diff --git a/client/mysqltest.cc b/client/mysqltest.cc index bf42e59dfb4..6e0e8621f79 100644 --- a/client/mysqltest.cc +++ b/client/mysqltest.cc @@ -6030,7 +6030,7 @@ void do_connect(struct st_command *command) int read_timeout= 0; int write_timeout= 0; int connect_timeout= 0; - char *csname=0; + char *csname=0, *rauth __attribute__((unused))= 0; struct st_connection* con_slot; my_bool default_db; @@ -6157,6 +6157,10 @@ void do_connect(struct st_command *command) { csname= strdup(con_options + sizeof("CHARSET=") - 1); } + else if (strncasecmp(con_options, STRING_WITH_LEN("auth=")) == 0) + { + rauth= strdup(con_options + sizeof("auth=") - 1); + } else die("Illegal option to connect: %.*b", (int) (end - con_options), con_options); @@ -6195,8 +6199,10 @@ void do_connect(struct st_command *command) if (opt_charsets_dir) mysql_options(con_slot->mysql, MYSQL_SET_CHARSET_DIR, opt_charsets_dir); +#ifndef EMBEDDED_LIBRARY + if (rauth) + mysql_options(con_slot->mysql, MARIADB_OPT_RESTRICTED_AUTH, rauth); -#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) set_ssl_opts(con_slot->mysql, con_ssl == USE_SSL_FORBIDDEN ? 0 : con_ssl == USE_SSL_REQUIRED ? 1 : opt_use_ssl, ssl_cipher ? ssl_cipher : opt_ssl_cipher); @@ -6273,6 +6279,7 @@ void do_connect(struct st_command *command) dynstr_free(&ds_options); dynstr_free(&ds_default_auth); free(csname); + free(rauth); DBUG_VOID_RETURN; } diff --git a/mysql-test/main/change_user.result b/mysql-test/main/change_user.result index c91522dc6ce..d9bbb34b6c2 100644 --- a/mysql-test/main/change_user.result +++ b/mysql-test/main/change_user.result @@ -1,3 +1,4 @@ +connect old,localhost,root,,,,,auth=mysql_old_password:mysql_native_password; set global secure_auth=0; Warnings: Warning 1287 '@@secure_auth' is deprecated and will be removed in a future release diff --git a/mysql-test/main/change_user.test b/mysql-test/main/change_user.test index 4073b79a9c6..5f7d5a21915 100644 --- a/mysql-test/main/change_user.test +++ b/mysql-test/main/change_user.test @@ -1,5 +1,9 @@ # This test is checking that old password authentication works --disable_service_connection + +# connect with mysql_old_password enabled +connect old,localhost,root,,,,,auth=mysql_old_password:mysql_native_password; + set global secure_auth=0; # # functional change user tests diff --git a/mysql-test/main/connect.result b/mysql-test/main/connect.result index b781b267535..43a4871cb8f 100644 --- a/mysql-test/main/connect.result +++ b/mysql-test/main/connect.result @@ -112,8 +112,8 @@ flush privileges; show grants for test@localhost; Grants for test@localhost GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test`@`localhost` IDENTIFIED BY PASSWORD '2f27438961437573' -connect con10,localhost,test,gambling2,; -connect con5,localhost,test,gambling2,mysql; +connect con10,localhost,test,gambling2,,,,auth=mysql_old_password:mysql_native_password; +connect con5,localhost,test,gambling2,mysql,,,auth=mysql_old_password:mysql_native_password; set password=""; set password='gambling3'; ERROR HY000: Password hash should be a 41-digit hexadecimal number @@ -152,7 +152,7 @@ time_zone_transition_type transaction_registry user user_bak -connect con6,localhost,test,gambling3,test; +connect con6,localhost,test,gambling3,test,,,auth=mysql_old_password:mysql_native_password; show tables; Tables_in_test connection default; @@ -160,16 +160,16 @@ disconnect con10; disconnect con5; disconnect con6; connect(localhost,test,,test2,MASTER_PORT,MASTER_SOCKET); -connect fail_con,localhost,test,,test2; +connect fail_con,localhost,test,,test2,,,auth=mysql_old_password:mysql_native_password; ERROR 28000: Access denied