mirror of
https://github.com/MariaDB/server.git
synced 2025-10-24 08:30:51 +02:00

This commit introduces a reset of password errors counter on any alter user command for the altered user. This is done so as to not require a complete privilege system reload.
86 lines
3 KiB
Text
86 lines
3 KiB
Text
--source include/not_embedded.inc
|
|
set @old_max_password_errors=@@max_password_errors;
|
|
set global max_password_errors=2;
|
|
create user u identified by 'good_pass';
|
|
|
|
# Test that user is blocked after 'max_password_errors' bad passwords
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
connect(con1, localhost, u, bas_pass);
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
connect (con1, localhost, u, bad_pass);
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_USER_IS_BLOCKED;
|
|
connect(con1, localhost, u, good_pass);
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_USER_IS_BLOCKED;
|
|
connect(con1, localhost, u, bad_pass);
|
|
|
|
|
|
# Test that FLUSH PRIVILEGES clears the error
|
|
FLUSH PRIVILEGES;
|
|
connect (con1, localhost, u, good_pass);
|
|
disconnect con1;
|
|
|
|
# Test that good login clears the error
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
connect (con1, localhost, u, bad_pass);
|
|
connect (con1, localhost, u, good_pass);
|
|
disconnect con1;
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
connect (con1, localhost, u, bad_pass);
|
|
connect (con1, localhost, u, good_pass);
|
|
|
|
# Test the behavior of change_user
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
change_user u,bad_pass;
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
change_user u,bad_pass;
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_USER_IS_BLOCKED;
|
|
change_user u,good_pass;
|
|
disconnect con1;
|
|
|
|
connection default;
|
|
FLUSH PRIVILEGES;
|
|
|
|
#Test that root@localhost is not blocked, with password errors
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
connect(con1, localhost, root, bas_pass);
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
connect (con1, localhost, root, bad_pass);
|
|
connect (con1, localhost, u, good_pass);
|
|
disconnect con1;
|
|
connection default;
|
|
|
|
# Block u again
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
connect(con1, localhost, u, bad_password);
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
connect(con1, localhost, u, bad_password);
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_USER_IS_BLOCKED;
|
|
connect(con1, localhost, u, good_pass);
|
|
|
|
# Unblock foo
|
|
ALTER USER u ACCOUNT UNLOCK;
|
|
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
error ER_ACCESS_DENIED_ERROR;
|
|
connect(con1, localhost, u, bad_password);
|
|
|
|
connect(con1, localhost, u, good_pass);
|
|
disconnect con1;
|
|
connection default;
|
|
|
|
DROP USER u;
|
|
set global max_password_errors=@old_max_password_errors;
|