--source include/not_embedded.inc --source include/have_ssl.inc connect (ssl_con,localhost,root,,,,,SSL); --replace_regex $ALLOWED_CIPHERS_REGEX SHOW STATUS LIKE 'Ssl_cipher'; CREATE USER 'kristofer' IDENTIFIED WITH 'sha256_password'; SET GLOBAL old_passwords= 2; SET SESSION old_passwords= 2; SET PASSWORD FOR 'kristofer'=PASSWORD('secret'); connect(con1,localhost,kristofer,secret,,,,SSL); connection con1; connection ssl_con; disconnect con1; DROP USER 'kristofer'; GRANT ALL ON *.* TO 'kristofer'@'localhost' IDENTIFIED WITH 'sha256_password'; SET PASSWORD FOR 'kristofer'@'localhost'=PASSWORD('secret2'); connect(con2,localhost,kristofer,secret2,,,,SSL); connection con2; SELECT USER(),CURRENT_USER(); --replace_regex /PASSWORD .*$/PASSWORD '<non-deterministic-password-hash>'/ SHOW GRANTS FOR 'kristofer'@'localhost'; connection ssl_con; disconnect con2; DROP USER 'kristofer'@'localhost'; GRANT ALL ON *.* TO 'kristofer'@'localhost' IDENTIFIED WITH 'sha256_password'; SET PASSWORD FOR 'kristofer'@'localhost'=PASSWORD(''); connect(con3,localhost,kristofer,,,,,SSL); connection con3; SELECT USER(),CURRENT_USER(); --replace_regex /PASSWORD .*$/PASSWORD '<non-deterministic-password-hash>'/ SHOW GRANTS FOR 'kristofer'@'localhost'; connection ssl_con; disconnect con3; DROP USER 'kristofer'@'localhost'; GRANT ALL ON *.* TO 'kristofer'@'33.33.33.33' IDENTIFIED WITH 'sha256_password'; SET PASSWORD FOR 'kristofer'@'33.33.33.33'=PASSWORD(''); --echo Connection should fail for localhost --replace_result $MASTER_MYSOCK MASTER_MYSOCK --disable_query_log --error ER_ACCESS_DENIED_ERROR connect(con4,127.0.0.1,kristofer,,,,,SSL); --enable_query_log DROP USER 'kristofer'@'33.33.33.33'; --echo # --echo # BUG#14807074 ALTER USER PASSWORD EXPIRE VS SHA256_PASSWORD --echo # CREATE USER 'u1'@'localhost' IDENTIFIED WITH 'sha256_password'; SET PASSWORD FOR 'u1'@'localhost' = PASSWORD('pass'); ALTER USER 'u1'@'localhost' PASSWORD EXPIRE; connect(con5,127.0.0.1,u1,pass,test,,,SSL); --error ER_MUST_CHANGE_PASSWORD SELECT USER(); SET @@OLD_PASSWORDS=2; SET PASSWORD=PASSWORD('pass2'); connect(con6,127.0.0.1,u1,pass2,test,,,SSL); SELECT USER(); connection default; DROP USER 'u1'@'localhost'; disconnect con5; disconnect con6; # Restore default value to old_passwords SET GLOBAL old_passwords= default; connection default; disconnect ssl_con;