用于EagleEye3.0 规则集漏报和误报测试的示例项目,项目收集于github和gitee
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

615 lines
28 KiB

CALL mtr.add_suppression("Plugin test_plugin_server reported: 'Wrong password supplied for plug_dest'");
SELECT PLUGIN_STATUS, PLUGIN_TYPE, PLUGIN_DESCRIPTION
FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='test_plugin_server';
PLUGIN_STATUS ACTIVE
PLUGIN_TYPE AUTHENTICATION
PLUGIN_DESCRIPTION plugin API test plugin
SET @old_log_output= @@global.log_output;
SET @old_general_log= @@global.general_log;
SET GLOBAL log_output = 'TABLE';
SET GLOBAL general_log= 'ON';
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
plugin authentication_string
test_plugin_server plug_dest
## test plugin auth
ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
GRANT PROXY ON plug_dest TO plug;
test proxies_priv columns
SELECT * FROM mysql.proxies_priv WHERE user !='root';
Host User Proxied_host Proxied_user With_grant Grantor Timestamp
xx plug % plug_dest 0 root@localhost xx
test mysql.proxies_priv;
SHOW CREATE TABLE mysql.proxies_priv;
Table Create Table
proxies_priv CREATE TABLE `proxies_priv` (
`Host` char(255) CHARACTER SET ascii COLLATE ascii_general_ci NOT NULL DEFAULT '',
`User` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',
`Proxied_host` char(255) CHARACTER SET ascii COLLATE ascii_general_ci NOT NULL DEFAULT '',
`Proxied_user` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',
`With_grant` tinyint(1) NOT NULL DEFAULT '0',
`Grantor` varchar(288) COLLATE utf8_bin NOT NULL DEFAULT '',
`Timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`Host`,`User`,`Proxied_host`,`Proxied_user`),
KEY `Grantor` (`Grantor`)
) /*!50100 TABLESPACE `mysql` */ ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin STATS_PERSISTENT=0 ROW_FORMAT=DYNAMIC COMMENT='User proxy privileges'
select USER(),CURRENT_USER();
USER() CURRENT_USER()
plug@localhost plug_dest@%
## test SET PASSWORD
Setting password is allowed but it won't affect the authentication mechanism.
SET PASSWORD = 'plug_dest';
Warnings:
Note 1699 SET PASSWORD has no significance for user 'plug'@'%' as authentication plugin does not support it.
## test bad credentials
ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
## test bad default plugin : should get CR_AUTH_PLUGIN_CANNOT_LOAD
## test correct default plugin
select USER(),CURRENT_USER();
USER() CURRENT_USER()
plug@localhost plug_dest@%
## test utf-8 user name
CREATE USER `Ÿ` IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
GRANT PROXY ON plug_dest TO `Ÿ`;
select USER(),CURRENT_USER();
USER() CURRENT_USER()
Ÿ@localhost plug_dest@%
DROP USER `Ÿ`;
CREATE DATABASE test_grant_db;
REVOKE SELECT on test_grant_db.* FROM joro
INDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'' at line 2
REVOKE SELECT on test_grant_db.* FROM joro
INDENTIFIED BY 'plug_dest_passwd';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INDENTIFIED BY 'plug_dest_passwd'' at line 2
REVOKE SELECT on test_grant_db.* FROM joro
INDENTIFIED BY PASSWORD 'plug_dest_passwd';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INDENTIFIED BY PASSWORD 'plug_dest_passwd'' at line 2
DROP DATABASE test_grant_db;
## GRANT PROXY tests
SELECT @@global.check_proxy_users;
@@global.check_proxy_users
0
SELECT @@global.mysql_native_password_proxy_users;
@@global.mysql_native_password_proxy_users
0
SELECT @@global.sha256_password_proxy_users;
@@global.sha256_password_proxy_users
0
SET @@global.check_proxy_users=ON;
SET @@global.mysql_native_password_proxy_users=ON;
SET @@global.sha256_password_proxy_users=ON;
CREATE USER grant_plug IDENTIFIED WITH 'test_plugin_server'
AS 'grant_plug_dest';
CREATE USER grant_plug_dest IDENTIFIED BY 'grant_plug_dest_passwd';
CREATE USER grant_plug_dest2 IDENTIFIED BY 'grant_plug_dest_passwd2';
# ALL PRIVILEGES doesn't include PROXY
GRANT ALL PRIVILEGES ON *.* TO grant_plug;
REVOKE SYSTEM_USER ON *.* FROM grant_plug;
