mariadb/mysql-test/suite/plugins/t/password_reuse_check.test
2025-04-29 13:53:16 +10:00

100 lines
2.5 KiB
Text

--source include/not_embedded.inc
if (!$PASSWORD_REUSE_CHECK_SO) {
skip No PASSWORD_REUSE_CHECK plugin;
}
install soname "password_reuse_check";
set global password_reuse_check_interval= 0;
--echo # Default value (should be unlimited i.e. 0)
SHOW GLOBAL VARIABLES like "password_reuse_check%";
--echo # insert user
grant select on *.* to user_name@localhost identified by 'test_pwd';
--error ER_NOT_VALID_PASSWORD
grant select on *.* to user_name@localhost identified by 'test_pwd';
show warnings;
--error ER_CANNOT_USER
alter user user_name@localhost identified by 'test_pwd';
show warnings;
# Plugin does not work for it
#--error ER_NOT_VALID_PASSWORD
#SET PASSWORD FOR user_name@localhost = PASSWORD('test_pwd');
--echo # check expiration
set global password_reuse_check_interval= 10;
--error ER_CANNOT_USER
alter user user_name@localhost identified by 'test_pwd';
show warnings;
select hex(hash) from mysql.password_reuse_check_history;
--echo # emulate old password
update mysql.password_reuse_check_history set time= date_sub(now(), interval
11 day);
alter user user_name@localhost identified by 'test_pwd';
show warnings;
drop user user_name@localhost;
show create table mysql.password_reuse_check_history;
select count(*) from mysql.password_reuse_check_history;
drop table mysql.password_reuse_check_history;
--echo # test error messages
set global password_reuse_check_interval= 0;
drop table if exists mysql.password_reuse_check_history;
--echo # test error messages
create table mysql.password_reuse_check_history (wrong_structure int);
--error ER_NOT_VALID_PASSWORD
grant select on *.* to user_name@localhost identified by 'test_pwd';
show warnings;
set global password_reuse_check_interval= 10;
--error ER_NOT_VALID_PASSWORD
grant select on *.* to user_name@localhost identified by 'test_pwd';
show warnings;
drop table mysql.password_reuse_check_history;
--echo #
--echo # MDEV-28838: password_reuse_check plugin mixes username and password
--echo #
grant select on *.* to user_name@localhost identified by 'test_pwd';
grant select on *.* to user_nam@localhost identified by 'etest_pwd';
show warnings;
drop user user_name@localhost;
drop user user_nam@localhost;
drop table mysql.password_reuse_check_history;
grant select on *.* to user_name@localhost identified by 'test_pwd';
grant select on *.* to tuser_name@localhos identified by 'test_pwd';
show warnings;
drop user user_name@localhost;
drop user tuser_name@localhos;
--echo #
--echo # End of 10.7 tests
--echo #
drop table mysql.password_reuse_check_history;
uninstall plugin password_reuse_check;