mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 03:52:35 +01:00
90ad4dbd17
This patch adds support for expiring user passwords. The following statements are extended: CREATE USER user@localhost PASSWORD EXPIRE [option] ALTER USER user@localhost PASSWORD EXPIRE [option] If no option is specified, the password is expired with immediate effect. If option is DEFAULT, global policy applies according to the default_password_lifetime system var (if 0, password never expires, if N, password expires every N days). If option is NEVER, the password never expires and if option is INTERVAL N DAY, the password expires every N days. The feature also supports the disconnect_on_expired_password system var and the --connect-expired-password client option. Closes #1166
132 lines
3.6 KiB
Text
132 lines
3.6 KiB
Text
--source include/not_embedded.inc
|
|
--echo #
|
|
--echo # MDEV-11170: MariaDB 10.2 cannot start on MySQL 5.7 datadir:
|
|
--echo # Fatal error: mysql.user table is damaged or in
|
|
--echo # unsupported 3.20 format
|
|
--echo #
|
|
|
|
--source include/switch_to_mysql_user.inc
|
|
|
|
--echo #
|
|
--echo # Original mysql.user table
|
|
--echo #
|
|
describe mysql.user;
|
|
|
|
--echo #
|
|
--echo # Drop the password column.
|
|
--echo #
|
|
alter table mysql.user drop column password,
|
|
drop column is_role,
|
|
drop column default_role,
|
|
add column password_last_changed timestamp null default null after password_expired,
|
|
add column password_lifetime smallint unsigned after password_last_changed,
|
|
add column account_locked enum('n','y') character set utf8 not null default 'n' after password_lifetime;
|
|
flush privileges;
|
|
|
|
--echo #
|
|
--echo # Create users without the password column present.
|
|
--echo #
|
|
create user foo;
|
|
create user goo identified by "foo";
|
|
select OLD_PASSWORD("ioo");
|
|
create user ioo identified with "mysql_old_password" as "7a8f886d28473e85";
|
|
|
|
--echo #
|
|
--echo # Check if users have grants loaded correctly.
|
|
--echo #
|
|
show grants for foo;
|
|
show grants for goo;
|
|
show grants for ioo;
|
|
|
|
select user, host, select_priv, plugin, authentication_string from mysql.user
|
|
where user like "%oo"
|
|
order by user;
|
|
|
|
--echo #
|
|
--echo # Test setting password.
|
|
--echo #
|
|
SET PASSWORD FOR foo=PASSWORD("bar");
|
|
|
|
show grants for foo;
|
|
show grants for goo;
|
|
show grants for ioo;
|
|
|
|
select user, host, select_priv, plugin, authentication_string from mysql.user
|
|
where user like "%oo"
|
|
order by user;
|
|
|
|
--echo #
|
|
--echo # Test flush privileges without password column.
|
|
--echo #
|
|
flush privileges;
|
|
show grants for foo;
|
|
show grants for goo;
|
|
show grants for ioo;
|
|
|
|
--echo #
|
|
--echo # Test granting of privileges.
|
|
--echo #
|
|
grant select on *.* to foo;
|
|
grant select on *.* to goo;
|
|
grant select on *.* to ioo;
|
|
show grants for foo;
|
|
show grants for goo;
|
|
show grants for ioo;
|
|
|
|
--echo #
|
|
--echo # Check to see if grants are stable on flush.
|
|
--echo #
|
|
flush privileges;
|
|
show grants for foo;
|
|
show grants for goo;
|
|
show grants for ioo;
|
|
|
|
--echo #
|
|
--echo # Check internal table representation.
|
|
--echo #
|
|
select user, host, select_priv, plugin, authentication_string from mysql.user
|
|
where user like "%oo"
|
|
order by user;
|
|
|
|
--echo #
|
|
--echo # Test account locking
|
|
--echo #
|
|
create user user1@localhost account lock;
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
--error ER_ACCOUNT_HAS_BEEN_LOCKED
|
|
connect(con1,localhost,user1);
|
|
flush privileges;
|
|
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
|
--error ER_ACCOUNT_HAS_BEEN_LOCKED
|
|
connect(con1,localhost,user1);
|
|
show create user user1@localhost;
|
|
alter user user1@localhost account unlock;
|
|
connect(con1,localhost,user1);
|
|
disconnect con1;
|
|
connection default;
|
|
show create user user1@localhost;
|
|
|
|
--echo #
|
|
--echo # Test password expiration fields are loaded correctly
|
|
--echo #
|
|
create user user@localhost;
|
|
show create user user@localhost;
|
|
alter user user@localhost password expire;
|
|
show create user user@localhost;
|
|
set password for user@localhost= password('');
|
|
alter user user@localhost password expire default;
|
|
show create user user@localhost;
|
|
alter user user@localhost password expire never;
|
|
show create user user@localhost;
|
|
alter user user@localhost password expire interval 123 day;
|
|
show create user user@localhost;
|
|
alter user user@localhost password expire;
|
|
show create user user@localhost;
|
|
set password for user@localhost= password('');
|
|
show create user user@localhost;
|
|
drop user user@localhost;
|
|
|
|
--echo #
|
|
--echo # Reset to final original state.
|
|
--echo #
|
|
--source include/switch_to_mysql_global_priv.inc
|