ERROR 28000: Access denied for user 'grant_plug'@'localhost' (using password: YES)
GRANT ALL PRIVILEGES,PROXY ON grant_plug_dest TO grant_plug;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',PROXY ON grant_plug_dest TO grant_plug' at line 1
this should fail : can't combine PROXY
GRANT ALL SELECT,PROXY ON grant_plug_dest TO grant_plug;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT,PROXY ON grant_plug_dest TO grant_plug' at line 1
# this should fail : no such grant
REVOKE PROXY ON grant_plug_dest FROM grant_plug;
ERROR 42000: There is no such grant defined for user 'grant_plug' on host '%'
in grant_plug_dest_con
## testing what an ordinary user can grant
this should fail : no rights to grant all
GRANT PROXY ON ''@'' TO grant_plug;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should fail : not the same user
GRANT PROXY ON grant_plug TO grant_plug_dest;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
This is a valid grant
GRANT PROXY ON grant_plug_dest TO grant_plug;
REVOKE PROXY ON grant_plug_dest FROM grant_plug;
this should work : same user
GRANT PROXY ON grant_plug_dest TO grant_plug_dest2;
REVOKE PROXY ON grant_plug_dest FROM grant_plug_dest2;
this should fail : not the same user
GRANT PROXY ON grant_plug_dest@localhost TO grant_plug WITH GRANT OPTION;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should fail : not the same user
REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should fail : can't create users
GRANT PROXY ON grant_plug_dest TO grant_plug@localhost;
ERROR 42000: You are not allowed to create a user with GRANT
in default connection
# test what root can grant
should work : root has PROXY to all users
GRANT PROXY ON ''@'' TO grant_plug;
REVOKE PROXY ON ''@'' FROM grant_plug;
should work : root has PROXY to all users
CREATE USER proxy_admin IDENTIFIED BY 'test';
GRANT PROXY ON ''@'' TO proxy_admin WITH GRANT OPTION;
need USAGE : PROXY doesn't contain it.
GRANT USAGE on *.* TO proxy_admin;
in proxy_admin_con;
should work : proxy_admin has proxy to ''@''
GRANT PROXY ON future_user TO grant_plug;
in default connection
SHOW GRANTS FOR grant_plug;
Grants for grant_plug@%
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `grant_plug`@`%`
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `grant_plug`@`%`
GRANT PROXY ON 'future_user'@'%' TO 'grant_plug'@'%'
REVOKE PROXY ON future_user FROM grant_plug;
SHOW GRANTS FOR grant_plug;
Grants for grant_plug@%
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `grant_plug`@`%`
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `grant_plug`@`%`
## testing drop user
CREATE USER test_drop@localhost;
GRANT PROXY ON future_user TO test_drop@localhost;
SHOW GRANTS FOR test_drop@localhost;
Grants for test_drop@localhost
GRANT USAGE ON *.* TO `test_drop`@`localhost`
GRANT PROXY ON 'future_user'@'%' TO 'test_drop'@'localhost'
DROP USER test_drop@localhost;
SELECT * FROM mysql.proxies_priv WHERE Host = 'test_drop' AND User = 'localhost';
Host User Proxied_host Proxied_user With_grant Grantor Timestamp
DROP USER proxy_admin;
DROP USER grant_plug,grant_plug_dest,grant_plug_dest2;
## END GRANT PROXY tests
## cleanup
DROP USER plug;
DROP USER plug_dest;
## @@proxy_user tests
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug;
SELECT USER(),CURRENT_USER(),@@LOCAL.proxy_user;
USER() CURRENT_USER() @@LOCAL.proxy_user
root@localhost root@localhost NULL
SELECT @@GLOBAL.proxy_user;
ERROR HY000: Variable 'proxy_user' is a SESSION variable
SELECT @@LOCAL.proxy_user;
@@LOCAL.proxy_user
NULL
SET GLOBAL proxy_user = 'test';
ERROR HY000: Variable 'proxy_user' is a read only variable
SET LOCAL proxy_user = 'test';
ERROR HY000: Variable 'proxy_user' is a read only variable
SELECT @@LOCAL.proxy_user;
@@LOCAL.proxy_user
NULL
# in connection plug_con
SELECT @@LOCAL.proxy_user;
@@LOCAL.proxy_user
'plug'@'%'
# in connection default
SET @@global.check_proxy_users=0;
