############################################################################### # # # Authorization and authentication using the MYSQL_OLD_PASSWORD pligin at # # server and client side # # # # # # # # Creation Date: 2012-12-10 # # Author : Tanjot Singh Uppal # # # # # # Description:Test Cases of authenticating the hashed password using the # # mysql_old_password plugin at the server side as well as the client side # # # # # ############################################################################### --source include/not_embedded.inc --source include/have_ssl.inc --source include/have_sha256_rsa_auth.inc --source include/mysql_upgrade_preparation.inc # This test will intentionally generate errors in the server error log # when a broken password is inserted into the mysql.user table. # The below suppression is to clear those errors. --disable_query_log call mtr.add_suppression(".*Password salt for user.*"); --enable_query_log --echo --echo --echo =========================================================================================================================================== --echo Checking the password authentication using the mysql_old_password plugin at the client and mysql_native_password plugin at the server side --echo =========================================================================================================================================== --echo select @@Global.old_passwords; --echo 0 Expected select @@session.old_passwords; --echo 0 Expected # Checking the password authentication with mysql_old_password plugin # Creating 2 users and encrypting the server side password with the mysql_old_password plugin CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_old_password'; CREATE USER 'Tanjotuser2'@'127.0.0.1' IDENTIFIED WITH 'mysql_old_password'; # Verifying the server side plugin used to be mysql_old_password select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_old_password'; --echo 1 Expected select (select plugin from mysql.user where User='Tanjotuser2' and Host='127.0.0.1')='mysql_old_password'; --echo 1 Expected # Verifying the client connection using the same mysql_old_password plugin and NULL password connect(con1,localhost,Tanjotuser1,,,); connect(con2,127.0.0.1,Tanjotuser2,,,); # Verifying the client connection using the same mysql_old_password plugin and junk password --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con3,localhost,Tanjotuser1," ",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con4,127.0.0.1,Tanjotuser2," ",,); # setting the password for the 2 users using the mysql_old_password plugin connection default; SET @@session.old_passwords=1; SET PASSWORD FOR 'Tanjotuser1'@'localhost'=PASSWORD('abc'); SET PASSWORD FOR 'Tanjotuser2'@'127.0.0.1'=PASSWORD('abc'); # Validating the old_passwords value from the created users. --disable_warnings set @@global.secure_auth=0; --enable_warnings --echo **** connecting Tanjotuser1 with server --exec $MYSQL -uTanjotuser1 -pabc -hlocalhost --default_auth=mysql_native_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser2 with server --exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 --default_auth=mysql_native_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser1 with server --exec $MYSQL -uTanjotuser1 -pabc -hlocalhost --default_auth=mysql_old_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser2 with server --exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 --default_auth=mysql_old_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser1 with server --exec $MYSQL -uTanjotuser1 -pabc -hlocalhost --default_auth=sha256_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser2 with server --exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 --default_auth=sha256_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser1 with server --exec $MYSQL -uTanjotuser1 -pabc -hlocalhost -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser2 with server --exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 -e "select @@session.old_passwords" --echo 1 Expected --disable_warnings set @@global.secure_auth=1; --enable_warnings # Verifying the client connection using the same mysql_old_password plugin and NULL password --error ER_ACCESS_DENIED_ERROR connect(con5,localhost,Tanjotuser1,,,); --error ER_ACCESS_DENIED_ERROR connect(con6,127.0.0.1,Tanjotuser2,,,); # Verifying the client connection using the same mysql_old_password