mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-29 10:14:19 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/main/password_expiration.result
Sergei Golubchik 1e6210161d MDEV-7597 Expiration of user passwords 
post-merge changes:
* handle password expiration on old tables like everything else -
  make changes in memory, even if they cannot be done on disk
* merge "debug" tests with non-debug tests, they don't use dbug anyway
* only run rpl password expiration in MIXED mode, it doesn't replicate
  anything, so no need to repeat it thrice
* restore update_user_table_password() prototype, it should not change
  ACL_USER, this is done in acl_user_update()
* don't parse json twice in get_password_lifetime and get_password_expired
* remove LEX_USER::is_changing_password, see if there was any auth instead
* avoid overflow in expiration calculations
* don't initialize Account_options in the constructor, it's bzero-ed later
* don't create ulong sysvars - they're not portable, prefer uint or ulonglong
* misc simplifications
2019-02-21 15:04:03 +01:00

259 lines
9.5 KiB
Text
Raw Blame History

#
# Only privileged users should be able to expire passwords
#
create user user1@localhost;
alter user user1@localhost password expire;
create user user2@localhost;
connect con2,localhost,user2;
connection con2;
alter user user1@localhost password expire;
ERROR 42000: Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation
disconnect con2;
connection default;
drop user user1@localhost;
drop user user2@localhost;
#
# disconnect_on_expired_password=ON should deny a clients's connection
# when the password is expired or put the client in sandbox mode if OFF
#
create user user1@localhost password expire;
set global disconnect_on_expired_password=ON;
connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK);
connect con1,localhost,user1;
ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords
set global disconnect_on_expired_password=OFF;
connect con1,localhost,user1;
connection con1;
select 1;
ERROR HY000: You must SET PASSWORD before executing this statement
disconnect con1;
connection default;
drop user user1@localhost;
#
# connect-expired-password option passed to client should override
# the behavior of disconnect_on_expired_password server system var.
#
create user user1@localhost password expire;
set global disconnect_on_expired_password=ON;
connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK);
connect con1,localhost,user1;
ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords
drop user user1@localhost;
#
# Manually expiring a password should have immediate effect
#
create user user1@localhost;
alter user user1@localhost password expire;
set global disconnect_on_expired_password=ON;
connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK);
connect con1,localhost,user1;
ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords
drop user user1@localhost;
#
# Sandbox mode should only allow change password statements
#
create user user1@localhost password expire;
grant create user on *.* to user1@localhost;
set global disconnect_on_expired_password=OFF;
connect con1,localhost,user1;
connection con1;
select 1;
ERROR HY000: You must SET PASSWORD before executing this statement
set password=password('');
select 1;
1
1
disconnect con1;
connection default;
drop user user1@localhost;
#
# Passwords are still expired after acl reload
#
set global disconnect_on_expired_password=ON;
create user user1@localhost password expire;
flush privileges;
connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK);
connect con1,localhost,user1;
ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords
drop user user1@localhost;
#
# JSON functions on global_priv reflect the correct state
# of the password expiration columns
#
create user user1@localhost password expire;
select host, user, JSON_VALUE(Priv, '$.password_last_changed') from mysql.global_priv where user='user1';
host user JSON_VALUE(Priv, '$.password_last_changed')
localhost user1 0
alter user user1@localhost password expire never;
select host, user, JSON_VALUE(Priv, '$.password_lifetime') from mysql.global_priv where user='user1';
host user JSON_VALUE(Priv, '$.password_lifetime')
localhost user1 0
alter user user1@localhost password expire default;
select host, user, JSON_VALUE(Priv, '$.password_lifetime') from mysql.global_priv where user='user1';
host user JSON_VALUE(Priv, '$.password_lifetime')
localhost user1 -1
alter user user1@localhost password expire interval 123 day;
select host, user, JSON_VALUE(Priv, '$.password_lifetime') from mysql.global_priv where user='user1';
host user JSON_VALUE(Priv, '$.password_lifetime')
localhost user1 123
drop user user1@localhost;
#
# SHOW CREATE USER correctly displays the locking state of an user
#
create user user1@localhost;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost'
alter user user1@localhost password expire;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE
set password for user1@localhost= password('');
alter user user1@localhost password expire default;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost'
alter user user1@localhost password expire never;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER
alter user user1@localhost password expire interval 123 day;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE INTERVAL 123 DAY
alter user user1@localhost password expire;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE
set password for user1@localhost= password('');
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE INTERVAL 123 DAY
drop user user1@localhost;
#
# Incorrect INTERVAL values should be rejected
#
create user user1@localhost password expire interval 0 day;
ERROR HY000: Incorrect DAY value: '0'
#
# Password expiration fields are loaded properly on 10.3 tables
#
create user user1@localhost;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost'
flush privileges;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER
alter user user1@localhost password expire;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE
flush privileges;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE
set password for user1@localhost= password('');
alter user user1@localhost password expire default;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost'
flush privileges;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER
alter user user1@localhost password expire never;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER
flush privileges;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER
alter user user1@localhost password expire interval 123 day;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE INTERVAL 123 DAY
flush privileges;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER
alter user user1@localhost password expire;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE
flush privileges;
show create user user1@localhost;
CREATE USER for user1@localhost
CREATE USER 'user1'@'localhost' PASSWORD EXPIRE
set global disconnect_on_expired_password=ON;
connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK);
connect con1,localhost,user1;
ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords
set global disconnect_on_expired_password=OFF;
connect con1,localhost,user1;
connection con1;
select 1;
ERROR HY000: You must SET PASSWORD before executing this statement
set password=password('');
select 1;
1
1
disconnect con1;
connection default;
drop user user1@localhost;
set global disconnect_on_expired_password=default;
set global default_password_lifetime=default;
#
# PASSWORD EXPIRE DEFAULT should use the default_password_lifetime
# system var to set the number of days till expiration
#
set global disconnect_on_expired_password= ON;
set global default_password_lifetime= 2;
create user user1@localhost password expire default;
set @tstamp_expired= UNIX_TIMESTAMP(NOW() - INTERVAL 3 DAY);
update mysql.global_priv set
priv=json_set(priv, '$.password_last_changed', @tstamp_expired)
where user='user1';
flush privileges;
connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK);
connect con1,localhost,user1;
ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords
drop user user1@localhost;
#
# PASSWORD EXPIRE INTERVAL should expire a client's password after
# X days and not before
#
set global disconnect_on_expired_password= ON;
create user user1@localhost password expire interval 2 day;
connect con1,localhost,user1;
disconnect con1;
connection default;
set @tstamp_expired= UNIX_TIMESTAMP(NOW() - INTERVAL 3 DAY);
update mysql.global_priv set
priv=json_set(priv, '$.password_last_changed', @tstamp_expired)
where user='user1';
flush privileges;
connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK);
connect con1,localhost,user1;
ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords
drop user user1@localhost;
#
# PASSWORD EXPIRE NEVER should override the other policies and never
# expire a client's password
#
set global disconnect_on_expired_password= ON;
create user user1@localhost password expire interval 2 day;
alter user user1@localhost password expire never;
set @tstamp_expired= UNIX_TIMESTAMP() - 3;
update mysql.global_priv set
priv=json_set(priv, '$.password_last_changed', @tstamp_expired)
where user='user1';
flush privileges;
connect con1,localhost,user1;
disconnect con1;
connection default;
drop user user1@localhost;
set global disconnect_on_expired_password= default;
set global default_password_lifetime= default;
Reference in a new issue View git blame Copy permalink