SET @@global.mysql_native_password_proxy_users=0;
SET @@global.sha256_password_proxy_users=0;
## cleanup
DROP USER plug;
DROP USER plug_dest;
## END @@proxy_user tests
## @@external_user tests
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug;
SELECT USER(),CURRENT_USER(),@@LOCAL.external_user;
USER() CURRENT_USER() @@LOCAL.external_user
root@localhost root@localhost NULL
SELECT @@GLOBAL.external_user;
ERROR HY000: Variable 'external_user' is a SESSION variable
SELECT @@LOCAL.external_user;
@@LOCAL.external_user
NULL
SET GLOBAL external_user = 'test';
ERROR HY000: Variable 'external_user' is a read only variable
SET LOCAL external_user = 'test';
ERROR HY000: Variable 'external_user' is a read only variable
SELECT @@LOCAL.external_user;
@@LOCAL.external_user
NULL
# in connection plug_con
SELECT @@LOCAL.external_user;
@@LOCAL.external_user
plug_dest
# in connection default
WL#5706 -- show the above got logged/rewritten correctly
SELECT argument FROM mysql.general_log WHERE argument LIKE CONCAT('CREATE USER %') AND
command_type NOT LIKE 'Prepare';
argument
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
CREATE USER 'plug_dest'@'%' IDENTIFIED BY <secret>
CREATE USER `Ÿ` IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
CREATE USER grant_plug IDENTIFIED WITH 'test_plugin_server'
AS 'grant_plug_dest'
CREATE USER 'grant_plug_dest'@'%' IDENTIFIED BY <secret>
CREATE USER 'grant_plug_dest2'@'%' IDENTIFIED BY <secret>
CREATE USER 'proxy_admin'@'%' IDENTIFIED BY <secret>
CREATE USER test_drop@localhost
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
CREATE USER 'plug_dest'@'%' IDENTIFIED BY <secret>
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'
CREATE USER 'plug_dest'@'%' IDENTIFIED BY <secret>
## cleanup
DROP USER plug;
DROP USER plug_dest;
SET GLOBAL log_output= @old_log_output;
SET GLOBAL general_log= @old_general_log;
## END @@external_user tests
#
# Bug #56798 : Wrong credentials assigned when using a proxy user.
#
CREATE USER power_user;
GRANT ALL PRIVILEGES ON *.* TO power_user;
CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'power_user';
GRANT USAGE ON anonymous_db.* TO ''@'';
GRANT PROXY ON power_user TO ''@'';
CREATE DATABASE confidential_db;
SELECT user(),current_user(),@@proxy_user;
user() current_user() @@proxy_user
test_login_user@localhost power_user@% ''@''
DROP USER power_user;
DROP USER ''@'';
DROP DATABASE confidential_db;
# Test case #2 (crash with double grant proxy)
CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user';
CREATE USER standard_user;
CREATE DATABASE shared;
GRANT ALL PRIVILEGES ON shared.* TO standard_user;
GRANT PROXY ON standard_user TO ''@'';
#should not crash
GRANT PROXY ON standard_user TO ''@'';
DROP USER ''@'';
DROP USER standard_user;
DROP DATABASE shared;
#
# Bug#58139 : default-auth option not recognized in MySQL standard
# command line clients
#
# Executing 'mysql'
1
1
# Executing 'mysqladmin'
mysqld is alive
# Executing 'mysqldump'
#
# Bug #59657: Move the client authentication_pam plugin into the
# server repository
#
CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
AS 'cleartext_test';
## test plugin auth
ERROR 28000: Access denied for user 'uplain'@'localhost' (using password: YES)
select USER(),CURRENT_USER();
USER() CURRENT_USER()
uplain@localhost uplain@localhost
DROP USER uplain@localhost;
#
# Bug #59038 : mysql.user.authentication_string column
# causes configuration wizard to fail
INSERT INTO mysql.user(
Host,
User,
Select_priv,
Insert_priv,
Update_priv,
Delete_priv,
Create_priv,
Drop_priv,
Reload_priv,
Shutdown_priv,
Process_priv,
File_priv,
Grant_priv,
References_priv,
Index_priv,
Alter_priv,
Show_db_priv,
Super_priv,
Create_tmp_table_priv,
Lock_tables_priv,
Execute_priv,
Repl_slave_priv,
Repl_client_priv,
/*!50001
Create_view_priv,
Show_view_priv,
Create_routine_priv,
Alter_routine_priv,
Create_user_priv,
*/
ssl_type,
ssl_cipher,
x509_issuer,
x509_subject,
max_questions,
