mirror of
				https://github.com/MariaDB/server.git
				synced 2025-10-25 18:38:00 +03:00 
			
		
		
		
	
		
			
				
	
	
		
			215 lines
		
	
	
		
			7.9 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			215 lines
		
	
	
		
			7.9 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| --source include/not_ubsan.inc
 | |
| 
 | |
| let $REGEX_VERSION_ID=/$mysql_get_server_version/VERSION_ID/;
 | |
| let $REGEX_PASSWORD_LAST_CHANGED=/password_last_changed": [0-9]*/password_last_changed": #/;
 | |
| let $REGEX_GLOBAL_PRIV=$REGEX_PASSWORD_LAST_CHANGED $REGEX_VERSION_ID;
 | |
| 
 | |
| #
 | |
| # MDEV-11340 Allow multiple alternative authentication methods for the same user
 | |
| #
 | |
| --source include/have_unix_socket.inc
 | |
| if (`SELECT '$USER' = 'mysqltest1'`) {
 | |
|   skip USER is mysqltest1;
 | |
| }
 | |
| if (!$AUTH_ED25519_SO) {
 | |
|   skip No auth_ed25519 plugin;
 | |
| }
 | |
| 
 | |
| --let $plugindir=`SELECT @@global.plugin_dir`
 | |
| install soname 'auth_ed25519';
 | |
| 
 | |
| --let $try_auth=$MYSQL_TEST < $MYSQLTEST_VARDIR/tmp/peercred_test.txt 2>&1
 | |
| 
 | |
| --write_file $MYSQLTEST_VARDIR/tmp/peercred_test.txt
 | |
| --let $replace1=$USER@localhost
 | |
| --let $replace2=$USER@%
 | |
| --replace_result $replace1 "USER@localhost" $replace2 "USER@%"
 | |
| select user(), current_user(), database();
 | |
| EOF
 | |
| 
 | |
| --let $creplace=create user '$USER'
 | |
| --let $dreplace=drop user '$USER'
 | |
| 
 | |
| #
 | |
| # socket,password
 | |
| #
 | |
| --replace_result $creplace "create user 'USER'"
 | |
| eval $creplace         identified via unix_socket OR mysql_native_password as password("GOOD");
 | |
| create user mysqltest1 identified via unix_socket OR mysql_native_password as password("good");
 | |
| show create user mysqltest1;
 | |
| --echo # name match = ok
 | |
| --exec $try_auth -u $USER
 | |
| --echo # name does not match, password good = ok
 | |
| --exec $try_auth -u mysqltest1 -pgood
 | |
| --echo # name does not match, password bad = failure
 | |
| --error 1
 | |
| --exec $try_auth -u mysqltest1 -pbad
 | |
| --replace_result $dreplace "drop user 'USER'"
 | |
| eval $dreplace, mysqltest1;
 | |
| 
 | |
| #
 | |
| # password,socket
 | |
| #
 | |
| --replace_result $creplace "create user 'USER'"
 | |
| eval $creplace         identified via mysql_native_password as password("GOOD") OR unix_socket;
 | |
| create user mysqltest1 identified via mysql_native_password as password("good") OR unix_socket;
 | |
| show create user mysqltest1;
 | |
| --echo # name match = ok
 | |
| --exec $try_auth -u $USER
 | |
| --echo # name does not match, password good = ok
 | |
| --exec $try_auth -u mysqltest1 -pgood
 | |
| --echo # name does not match, password bad = failure
 | |
| --error 1
 | |
| --exec $try_auth -u mysqltest1 -pbad
 | |
| --replace_result $dreplace "drop user 'USER'"
 | |
| eval $dreplace, mysqltest1;
 | |
| 
 | |
| #
 | |
| # socket,ed25519
 | |
| #
 | |
| --replace_result $creplace "create user 'USER'"
 | |
| eval $creplace         identified via unix_socket OR ed25519 as password("GOOD");
 | |
| create user mysqltest1 identified via unix_socket OR ed25519 as password("good");
 | |
| show create user mysqltest1;
 | |
| --echo # name match = ok
 | |
| --exec $try_auth -u $USER
 | |
| --echo # name does not match, password good = ok
 | |
| --exec $try_auth -u mysqltest1 -pgood
 | |
| --echo # name does not match, password bad = failure
 | |
| --error 1
 | |
| --exec $try_auth -u mysqltest1 -pbad
 | |
| --replace_result $dreplace "drop user 'USER'"
 | |
| eval $dreplace, mysqltest1;
 | |
| 
 | |
| #
 | |
| # ed25519,socket
 | |
| #
 | |
| --replace_result $creplace "create user 'USER'"
 | |
| eval $creplace         identified via ed25519 as password("GOOD") OR unix_socket;
 | |
| create user mysqltest1 identified via ed25519 as password("good") OR unix_socket;
 | |
| show create user mysqltest1;
 | |
| --echo # name match = ok
 | |
| --exec $try_auth -u $USER
 | |
| --echo # name does not match, password good = ok
 | |
| --exec $try_auth -u mysqltest1 -pgood
 | |
| --echo # name does not match, password bad = failure
 | |
| --error 1
 | |
| --exec $try_auth -u mysqltest1 -pbad
 | |
| --replace_result $dreplace "drop user 'USER'"
 | |
| eval $dreplace, mysqltest1;
 | |
| 
 | |
| #
 | |
| # ed25519,socket,password
 | |
| #
 | |
| --replace_result $creplace "create user 'USER'"
 | |
| eval $creplace         identified via ed25519 as password("GOOD") OR unix_socket OR mysql_native_password as password("works");
 | |
| create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works");
 | |
| show create user mysqltest1;
 | |
| --echo # name match = ok
 | |
| --exec $try_auth -u $USER
 | |
| --echo # name does not match, password good = ok
 | |
| --exec $try_auth -u mysqltest1 -pgood
 | |
| --echo # name does not match, second password works = ok
