localhost'. Account is locked. # unlock the user using ALTER USER command ALTER USER unlocked_user@localhost ACCOUNT UNLOCK; SELECT account_locked FROM mysql.user WHERE user = 'unlocked_user' and host = 'localhost'; account_locked N # connection should work now SELECT CURRENT_USER(); CURRENT_USER() unlocked_user@localhost # lock the user account using ALTER USER command ALTER USER unlocked_user@localhost ACCOUNT LOCK; SELECT account_locked FROM mysql.user WHERE user = 'unlocked_user' and host = 'localhost'; account_locked Y # connection should not work connect(localhost,unlocked_user,pas,test,MASTER_PORT,MASTER_SOCKET); ERROR HY000: Access denied for user 'unlocked_user'@'localhost'. Account is locked. # create another user CREATE USER unlocked_user2@localhost IDENTIFIED BY 'pas'; # newly created user should be able to log in SELECT CURRENT_USER(); CURRENT_USER() unlocked_user2@localhost # toogle access permission with one SQL statement ALTER USER unlocked_user@localhost, unlocked_user2@localhost ACCOUNT UNLOCK; SELECT user, account_locked FROM mysql.user WHERE (user = 'unlocked_user' and host = 'localhost') or (user = 'unlocked_user2' and host = 'localhost') ORDER BY user; user account_locked unlocked_user N unlocked_user2 N # unlocked_user2 should be able to log in SELECT CURRENT_USER(); CURRENT_USER() unlocked_user2@localhost # unlocked_user should be able to log in SELECT CURRENT_USER(); CURRENT_USER() unlocked_user@localhost # Basic SHOW CREATE USER # Should appear without ACCOUNT UNLOCK SHOW CREATE USER unlocked_user@localhost; CREATE USER for unlocked_user@localhost CREATE USER 'unlocked_user'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*9FE154E826408CB1C5D3988A60CE5830160BE49A' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK ALTER USER unlocked_user@localhost ACCOUNT LOCK; # Should appear with ACCOUNT LOCK SHOW CREATE USER unlocked_user@localhost; CREATE USER for unlocked_user@localhost CREATE USER 'unlocked_user'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*9FE154E826408CB1C5D3988A60CE5830160BE49A' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK # roll back changes DROP USER unlocked_user@localhost; DROP USER unlocked_user2@localhost; # Create anonymous user CREATE USER ''@localhost IDENTIFIED BY 'pass'; SELECT CURRENT_USER(); CURRENT_USER() @localhost DROP USER ''@localhost; # Create anonymous user - explicit UNLOCK CREATE USER ''@localhost IDENTIFIED BY 'pass' ACCOUNT UNLOCK; SELECT CURRENT_USER(); CURRENT_USER() @localhost DROP USER ''@localhost; # Create anonymous user - LOCK CREATE USER ''@localhost IDENTIFIED BY 'pass' ACCOUNT LOCK; connect(localhost,,pass,test,MASTER_PORT,MASTER_SOCKET); ERROR HY000: Access denied for user '(null)'@'localhost'. Account is locked. DROP USER ''@localhost; # Disabling anonymous user CREATE USER ''@localhost IDENTIFIED BY 'pass'; ALTER USER ''@localhost ACCOUNT LOCK; connect(localhost,,pass,test,MASTER_PORT,MASTER_SOCKET); ERROR HY000: Access denied for user '(null)'@'localhost'. Account is locked. DROP USER ''@localhost; # Enabling anonymous user CREATE USER ''@localhost IDENTIFIED BY 'pass' ACCOUNT LOCK; ALTER USER ''@localhost ACCOUNT UNLOCK; SELECT CURRENT_USER(); CURRENT_USER() @localhost DROP USER ''@localhost; # Expiring password and disabing anynymous user CREATE USER ''@localhost IDENTIFIED BY 'pass'; ALTER USER ''@localhost PASSWORD EXPIRE ACCOUNT LOCK; ERROR HY000: The password for anonymous user cannot be expired. DROP USER ''@localhost; # Login as anonymous user and try to manipulate mysql.user table # and users. CREATE user ''@localhost IDENTIFIED BY 'pass'; CREATE USER 'unlocked_user'@localhost IDENTIFIED BY 'pass'; UPDATE mysql.user SET account_locked='Y' WHERE user='unlocked_user' and host = 'localhost'; ERROR 42000: UPDATE command denied to user ''@'localhost' for table 'user' ALTER USER unlocked_user@localhost ACCOUNT LOCK; ERROR 42000: Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation DROP USER unlocked_user@localhost; DROP USER ''@localhost; # Create stored procedure and users for test CREATE USER u1@localhost IDENTIFIED BY 'pass'; CREATE USER u2@localhost IDENTIFIED BY 'pass'; GRANT ALL ON *.