max_updates,
max_connections)
VALUES (
'localhost',
'inserttest',
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y',
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y',
/*!50001 'Y', 'Y', 'Y', 'Y', 'Y', */'', '', '', '', '0', '0', '0');
FLUSH PRIVILEGES;
DROP USER inserttest@localhost;
SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE
COLUMN_NAME IN ('authentication_string', 'plugin') AND
TABLE_NAME='user' AND
TABLE_SCHEMA='mysql'
ORDER BY COLUMN_NAME;
IS_NULLABLE COLUMN_NAME
YES authentication_string
NO plugin
#
# Bug #11936829: diff. between mysql.user (authentication_string)
# in fresh and upgraded 5.5.11
#
SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA= 'mysql' AND TABLE_NAME= 'user' AND
COLUMN_NAME IN ('plugin', 'authentication_string')
ORDER BY COLUMN_NAME;
IS_NULLABLE COLUMN_NAME
YES authentication_string
NO plugin
ALTER TABLE mysql.user MODIFY plugin char(64) DEFAULT '' NOT NULL;
ALTER TABLE mysql.user MODIFY authentication_string TEXT NOT NULL;
Run mysql_upgrade on a 5.5.10 external authentication column layout
# restart:--upgrade=FORCE
SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA= 'mysql' AND TABLE_NAME= 'user' AND
COLUMN_NAME IN ('plugin', 'authentication_string')
ORDER BY COLUMN_NAME;
IS_NULLABLE COLUMN_NAME
YES authentication_string
NO plugin
#
# Bug #12610784: SET PASSWORD INCORRECTLY KEEP AN OLD EMPTY PASSWORD
#
CREATE USER bug12610784@localhost;
SET PASSWORD FOR bug12610784@localhost = 'secret';
ERROR 28000: Access denied for user 'bug12610784'@'localhost' (using password: NO)
DROP USER bug12610784@localhost;
#
# Bug # 11766641: 59792: BIN/MYSQL -UUNKNOWN -PUNKNOWN
# .-> USING PASSWORD: NO
# should contain "using password=yes"
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'unknown'@'localhost' (using password: YES)
# should contain "using password=no"
ERROR 1045 (28000): Access denied for user 'unknown'@'localhost' (using password: NO)
#
# Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM
# AUTHENTICATION SETTINGS
#
CREATE USER bug12818542@localhost
IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
CREATE USER bug12818542_dest@localhost
IDENTIFIED BY 'bug12818542_dest_passwd';
GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost
SET PASSWORD = 'bruhaha';
Warnings:
Note 1699 SET PASSWORD has no significance for user 'bug12818542'@'localhost' as authentication plugin does not support it.
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost
DROP USER bug12818542@localhost;
DROP USER bug12818542_dest@localhost;
#
# Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM
# AUTHENTICATION SETTINGS
#
CREATE USER bug12818542@localhost
IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
CREATE USER bug12818542_dest@localhost
IDENTIFIED BY 'bug12818542_dest_passwd';
GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost
SET PASSWORD = 'bruhaha';
Warnings:
Note 1699 SET PASSWORD has no significance for user 'bug12818542'@'localhost' as authentication plugin does not support it.
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost
DROP USER bug12818542@localhost;
DROP USER bug12818542_dest@localhost;
End of 5.5 tests
#
# Bug #18057562: PROXY USERS LOCKED OUT WHEN UNDERLYING PROXIED USER
# PASSWORD IS EXPIRED
#
# Restart server with disconnect_on_expired_password OFF;
# restart:--disconnect_on_expired_password=0
CREATE USER 'empl_external'@'localhost' IDENTIFIED WITH test_plugin_server AS 'employee';
CREATE USER 'employee'@'localhost' IDENTIFIED BY 'passkey';
GRANT PROXY ON 'employee'@'localhost' TO 'empl_external'@'localhost';
# Expiring the proxied user's password
ALTER USER employee@localhost PASSWORD EXPIRE;
# Connecting with the proxied user and executing a query after the
# proxied user's password is expired
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1820 (HY000) at line 1: You must reset your password using ALTER USER statement before executing this statement.
