| Current Path : /usr/opt/mysql57/mysql-test/suite/auth_sec/t/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
| Current File : //usr/opt/mysql57/mysql-test/suite/auth_sec/t/password_expired.test |
###############################################################################
# #
# Password expiry scenarios catering to all the authentication plugin #
# and handled by the flag "password_expired" in the mysql.user table #
# #
# #
# #
# Creation Date: 2012-12-28 #
# Author : Tanjot Singh Uppal #
# #
# #
# Description:Test Cases of password expiry validated the access to the #
# users under scenarios with expired password. #
# #
###############################################################################
--source include/not_embedded.inc
--source include/have_ssl.inc
--source include/have_sha256_rsa_auth.inc
--source include/mysql_upgrade_preparation.inc
# This test will intentionally generate errors in the server error log
# when a broken password is inserted into the mysql.user table.
# The below suppression is to clear those errors.
--disable_query_log
call mtr.add_suppression(".*Password salt for user.*");
--enable_query_log
## By default the server is started with the mysql_native_password plugin.
--echo
--echo
--echo =======================================================================================
--echo Checking the password expiry with the users created with all 3 plugable authentication
--echo =======================================================================================
--echo
## Creating a user with respect to all the 2 password authentication plugin
--echo Creating a user with respect to all the 2 password authentication plugin
# User with mysql_native_password plugin
--echo **** Creating user with mysql_native_password plugin
CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED BY 'abc';
# User with sha256_password plugin
--echo **** Creating user with sha256_password plugin
CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password';
SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc';
## Validating the plugin assigned for the above 2 users in the user table
--echo **** Validating the plugin names
select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password';
--echo 1 Expected
select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password';
--echo 1 Expected
## Validating the password expiry flag in the mysql.user table
--echo **** Validating the password expiry flag in the mysql.user table
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected
## Expirying password from user login for the 2 created users
--echo **** Expirying password from root login for the 2 created users
--disable_warnings
connect(con1,localhost,Tanjotuser1,abc,,);
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
Alter user 'Tanjotuser1'@'localhost' password expire;
select 1;
--echo 1 Expected
--enable_warnings
--disable_warnings
connect(con3,localhost,Tanjotuser3,abc,,);
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
Alter user 'Tanjotuser3'@'localhost' password expire;
select 1;
--echo 1 Expected
--enable_warnings
## The password expiry flag in the mysql.user table should not be altered
--echo **** Validating the password expiry flag in the mysql.user table should not be altered
connection default;
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected
## These 2 users still should be able to login and work properly
--echo **** These 2 users still should be able to login and work properly
--disable_warnings
connect(con4,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected
connect(con6,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected
--enable_warnings
## Disconnecting the last 2 connections
disconnect con4;
disconnect con6;
## Expirying password from root login for the 2 created users using Alter user
--echo **** Expirying password from root login for the 2 created users using Alter user
connection default;
Alter user 'Tanjotuser1'@'localhost' password expire;
Alter user 'Tanjotuser3'@'localhost' password expire;
## Validating the password expiry flag in the mysql.user table
--echo **** Validating the password expiry flag in the mysql.user table
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='Y';
--echo 1 Expected
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='Y';
--echo 1 Expected
## checking user access after password expiry
--echo **** checking user access after password expiry
--disable_warnings
connect(con7,localhost,Tanjotuser1,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;
connect(con9,localhost,Tanjotuser3,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;
--enable_warnings
## At the same time the open sessions for these users should able to work properly
--echo At the same time the open sessions for these users should able to work properly.
connection con1;
select 1;
--echo 1 Expected
connection con3;
select 1;
--echo 1 Expected
## setting passwords from the new connections.
--echo setting passwords from the new connections.
