mirror of
https://github.com/MariaDB/server.git
synced 2025-02-12 00:15:35 +01:00
236 lines
8.8 KiB
Text
236 lines
8.8 KiB
Text
--source include/not_ubsan.inc
|
|
|
|
let $REGEX_VERSION_ID=/$mysql_get_server_version/VERSION_ID/;
|
|
let $REGEX_PASSWORD_LAST_CHANGED=/password_last_changed": [0-9]*/password_last_changed": #/;
|
|
let $REGEX_GLOBAL_PRIV=$REGEX_PASSWORD_LAST_CHANGED $REGEX_VERSION_ID;
|
|
|
|
#
|
|
# MDEV-11340 Allow multiple alternative authentication methods for the same user
|
|
#
|
|
--source include/have_unix_socket.inc
|
|
if (`SELECT '$USER' = 'mysqltest1'`) {
|
|
skip USER is mysqltest1;
|
|
}
|
|
if (!$AUTH_ED25519_SO) {
|
|
skip No auth_ed25519 plugin;
|
|
}
|
|
|
|
--let $plugindir=`SELECT @@global.plugin_dir`
|
|
install soname 'auth_ed25519';
|
|
|
|
--let $try_auth=$MYSQL_TEST < $MYSQLTEST_VARDIR/tmp/peercred_test.txt 2>&1
|
|
|
|
--write_file $MYSQLTEST_VARDIR/tmp/peercred_test.txt
|
|
--let $replace1=$USER@localhost
|
|
--let $replace2=$USER@%
|
|
--replace_result $replace1 "USER@localhost" $replace2 "USER@%"
|
|
select user(), current_user(), database();
|
|
EOF
|
|
|
|
--let $creplace=create user '$USER'
|
|
--let $greplace=grant select on test.* to '$USER'
|
|
--let $dreplace=drop user '$USER'
|
|
|
|
#
|
|
# socket,password
|
|
#
|
|
--replace_result $creplace "create user 'USER'"
|
|
eval $creplace identified via unix_socket OR mysql_native_password as password("GOOD");
|
|
--replace_result $greplace "grant select on test.* to 'USER'"
|
|
eval $greplace ;
|
|
create user mysqltest1 identified via unix_socket OR mysql_native_password as password("good");
|
|
grant select on test.* to mysqltest1;
|
|
show create user mysqltest1;
|
|
--echo # name match = ok
|
|
--exec $try_auth -u $USER
|
|
--echo # name does not match, password good = ok
|
|
--exec $try_auth -u mysqltest1 -pgood
|
|
--echo # name does not match, password bad = failure
|
|
--error 1
|
|
--exec $try_auth -u mysqltest1 -pbad
|
|
--replace_result $dreplace "drop user 'USER'"
|
|
eval $dreplace, mysqltest1;
|
|
|
|
#
|
|
# password,socket
|
|
#
|
|
--replace_result $creplace "create user 'USER'"
|
|
eval $creplace identified via mysql_native_password as password("GOOD") OR unix_socket;
|
|
--replace_result $greplace "grant select on test.* to 'USER'"
|
|
eval $greplace ;
|
|
create user mysqltest1 identified via mysql_native_password as password("good") OR unix_socket;
|
|
grant select on test.* to mysqltest1;
|
|
show create user mysqltest1;
|
|
--echo # name match = ok
|
|
--exec $try_auth -u $USER
|
|
--echo # name does not match, password good = ok
|
|
--exec $try_auth -u mysqltest1 -pgood
|
|
--echo # name does not match, password bad = failure
|
|
--error 1
|
|
--exec $try_auth -u mysqltest1 -pbad
|
|
--replace_result $dreplace "drop user 'USER'"
|
|
eval $dreplace, mysqltest1;
|
|
|
|
#
|
|
# socket,ed25519
|
|
#
|
|
--replace_result $creplace "create user 'USER'"
|
|
eval $creplace identified via unix_socket OR ed25519 as password("GOOD");
|
|
--replace_result $greplace "grant select on test.* to 'USER'"
|
|
eval $greplace ;
|
|
create user mysqltest1 identified via unix_socket OR ed25519 as password("good");
|
|
grant select on test.* to mysqltest1;
|
|
show create user mysqltest1;
|
|
--echo # name match = ok
|
|