* TO u1@localhost; CREATE TABLE mysql.t1(counter INT)| INSERT INTO mysql.t1 VALUES(0)| CREATE DEFINER = u1@localhost PROCEDURE mysql.p1() BEGIN UPDATE mysql.t1 SET counter = counter + 1; SELECT counter FROM mysql.t1; END| CALL mysql.p1(); counter 1 GRANT EXECUTE ON PROCEDURE mysql.p1 TO u2@localhost; ALTER USER u1@localhost ACCOUNT LOCK; # Login for u1@localhost should fail connect(localhost,u1,pass,test,MASTER_PORT,MASTER_SOCKET); ERROR HY000: Access denied for user 'u1'@'localhost'. Account is locked. # Login as u2 and run stored procedure as u1 SELECT CURRENT_USER(); CURRENT_USER() u2@localhost CALL mysql.p1(); counter 2 # Locked_connects STATUS VARIABLE FLUSH STATUS; CREATE USER 'u3'@'localhost' IDENTIFIED BY 'pass' ACCOUNT LOCK; SHOW STATUS LIKE 'Locked_connects'; Variable_name Value Locked_connects 0 ERROR HY000: Access denied for user 'u3'@'localhost'. Account is locked. ERROR HY000: Access denied for user 'u3'@'localhost'. Account is locked. ERROR HY000: Access denied for user 'u3'@'localhost'. Account is locked. ERROR HY000: Access denied for user 'u3'@'localhost'. Account is locked. ERROR HY000: Access denied for user 'u3'@'localhost'. Account is locked. ERROR HY000: Access denied for user 'u3'@'localhost'. Account is locked. ERROR HY000: Access denied for user 'u3'@'localhost'. Account is locked. ERROR HY000: Access denied for user 'u3'@'localhost'. Account is locked. ERROR HY000: Access denied for user 'u3'@'localhost'. Account is locked. ERROR HY000: Access denied for user 'u3'@'localhost'. Account is locked. SHOW STATUS LIKE 'Locked_connects'; Variable_name Value Locked_connects 10 FLUSH STATUS; # Invalid SQL syntax should fail CREATE USER u1@localhost REQUIRE NONE ACCOUNT LOCK WITH MAX_QUERIES_PER_HOUR 100; ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'MAX_QUERIES_PER_HOUR 100' at line 1 # CREATE USER SQL syntax check DROP USER u1@localhost; CREATE USER u1@localhost REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 100 ACCOUNT LOCK; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 100 PASSWORD EXPIRE DEFAULT ACCOUNT LOCK # ALTER USER correct SQL syntax 1 ALTER USER u1@localhost PASSWORD EXPIRE ACCOUNT UNLOCK; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 100 PASSWORD EXPIRE ACCOUNT UNLOCK # ALTER USER correct SQL syntax 2 ALTER USER u1@localhost ACCOUNT LOCK PASSWORD EXPIRE; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 100 PASSWORD EXPIRE ACCOUNT LOCK # ALTER USER correct SQL syntax 3 ALTER USER u1@localhost REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 99 ACCOUNT UNLOCK PASSWORD EXPIRE NEVER; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 99 PASSWORD EXPIRE ACCOUNT UNLOCK # ALTER USER correct SQL syntax 4 ALTER USER u1@localhost REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 98 PASSWORD EXPIRE INTERVAL 5 DAY ACCOUNT LOCK; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 98 PASSWORD EXPIRE ACCOUNT LOCK # ALTER USER invalid SQL syntax ALTER USER u1@localhost ACCOUNT UNLOCK WITH MAX_QUERIES_PER_HOUR 97 PASSWORD EXPIRE; ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'MAX_QUERIES_PER_HOUR 97 PASSWORD EXPIRE' at line 1 DROP USER u1@localhost; # Duplicated