for user 'test'@'localhost' (using password: NO) connect(localhost,test,,test,MASTER_PORT,MASTER_SOCKET); -connect fail_con,localhost,test,,; +connect fail_con,localhost,test,,,,,auth=mysql_old_password:mysql_native_password; ERROR 28000: Access denied for user 'test'@'localhost' (using password: NO) connect(localhost,test,zorro,test2,MASTER_PORT,MASTER_SOCKET); -connect fail_con,localhost,test,zorro,test2; +connect fail_con,localhost,test,zorro,test2,,,auth=mysql_old_password:mysql_native_password; ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES) connect(localhost,test,zorro,test,MASTER_PORT,MASTER_SOCKET); -connect fail_con,localhost,test,zorro,; +connect fail_con,localhost,test,zorro,,,,auth=mysql_old_password:mysql_native_password; ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES) # switching back from mysql.user to mysql.global_priv delete from mysql.user where user=_binary"test"; @@ -353,9 +353,9 @@ user() current_user() mysqltest_up1@localhost mysqltest_up1@% disconnect pcon2; connect(localhost,mysqltest_up2,newpw,test,MASTER_PORT,MASTER_SOCKET); -connect pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,; +connect pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password; ERROR 28000: Access denied for user 'mysqltest_up2'@'localhost' (using password: YES) -connect pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,; +connect pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password; select user(), current_user(); user() current_user() mysqltest_up2@localhost mysqltest_up2@% @@ -381,7 +381,7 @@ select user(), current_user(); user() current_user() mysqltest_up1@localhost mysqltest_up1@% disconnect pcon6; -connect pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,; +connect pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password; select user(), current_user(); user() current_user() mysqltest_up2@localhost mysqltest_up2@% diff --git a/mysql-test/main/connect.test b/mysql-test/main/connect.test index c9969633a2a..9758e2aec78 100644 --- a/mysql-test/main/connect.test +++ b/mysql-test/main/connect.test @@ -70,14 +70,14 @@ update mysql.user set plugin='mysql_old_password' where user='test'; flush privileges; show grants for test@localhost; -connect (con10,localhost,test,gambling2,); -connect (con5,localhost,test,gambling2,mysql); +connect con10,localhost,test,gambling2,,,,auth=mysql_old_password:mysql_native_password; +connect con5,localhost,test,gambling2,mysql,,,auth=mysql_old_password:mysql_native_password; set password=""; --error ER_PASSWD_LENGTH set password='gambling3'; set password=old_password('gambling3'); show tables; -connect (con6,localhost,test,gambling3,test); +connect (con6,localhost,test,gambling3,test,,,auth=mysql_old_password:mysql_native_password); show tables; connection default; @@ -87,16 +87,16 @@ disconnect con6; --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect (fail_con,localhost,test,,test2); +connect (fail_con,localhost,test,,test2,,,auth=mysql_old_password:mysql_native_password); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect (fail_con,localhost,test,,); +connect (fail_con,localhost,test,,,,,auth=mysql_old_password:mysql_native_password); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect (fail_con,localhost,test,zorro,test2); +connect (fail_con,localhost,test,zorro,test2,,,auth=mysql_old_password:mysql_native_password); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect (fail_con,localhost,test,zorro,); +connect (fail_con,localhost,test,zorro,,,,auth=mysql_old_password:mysql_native_password); source include/switch_to_mysql_global_priv.inc; # remove user 'test' so