connection con7;
--error ER_MUST_CHANGE_PASSWORD
select 1;
set password='abcd';
select 1;
--echo 1 Expected
connection default;
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected
connection con9;
--error ER_MUST_CHANGE_PASSWORD
select 1;
set password='abcd';
select 1;
--echo 1 Expected
connection default;
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected
## logging the 2 users with the new passwords
--echo **** logging the 2 users with the new passwords
--disable_warnings
connect(con10,localhost,Tanjotuser1,abcd,,);
select 1;
--echo 1 Expected
connect(con12,localhost,Tanjotuser3,abcd,,);
select 1;
--echo 1 Expected
--enable_warnings
## Disconnecting the open sessions and dropping the created users.
connection default;
--echo Disconnecting the open sessions and dropping the created users
disconnect con1;
disconnect con3;
disconnect con7;
disconnect con9;
disconnect con10;
disconnect con12;
drop user 'Tanjotuser1'@'localhost';
drop user 'Tanjotuser3'@'localhost';
--echo
--echo
--echo =======================================================================================
--echo Checking the password expiry using the update command on mysql.user table
--echo =======================================================================================
--echo
## Creating a user with respect to all the 2 password authentication plugin
--echo Creating a user with respect to all the 2 password authentication plugin
connection default;
# User with mysql_native_password plugin
--echo **** Creating user with mysql_native_password plugin
CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED BY 'abc';
# User with sha256_password plugin
--echo **** Creating user with sha256_password plugin
CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password';
SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc';
## Validating the plugin assigned for the above 2 users in the user table
--echo **** Validating the plugin names
select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password';
--echo 1 Expected
select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password';
--echo 1 Expected
## Validating the password expiry flag in the mysql.user table
--echo **** Validating the password expiry flag in the mysql.user table
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected
## Making connections from each of these created users
--echo **** Making connections from each of these created users
--disable_warnings
connect(con13,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected
connect(con15,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected
--enable_warnings
## Expirying password from user login for the 2 created users using update command
--echo **** Expirying password from root login for the 2 created users using update command
connection default;
update mysql.user set password_expired='Y' where User='Tanjotuser1' and Host='localhost';
update mysql.user set password_expired='Y' where User='Tanjotuser3' and Host='localhost';
## connecting client before flush privileges
--echo **** connecting client before flush privileges
--disable_warnings
connect(con16,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected
connect(con18,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected
--enable_warnings
## flush privileges
--echo **** flush privileges
connection default;
flush privileges;
## connecting client after flush privileges
--echo **** connecting client after flush privileges
--disable_warnings
connect(con19,localhost,Tanjotuser1,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;
connect(con21,localhost,Tanjotuser3,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;
--enable_warnings
## checking the previous open connections
--echo **** checking the previous open connections
connection con13;
select 1;
--echo 1 Expected
connection con15;
select 1;
--echo 1 Expected
## Resetting the password
--echo **** Resetting the password
connection con16;
select 1;
--echo 1 Expected
set password='abcd';
select 1;
--echo 1 Expected
connection default;
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected
connection con18;
select 1;
--echo 1 Expected
set password='abcd';
select 1;
--echo 1 Expected
connection default;
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected
## Logging with the new password
--echo **** Logging with the new password
--disable_warnings
connect(con22,localhost,Tanjotuser1,abcd,,);
select 1;
--echo 1 Expected
connect(con24,localhost,Tanjotuser3,abcd,,);
select 1;
--echo 1 Expected
--enable_warnings
## Below section is hashed till Bug #16054065 is fixed
## connecting client after resetting the password
--echo **** connecting client after resetting the password
#--disable_warnings
#connection con19;
#select 1;
#--echo 1 Expected
#connection con21;
#select 1;