# Connecting with the proxy user and executing a query after the proxied
# user's password is expired. Here we are not supposed to get error.
mysql: [Warning] Using a password on the command line interface can be insecure.
current_user()
employee@localhost
user()
empl_external@localhost
DROP USER 'empl_external'@'localhost', 'employee'@'localhost';
#
# Bug #20537246: SERVER CRASH WHILE CONNECTING WITH CLEARTEXT-PLUGIN
# USER WITH BLANK PWD
#
CREATE USER bug20537246@localhost
IDENTIFIED WITH 'cleartext_plugin_server' AS '';
## test connection
select USER(),CURRENT_USER();
USER() CURRENT_USER()
bug20537246@localhost bug20537246@localhost
DROP USER bug20537246@localhost;
#
# Bug #20599280 PASSWORD EXPIRED FLAG SET FOR PROXY USER SESSION WHEN
# IT SET FOR PROXIED USER
#
CREATE USER 'empl_external'@'localhost' IDENTIFIED WITH test_plugin_server AS 'employee';
CREATE USER 'employee'@'localhost' IDENTIFIED BY 'passkey';
GRANT ALL ON *.* TO 'employee'@'localhost';
GRANT PROXY ON 'employee'@'localhost' TO 'empl_external'@'localhost';
SELECT USER(), CURRENT_USER, @@PROXY_USER;
USER() CURRENT_USER @@PROXY_USER
empl_external@localhost employee@localhost 'empl_external'@'localhost'
ALTER USER 'employee'@'localhost' PASSWORD EXPIRE;
SELECT USER(), CURRENT_USER, @@PROXY_USER;
USER() CURRENT_USER @@PROXY_USER
empl_external@localhost employee@localhost 'empl_external'@'localhost'
SELECT USER(), CURRENT_USER, @@PROXY_USER;
USER() CURRENT_USER @@PROXY_USER
empl_external@localhost employee@localhost 'empl_external'@'localhost'
SELECT USER(), CURRENT_USER, @@PROXY_USER;
ERROR HY000: You must reset your password using ALTER USER statement before executing this statement.
DROP USER 'employee'@'localhost', 'empl_external'@'localhost';
#
# WL#2284: Increase the length of a user name
#
# Testing 32 proxy users
CREATE USER user_name_len_22_01234 IDENTIFIED WITH 'test_plugin_server' AS 'user_name_len_22_0dest';
CREATE USER user_name_len_22_0dest IDENTIFIED BY 'plug_dest_passwd';
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
plugin authentication_string
## test plugin auth
ERROR 28000: Access denied for user 'user_name_len_22_01234'@'localhost' (using password: YES)
GRANT PROXY ON user_name_len_22_0dest TO user_name_len_22_01234;
test proxies_priv columns
SELECT * FROM mysql.proxies_priv WHERE user !='root';
Host User Proxied_host Proxied_user With_grant Grantor Timestamp
xx user_name_len_22_01234 % user_name_len_22_0dest 0 root@localhost xx
test mysql.proxies_priv;
SHOW CREATE TABLE mysql.proxies_priv;
Table Create Table
proxies_priv CREATE TABLE `proxies_priv` (
`Host` char(255) CHARACTER SET ascii COLLATE ascii_general_ci NOT NULL DEFAULT '',
`User` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',
`Proxied_host` char(255) CHARACTER SET ascii COLLATE ascii_general_ci NOT NULL DEFAULT '',
`Proxied_user` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',
`With_grant` tinyint(1) NOT NULL DEFAULT '0',
`Grantor` varchar(288) COLLATE utf8_bin NOT NULL DEFAULT '',
`Timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`Host`,`User`,`Proxied_host`,`Proxied_user`),
KEY `Grantor` (`Grantor`)
) /*!50100 TABLESPACE `mysql` */ ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin STATS_PERSISTENT=0 ROW_FORMAT=DYNAMIC COMMENT='User proxy privileges'
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
user_name_len_22_01234@localhost user_name_len_22_0dest@%
SET NAMES utf8;
Warnings:
Warning 3719 'utf8' is currently an alias for the character set UTF8MB3, but will be an alias for UTF8MB4 in a future release. Please consider using UTF8MB4 in order to be unambiguous.