that other tests which may use 'test' @@ -379,8 +379,8 @@ disconnect pcon2; --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect(pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,); -connect(pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,); +connect(pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password); +connect(pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password); select user(), current_user(); disconnect pcon4; @@ -415,7 +415,7 @@ connect(pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,); select user(), current_user(); disconnect pcon6; -connect(pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,); +connect(pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,,auth=mysql_old_password:mysql_native_password); select user(), current_user(); disconnect pcon7; connection default; diff --git a/mysql-test/main/connect_debug.test b/mysql-test/main/connect_debug.test index 89bc2dac2ce..9471cb76209 100644 --- a/mysql-test/main/connect_debug.test +++ b/mysql-test/main/connect_debug.test @@ -19,7 +19,7 @@ set global debug_dbug='+d,auth_invalid_plugin'; create user 'bad' identified by 'worse'; --replace_regex /loaded: [^\n]*/loaded: invalid plugin name/ --error 1 ---exec $MYSQL --default-auth=mysql_old_password --user=bad --password=worse 2>&1 +--exec $MYSQL --default-auth=ed25519 --user=bad --password=worse 2>&1 set global debug_dbug=@old_dbug; drop user bad; diff --git a/mysql-test/main/set_password.result b/mysql-test/main/set_password.result index 19ca628f1f7..b49574fb65a 100644 --- a/mysql-test/main/set_password.result +++ b/mysql-test/main/set_password.result @@ -42,17 +42,17 @@ select current_user(); current_user() newpassnat@localhost disconnect con; -connect con,localhost,oldauth,test,; +connect con,localhost,oldauth,test,,,,auth=mysql_old_password:mysql_native_password; select current_user(); current_user() oldauth@localhost disconnect con; -connect con,localhost,oldpass,test,; +connect con,localhost,oldpass,test,,,,auth=mysql_old_password:mysql_native_password; select current_user(); current_user() oldpass@localhost disconnect con; -connect con,localhost,oldpassold,test,; +connect con,localhost,oldpassold,test,,,,auth=mysql_old_password:mysql_native_password; select current_user(); current_user() oldpassold@localhost @@ -74,17 +74,17 @@ select current_user(); current_user() newpassnat@localhost disconnect con; -connect con,localhost,oldauth,test,; +connect con,localhost,oldauth,test,,,,auth=mysql_old_password:mysql_native_password; select current_user(); current_user() oldauth@localhost disconnect con; -connect con,localhost,oldpass,test,; +connect con,localhost,oldpass,test,,,,auth=mysql_old_password:mysql_native_password; select current_user(); current_user() oldpass@localhost disconnect con; -connect con,localhost,oldpassold,test,; +connect con,localhost,oldpassold,test,,,,auth=mysql_old_password:mysql_native_password; select current_user(); current_user() oldpassold@localhost diff --git a/mysql-test/main/set_password.test b/mysql-test/main/set_password.test index 071b2d05cdc..e3d35d1f6e0 100644 --- a/mysql-test/main/set_password.test +++ b/mysql-test/main/set_password.test @@ -47,13 +47,13 @@ select current_user(); --connect(con,localhost,newpassnat,test,) select current_user(); --disconnect con ---connect(con,localhost,oldauth,test,) +--connect(con,localhost,oldauth,test,,,,auth=mysql_old_password:mysql_native_password) select current_user(); --disconnect con ---connect(con,localhost,oldpass,test,) +--connect(con,localhost,oldpass,test,,,,auth=mysql_old_password:mysql_native_password) select current_user(); --disconnect