#--echo 1 Expected
#--enable_warnings
## Disconnecting the open sessions and dropping the created users.
connection default;
--echo Disconnecting the open sessions and dropping the created users
disconnect con13;
disconnect con15;
disconnect con16;
disconnect con18;
disconnect con19;
disconnect con21;
disconnect con22;
disconnect con24;
drop user 'Tanjotuser1'@'localhost';
drop user 'Tanjotuser3'@'localhost';
--echo
--echo
--echo =================================================================================================
--echo Starting the server with the default authentication sha256_password
--echo =================================================================================================
--echo
--echo # Restart server with default-authentication-plugin=sha256_password;
let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
--exec echo "wait" > $restart_file
--shutdown_server
--source include/wait_until_disconnected.inc
-- exec echo "restart:--default-authentication-plugin=sha256_password " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
-- enable_reconnect
-- source include/wait_until_connected_again.inc
--echo
--echo
--echo =======================================================================================
--echo Checking the password expiry with the users created with all 2 plugable authentication
--echo =======================================================================================
--echo
## Creating a user with respect to all the 2 password authentication plugin
--echo Creating a user with respect to all the 2 password authentication plugin
# User with mysql_native_password plugin
--echo **** Creating user with mysql_native_password plugin
CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_native_password';
SET PASSWORD for 'Tanjotuser1'@'localhost' = 'abc';
# User with sha256_password plugin
--echo **** Creating user with sha256_password plugin
CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password';
SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc';
## Validating the plugin assigned for the above 2 users in the user table
--echo **** Validating the plugin names
select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password';
--echo 1 Expected
select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password';
--echo 1 Expected
## Validating the password expiry flag in the mysql.user table
--echo **** Validating the password expiry flag in the mysql.user table
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected
## Expirying password from user login for the 2 created users
--echo **** Expirying password from root login for the 2 created users
--disable_warnings
connect(con1,localhost,Tanjotuser1,abc,,);
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
Alter user 'Tanjotuser1'@'localhost' password expire;
select 1;
--echo 1 Expected
--enable_warnings
--disable_warnings
connect(con3,localhost,Tanjotuser3,abc,,);
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
Alter user 'Tanjotuser3'@'localhost' password expire;
select 1;
--echo 1 Expected
--enable_warnings
## The password expiry flag in the mysql.user table should not be altered
--echo **** Validating the password expiry flag in the mysql.user table should not be altered
connection default;
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected
## These 2 users still should be able to login and work properly
--echo **** These 2 users still should be able to login and work properly
--disable_warnings
connect(con4,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected
connect(con6,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected
--enable_warnings
## Disconnecting the last 2 connections
disconnect con4;
disconnect con6;
## Expirying password from root login for the 2 created users using Alter user
--echo **** Expirying password from root login for the 2 created users using Alter user
connection default;
Alter user 'Tanjotuser1'@'localhost' password expire;
Alter user 'Tanjotuser3'@'localhost' password expire;
## Validating the password expiry flag in the mysql.user table
--echo **** Validating the password expiry flag in the mysql.user table
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='Y';
--echo 1 Expected
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='Y';
--echo 1 Expected
## checking user access after password expiry
--echo **** checking user access after password expiry
--disable_warnings
connect(con7,localhost,Tanjotuser1,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;
connect(con9,localhost,Tanjotuser3,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;
--enable_warnings
## At the same time the open sessions for these users should able to work properly
--echo At the same time the open sessions for these users should able to work properly.
connection con1;
select 1;
--echo 1 Expected
connection con3;
select 1;
--echo 1 Expected
## setting passwords from the new connections.
--echo setting passwords from the new connections.
connection con7;
--error ER_MUST_CHANGE_PASSWORD
select 1;
set password='abcd';
select 1;
--echo 1 Expected
connection default;
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected
connection con9;
--error ER_MUST_CHANGE_PASSWORD
select 1;
set password='abcd';
select 1;
--echo 1 Expected
connection default;
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected
## logging the 2 users with the new passwords
--echo **** logging the 2 users with the new passwords
--disable_warnings
connect(con10,localhost,Tanjotuser1,abcd,,);
select 1;
--echo 1 Expected
connect(con12,localhost,Tanjotuser3,abcd,,);
select 1;
