|
| 1 | +# |
| 2 | +# Only privileged users should be able to expire passwords |
| 3 | +# |
| 4 | +create user user1@localhost; |
| 5 | +alter user user1@localhost password expire; |
| 6 | +create user user2@localhost; |
| 7 | +connect con2,localhost,user2; |
| 8 | +connection con2; |
| 9 | +alter user user1@localhost password expire; |
| 10 | +ERROR 42000: Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation |
| 11 | +disconnect con2; |
| 12 | +connection default; |
| 13 | +drop user user1@localhost; |
| 14 | +drop user user2@localhost; |
| 15 | +# |
| 16 | +# disconnect_on_expired_password=ON should deny a clients's connection |
| 17 | +# when the password is expired or put the client in sandbox mode if OFF |
| 18 | +# |
| 19 | +create user user1@localhost password expire; |
| 20 | +set global disconnect_on_expired_password=ON; |
| 21 | +connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK); |
| 22 | +connect con1,localhost,user1; |
| 23 | +ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords |
| 24 | +set global disconnect_on_expired_password=OFF; |
| 25 | +connect con1,localhost,user1; |
| 26 | +connection con1; |
| 27 | +select 1; |
| 28 | +ERROR HY000: You must SET PASSWORD before executing this statement |
| 29 | +disconnect con1; |
| 30 | +connection default; |
| 31 | +drop user user1@localhost; |
| 32 | +# |
| 33 | +# connect-expired-password option passed to client should override |
| 34 | +# the behavior of disconnect_on_expired_password server system var. |
| 35 | +# |
| 36 | +create user user1@localhost password expire; |
| 37 | +set global disconnect_on_expired_password=ON; |
| 38 | +connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK); |
| 39 | +connect con1,localhost,user1; |
| 40 | +ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords |
| 41 | +drop user user1@localhost; |
| 42 | +# |
| 43 | +# Manually expiring a password should have immediate effect |
| 44 | +# |
| 45 | +create user user1@localhost; |
| 46 | +alter user user1@localhost password expire; |
| 47 | +set global disconnect_on_expired_password=ON; |
| 48 | +connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK); |
| 49 | +connect con1,localhost,user1; |
| 50 | +ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords |
| 51 | +drop user user1@localhost; |
| 52 | +# |
| 53 | +# Sandbox mode should only allow change password statements |
| 54 | +# |
| 55 | +create user user1@localhost password expire; |
| 56 | +grant create user on *.* to user1@localhost; |
| 57 | +set global disconnect_on_expired_password=OFF; |
| 58 | +connect con1,localhost,user1; |
| 59 | +connection con1; |
| 60 | +select 1; |
| 61 | +ERROR HY000: You must SET PASSWORD before executing this statement |
| 62 | +set password=password(''); |
| 63 | +select 1; |
| 64 | +1 |
| 65 | +1 |
| 66 | +disconnect con1; |
| 67 | +connection default; |
| 68 | +drop user user1@localhost; |
| 69 | +# |
| 70 | +# Passwords are still expired after acl reload |
| 71 | +# |
| 72 | +set global disconnect_on_expired_password=ON; |
| 73 | +create user user1@localhost password expire; |
| 74 | +flush privileges; |
| 75 | +connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK); |
| 76 | +connect con1,localhost,user1; |
| 77 | +ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords |
| 78 | +drop user user1@localhost; |
| 79 | +# |
| 80 | +# JSON functions on global_priv reflect the correct state |
| 81 | +# of the password expiration columns |
| 82 | +# |
| 83 | +create user user1@localhost password expire; |
| 84 | +select host, user, JSON_VALUE(Priv, '$.password_last_changed') from mysql.global_priv where user='user1'; |
| 85 | +host user JSON_VALUE(Priv, '$.password_last_changed') |
| 86 | +localhost user1 0 |
| 87 | +alter user user1@localhost password expire never; |
| 88 | +select host, user, JSON_VALUE(Priv, '$.password_lifetime') from mysql.global_priv where user='user1'; |
| 89 | +host user JSON_VALUE(Priv, '$.password_lifetime') |
| 90 | +localhost user1 0 |
| 91 | +alter user user1@localhost password expire default; |
| 92 | +select host, user, JSON_VALUE(Priv, '$.password_lifetime') from mysql.global_priv where user='user1'; |
| 93 | +host user JSON_VALUE(Priv, '$.password_lifetime') |
| 94 | +localhost user1 -1 |
| 95 | +alter user user1@localhost password expire interval 123 day; |
| 96 | +select host, user, JSON_VALUE(Priv, '$.password_lifetime') from mysql.global_priv where user='user1'; |
| 97 | +host user JSON_VALUE(Priv, '$.password_lifetime') |
| 98 | +localhost user1 123 |
| 99 | +drop user user1@localhost; |
| 100 | +# |
| 101 | +# SHOW CREATE USER correctly displays the locking state of an user |
| 102 | +# |
| 103 | +create user user1@localhost; |
| 104 | +show create user user1@localhost; |
| 105 | +CREATE USER for user1@localhost |
| 106 | +CREATE USER 'user1'@'localhost' |
| 107 | +alter user user1@localhost password expire; |