con ---connect(con,localhost,oldpassold,test,) +--connect(con,localhost,oldpassold,test,,,,auth=mysql_old_password:mysql_native_password) select current_user(); --disconnect con @@ -70,13 +70,13 @@ select current_user(); --connect(con,localhost,newpassnat,test,) select current_user(); --disconnect con ---connect(con,localhost,oldauth,test,) +--connect(con,localhost,oldauth,test,,,,auth=mysql_old_password:mysql_native_password) select current_user(); --disconnect con ---connect(con,localhost,oldpass,test,) +--connect(con,localhost,oldpass,test,,,,auth=mysql_old_password:mysql_native_password) select current_user(); --disconnect con ---connect(con,localhost,oldpassold,test,) +--connect(con,localhost,oldpassold,test,,,,auth=mysql_old_password:mysql_native_password) select current_user(); --disconnect con diff --git a/mysql-test/suite/sys_vars/r/old_passwords_func.result b/mysql-test/suite/sys_vars/r/old_passwords_func.result index fb250eeb669..1220fb1aacd 100644 --- a/mysql-test/suite/sys_vars/r/old_passwords_func.result +++ b/mysql-test/suite/sys_vars/r/old_passwords_func.result @@ -21,7 +21,10 @@ SELECT CURRENT_USER(); CURRENT_USER() userNewPass2@localhost userNewPass2@localhost Expected -connect con3,localhost,userOldPass,pass3,; +connect(localhost,userOldPass,pass3,test,MASTER_MYPORT,MASTER_MYSOCK); +connect con3,localhost,userOldPass,pass3; +ERROR HY000: Authentication plugin 'mysql_old_password' couldn't be found in restricted_auth plugin list. +connect con3,localhost,userOldPass,pass3,,,,auth=mysql_old_password:mysql_native_password; SELECT CURRENT_USER(); CURRENT_USER() userOldPass@localhost diff --git a/mysql-test/suite/sys_vars/r/secure_auth_func.result b/mysql-test/suite/sys_vars/r/secure_auth_func.result index ee0d6146225..30885dcb526 100644 --- a/mysql-test/suite/sys_vars/r/secure_auth_func.result +++ b/mysql-test/suite/sys_vars/r/secure_auth_func.result @@ -14,7 +14,7 @@ CREATE USER 'testUser'@'localhost' IDENTIFIED BY 'newpass'; connect con_user1,localhost,testUser,newpass,; connection default; SET PASSWORD FOR 'testUser'@'localhost' = OLD_PASSWORD('newpass'); -connect con_user2,localhost,testUser,newpass,; +connect con_user2,localhost,testUser,newpass,,,,auth=mysql_old_password:mysql_native_password; connection default; '#--------------------FN_DYNVARS_144_03-------------------------#' SET GLOBAL secure_auth = ON; diff --git a/mysql-test/suite/sys_vars/t/old_passwords_func.test b/mysql-test/suite/sys_vars/t/old_passwords_func.test index bf1d7dcc874..842d25e2ca5 100644 --- a/mysql-test/suite/sys_vars/t/old_passwords_func.test +++ b/mysql-test/suite/sys_vars/t/old_passwords_func.test @@ -61,7 +61,11 @@ connect (con2,localhost,userNewPass2,pass2,); SELECT CURRENT_USER(); --echo userNewPass2@localhost Expected -connect (con3,localhost,userOldPass,pass3,); +--replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT +--error 5010 +connect con3,localhost,userOldPass,pass3; +connect con3,localhost,userOldPass,pass3,,,,auth=mysql_old_password:mysql_native_password; + SELECT CURRENT_USER(); --echo userOldPass@localhost Expected diff --git a/mysql-test/suite/sys_vars/t/secure_auth_func.test b/mysql-test/suite/sys_vars/t/secure_auth_func.test index 905164ba893..6f4043cc33a 100644 --- a/mysql-test/suite/sys_vars/t/secure_auth_func.test +++ b/mysql-test/suite/sys_vars/t/secure_auth_func.test @@ -65,7 +65,8 @@ connection default; # SET PASSWORD FOR 'testUser'@'localhost' = OLD_PASSWORD('newpass'); -connect (con_user2,localhost,testUser,newpass,); +connect (con_user2,localhost,testUser,newpass,,,,auth=mysql_old_password:mysql_native_password); + connection default;