CREATE USER очень_очень_очень_длинный_юзер__ IDENTIFIED WITH 'test_plugin_server' AS 'очень_очень_очень_длинный_дест__';
CREATE USER очень_очень_очень_длинный_дест__ IDENTIFIED BY 'plug_dest_passwd';
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
plugin authentication_string
## test plugin auth
ERROR 28000: Access denied for user 'очень_очень_очень_длинный_'@'localhost' (using password: YES)
GRANT PROXY ON очень_очень_очень_длинный_дест__ TO очень_очень_очень_длинный_юзер__;
test proxies_priv columns
SELECT * FROM mysql.proxies_priv WHERE user !='root';
Host User Proxied_host Proxied_user With_grant Grantor Timestamp
xx user_name_len_22_01234 % user_name_len_22_0dest 0 root@localhost xx
xx очень_очень_очень_длинный_юзер__ % очень_очень_очень_длинный_дест__ 0 root@localhost xx
test mysql.proxies_priv;
SHOW CREATE TABLE mysql.proxies_priv;
Table Create Table
proxies_priv CREATE TABLE `proxies_priv` (
`Host` char(255) CHARACTER SET ascii COLLATE ascii_general_ci NOT NULL DEFAULT '',
`User` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',
`Proxied_host` char(255) CHARACTER SET ascii COLLATE ascii_general_ci NOT NULL DEFAULT '',
`Proxied_user` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',
`With_grant` tinyint(1) NOT NULL DEFAULT '0',
`Grantor` varchar(288) COLLATE utf8_bin NOT NULL DEFAULT '',
`Timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`Host`,`User`,`Proxied_host`,`Proxied_user`),
KEY `Grantor` (`Grantor`)
) /*!50100 TABLESPACE `mysql` */ ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin STATS_PERSISTENT=0 ROW_FORMAT=DYNAMIC COMMENT='User proxy privileges'
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
очень_очень_очень_длинный_юзер__@localhost очень_очень_очень_длинный_дест__@%
# Testing 32 proxy users cleanup
DROP USER user_name_len_22_01234;
DROP USER user_name_len_22_0dest;
DROP USER очень_очень_очень_длинный_юзер__;
DROP USER очень_очень_очень_длинный_дест__;
SET NAMES default;
# Testing 32 users with different authentication plugins
CREATE USER user_name_len_22_01234@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
SELECT CURRENT_USER();
CURRENT_USER()
user_name_len_22_01234@localhost
DROP USER user_name_len_22_01234@localhost;
CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
SELECT CURRENT_USER();
CURRENT_USER()
user_name_len_32_012345678901234@localhost
DROP USER user_name_len_32_012345678901234@localhost;
CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string';
SELECT CURRENT_USER();
CURRENT_USER()
user_name_len_32_012345678901234@localhost
DROP USER user_name_len_32_012345678901234@localhost;
# Testing 32 users with different authentication plugins WITH REQUIRE SSL
CREATE USER user_name_len_22_01234@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string' REQUIRE SSL;
SELECT CURRENT_USER();
CURRENT_USER()
user_name_len_22_01234@localhost
DROP USER user_name_len_22_01234@localhost;
CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string' REQUIRE SSL;
SELECT CURRENT_USER();
CURRENT_USER()
user_name_len_32_012345678901234@localhost
DROP USER user_name_len_32_012345678901234@localhost;
CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string' REQUIRE SSL;
SELECT CURRENT_USER();
CURRENT_USER()
user_name_len_32_012345678901234@localhost
DROP USER user_name_len_32_012345678901234@localhost;
# Testing 32 utf users with different authentication plugins
SET NAMES utf8;
Warnings:
Warning 3719 'utf8' is currently an alias for the character set UTF8MB3, but will be an alias for UTF8MB4 in a future release. Please consider using UTF8MB4 in order to be unambiguous.
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
SELECT CURRENT_USER();
CURRENT_USER()
очень_очень_очень_длинный_юзер__@localhost
DROP USER очень_очень_очень_длинный_юзер__@localhost;
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
SELECT CURRENT_USER();
CURRENT_USER()
очень_очень_очень_длинный_юзер__@localhost
DROP USER очень_очень_очень_длинный_юзер__@localhost;
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string';
SELECT CURRENT_USER();
CURRENT_USER()
очень_очень_очень_длинный_юзер__@localhost
DROP USER очень_очень_очень_длинный_юзер__@localhost;
# Testing 32 utf users with different authentication plugins WITH REQUIRE SSL
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string' REQUIRE SSL;
SELECT CURRENT_USER();
CURRENT_USER()
очень_очень_очень_длинный_юзер__@localhost
DROP USER очень_очень_очень_длинный_юзер__@localhost;
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string' REQUIRE SSL;
SELECT CURRENT_USER();
CURRENT_USER()
очень_очень_очень_длинный_юзер__@localhost
DROP USER очень_очень_очень_длинный_юзер__@localhost;
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string' REQUIRE SSL;
SELECT CURRENT_USER();
CURRENT_USER()
очень_очень_очень_длинный_юзер__@localhost
DROP USER очень_очень_очень_длинный_юзер__@localhost;
SET NAMES default;