plugin and junk password --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con7,localhost,Tanjotuser1," ",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con8,127.0.0.1,Tanjotuser2," ",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con9,localhost,Tanjotuser1,"%",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con10,127.0.0.1,Tanjotuser2,"%",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con11,localhost,Tanjotuser1,"_",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con12,127.0.0.1,Tanjotuser2,"_",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con13,localhost,Tanjotuser1,"0",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con14,127.0.0.1,Tanjotuser2,"0",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con15,localhost,Tanjotuser1,"^",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con16,127.0.0.1,Tanjotuser2,"^",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con17,localhost,Tanjotuser1,'\$',,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con18,127.0.0.1,Tanjotuser2,'\$',,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con19,localhost,Tanjotuser1,"&",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con20,127.0.0.1,Tanjotuser2,"&",,); # Verifying the client connection using the same mysql_old_password plugin and correct password with secure_auth enabled connection default; select @@global.secure_auth; --echo 1 Expected --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con21,localhost,Tanjotuser1,abc,,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con22,127.0.0.1,Tanjotuser2,abc,,); # Verifying the client connection using the same mysql_old_password plugin and correct password with secure_auth disabled connection default; --disable_warnings set @@global.secure_auth=0; --enable_warnings --disable_warnings connect(con23,localhost,Tanjotuser1,abc,,); connect(con24,127.0.0.1,Tanjotuser2,abc,,); --enable_warnings # Below section is hashed till the bug16040690 is fixed. #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con25,localhost,Tanjotuser1,"abc ",,); #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con26,127.0.0.1,Tanjotuser2,"abc ",,); #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con27,localhost,Tanjotuser1," abc",,); #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con28,127.0.0.1,Tanjotuser2," abc",,); --error ER_ACCESS_DENIED_ERROR connect(con29,localhost,Tanjotuser1,"0abc",,); --error ER_ACCESS_DENIED_ERROR connect(con30,127.0.0.1,Tanjotuser2,"0abc",,); --error ER_ACCESS_DENIED_ERROR connect(con31,localhost,Tanjotuser1,"abc0",,); --error ER_ACCESS_DENIED_ERROR connect(con32,127.0.0.1,Tanjotuser2,"abc0",,); --error ER_ACCESS_DENIED_ERROR connect(con33,localhost,Tanjotuser1,"@abc",,); --error ER_ACCESS_DENIED_ERROR connect(con34,127.0.0.1,Tanjotuser2,"@abc",,); # Dropping the created users connection default; DROP USER 'Tanjotuser1'@'localhost'; DROP USER 'Tanjotuser2'@'127.0.0.1'; --echo --echo --echo ==================================================================================================== --echo checking the integrity of long password (more than 40 chars) using mysql_old_password plugin --echo ==================================================================================================== --echo # Checking the password authentication with mysql_old_password plugin # Creating 2 users and encrypting the server side password with the mysql_old_password plugin CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_old_password'; CREATE USER 'Tanjotuser2'@'127.0.0.1' IDENTIFIED WITH 'mysql_old_password'; # setting the password for the 2 users using the mysql_old_password plugin SET @@session.old_passwords=1; SET PASSWORD FOR 'Tanjotuser1'@'localhost'=PASSWORD('$$$$$$$$$$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________'); SET PASSWORD FOR 'Tanjotuser2'@'127.0.0.1'=PASSWORD('$$$$$$$$$$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________'); # Verifying the client connection using the same mysql_old_password plugin and correct password with secure_auth disabled --disable_warnings set @@global.secure_auth=0; --enable_warnings --disable_warnings connect(con35,localhost,Tanjotuser1,"\$\$\$\$\$\$\$\$\$\$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________",,); connect(con36,127.0.0.1,Tanjotuser2,"\$\$\$\$\$\$\$\$\$\$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________",,); --enable_warnings # Verifying the