| 108 | +show create user user1@localhost; |
| 109 | +CREATE USER for user1@localhost |
| 110 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE |
| 111 | +set password for user1@localhost= password(''); |
| 112 | +alter user user1@localhost password expire default; |
| 113 | +show create user user1@localhost; |
| 114 | +CREATE USER for user1@localhost |
| 115 | +CREATE USER 'user1'@'localhost' |
| 116 | +alter user user1@localhost password expire never; |
| 117 | +show create user user1@localhost; |
| 118 | +CREATE USER for user1@localhost |
| 119 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER |
| 120 | +alter user user1@localhost password expire interval 123 day; |
| 121 | +show create user user1@localhost; |
| 122 | +CREATE USER for user1@localhost |
| 123 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE INTERVAL 123 DAY |
| 124 | +alter user user1@localhost password expire; |
| 125 | +show create user user1@localhost; |
| 126 | +CREATE USER for user1@localhost |
| 127 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE |
| 128 | +set password for user1@localhost= password(''); |
| 129 | +show create user user1@localhost; |
| 130 | +CREATE USER for user1@localhost |
| 131 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE INTERVAL 123 DAY |
| 132 | +drop user user1@localhost; |
| 133 | +# |
| 134 | +# Incorrect INTERVAL values should be rejected |
| 135 | +# |
| 136 | +create user user1@localhost password expire interval 0 day; |
| 137 | +ERROR HY000: Incorrect DAY value: '0' |
| 138 | +# |
| 139 | +# Password expiration fields are loaded properly on 10.3 tables |
| 140 | +# |
| 141 | +create user user1@localhost; |
| 142 | +show create user user1@localhost; |
| 143 | +CREATE USER for user1@localhost |
| 144 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER |
| 145 | +flush privileges; |
| 146 | +show create user user1@localhost; |
| 147 | +CREATE USER for user1@localhost |
| 148 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER |
| 149 | +alter user user1@localhost password expire; |
| 150 | +show create user user1@localhost; |
| 151 | +CREATE USER for user1@localhost |
| 152 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE |
| 153 | +flush privileges; |
| 154 | +show create user user1@localhost; |
| 155 | +CREATE USER for user1@localhost |
| 156 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE |
| 157 | +set password for user1@localhost= password(''); |
| 158 | +alter user user1@localhost password expire default; |
| 159 | +show create user user1@localhost; |
| 160 | +CREATE USER for user1@localhost |
| 161 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER |
| 162 | +flush privileges; |
| 163 | +show create user user1@localhost; |
| 164 | +CREATE USER for user1@localhost |
| 165 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER |
| 166 | +alter user user1@localhost password expire never; |
| 167 | +show create user user1@localhost; |
| 168 | +CREATE USER for user1@localhost |
| 169 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER |
| 170 | +flush privileges; |
| 171 | +show create user user1@localhost; |
| 172 | +CREATE USER for user1@localhost |
| 173 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER |
| 174 | +alter user user1@localhost password expire interval 123 day; |
| 175 | +show create user user1@localhost; |
| 176 | +CREATE USER for user1@localhost |
| 177 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER |
| 178 | +flush privileges; |
| 179 | +show create user user1@localhost; |
| 180 | +CREATE USER for user1@localhost |
| 181 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE NEVER |
| 182 | +alter user user1@localhost password expire; |
| 183 | +show create user user1@localhost; |
| 184 | +CREATE USER for user1@localhost |
| 185 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE |
| 186 | +flush privileges; |
| 187 | +show create user user1@localhost; |
| 188 | +CREATE USER for user1@localhost |
| 189 | +CREATE USER 'user1'@'localhost' PASSWORD EXPIRE |
| 190 | +set global disconnect_on_expired_password=ON; |
| 191 | +connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK); |
| 192 | +connect con1,localhost,user1; |
| 193 | +ERROR HY000: Your password has expired. To log in you must change it using a client that supports expired passwords |
| 194 | +set global disconnect_on_expired_password=OFF; |
| 195 | +connect con1,localhost,user1; |
| 196 | +connection con1; |
| 197 | +select 1; |
| 198 | +ERROR HY000: You must SET PASSWORD before executing this statement |
| 199 | +set password=password(''); |
| 200 | +select 1; |
| 201 | +1 |
| 202 | +1 |
| 203 | +disconnect con1; |
| 204 | +connection default; |
| 205 | +drop user user1@localhost; |
| 206 | +set global disconnect_on_expired_password=default; |
| 207 | +set global default_password_lifetime=default; |
0 commit comments