 | |
| --exec $try_auth -u mysqltest1 -pworks
 | |
| --echo # name does not match, password bad = failure
 | |
| --error 1
 | |
| --exec $try_auth -u mysqltest1 -pbad
 | |
| --replace_result $dreplace "drop user 'USER'"
 | |
| eval $dreplace, mysqltest1;
 | |
| 
 | |
| #
 | |
| # password,password
 | |
| #
 | |
| create user mysqltest1 identified via mysql_native_password as password("good") OR mysql_native_password as password("works");
 | |
| show create user mysqltest1;
 | |
| --echo # password good = ok
 | |
| --exec $try_auth -u mysqltest1 -pgood
 | |
| --echo # second password works = ok
 | |
| --exec $try_auth -u mysqltest1 -pworks
 | |
| --echo # password bad = failure
 | |
| --error 1
 | |
| --exec $try_auth -u mysqltest1 -pbad
 | |
| drop user mysqltest1;
 | |
| 
 | |
| #
 | |
| # show grants, flush privileges, set password, alter user
 | |
| #
 | |
| create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works");
 | |
| show grants for mysqltest1;
 | |
| --replace_regex $REGEX_GLOBAL_PRIV
 | |
| select json_detailed(priv) from mysql.global_priv where user='mysqltest1';
 | |
| select password,plugin,authentication_string from mysql.user where user='mysqltest1';
 | |
| flush privileges;
 | |
| show create user mysqltest1;
 | |
| set password for mysqltest1 = password('foobar');
 | |
| show create user mysqltest1;
 | |
| alter user mysqltest1 identified via unix_socket OR mysql_native_password as password("some");
 | |
| show create user mysqltest1;
 | |
| set password for mysqltest1 = password('foobar');
 | |
| show create user mysqltest1;
 | |
| alter user mysqltest1 identified via unix_socket;
 | |
| --error ER_SET_PASSWORD_AUTH_PLUGIN
 | |
| set password for mysqltest1 = password('bla');
 | |
| alter user mysqltest1 identified via mysql_native_password as password("some") or unix_socket;
 | |
| show create user mysqltest1;
 | |
| drop user mysqltest1;
 | |
| 
 | |
| --source include/switch_to_mysql_user.inc
 | |
| --replace_regex /\d{6}/XX.YY.ZZ/
 | |
| --error ER_COL_COUNT_DOESNT_MATCH_PLEASE_UPDATE
 | |
| create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works");
 | |
| --source include/switch_to_mysql_global_priv.inc
 | |
| 
 | |
| #
 | |
| # invalid password,socket
 | |
| #
 | |
| --replace_result $creplace "create user 'USER'"
 | |
| eval $creplace         identified via mysql_native_password as '1234567890123456789012345678901234567890a' OR unix_socket;
 | |
| create user mysqltest1 identified via mysql_native_password as '1234567890123456789012345678901234567890a' OR unix_socket;
 | |
| update mysql.global_priv set priv=replace(priv, '1234567890123456789012345678901234567890a', 'invalid password');
 | |
| flush privileges;
 | |
| show create user mysqltest1;
 | |
| --echo # name match = ok
 | |
| --exec $try_auth -u $USER
 | |
| --echo # name does not match = failure
 | |
| --error 1
 | |
| --exec $try_auth -u mysqltest1
 | |
| --echo # SET PASSWORD helps
 | |
| set password for mysqltest1 = password('bla');
 | |
| --exec $try_auth -u mysqltest1 -pbla
 | |
| --replace_result $dreplace "drop user 'USER'"
 | |
| eval $dreplace, mysqltest1;
 | |
| 
 | |
| #
 | |
| # missing client-side plugin
 | |
| #
 | |
| create user mysqltest1 identified via ed25519 as password("good");
 | |
| show create user mysqltest1;
 | |
| --echo # no plugin = failure
 | |
| # covers Linux (1st re), FreeBSD (2nd), AIX (3rd and 4th)
 | |
| --replace_regex /loaded: .*client_ed25519.so: cannot open shared object file: No such file or directory/loaded: no such file/ /loaded: Cannot open.*client_ed25519.so./loaded: no such file/ /loaded: .*Could not load module.*client_ed25519.so.\n/loaded: no such file/ /System error: No such file or directory//
 | |
| --error 1
 | |
| --exec $try_auth -u mysqltest1 -pgood --plugin-dir=$plugindir/no
 | |
| alter user mysqltest1 identified via ed25519 as password("good") OR mysql_native_password as password("works");
 | |
| show create user mysqltest1;
 | |
| --echo # no plugin = failure
 | |
| --error 1
 | |
| --exec $try_auth -u mysqltest1 -pgood --plugin-dir=$plugindir/no
 | |
| --echo # no plugin, second password works = ok
 | |
| --exec $try_auth -u mysqltest1 -pworks --plugin-dir=$plugindir/no
 | |
| drop user mysqltest1;
 | |
| 
 | |
| uninstall soname 'auth_ed25519';
 | |
| --remove_file $MYSQLTEST_VARDIR/tmp/peercred_test.txt
 | |
| 
 | |
| #
 | |
| # MDEV-21928 ALTER USER doesn't remove excess authentication plugins from mysql.global_priv
 | |
| #
 | |
| create user mysqltest1 identified via mysql_native_password as password("good") OR unix_socket;
 | |
| show create user mysqltest1;
 | |
| alter user mysqltest1 identified via mysql_native_password as password("better");
 | |
| show create user mysqltest1;
 | |
| flush privileges;
 | |
| show create user mysqltest1;
 | |
| drop user mysqltest1;
 |