client access denied passing null password --error ER_ACCESS_DENIED_ERROR connect(con37,localhost,Tanjotuser1," ",,); --error ER_ACCESS_DENIED_ERROR connect(con38,127.0.0.1,Tanjotuser2," ",,); --error ER_ACCESS_DENIED_ERROR connect(con39,localhost,Tanjotuser1,,,); --error ER_ACCESS_DENIED_ERROR connect(con40,127.0.0.1,Tanjotuser2,,,); --error ER_ACCESS_DENIED_ERROR connect(con41,localhost,Tanjotuser1,"@_",,); --error ER_ACCESS_DENIED_ERROR connect(con42,127.0.0.1,Tanjotuser2,"@_",,); --error ER_ACCESS_DENIED_ERROR connect(con43,localhost,Tanjotuser1,"$_",,); --error ER_ACCESS_DENIED_ERROR connect(con44,127.0.0.1,Tanjotuser2,"$_",,); # Dropping the created users connection default; DROP USER 'Tanjotuser1'@'localhost'; DROP USER 'Tanjotuser2'@'127.0.0.1'; --echo --echo --echo ============================================================================================================================================ --echo Checking the password authentication using the mysql_old_password plugin at the client and mysql_old_password plugin at the server side --echo ============================================================================================================================================ --echo --echo # Restart server with default-authentication-plugin=mysql_old_password; let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect; --exec echo "wait" > $restart_file --shutdown_server 10 --source include/wait_until_disconnected.inc -- exec echo "restart:--default-authentication-plugin=mysql_old_password " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect -- enable_reconnect -- source include/wait_until_connected_again.inc # Below section is hased till bug 16014394 is fixed #select @@Global.old_passwords; #--echo 1 Expected select @@session.old_passwords; --echo 0 Expected # Checking the password authentication with mysql_old_password plugin # Creating 2 users and encrypting the server side password with the mysql_old_password plugin CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_old_password'; CREATE USER 'Tanjotuser2'@'127.0.0.1' IDENTIFIED WITH 'mysql_old_password'; # Verifying the server side plugin used to be mysql_old_password select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_old_password'; --echo 1 Expected select (select plugin from mysql.user where User='Tanjotuser2' and Host='127.0.0.1')='mysql_old_password'; --echo 1 Expected # Verifying the client connection using the same mysql_old_password plugin and NULL password connect(con45,localhost,Tanjotuser1,,,); connect(con46,127.0.0.1,Tanjotuser2,,,); # Verifying the client connection using the same mysql_old_password plugin and junk password --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con47,localhost,Tanjotuser1," ",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con48,127.0.0.1,Tanjotuser2," ",,); # setting the password for the 2 users using the mysql_old_password plugin connection default; SET @@session.old_passwords=1; SET PASSWORD FOR 'Tanjotuser1'@'localhost'=PASSWORD('abc'); SET PASSWORD FOR 'Tanjotuser2'@'127.0.0.1'=PASSWORD('abc'); --disable_warnings set @@global.secure_auth=0; --enable_warnings ## The parts of the below section has been hashed out till the bug https://clustra.no.oracle.com/orabugs/bug.php?id=16014394 is fixed # Validating the session old_passwords value from the created users. #--echo **** connecting Tanjotuser1 with server #--exec $MYSQL -uTanjotuser1 -pabc -hlocalhost --default_auth=mysql_native_password -e "select @@session.old_passwords" #--echo 1 Expected #--echo **** connecting Tanjotuser2 with server #--exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 --default_auth=mysql_native_password -e "select @@session.old_passwords" #--echo 1 Expected #--echo **** connecting Tanjotuser1 with server #--exec $MYSQL -uTanjotuser1 -pabc -hlocalhost --default_auth=mysql_old_password -e "select @@session.old_passwords" #--echo 1 Expected #--echo **** connecting Tanjotuser2 with server #--exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 --default_auth=mysql_old_password -e "select @@session.old_passwords" #--echo 1 Expected #--echo **** connecting Tanjotuser1 with server #--exec $MYSQL -uTanjotuser1 -pabc -hlocalhost --default_auth=sha256_password -e "select @@session.old_passwords" #--echo 1 Expected #--echo **** connecting Tanjotuser2 with server #--exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 --default_auth=sha256_password -e "select @@session.old_passwords" #--echo 1 Expected #--echo **** connecting Tanjotuser1 with server #--exec $MYSQL -uTanjotuser1 -pabc -hlocalhost -e "select @@session.old_passwords" #--echo 1 Expected #--echo **** connecting Tanjotuser2 with server #--exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 -e "select @@session.old_passwords" #--echo 1 Expected --disable_warnings set @@global.secure_auth=1; --enable_warnings # Verifying the client connection using the same mysql_old_password plugin and NULL password --error ER_ACCESS_DENIED_ERROR connect(con49,localhost,Tanjotuser1,,,); --error ER_ACCESS_DENIED_ERROR connect(con50,127.0.0.1,Tanjotuser2,,,); # Verifying the client connection using the same mysql_old_password plugin and junk password --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con51,localhost,Tanjotuser1," ",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con52,127.0.0.1,Tanjotuser2," ",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con53,localhost,Tanjotuser1,"%",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con54,127.0.0.1,Tanjotuser2,"%",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con55,localhost,Tanjotuser1,"_",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con56,127.0.0.1,Tanjotuser2,"_",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con57,localhost,Tanjotuser1,"0",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con58,127.0.0.1,Tanjotuser2,"0",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con59,localhost,Tanjotuser1,"^",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con60,127.0.0.1,Tanjotuser2,"^",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con61,localhost,Tanjotuser1,"\$",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con62,127.0.0.1,Tanjotuser2,"\$",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con63,localhost,Tanjotuser1,"&",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con64,127.0.0.1,Tanjotuser2,"&",,); # Verifying the client connection using the same mysql_old_password plugin and correct password with secure_auth enabled connection default; select @@global.secure_auth; --echo 1 Expected --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con65,localhost,Tanjotuser1,abc,,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con66,127.0.0.1,Tanjotuser2,abc,,); # Verifying the client connection using the same mysql_old_password plugin and correct password with secure_auth disabled connection default; --disable_warnings set @@global.secure_auth=0; --enable_warnings --disable_warnings connect(con67,localhost,Tanjotuser1,abc,,); connect(con68,127.0.0.1,Tanjotuser2,abc,,); --enable_warnings # Below section is hashed till the bug16040690 is fixed. #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con69,localhost,Tanjotuser1,"abc ",,); #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con70,127.0.0.1,Tanjotuser2,"abc ",,); #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con71,localhost,Tanjotuser1," abc",,); #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con72,127.0.0.1,Tanjotuser2," abc",,); --error ER_ACCESS_DENIED_ERROR connect(con73,localhost,Tanjotuser1,"0abc",,); --error ER_ACCESS_DENIED_ERROR connect(con74,127.0.0.1,Tanjotuser2,"0abc",,); --error ER_ACCESS_DENIED_ERROR connect(con75,localhost,Tanjotuser1,"abc0",,); --error ER_ACCESS_DENIED_ERROR connect(con76,127.0.0.1,Tanjotuser2,"abc0",,); --error ER_ACCESS_DENIED_ERROR connect(con77,localhost,Tanjotuser1,"@abc",,); --error ER_ACCESS_DENIED_ERROR connect(con78,127.0.0.1,Tanjotuser2,"@abc",,); # Dropping the created users connection default; DROP USER 'Tanjotuser1'@'localhost'; DROP USER 'Tanjotuser2'@'127.0.0.1'; --echo --echo --echo ==================================================================================================== --echo checking the integrity of long password (more than 40 chars) using mysql_old_password plugin --echo ==================================================================================================== --echo # Checking the password authentication with mysql_old_password plugin # Creating 2 users and encrypting the server side password with the mysql_old_password plugin CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_old_password'; CREATE USER 'Tanjotuser2'@'127.0.0.1' IDENTIFIED WITH 'mysql_old_password'; # setting the password for the 2 users using the mysql_old_password plugin SET @@session.old_passwords=1; SET PASSWORD FOR 'Tanjotuser1'@'localhost'=PASSWORD('$$$$$$$$$$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________'); SET PASSWORD FOR 'Tanjotuser2'@'127.0.0.1'=PASSWORD('$$$$$$$$$$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________'); # Verifying the client connection using the same mysql_old_password plugin and correct password with secure_auth disabled --disable_warnings set @@global.secure_auth=0; --enable_warnings --disable_warnings connect(con79,localhost,Tanjotuser1,"\$\$\$\$\$\$\$\$\$\$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________",,); connect(con80,127.0.0.1,Tanjotuser2,"\$\$\$\$\$\$\$\$\$\$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________",,); --enable_warnings # Verifying the client access denied passing null password --error ER_ACCESS_DENIED_ERROR connect(con81,localhost,Tanjotuser1," ",,); --error ER_ACCESS_DENIED_ERROR connect(con82,127.0.0.1,Tanjotuser2," ",,); --error ER_ACCESS_DENIED_ERROR connect(con83,localhost,Tanjotuser1,,,); --error ER_ACCESS_DENIED_ERROR connect(con84,127.0.0.1,Tanjotuser2,,,); --error ER_ACCESS_DENIED_ERROR connect(con85,localhost,Tanjotuser1,"@_",,); --error ER_ACCESS_DENIED_ERROR connect(con86,127.0.0.1,Tanjotuser2,"@_",,); --error ER_ACCESS_DENIED_ERROR connect(con87,localhost,Tanjotuser1,"$_",,); --error ER_ACCESS_DENIED_ERROR connect(con88,127.0.0.1,Tanjotuser2,"$_",,); # Dropping the created users connection default; DROP USER 'Tanjotuser1'@'localhost'; DROP USER 'Tanjotuser2'@'127.0.0.1'; --echo --echo --echo ============================================================================================================================================ --echo Checking the password authentication using the mysql_old_password plugin at the client and sha256_password plugin at the server side --echo ============================================================================================================================================ --echo --echo # Restart server with default-authentication-plugin=sha256_password; let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect; --exec echo "wait" > $restart_file --shutdown_server 10 --source include/wait_until_disconnected.inc -- exec echo "restart:--default-authentication-plugin=sha256_password " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect -- enable_reconnect -- source include/wait_until_connected_again.inc select @@Global.old_passwords; --echo 2 Expected select @@session.old_passwords; --echo 0 Expected # Checking the password authentication with mysql_old_password plugin # Creating 2 users and encrypting the server side password with the mysql_old_password plugin CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_old_password'; CREATE USER 'Tanjotuser2'@'127.0.0.1' IDENTIFIED WITH 'mysql_old_password'; # Verifying the server side plugin used to be mysql_old_password select (select plugin from mysql.user where User='Tanjotuser1' and Host='localhost')='mysql_old_password'; --echo 1 Expected select (select plugin from mysql.user where User='Tanjotuser2' and Host='127.0.0.1')='mysql_old_password'; --echo 1 Expected # Verifying the client connection using the same mysql_old_password plugin and NULL password connect(con89,localhost,Tanjotuser1,,,); connect(con90,127.0.0.1,Tanjotuser2,,,); # Verifying the client connection using the same mysql_old_password plugin and junk password --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con91,localhost,Tanjotuser1," ",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con92,127.0.0.1,Tanjotuser2," ",,); # setting the password for the 2 users using the mysql_old_password plugin connection default; SET @@session.old_passwords=1; SET PASSWORD FOR 'Tanjotuser1'@'localhost'=PASSWORD('abc'); SET PASSWORD FOR 'Tanjotuser2'@'127.0.0.1'=PASSWORD('abc'); # Validating the old_passwords value from the created users. --disable_warnings set @@global.secure_auth=0; --enable_warnings --echo **** connecting Tanjotuser1 with server --exec $MYSQL -uTanjotuser1 -pabc -hlocalhost --default_auth=mysql_native_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser2 with server --exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 --default_auth=mysql_native_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser1 with server --exec $MYSQL -uTanjotuser1 -pabc -hlocalhost --default_auth=mysql_old_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser2 