Skip to content

M
MariaDB
Commit 76151f3c authored by Sergei Golubchik's avatar Sergei Golubchik
Browse files
Options

Use mysql.user.authentication_string for password 

Don't distinguish between a "password hash" and "authentication string"
anymore. Now both are stored in mysql.user.authentication_string, both
are handled identically internally. A "password hash" is just how some
particular plugins interpret authentication string.

Set mysql.user.plugin even if there is no password. The server will use
mysql_native_password plugin in these cases, let's make it expicit.

Remove LEX_USER::pwhash.
parent 0e388d43
Show whitespace changes
Inline Side-by-side
Showing with 367 additions and 385 deletions
mysql-test/main/alter_user.result
View file @ 76151f3c
......@@ -15,11 +15,11 @@ localhost root Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
create user foo;
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 mysql_native_password N N 0.000000
alter user foo;
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 mysql_native_password N N 0.000000
# Test super privilege works correctly with a read only database.
SET @start_read_only = @@global.read_only;
SET GLOBAL read_only=1;
......@@ -51,15 +51,15 @@ Note 1396 Operation ALTER USER failed for 'boo'
alter user foo identified by 'something';
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N 0 0 0 0 mysql_native_password *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N 0.000000
alter user foo identified by 'something2';
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *9CD58369E930E28C8996A89DB18B63294E6DC10C N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N 0 0 0 0 mysql_native_password *9CD58369E930E28C8996A89DB18B63294E6DC10C N N 0.000000
alter user foo identified by password '*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63';
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N 0 0 0 0 mysql_native_password *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N 0.000000
alter user foo identified with 'somecoolplugin';
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
......@@ -72,16 +72,16 @@ Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv D
alter user foo identified by 'something' require SSL;
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N ANY 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N ANY 0 0 0 0 mysql_native_password *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N 0.000000
alter user foo identified by 'something' require X509;
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N X509 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N X509 0 0 0 0 mysql_native_password *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N 0.000000
alter user foo identified by 'something'
require cipher 'text' issuer 'foo_issuer' subject 'foo_subject';
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N SPECIFIED text foo_issuer foo_subject 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N SPECIFIED text foo_issuer foo_subject 0 0 0 0 mysql_native_password *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N 0.000000
# Test resource limits altering.
alter user foo with MAX_QUERIES_PER_HOUR 10
MAX_UPDATES_PER_HOUR 20
......@@ -89,5 +89,5 @@ MAX_CONNECTIONS_PER_HOUR 30
MAX_USER_CONNECTIONS 40;
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N SPECIFIED text foo_issuer foo_subject 10 20 30 40 N N 0.000000
% foo N N N N N N N N N N N N N N N Y N N N N N N N N N Y N N N N SPECIFIED text foo_issuer foo_subject 10 20 30 40 mysql_native_password *88C89BE093D4ECF72D039F62EBB7477EA1FD4D63 N N 0.000000
drop user foo;
mysql-test/main/connect.result
View file @ 76151f3c
......@@ -98,7 +98,7 @@ ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
connect(localhost,test,zorro,test,MASTER_PORT,MASTER_SOCKET);
connect fail_con,localhost,test,zorro,;
ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
update mysql.user set password=old_password("gambling2") where user=_binary"test";
update mysql.user set plugin="", authentication_string="", password=old_password("gambling2") where user=_binary"test";
flush privileges;
connect con10,localhost,test,gambling2,;
connect con5,localhost,test,gambling2,mysql;
......@@ -364,8 +364,8 @@ update mysql.user set plugin='mysql_old_password' where user = 'mysqltest_up2';
select user, password, plugin, authentication_string from mysql.user
where user like 'mysqltest_up_';
user password plugin authentication_string
mysqltest_up1 *E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB mysql_native_password
mysqltest_up2 09301740536db389 mysql_old_password
mysqltest_up1 mysql_native_password *E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB
mysqltest_up2 mysql_old_password 09301740536db389
flush privileges;
connect pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,;
connection pcon6;
......
mysql-test/main/connect.test
View file @ 76151f3c
......@@ -66,7 +66,7 @@ connect (fail_con,localhost,test,zorro,test2);
connect (fail_con,localhost,test,zorro,);
# check if old password version also works
update mysql.user set password=old_password("gambling2") where user=_binary"test";
update mysql.user set plugin="", authentication_string="", password=old_password("gambling2") where user=_binary"test";
flush privileges;
connect (con10,localhost,test,gambling2,);
......