--exec $try_auth -u $USER
|
|
--echo # name does not match, password good = ok
|
|
--exec $try_auth -u mysqltest1 -pgood
|
|
--echo # name does not match, password bad = failure
|
|
--error 1
|
|
--exec $try_auth -u mysqltest1 -pbad
|
|
--replace_result $dreplace "drop user 'USER'"
|
|
eval $dreplace, mysqltest1;
|
|
|
|
#
|
|
# ed25519,socket
|
|
#
|
|
--replace_result $creplace "create user 'USER'"
|
|
eval $creplace identified via ed25519 as password("GOOD") OR unix_socket;
|
|
--replace_result $greplace "grant select on test.* to 'USER'"
|
|
eval $greplace ;
|
|
create user mysqltest1 identified via ed25519 as password("good") OR unix_socket;
|
|
grant select on test.* to mysqltest1;
|
|
show create user mysqltest1;
|
|
--echo # name match = ok
|
|
--exec $try_auth -u $USER
|
|
--echo # name does not match, password good = ok
|
|
--exec $try_auth -u mysqltest1 -pgood
|
|
--echo # name does not match, password bad = failure
|
|
--error 1
|
|
--exec $try_auth -u mysqltest1 -pbad
|
|
--replace_result $dreplace "drop user 'USER'"
|
|
eval $dreplace, mysqltest1;
|
|
|
|
#
|
|
# ed25519,socket,password
|
|
#
|
|
--replace_result $creplace "create user 'USER'"
|
|
eval $creplace identified via ed25519 as password("GOOD") OR unix_socket OR mysql_native_password as password("works");
|
|
--replace_result $greplace "grant select on test.* to 'USER'"
|
|
eval $greplace ;
|
|
create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works");
|
|
grant select on test.* to mysqltest1;
|
|
show create user mysqltest1;
|
|
--echo # name match = ok
|
|
--exec $try_auth -u $USER
|
|
--echo # name does not match, password good = ok
|
|
--exec $try_auth -u mysqltest1 -pgood
|
|
--echo # name does not match, second password works = ok
|
|
--exec $try_auth -u mysqltest1 -pworks
|
|
--echo # name does not match, password bad = failure
|
|
--error 1
|
|
--exec $try_auth -u mysqltest1 -pbad
|
|
--replace_result $dreplace "drop user 'USER'"
|
|
eval $dreplace, mysqltest1;
|
|
|
|
#
|
|
# password,password
|
|
#
|
|
create user mysqltest1 identified via mysql_native_password as password("good") OR mysql_native_password as password("works");
|
|
grant select on test.* to mysqltest1;
|
|
show create user mysqltest1;
|
|
--echo # password good = ok
|
|
--exec $try_auth -u mysqltest1 -pgood
|
|
--echo # second password works = ok
|
|
--exec $try_auth -u mysqltest1 -pworks
|
|
--echo # password bad = failure
|
|
--error 1
|
|
--exec $try_auth -u mysqltest1 -pbad
|
|
drop user mysqltest1;
|
|
|
|
#
|
|
# show grants, flush privileges, set password, alter user
|
|
#
|
|
create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works");
|
|
show grants for mysqltest1;
|
|
--replace_regex $REGEX_GLOBAL_PRIV
|
|
select json_detailed(priv) from mysql.global_priv where user='mysqltest1';
|
|
select password,plugin,authentication_string from mysql.user where user='mysqltest1';
|
|
flush privileges;
|
|
show create user mysqltest1;
|
|
set password for mysqltest1 = password('foobar');
|
|
show create user mysqltest1;
|
|
alter user mysqltest1 identified via unix_socket OR mysql_native_password as password("some");
|
|
show create user mysqltest1;
|
|
--error ER_SET_PASSWORD_AUTH_PLUGIN
|
|
set password for mysqltest1 = password('foobar');
|
|
show create user mysqltest1;