with server --exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 --default_auth=mysql_old_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser1 with server --exec $MYSQL -uTanjotuser1 -pabc -hlocalhost --default_auth=sha256_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser2 with server --exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 --default_auth=sha256_password -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser1 with server --exec $MYSQL -uTanjotuser1 -pabc -hlocalhost -e "select @@session.old_passwords" --echo 1 Expected --echo **** connecting Tanjotuser2 with server --exec $MYSQL -uTanjotuser2 -pabc -h127.0.0.1 -e "select @@session.old_passwords" --echo 1 Expected --disable_warnings set @@global.secure_auth=1; --enable_warnings # Verifying the client connection using the same mysql_old_password plugin and NULL password --error ER_ACCESS_DENIED_ERROR connect(con93,localhost,Tanjotuser1,,,); --error ER_ACCESS_DENIED_ERROR connect(con94,127.0.0.1,Tanjotuser2,,,); # Verifying the client connection using the same mysql_old_password plugin and junk password --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con95,localhost,Tanjotuser1," ",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con96,127.0.0.1,Tanjotuser2," ",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con97,localhost,Tanjotuser1,"%",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con98,127.0.0.1,Tanjotuser2,"%",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con99,localhost,Tanjotuser1,"_",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con100,127.0.0.1,Tanjotuser2,"_",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con101,localhost,Tanjotuser1,"0",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con102,127.0.0.1,Tanjotuser2,"0",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con103,localhost,Tanjotuser1,"^",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con104,127.0.0.1,Tanjotuser2,"^",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con105,localhost,Tanjotuser1,"\$",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con106,127.0.0.1,Tanjotuser2,"\$",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con107,localhost,Tanjotuser1,"&",,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con108,127.0.0.1,Tanjotuser2,"&",,); # Verifying the client connection using the same mysql_old_password plugin and correct password with secure_auth enabled connection default; select @@global.secure_auth; --echo 1 Expected --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con109,localhost,Tanjotuser1,abc,,); --error ER_SERVER_IS_IN_SECURE_AUTH_MODE connect(con110,127.0.0.1,Tanjotuser2,abc,,); # Verifying the client connection using the same mysql_old_password plugin and correct password with secure_auth disabled connection default; --disable_warnings set @@global.secure_auth=0; --enable_warnings --disable_warnings connect(con111,localhost,Tanjotuser1,abc,,); connect(con112,127.0.0.1,Tanjotuser2,abc,,); --enable_warnings # Below section is hashed till the bug16040690 is fixed. #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con113,localhost,Tanjotuser1,"abc ",,); #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con114,127.0.0.1,Tanjotuser2,"abc ",,); #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con115,localhost,Tanjotuser1," abc",,); #--error ER_SERVER_IS_IN_SECURE_AUTH_MODE #connect(con116,127.0.0.1,Tanjotuser2," abc",,); --error ER_ACCESS_DENIED_ERROR connect(con117,localhost,Tanjotuser1,"0abc",,); --error ER_ACCESS_DENIED_ERROR connect(con118,127.0.0.1,Tanjotuser2,"0abc",,); --error ER_ACCESS_DENIED_ERROR connect(con119,localhost,Tanjotuser1,"abc0",,); --error ER_ACCESS_DENIED_ERROR connect(con120,127.0.0.1,Tanjotuser2,"abc0",,); --error ER_ACCESS_DENIED_ERROR connect(con121,localhost,Tanjotuser1,"@abc",,); --error ER_ACCESS_DENIED_ERROR connect(con122,127.0.0.1,Tanjotuser2,"@abc",,); # Dropping the created users connection default; DROP USER 'Tanjotuser1'@'localhost'; DROP USER 'Tanjotuser2'@'127.0.0.1'; --echo --echo --echo ==================================================================================================== --echo checking the integrity of long password (more than 40 chars) using mysql_old_password plugin --echo ==================================================================================================== --echo # Checking the password authentication with mysql_old_password