ACCOUNT statement 1 CREATE USER u1@localhost IDENTIFIED BY 'PASS' ACCOUNT LOCK ACCOUNT UNLOCK; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*B415DD9C4FB5EF59FE80C4FEBC1F9C715E6E97C4' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK DROP USER u1@localhost; # Duplicated ACCOUNT statement 2 CREATE USER u1@localhost ACCOUNT UNLOCK ACCOUNT LOCK; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK DROP USER u1@localhost; # Duplicated ACCOUNT statement 3 CREATE USER u1@localhost ACCOUNT LOCK PASSWORD EXPIRE ACCOUNT LOCK; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' REQUIRE NONE PASSWORD EXPIRE ACCOUNT LOCK # Duplicated ACCOUNT statement 4 ALTER USER u1@localhost IDENTIFIED BY 'PASS' ACCOUNT LOCK ACCOUNT UNLOCK; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*B415DD9C4FB5EF59FE80C4FEBC1F9C715E6E97C4' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK # Duplicated ACCOUNT statement 5 ALTER USER u1@localhost ACCOUNT UNLOCK ACCOUNT LOCK; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*B415DD9C4FB5EF59FE80C4FEBC1F9C715E6E97C4' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK # Duplicated ACCOUNT statement 6 ALTER USER u1@localhost ACCOUNT LOCK PASSWORD EXPIRE ACCOUNT LOCK; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*B415DD9C4FB5EF59FE80C4FEBC1F9C715E6E97C4' REQUIRE NONE PASSWORD EXPIRE ACCOUNT LOCK # Duplicated ACCOUNT statement 7 ALTER USER u1@localhost PASSWORD EXPIRE ACCOUNT LOCK PASSWORD EXPIRE NEVER; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*B415DD9C4FB5EF59FE80C4FEBC1F9C715E6E97C4' REQUIRE NONE PASSWORD EXPIRE ACCOUNT LOCK # Duplicated ACCOUNT statement 8 ALTER USER u1@localhost PASSWORD EXPIRE NEVER ACCOUNT LOCK PASSWORD EXPIRE INTERVAL 5 DAY ACCOUNT LOCK; SHOW CREATE USER u1@localhost; CREATE USER for u1@localhost CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*B415DD9C4FB5EF59FE80C4FEBC1F9C715E6E97C4' REQUIRE NONE PASSWORD EXPIRE ACCOUNT LOCK # MySQL user table layout from the before ACCOUNT LOCK option call mtr.add_suppression("Column count of mysql.* is wrong. " "Expected .*, found .*. " "The table is probably corrupted"); CREATE TABLE temp_user LIKE mysql.user; INSERT INTO temp_user SELECT * FROM mysql.user; ALTER TABLE mysql.user DROP COLUMN account_locked; CREATE USER backuser@localhost IDENTIFIED BY 'pass' ACCOUNT LOCK; ERROR HY000: Column count of mysql.user is wrong. Expected 45, found 44. The table is probably corrupted SELECT COUNT(*) FROM mysql.user WHERE (user = 'backuser' and host = 'localhost'); COUNT(*) 0 CREATE USER backuser@localhost IDENTIFIED BY 'pass' ACCOUNT UNLOCK; ERROR HY000: Column count of mysql.user is wrong. Expected 45, found 44. The table is probably corrupted SELECT COUNT(*) FROM mysql.user WHERE (user = 'backuser' and host = 'localhost'); COUNT(*) 0 CREATE USER backuser@localhost IDENTIFIED BY 'pass'; ERROR HY000: Column count of mysql.user is wrong. Expected 45, found 44. The table is probably corrupted SELECT COUNT(*) FROM mysql.user WHERE (user = 'backuser' and host = 'localhost'); COUNT(*) 0 SELECT user, account_locked FROM mysql.user WHERE (user = 'backuser' and host = 'localhost'); ERROR 42S22: Unknown column 'account_locked' in 'field list' ALTER USER backuser@localhost ACCOUNT LOCK; ERROR HY000: Column count of mysql.user is wrong. Expected 45, found 44. The table is probably corrupted ALTER USER backuser@localhost ACCOUNT UNLOCK; ERROR HY000: Column count of mysql.user is wrong. Expected 45, found 44. The table is probably corrupted DROP USER backuser@localhost; ERROR HY000: Column count of mysql.user is wrong. Expected 45, found 44. The table is probably corrupted DROP TABLE mysql.user; ALTER TABLE temp_user RENAME mysql.user; FLUSH PRIVILEGES; # Check whether 'account' can be used as the identifier. CREATE DATABASE account; CREATE TABLE account.