mysql-test/main/create_drop_user.result
View file @ 76151f3c
CREATE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw1';
SELECT password FROM mysql.user WHERE user='u1';
password
*2B602296A79E0A8784ACC5C88D92E46588CCA3C3
SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
plugin authentication_string
mysql_native_password *2B602296A79E0A8784ACC5C88D92E46588CCA3C3
CREATE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw2';
Warnings:
Note 1973 Can't create user 'u1'@'localhost'; it already exists
SELECT password FROM mysql.user WHERE user='u1';
password
*2B602296A79E0A8784ACC5C88D92E46588CCA3C3
SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
plugin authentication_string
mysql_native_password *2B602296A79E0A8784ACC5C88D92E46588CCA3C3
CREATE OR REPLACE USER u1@localhost IDENTIFIED BY 'pw3';
SELECT password FROM mysql.user WHERE user='u1';
password
*77B4A70CEFD76DB9415F36D291E74C110D2738E0
SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
plugin authentication_string
mysql_native_password *77B4A70CEFD76DB9415F36D291E74C110D2738E0
CREATE OR REPLACE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw4';
ERROR HY000: Incorrect usage of OR REPLACE and IF NOT EXISTS
SELECT password FROM mysql.user WHERE user='u1';
password
*77B4A70CEFD76DB9415F36D291E74C110D2738E0
SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
plugin authentication_string
mysql_native_password *77B4A70CEFD76DB9415F36D291E74C110D2738E0
DROP USER IF EXISTS u1@localhost;
DROP USER IF EXISTS u1@localhost;
Warnings:
......
mysql-test/main/create_drop_user.test
View file @ 76151f3c
--source include/not_embedded.inc
CREATE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw1';
SELECT password FROM mysql.user WHERE user='u1';
SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
CREATE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw2';
SELECT password FROM mysql.user WHERE user='u1';
SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
CREATE OR REPLACE USER u1@localhost IDENTIFIED BY 'pw3';
SELECT password FROM mysql.user WHERE user='u1';
SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
--error ER_WRONG_USAGE
CREATE OR REPLACE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw4';
SELECT password FROM mysql.user WHERE user='u1';
SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
DROP USER IF EXISTS u1@localhost;
DROP USER IF EXISTS u1@localhost;
......
mysql-test/main/create_user.result
View file @ 76151f3c
create user foo;
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 mysql_native_password N N 0.000000
drop user foo;
create user foo identified by 'password';
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 mysql_native_password *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N 0.000000
drop user foo;
create user foo identified by 'password' require SSL;
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N ANY 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N ANY 0 0 0 0 mysql_native_password *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N 0.000000
drop user foo;
create user foo identified by 'password' require X509;
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N X509 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N X509 0 0 0 0 mysql_native_password *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N 0.000000
drop user foo;
create user foo identified by 'password' require CIPHER 'cipher';
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher 0 0 0 0 mysql_native_password *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N 0.000000
drop user foo;
create user foo identified by 'password' require ISSUER 'issuer';
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED issuer 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED issuer 0 0 0 0 mysql_native_password *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N 0.000000
drop user foo;
create user foo identified by 'password' require SUBJECT 'subject';
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED subject 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED subject 0 0 0 0 mysql_native_password *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N 0.000000
drop user foo;
create user foo identified by 'password' require CIPHER 'cipher'
SUBJECT 'subject';
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher subject 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher subject 0 0 0 0 mysql_native_password *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N 0.000000
drop user foo;
create user foo identified by 'password' require CIPHER 'cipher'
AND SUBJECT 'subject'
AND ISSUER 'issuer';
select * from mysql.user where user = 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher issuer subject 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher issuer subject 0 0 0 0 mysql_native_password *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 N N 0.000000
drop user foo;
create user foo, foo2 identified by 'password' require CIPHER 'cipher'
AND SUBJECT 'subject'
AND ISSUER 'issuer';
select * from mysql.user where user like 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher issuer subject 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher issuer subject 0 0 0 0 mysql_native_password N N 0.000000
#--warning ER_USER_CREATE_EXISTS
create user if not exists foo, foo2 identified by 'password2'
require CIPHER 'cipher2' AND SUBJECT 'subject2' AND ISSUER 'issuer2';
......@@ -60,7 +60,7 @@ Note 1973 Can't create user 'foo'@'%'; it already exists
Note 1973 Can't create user 'foo2'@'%'; it already exists
select * from mysql.user where user like 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher issuer subject 0 0 0 0 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N SPECIFIED cipher issuer subject 0 0 0 0 mysql_native_password N N 0.000000
drop user foo, foo2;
create user foo with MAX_QUERIES_PER_HOUR 10
MAX_UPDATES_PER_HOUR 20
......@@ -68,5 +68,5 @@ MAX_CONNECTIONS_PER_HOUR 30
MAX_USER_CONNECTIONS 40;
select * from mysql.user where user like 'foo';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv Delete_history_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string password_expired is_role default_role max_statement_time
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 10 20 30 40 N N 0.000000
% foo N N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 10 20 30 40 mysql_native_password N N 0.000000
drop user foo;
mysql-test/main/grant.result
View file @ 76151f3c
......@@ -58,7 +58,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -134,7 +134,7 @@ max_questions 10
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -186,7 +186,7 @@ max_questions 10
max_updates 20
max_connections 30
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......
