mirror of
https://github.com/MariaDB/server.git
synced 2025-01-17 20:42:30 +01:00
197 lines
6.1 KiB
Text
197 lines
6.1 KiB
Text
call mtr.add_suppression("password and an authentication plugin");
|
|
#
|
|
# Create a user with mysql_native_password plugin.
|
|
# The user has no password or auth_string set.
|
|
#
|
|
create user u1;
|
|
GRANT SELECT ON mysql.* to u1 IDENTIFIED VIA mysql_native_password;
|
|
select user, host, password, plugin, authentication_string from mysql.user where user = 'u1';
|
|
user host password plugin authentication_string
|
|
u1 %
|
|
#
|
|
# The user's grants should show no password at all.
|
|
#
|
|
show grants for u1;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%`
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
#
|
|
# Test to see if connecting with no password is succesful.
|
|
#
|
|
connect con1, localhost, u1,,;
|
|
show grants;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%`
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
disconnect con1;
|
|
connection default;
|
|
#
|
|
# Test after flushing privileges.
|
|
#
|
|
flush privileges;
|
|
connect con1, localhost, u1,,;
|
|
show grants;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%`
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
disconnect con1;
|
|
connection default;
|
|
#
|
|
# Now add a mysql_native password string in authentication_string.
|
|
#
|
|
GRANT SELECT ON mysql.* to u1 IDENTIFIED VIA mysql_native_password
|
|
USING '*7AFEFD08B6B720E781FB000CAA418F54FA662626';
|
|
select user, host, password, plugin, authentication_string from mysql.user where user = 'u1';
|
|
user host password plugin authentication_string
|
|
u1 % *7AFEFD08B6B720E781FB000CAA418F54FA662626
|
|
#
|
|
# Test to see if connecting with password is succesful.
|
|
#
|
|
connect con1, localhost, u1,'SOMETHING',;
|
|
show grants;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%` IDENTIFIED BY PASSWORD '*7AFEFD08B6B720E781FB000CAA418F54FA662626'
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
disconnect con1;
|
|
connection default;
|
|
#
|
|
# Test after flushing privileges.
|
|
#
|
|
flush privileges;
|
|
connect con1, localhost, u1,'SOMETHING',;
|
|
show grants;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%` IDENTIFIED BY PASSWORD '*7AFEFD08B6B720E781FB000CAA418F54FA662626'
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
disconnect con1;
|
|
connection default;
|
|
#
|
|
# Now we also set a password for the user.
|
|
#
|
|
set password for u1 = PASSWORD('SOMETHINGELSE');
|
|
select user, host, password, plugin, authentication_string from mysql.user where user = 'u1';
|
|
user host password plugin authentication_string
|
|
u1 % *054B7BBD2B9A553DA560520DCD3F76DA2D81B7C6 mysql_native_password *054B7BBD2B9A553DA560520DCD3F76DA2D81B7C6
|
|
#
|
|
# Here we should use the password field, as that primes over
|
|
# the authentication_string field.
|
|
#
|
|
show grants for u1;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%` IDENTIFIED BY PASSWORD '*054B7BBD2B9A553DA560520DCD3F76DA2D81B7C6'
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
#
|
|
# Logging in with the user's password should work.
|
|
#
|
|
connect con1, localhost, u1,'SOMETHINGELSE',;
|
|
show grants;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%` IDENTIFIED BY PASSWORD '*054B7BBD2B9A553DA560520DCD3F76DA2D81B7C6'
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
disconnect con1;
|
|
connection default;
|
|
#
|
|
# Reload privileges and test logging in again.
|
|
#
|
|
flush privileges;
|
|
show grants for u1;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%` IDENTIFIED BY PASSWORD '*054B7BBD2B9A553DA560520DCD3F76DA2D81B7C6'
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
#
|
|
# Here we connect via the user's password again.
|
|
#
|
|
connect con1, localhost, u1,'SOMETHINGELSE',;
|
|
show grants;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%` IDENTIFIED BY PASSWORD '*054B7BBD2B9A553DA560520DCD3F76DA2D81B7C6'
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
disconnect con1;
|
|
connection default;
|
|
#
|
|
# Now we remove the authentication plugin password, flush privileges and
|
|
# try again.
|
|
#
|
|
update mysql.user set password=authentication_string, plugin='', authentication_string='' where user='u1';
|
|
select user, host, password, plugin, authentication_string from mysql.user where user = 'u1';
|
|
user host password plugin authentication_string
|
|
u1 % *054B7BBD2B9A553DA560520DCD3F76DA2D81B7C6
|
|
flush privileges;
|
|
show grants for u1;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%` IDENTIFIED BY PASSWORD '*054B7BBD2B9A553DA560520DCD3F76DA2D81B7C6'
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
#
|
|
# Here we connect via the user's password.
|
|
#
|
|
connect con1, localhost, u1,'SOMETHINGELSE',;
|
|
select user, host, password, plugin, authentication_string from mysql.user where user = 'u1';
|
|
user host password plugin authentication_string
|
|
u1 % *054B7BBD2B9A553DA560520DCD3F76DA2D81B7C6
|
|
disconnect con1;
|
|
connection default;
|
|
#
|
|
# Try and set a wrong auth_string password, with mysql_native_password.
|
|
# Make sure it fails.
|
|
#
|
|
GRANT USAGE ON *.* TO u1 IDENTIFIED VIA mysql_native_password USING 'asd';
|
|
ERROR HY000: Password hash should be a 41-digit hexadecimal number
|
|
#
|
|
# Now set a correct password.
|
|
#
|
|
GRANT SELECT ON mysql.* to u1 IDENTIFIED VIA mysql_native_password
|
|
USING '*7AFEFD08B6B720E781FB000CAA418F54FA662626';
|
|
show grants for u1;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%` IDENTIFIED BY PASSWORD '*7AFEFD08B6B720E781FB000CAA418F54FA662626'
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
#
|
|
# Test if the user can now use that password instead.
|
|
#
|
|
connect con1, localhost, u1,'SOMETHING',;
|
|
show grants;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%` IDENTIFIED BY PASSWORD '*7AFEFD08B6B720E781FB000CAA418F54FA662626'
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
disconnect con1;
|
|
#
|
|
# Test if the user can now use that password instead, after flushing privileges;
|
|
#
|
|
connection default;
|
|
flush privileges;
|
|
connect con1, localhost, u1,'SOMETHING',;
|
|
show grants;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%` IDENTIFIED BY PASSWORD '*7AFEFD08B6B720E781FB000CAA418F54FA662626'
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
disconnect con1;
|
|
connection default;
|
|
#
|
|
# Clear all passwords from the user.
|
|
#
|
|
set password for u1 = '';
|
|
select user, host, password, plugin, authentication_string from mysql.user where user = 'u1';
|
|
user host password plugin authentication_string
|
|
u1 % mysql_native_password
|
|
#
|
|
# Test no password connect.
|
|
#
|
|
connect con1, localhost, u1,,;
|
|
show grants;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%`
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
disconnect con1;
|
|
connection default;
|
|
#
|
|
# Test no password connect, after flushing privileges.
|
|
#
|
|
flush privileges;
|
|
connect con1, localhost, u1,,;
|
|
show grants;
|
|
Grants for u1@%
|
|
GRANT USAGE ON *.* TO `u1`@`%`
|
|
GRANT SELECT ON `mysql`.* TO `u1`@`%`
|
|
disconnect con1;
|
|
connection default;
|
|
drop user u1;
|