`account` (account text(20)); INSERT INTO `account`.account VALUES("account"); SELECT account FROM account.account WHERE account = 'account'; account account SET @account = "account_before"; CREATE PROCEDURE account.account(OUT ac CHAR(20)) BEGIN SELECT account.`account`.account INTO ac FROM account.account; END| CALL account.account(@account); SELECT @account; @account account DROP DATABASE account; CREATE USER ACCOUNT@localhost ACCOUNT LOCK; DROP USER ACCOUNT@localhost; DROP PROCEDURE mysql.p1; DROP TABLE mysql.t1; DROP USER u1@localhost; DROP USER u2@localhost; DROP USER u3@localhost; # # Bug #20814051 CREATE USER BINLOG EVENTS INCLUDE NEW ACCOUNT KEYWORD # # test general log with log_builtin_as_identified_by_password ON SHOW GLOBAL VARIABLES LIKE 'log_builtin_as_identified_by_password'; Variable_name Value log_builtin_as_identified_by_password OFF # SHOW CREATE USER should always show ACCOUNT LOCK clause SET GLOBAL log_builtin_as_identified_by_password = ON; CREATE USER u1 IDENTIFIED BY 'pass'; SHOW CREATE USER u1; CREATE USER for u1@% CREATE USER 'u1'@'%' IDENTIFIED BY PASSWORD '*B0368119E07B7A5F21334460715B4A99BF29A8B4' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK ALTER USER u1 ACCOUNT LOCK; SHOW CREATE USER u1; CREATE USER for u1@% CREATE USER 'u1'@'%' IDENTIFIED BY PASSWORD '*B0368119E07B7A5F21334460715B4A99BF29A8B4' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK DROP USER u1; # restarting the server with log_builtin_as_identified_by_password ON # Restart server. SHOW GLOBAL VARIABLES LIKE 'log_builtin_as_identified_by_password'; Variable_name Value log_builtin_as_identified_by_password ON TRUNCATE TABLE mysql.general_log; --------------- general log --------------------------------------- SET @old_log_output= @@global.log_output; SET @old_general_log= @@global.general_log; SET @old_general_log_file= @@global.general_log_file; SET GLOBAL general_log_file = '.../log/rewrite_general.log'; SET GLOBAL log_output = 'FILE,TABLE'; SET GLOBAL general_log= 'ON'; CREATE USER u1 IDENTIFIED BY 'pass'; CREATE USER u2 IDENTIFIED BY 'pass' ACCOUNT LOCK; CREATE USER u3 IDENTIFIED BY 'pass' ACCOUNT UNLOCK; ALTER USER u1 IDENTIFIED BY 'pass'; ALTER USER u1 IDENTIFIED BY 'pass' ACCOUNT LOCK; ALTER USER u1 IDENTIFIED BY 'pass' ACCOUNT UNLOCK; # # BUG #20996273 ALTER USER REWRITE CAUSES DIFFERENCES ON SLAVE # ALTER USER u2 IDENTIFIED BY 'pass'; CREATE TABLE test_log (argument TEXT); LOAD DATA LOCAL INFILE '.../log/rewrite_general.log' INTO TABLE test_log FIELDS TERMINATED BY '\n' LINES TERMINATED BY '\n'; Show what is logged: ------ rewrite ------ SELECT argument FROM mysql.general_log WHERE argument LIKE 'CREATE USER %'; argument CREATE USER 'u1'@'%' IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7' CREATE USER 'u2'@'%' IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7' ACCOUNT LOCK CREATE USER 'u3'@'%' IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7' ACCOUNT UNLOCK SELECT argument FROM mysql.general_log WHERE argument LIKE 'ALTER USER %'; argument ALTER USER 'u1'@'%' IDENTIFIED WITH 'mysql_native_password' AS '<secret>' ALTER USER 'u1'@'%' IDENTIFIED WITH 'mysql_native_password' AS '<secret>' ACCOUNT LOCK ALTER USER 'u1'@'%' IDENTIFIED WITH 'mysql_native_password' AS '<secret>' ACCOUNT UNLOCK ALTER USER 'u2'@'%' IDENTIFIED WITH 'mysql_native_password' AS '<secret>' ------ done ------ DROP USER u1, u2, u3; SET GLOBAL general_log_file= @old_general_log_file; SET GLOBAL general_log= @old_general_log; SET GLOBAL log_output= @old_log_output;