mysql-test/main/grant2.result
View file @ 76151f3c
......@@ -181,19 +181,19 @@ grant select on *.* to 'mysqltest_2';
grant insert on test.* to 'mysqltest_2';
grant update on test.t1 to 'mysqltest_2';
grant update (c2) on test.t2 to 'mysqltest_2';
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
host user password
% mysqltest_1
% mysqltest_2 *BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
% mysqltest_3 fffffffffffffffffffffffffffffffffffffffff
select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%';
host user password plugin authentication_string
% mysqltest_1 mysql_native_password
% mysqltest_2 mysql_native_password *BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
% mysqltest_3 mysql_native_password fffffffffffffffffffffffffffffffffffffffff
select host,db,user from mysql.db where user like 'mysqltest_%';
host db user
% test mysqltest_2
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%';
host db user table_name
% test mysqltest_2 t1
% test mysqltest_2 t2
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%';
host db user table_name column_name
% test mysqltest_2 t2 c2
show grants for 'mysqltest_1';
......@@ -206,35 +206,35 @@ GRANT INSERT ON "test".* TO 'mysqltest_2'@'%'
GRANT UPDATE (c2) ON "test"."t2" TO 'mysqltest_2'@'%'
GRANT UPDATE ON "test"."t1" TO 'mysqltest_2'@'%'
drop user 'mysqltest_1';
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
host user password
% mysqltest_2 *BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
% mysqltest_3 fffffffffffffffffffffffffffffffffffffffff
select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%';
host user password plugin authentication_string
% mysqltest_2 mysql_native_password *BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
% mysqltest_3 mysql_native_password fffffffffffffffffffffffffffffffffffffffff
select host,db,user from mysql.db where user like 'mysqltest_%';
host db user
% test mysqltest_2
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%';
host db user table_name
% test mysqltest_2 t1
% test mysqltest_2 t2
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%';
host db user table_name column_name
% test mysqltest_2 t2 c2
show grants for 'mysqltest_1';
ERROR 42000: There is no such grant defined for user 'mysqltest_1' on host '%'
rename user 'mysqltest_2' to 'mysqltest_1';
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
host user password
% mysqltest_1 *BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
% mysqltest_3 fffffffffffffffffffffffffffffffffffffffff
select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
host user password plugin authentication_string
% mysqltest_1 mysql_native_password *BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
% mysqltest_3 mysql_native_password fffffffffffffffffffffffffffffffffffffffff
select host,db,user from mysql.db where user like 'mysqltest_%' ;
host db user
% test mysqltest_1
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' ;
host db user table_name
% test mysqltest_1 t1
% test mysqltest_1 t2
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' ;
host db user table_name column_name
% test mysqltest_1 t2 c2
show grants for 'mysqltest_1';
......@@ -254,21 +254,21 @@ ERROR 42000: There is no such grant defined for user 'mysqltest_1' on host '%'
revoke all privileges, grant option from 'mysqltest_1';
ERROR HY000: Can't revoke all privileges for one or more of the requested users
drop user 'mysqltest_1';
select host,db,user from mysql.db where user = 'mysqltest_1' order by host,db,user;
select host,db,user from mysql.db where user = 'mysqltest_1' ;
host db user
insert into mysql.tables_priv set host='%', db='test', user='mysqltest_1', table_name='t1';
flush privileges;
show grants for 'mysqltest_1';
ERROR 42000: There is no such grant defined for user 'mysqltest_1' on host '%'
drop user 'mysqltest_1';
select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' order by host,db,user,table_name;
select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' ;
host db user table_name
insert into mysql.columns_priv set host='%', db='test', user='mysqltest_1', table_name='t1', column_name='c1';
flush privileges;
show grants for 'mysqltest_1';
ERROR 42000: There is no such grant defined for user 'mysqltest_1' on host '%'
drop user 'mysqltest_1';
select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' order by host,db,user,table_name,column_name;
select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' ;
host db user table_name column_name
create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
......@@ -310,7 +310,7 @@ create user mysqltest_2@localhost;
grant create user on *.* to mysqltest_2@localhost;
connect user3,localhost,mysqltest_2,,;
connection user3;
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 'user'
create user mysqltest_A@'%';
rename user mysqltest_A@'%' to mysqltest_B@'%';
......@@ -326,7 +326,7 @@ show grants;
Grants for mysqltest_3@localhost
GRANT USAGE ON *.* TO 'mysqltest_3'@'localhost'
GRANT INSERT, UPDATE, DELETE ON `mysql`.* TO 'mysqltest_3'@'localhost'
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
ERROR 42000: SELECT command denied to user 'mysqltest_3'@'localhost' for table 'user'
insert into mysql.user set host='%', user='mysqltest_B';
Warnings:
......@@ -555,28 +555,25 @@ End of 5.0 tests
USE mysql;
SELECT LEFT(CURRENT_USER(),INSTR(CURRENT_USER(),'@')-1) INTO @u;
SELECT MID(CURRENT_USER(),INSTR(CURRENT_USER(),'@')+1) INTO @h;
SELECT password FROM user WHERE user=@u AND host=@h INTO @pwd;