plugin # Creating 2 users and encrypting the server side password with the mysql_old_password plugin CREATE USER 'Tanjotuser1'@'localhost' IDENTIFIED WITH 'mysql_old_password'; CREATE USER 'Tanjotuser2'@'127.0.0.1' IDENTIFIED WITH 'mysql_old_password'; # setting the password for the 2 users using the mysql_old_password plugin SET @@session.old_passwords=1; SET PASSWORD FOR 'Tanjotuser1'@'localhost'=PASSWORD('$$$$$$$$$$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________'); SET PASSWORD FOR 'Tanjotuser2'@'127.0.0.1'=PASSWORD('$$$$$$$$$$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________'); # Verifying the client connection using the same mysql_old_password plugin and correct password with secure_auth disabled --disable_warnings set @@global.secure_auth=0; --enable_warnings --disable_warnings connect(con123,localhost,Tanjotuser1,"\$\$\$\$\$\$\$\$\$\$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________",,); connect(con124,127.0.0.1,Tanjotuser2,"\$\$\$\$\$\$\$\$\$\$^^^^^^^^^^&&&&&&&&&&**********((((((((((##########!!!!!!!!!!@@@@@@@@@@ @@@@@@@@@@__________",,); --enable_warnings # Verifying the client access denied passing null password --error ER_ACCESS_DENIED_ERROR connect(con125,localhost,Tanjotuser1," ",,); --error ER_ACCESS_DENIED_ERROR connect(con126,127.0.0.1,Tanjotuser2," ",,); --error ER_ACCESS_DENIED_ERROR connect(con127,localhost,Tanjotuser1,,,); --error ER_ACCESS_DENIED_ERROR connect(con128,127.0.0.1,Tanjotuser2,,,); --error ER_ACCESS_DENIED_ERROR connect(con129,localhost,Tanjotuser1,"@_",,); --error ER_ACCESS_DENIED_ERROR connect(con130,127.0.0.1,Tanjotuser2,"@_",,); --error ER_ACCESS_DENIED_ERROR connect(con131,localhost,Tanjotuser1,"$_",,); --error ER_ACCESS_DENIED_ERROR connect(con132,127.0.0.1,Tanjotuser2,"$_",,); # Dropping the created users disconnect con1; disconnect con2; #disconnect con3; #disconnect con4; #disconnect con5; #disconnect con6; #disconnect con7; #disconnect con8; #disconnect con9; #disconnect con10; #disconnect con11; #disconnect con12; #disconnect con13; #disconnect con14; #disconnect con15; #disconnect con16; #disconnect con17; #disconnect con18; #disconnect con19; #disconnect con20; #disconnect con21; #disconnect con22; disconnect con23; disconnect con24; #disconnect con25; #disconnect con26; #disconnect con27; #disconnect con28; #disconnect con29; #disconnect con30; #disconnect con31; #disconnect con32; #disconnect con33; #disconnect con34; #disconnect con35; #disconnect con36; #disconnect con37; #disconnect con38; #disconnect con39; #disconnect con40; #disconnect con41; #disconnect con42; #disconnect con43; #disconnect con44; disconnect con45; disconnect con46; #disconnect con47; #disconnect con48; #disconnect con49; #disconnect con50; #disconnect con51; #disconnect con52; #disconnect con53; #disconnect con54; #disconnect con55; #disconnect con56; #disconnect con57; #disconnect con58; #disconnect con59; #disconnect con60; #disconnect con61; #disconnect con62; #disconnect con63; #disconnect con64; #disconnect con65; #disconnect con66; #disconnect con67; #disconnect con68; #disconnect con69; #disconnect con70; #disconnect con71; #disconnect con72; #disconnect con73; #disconnect con74; #disconnect con75; #disconnect con76; #disconnect con77; #disconnect con78; disconnect con79; disconnect con80; #disconnect con81; #disconnect con82; #disconnect con83; #disconnect con84; #disconnect con85; #disconnect con86; #disconnect con87; #disconnect con88; disconnect con89; disconnect con90; #disconnect con91; #disconnect con92; #disconnect con93; #disconnect con94; #disconnect con95; #disconnect con96; #disconnect con97; #disconnect con98; #disconnect con99; #disconnect con100; #disconnect con101; #disconnect con102; #disconnect con103; #disconnect con104; #disconnect con105; #disconnect con106; #disconnect con107; #disconnect con108; #disconnect con109; #disconnect con110; disconnect con111; disconnect con112; #disconnect con113; #disconnect con114; #disconnect con115; #disconnect con116; #disconnect con117; #disconnect con118; #disconnect con119; #disconnect con120; #disconnect con121; #disconnect con122; disconnect con123; disconnect con124; #disconnect con125; #disconnect con126; #disconnect con127; #disconnect con128; #disconnect con129; #disconnect con130; #disconnect con131; #disconnect con132; connection default; DROP USER 'Tanjotuser1'@'localhost'; DROP USER 'Tanjotuser2'@'127.0.0.1';