mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-30 18:41:56 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/main/alter_user.test
Sergei Golubchik 7c40996cc8 MDEV-12321 authentication plugin: SET PASSWORD support 
Support SET PASSWORD for authentication plugins.

Authentication plugin API is extended with two optional methods:
* hash_password() is used to compute a password hash (or digest)
  from the plain-text password. This digest will be stored in mysql.user
  table
* preprocess_hash() is used to convert this digest into some memory
  representation that can be later used to authenticate a user.
  Build-in plugins convert the hash from hexadecimal or base64 to binary,
  to avoid doing it on every authentication attempt.

Note a change in behavior: when loading privileges (on startup or on
FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a
warning (e.g. "Plugin 'foo' is not loaded"). But such an account could
not be used for authentication until the plugin is installed. Now an
account like that will not be loaded at all (with a warning, still).
Indeed, without plugin's preprocess_hash() method the server cannot know
how to load an account. Thus, if a new authentication plugin is
installed run-time, one might need FLUSH PRIVILEGES to activate all
existing accounts that were using this new plugin.
2018-10-31 16:06:16 +01:00

85 lines
2.5 KiB
Text
Raw Blame History

--source include/not_embedded.inc
select * from mysql.user where user = 'root' and host = 'localhost';
--echo # Test syntax
--echo #
--echo # These 2 selects should have no changes from the first one.
alter user CURRENT_USER;
select * from mysql.user where user = 'root' and host = 'localhost';
alter user CURRENT_USER();
select * from mysql.user where user = 'root' and host = 'localhost';
create user foo;
select * from mysql.user where user = 'foo';
alter user foo;
select * from mysql.user where user = 'foo';
--echo # Test super privilege works correctly with a read only database.
SET @start_read_only = @@global.read_only;
SET GLOBAL read_only=1;
grant create user on *.* to foo;
--echo # Currently no super privileges.
connect (a, localhost, foo);
select @@global.read_only;
--error ER_OPTION_PREVENTS_STATEMENT
alter user foo;
--echo # Grant super privilege to the user.
connection default;
grant super on *.* to foo;
--echo # We now have super privilege. We should be able to run alter user.
connect (b, localhost, foo);
alter user foo;
connection default;
SET GLOBAL read_only = @start_read_only;
--echo # Test inexistant user.
--error ER_CANNOT_USER
alter user boo;
--echo #--warning ER_CANNOT_USER
alter if exists user boo;
--echo # Test password related altering.
alter user foo identified by 'something';
select * from mysql.user where user = 'foo';
alter user foo identified by 'something2';
select * from mysql.user where user = 'foo';
alter user foo identified by password '*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63';
select * from mysql.user where user = 'foo';
--error ER_CANNOT_USER
alter user foo identified with 'somecoolplugin';
show warnings;
alter user foo identified with 'mysql_old_password';
select * from mysql.user where user = 'foo';
alter user foo identified with 'mysql_old_password' using '0123456789ABCDEF';
select * from mysql.user where user = 'foo';
--echo # Test ssl related altering.
alter user foo identified by 'something' require SSL;
select * from mysql.user where user = 'foo';
alter user foo identified by 'something' require X509;
select * from mysql.user where user = 'foo';
alter user foo identified by 'something'
require cipher 'text' issuer 'foo_issuer' subject 'foo_subject';
select * from mysql.user where user = 'foo';
--echo # Test resource limits altering.
alter user foo with MAX_QUERIES_PER_HOUR 10
MAX_UPDATES_PER_HOUR 20
MAX_CONNECTIONS_PER_HOUR 30
MAX_USER_CONNECTIONS 40;
select * from mysql.user where user = 'foo';
drop user foo;
update mysql.user set plugin='';
Reference in a new issue View git blame Copy permalink