|
|
alter user mysqltest1 identified via unix_socket;
|
|
--error ER_SET_PASSWORD_AUTH_PLUGIN
|
|
set password for mysqltest1 = password('bla');
|
|
alter user mysqltest1 identified via mysql_native_password as password("some") or unix_socket;
|
|
show create user mysqltest1;
|
|
drop user mysqltest1;
|
|
|
|
--source include/switch_to_mysql_user.inc
|
|
--replace_regex /\d{6}/XX.YY.ZZ/
|
|
--error ER_COL_COUNT_DOESNT_MATCH_PLEASE_UPDATE
|
|
create user mysqltest1 identified via ed25519 as password("good") OR unix_socket OR mysql_native_password as password("works");
|
|
--source include/switch_to_mysql_global_priv.inc
|
|
|
|
#
|
|
# invalid password,socket
|
|
#
|
|
--replace_result $creplace "create user 'USER'"
|
|
eval $creplace identified via mysql_native_password as '1234567890123456789012345678901234567890a' OR unix_socket;
|
|
--replace_result $greplace "grant select on test.* to 'USER'"
|
|
eval $greplace ;
|
|
create user mysqltest1 identified via mysql_native_password as '1234567890123456789012345678901234567890a' OR unix_socket;
|
|
grant select on test.* to mysqltest1;
|
|
update mysql.global_priv set priv=replace(priv, '1234567890123456789012345678901234567890a', 'invalid password');
|
|
flush privileges;
|
|
show create user mysqltest1;
|
|
--echo # name match = ok
|
|
--exec $try_auth -u $USER
|
|
--echo # name does not match = failure
|
|
--error 1
|
|
--exec $try_auth -u mysqltest1
|
|
--echo # SET PASSWORD helps
|
|
set password for mysqltest1 = password('bla');
|
|
--exec $try_auth -u mysqltest1 -pbla
|
|
--replace_result $dreplace "drop user 'USER'"
|
|
eval $dreplace, mysqltest1;
|
|
|
|
#
|
|
# missing client-side plugin
|
|
#
|
|
create user mysqltest1 identified via ed25519 as password("good");
|
|
grant select on test.* to mysqltest1;
|
|
show create user mysqltest1;
|
|
--echo # no plugin = failure
|
|
# covers Linux (1st re), FreeBSD (2nd), AIX (3rd and 4th)
|
|
--replace_regex /loaded: .*client_ed25519.so: cannot open shared object file: No such file or directory/loaded: no such file/ /loaded: Cannot open.*client_ed25519.so./loaded: no such file/ /loaded: .*Could not load module.*client_ed25519.so.\n/loaded: no such file/ /System error: No such file or directory//
|
|
--error 1
|
|
--exec $try_auth -u mysqltest1 -pgood --plugin-dir=$plugindir/no
|
|
alter user mysqltest1 identified via ed25519 as password("good") OR mysql_native_password as password("works");
|
|
show create user mysqltest1;
|
|
--echo # no plugin = failure
|
|
--error 1
|
|
--exec $try_auth -u mysqltest1 -pgood --plugin-dir=$plugindir/no
|
|
--echo # no plugin, second password works = ok
|
|
--exec $try_auth -u mysqltest1 -pworks --plugin-dir=$plugindir/no
|
|
drop user mysqltest1;
|
|
|
|
uninstall soname 'auth_ed25519';
|
|
--remove_file $MYSQLTEST_VARDIR/tmp/peercred_test.txt
|
|
|
|
#
|
|
# MDEV-21928 ALTER USER doesn't remove excess authentication plugins from mysql.global_priv
|
|
#
|
|
create user mysqltest1 identified via mysql_native_password as password("good") OR unix_socket;
|
|
show create user mysqltest1;
|
|
alter user mysqltest1 identified via mysql_native_password as password("better");
|
|
show create user mysqltest1;
|
|
flush privileges;
|
|
show create user mysqltest1;
|
|
drop user mysqltest1;
|