Warnings:
Warning 1287 '<select expression> INTO <destination>;' is deprecated and will be removed in a future release. Please use 'SELECT <select list> INTO <destination> FROM...' instead
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
user host password insert_priv
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
user host password plugin authentication_string insert_priv
root localhost Y
UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
user host password insert_priv
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
user host password plugin authentication_string insert_priv
root localhost N
GRANT INSERT ON *.* TO CURRENT_USER();
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
user host password insert_priv
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
user host password plugin authentication_string insert_priv
root localhost Y
UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;
GRANT INSERT ON *.* TO CURRENT_USER() IDENTIFIED BY 'keksdose';
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
user host password insert_priv
root localhost *0BB7188CF0DE9B403BA66E9DD810D82652D002EB Y
UPDATE user SET password=@pwd WHERE user=@u AND host=@h;
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
user host password insert_priv
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
user host password plugin authentication_string insert_priv
root localhost mysql_native_password *0BB7188CF0DE9B403BA66E9DD810D82652D002EB Y
UPDATE user SET plugin='', authentication_string='' WHERE user=@u AND host=@h;
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
user host password plugin authentication_string insert_priv
root localhost Y
FLUSH PRIVILEGES;
USE test;
......
mysql-test/main/grant2.test
View file @ 76151f3c
......@@ -231,28 +231,40 @@ grant select on *.* to 'mysqltest_2';
grant insert on test.* to 'mysqltest_2';
grant update on test.t1 to 'mysqltest_2';
grant update (c2) on test.t2 to 'mysqltest_2';
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
--sorted_result
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%';
--sorted_result
select host,db,user from mysql.db where user like 'mysqltest_%';
--sorted_result
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%';
--sorted_result
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%';
show grants for 'mysqltest_1';
show grants for 'mysqltest_2';
#
# Drop
drop user 'mysqltest_1';
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
--sorted_result
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%';
--sorted_result
select host,db,user from mysql.db where user like 'mysqltest_%';
--sorted_result
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%';
--sorted_result
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%';
--error ER_NONEXISTING_GRANT
show grants for 'mysqltest_1';
#
# Rename
rename user 'mysqltest_2' to 'mysqltest_1';
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
--sorted_result
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
--sorted_result
select host,db,user from mysql.db where user like 'mysqltest_%' ;
--sorted_result
select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' ;
--sorted_result
select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' ;
show grants for 'mysqltest_1';
drop user 'mysqltest_1', 'mysqltest_3';
--error ER_CANNOT_USER
......@@ -269,7 +281,8 @@ show grants for 'mysqltest_1';
--error ER_REVOKE_GRANTS
revoke all privileges, grant option from 'mysqltest_1';
drop user 'mysqltest_1';
select host,db,user from mysql.db where user = 'mysqltest_1' order by host,db,user;
--sorted_result
select host,db,user from mysql.db where user = 'mysqltest_1' ;
#
# Add a stray record
insert into mysql.tables_priv set host='%', db='test', user='mysqltest_1', table_name='t1';
......@@ -277,7 +290,8 @@ flush privileges;
--error ER_NONEXISTING_GRANT
show grants for 'mysqltest_1';
drop user 'mysqltest_1';
select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' order by host,db,user,table_name;
--sorted_result
select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' ;
#
# Add a stray record
insert into mysql.columns_priv set host='%', db='test', user='mysqltest_1', table_name='t1', column_name='c1';
......@@ -285,7 +299,8 @@ flush privileges;
--error ER_NONEXISTING_GRANT
show grants for 'mysqltest_1';
drop user 'mysqltest_1';
select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' order by host,db,user,table_name,column_name;
--sorted_result
select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' ;
#
# Handle multi user lists
create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
......@@ -330,7 +345,7 @@ grant create user on *.* to mysqltest_2@localhost;
connect (user3,localhost,mysqltest_2,,);
connection user3;
--error ER_TABLEACCESS_DENIED_ERROR
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
create user mysqltest_A@'%';
rename user mysqltest_A@'%' to mysqltest_B@'%';
drop user mysqltest_B@'%';
......@@ -345,7 +360,7 @@ connect (user4,localhost,mysqltest_3,,);
connection user4;
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
insert into mysql.user set host='%', user='mysqltest_B';
create user mysqltest_A@'%';
rename user mysqltest_B@'%' to mysqltest_C@'%';
......@@ -642,26 +657,25 @@ DROP DATABASE db1;
USE mysql;
SELECT LEFT(CURRENT_USER(),INSTR(CURRENT_USER(),'@')-1) INTO @u;
SELECT MID(CURRENT_USER(),INSTR(CURRENT_USER(),'@')+1) INTO @h;
SELECT password FROM user WHERE user=@u AND host=@h INTO @pwd;