--echo 1 Expected
--enable_warnings
## Disconnecting the open sessions and dropping the created users.
connection default;
--echo Disconnecting the open sessions and dropping the created users
disconnect con1;
disconnect con3;
disconnect con7;
disconnect con9;
disconnect con10;
disconnect con12;
drop user 'Tanjotuser1'@'localhost';
drop user 'Tanjotuser3'@'localhost';
--echo
--echo
--echo =======================================================================================
--echo Checking the password expiry using the update command on mysql.user table
--echo =======================================================================================
--echo
## Creating a user with respect to all the 2 password authentication plugin
--echo Creating a user with respect to all the 2 password authentication plugin
connection default;
# User with mysql_native_password plugin
--echo **** Creating user with mysql_native_password plugin
CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_native_password';
SET PASSWORD for 'Tanjotuser1'@'localhost' = 'abc';
# User with sha256_password plugin
--echo **** Creating user with sha256_password plugin
CREATE USER 'Tanjotuser3'@'localhost' IDENTIFIED WITH 'sha256_password';
SET PASSWORD for 'Tanjotuser3'@'localhost' = 'abc';
## Validating the plugin assigned for the above 2 users in the user table
--echo **** Validating the plugin names
select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_native_password';
--echo 1 Expected
select (select plugin from mysql.user where User='Tanjotuser3' and Host='localhost')='sha256_password';
--echo 1 Expected
## Validating the password expiry flag in the mysql.user table
--echo **** Validating the password expiry flag in the mysql.user table
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected
## Making connections from each of these created users
--echo **** Making connections from each of these created users
--disable_warnings
connect(con13,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected
connect(con15,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected
--enable_warnings
## Expirying password from user login for the 2 created users using update command
--echo **** Expirying password from root login for the 2 created users using update command
connection default;
update mysql.user set password_expired='Y' where User='Tanjotuser1' and Host='localhost';
update mysql.user set password_expired='Y' where User='Tanjotuser3' and Host='localhost';
## connecting client before flush privileges
--echo **** connecting client before flush privileges
--disable_warnings
connect(con16,localhost,Tanjotuser1,abc,,);
select 1;
--echo 1 Expected
connect(con18,localhost,Tanjotuser3,abc,,);
select 1;
--echo 1 Expected
--enable_warnings
## flush privileges
--echo **** flush privileges
connection default;
flush privileges;
## connecting client after flush privileges
--echo **** connecting client after flush privileges
--disable_warnings
connect(con19,localhost,Tanjotuser1,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;
connect(con21,localhost,Tanjotuser3,abc,,);
--error ER_MUST_CHANGE_PASSWORD
select 1;
--enable_warnings
## checking the previous open connections
--echo **** checking the previous open connections
connection con13;
select 1;
--echo 1 Expected
connection con15;
select 1;
--echo 1 Expected
## Resetting the password
--echo **** Resetting the password
connection con16;
select 1;
--echo 1 Expected
set password='abcd';
select 1;
--echo 1 Expected
connection default;
select (select password_expired from mysql.user where User='Tanjotuser1' and Host='localhost')='N';
--echo 1 Expected
connection con18;
select 1;
--echo 1 Expected
set password='abcd';
select 1;
--echo 1 Expected
connection default;
select (select password_expired from mysql.user where User='Tanjotuser3' and Host='localhost')='N';
--echo 1 Expected
## Logging with the new password
--echo **** Logging with the new password
--disable_warnings
connect(con22,localhost,Tanjotuser1,abcd,,);
select 1;
--echo 1 Expected
connect(con24,localhost,Tanjotuser3,abcd,,);
select 1;
--echo 1 Expected
--enable_warnings
## Below section is hashed till Bug #16054065 is fixed
## connecting client after resetting the password
--echo **** connecting client after resetting the password
#--disable_warnings
#connection con19;
#select 1;
#--echo 1 Expected
#connection con21;
#select 1;
#--echo 1 Expected
#--enable_warnings
## Disconnecting the open sessions and dropping the created users.
--echo #
--echo # WL#2284: Increase the length of a user name
--echo #
connection default;
CREATE USER user_name_len_25_01234567@localhost IDENTIFIED BY 'password' PASSWORD EXPIRE;
connect (con_user25,localhost,user_name_len_25_01234567,'password',);
--error ER_MUST_CHANGE_PASSWORD
SELECT 1;
SET PASSWORD FOR user_name_len_25_01234567@localhost = 'abc';
disconnect con_user25;
connect (con_user25_new_pass,localhost,user_name_len_25_01234567,'abc',);
SELECT 1;
connection default;
--echo Disconnecting the open sessions and dropping the created users
disconnect con_user25_new_pass;
disconnect con13;
disconnect con15;
disconnect con16;
disconnect con18;
disconnect con19;
disconnect con21;
disconnect con22;
disconnect con24;
DROP USER user_name_len_25_01234567@localhost;
drop user 'Tanjotuser1'@'localhost';
drop user 'Tanjotuser3'@'localhost';