mirror of
https://github.com/MariaDB/server.git
synced 2025-10-12 12:25:37 +03:00
c94ec9fc67
Revert the side effect of 7c40996cc8.
Do not convert password hash to its binary representation when a user
entry is loaded. Do it lazily on the first authenticatation attempt.
As a collateral - force all authentication plugins to follow the
protocol and read_packet at least once before accessing info->username
(username is not available before first client handshake packet is read).
Fix PAM and GSSAPI plugins to behave.
89 lines
2.9 KiB
Plaintext
89 lines
2.9 KiB
Plaintext
-- source include/not_embedded.inc
|
|
|
|
#
|
|
# MDEV-6625 SHOW GRANTS for current_user_name@wrong_host_name
|
|
#
|
|
--error ER_NONEXISTING_GRANT
|
|
SHOW GRANTS FOR root@invalid_host;
|
|
|
|
#
|
|
# MDEV-9580 SHOW GRANTS FOR <current_user> fails
|
|
#
|
|
create user test;
|
|
create user foo;
|
|
create role foo;
|
|
grant foo to test;
|
|
--connect (conn_1, localhost, test,,)
|
|
set role foo;
|
|
show grants for test; # user
|
|
show grants for foo; # role
|
|
--error ER_DBACCESS_DENIED_ERROR
|
|
show grants for foo@'%'; # user
|
|
--connection default
|
|
drop user test, foo;
|
|
drop role foo;
|
|
|
|
#
|
|
# MDEV-17975 Assertion `! is_set()' or `!is_set() || (m_status == DA_OK_BULK && is_bulk_op())' failed upon REVOKE under LOCK TABLE
|
|
#
|
|
CREATE TABLE t1 (a INT);
|
|
LOCK TABLE t1 WRITE;
|
|
--error ER_TABLE_NOT_LOCKED
|
|
REVOKE EXECUTE ON PROCEDURE sp FROM u;
|
|
--error ER_TABLE_NOT_LOCKED
|
|
REVOKE PROCESS ON *.* FROM u;
|
|
DROP TABLE t1;
|
|
|
|
#
|
|
# MDEV-12321 authentication plugin: SET PASSWORD support
|
|
#
|
|
error ER_PASSWD_LENGTH;
|
|
create user u1@h identified with 'mysql_native_password' using 'pwd';
|
|
create user u1@h identified with 'mysql_native_password' using password('pwd');
|
|
let p=`select password('pwd')`;
|
|
eval create user u2@h identified with 'mysql_native_password' using '$p';
|
|
create user u3@h identified with 'mysql_native_password';
|
|
error ER_PASSWD_LENGTH;
|
|
set password for u3@h = 'pwd';
|
|
set password for u3@h = password('pwd');
|
|
create user u4@h identified with 'mysql_native_password';
|
|
eval set password for u4@h = '$p';
|
|
error ER_PASSWD_LENGTH;
|
|
create user u5@h identified with 'mysql_old_password' using 'pwd';
|
|
create user u5@h identified with 'mysql_old_password' using password('pwd');
|
|
let p=`select old_password('pwd')`;
|
|
eval create user u6@h identified with 'mysql_old_password' using '$p';
|
|
create user u7@h identified with 'mysql_old_password';
|
|
error ER_PASSWD_LENGTH;
|
|
set password for u7@h = 'pwd';
|
|
set password for u7@h = old_password('pwd');
|
|
create user u8@h identified with 'mysql_old_password';
|
|
eval set password for u8@h = '$p';
|
|
sorted_result;
|
|
select user,host,plugin,authentication_string from mysql.user where host='h';
|
|
# test with invalid entries
|
|
update mysql.global_priv set priv=json_set(priv, '$.authentication_string', 'bad') where user='u1';
|
|
update mysql.global_priv set priv=json_set(priv, '$.authentication_string', 'bad') where user='u5';
|
|
update mysql.global_priv set priv=json_set(priv, '$.plugin', 'nonexistent') where user='u8';
|
|
flush privileges;
|
|
show create user u1@h;
|
|
show create user u2@h;
|
|
show create user u3@h;
|
|
show create user u4@h;
|
|
show create user u5@h;
|
|
show create user u6@h;
|
|
show create user u7@h;
|
|
show create user u8@h;
|
|
grant select on *.* to u1@h;
|
|
grant select on *.* to u2@h;
|
|
grant select on *.* to u3@h;
|
|
grant select on *.* to u4@h;
|
|
grant select on *.* to u5@h;
|
|
grant select on *.* to u6@h;
|
|
grant select on *.* to u7@h;
|
|
grant select on *.* to u8@h;
|
|
select user,select_priv,plugin,authentication_string from mysql.user where user like 'u_';
|
|
|
|
# but they still can be dropped
|
|
drop user u1@h, u2@h, u3@h, u4@h, u5@h, u6@h, u7@h, u8@h;
|