# show current privs.
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
# toggle INSERT
UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
# show that GRANT ... TO CURRENT_USER() no longer crashes
GRANT INSERT ON *.* TO CURRENT_USER();
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;
# show that GRANT ... TO CURRENT_USER() IDENTIFIED BY ... works now
GRANT INSERT ON *.* TO CURRENT_USER() IDENTIFIED BY 'keksdose';
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
UPDATE user SET password=@pwd WHERE user=@u AND host=@h;
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
UPDATE user SET plugin='', authentication_string='' WHERE user=@u AND host=@h;
SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
FLUSH PRIVILEGES;
......
mysql-test/main/grant4.result
View file @ 76151f3c
......@@ -199,14 +199,14 @@ grant select on test.* to foo7 identified via mysql_native_password using '11111
grant select on test.* to foo8 identified via mysql_old_password using '2222222222222222';
select user,password,plugin,authentication_string from mysql.user where user like 'foo%';
user password plugin authentication_string
foo1 11111111111111111111111111111111111111111
foo2 2222222222222222
foo3 11111111111111111111111111111111111111111
foo4 2222222222222222
foo5 11111111111111111111111111111111111111111
foo6 2222222222222222
foo7 11111111111111111111111111111111111111111
foo8 2222222222222222
foo1 mysql_native_password 11111111111111111111111111111111111111111
foo2 mysql_old_password 2222222222222222
foo3 mysql_native_password 11111111111111111111111111111111111111111
foo4 mysql_old_password 2222222222222222
foo5 mysql_native_password 11111111111111111111111111111111111111111
foo6 mysql_old_password 2222222222222222
foo7 mysql_native_password 11111111111111111111111111111111111111111
foo8 mysql_old_password 2222222222222222
drop user foo1;
drop user foo2;
drop user foo3;
......
mysql-test/main/init_file_set_password-7656.result
View file @ 76151f3c
......@@ -2,7 +2,7 @@ create user foo@localhost;
select user,host,password from mysql.user where user='foo';
user host password
foo localhost
select user,host,password from mysql.user where user='foo';
user host password
foo localhost *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
select user,host,password,plugin,authentication_string from mysql.user where user='foo';
user host password plugin authentication_string
foo localhost mysql_native_password *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
drop user foo@localhost;
mysql-test/main/init_file_set_password-7656.test
View file @ 76151f3c
......@@ -21,6 +21,6 @@ EOF
--exec echo "restart:--init-file=$MYSQLTEST_VARDIR/init.file " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--source include/wait_until_connected_again.inc
select user,host,password from mysql.user where user='foo';
select user,host,password,plugin,authentication_string from mysql.user where user='foo';
drop user foo@localhost;
mysql-test/main/no_password_column-mdev-11170.result
View file @ 76151f3c
......@@ -87,7 +87,7 @@ select user, host, select_priv, plugin, authentication_string from mysql.user
where user like "%oo"
order by user;
user host select_priv plugin authentication_string
foo % N
foo % N mysql_native_password
goo % N mysql_native_password *F3A2A51A9B0F2BE2468926B4132313728C250DBF
ioo % N mysql_old_password 7a8f886d28473e85
#
......
mysql-test/main/plugin_auth_qa.result
View file @ 76151f3c
......@@ -106,7 +106,7 @@ CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER plug, plug_dest;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
......@@ -116,7 +116,7 @@ DROP USER plug;
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
......@@ -126,7 +126,7 @@ CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER plug, plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
......@@ -136,7 +136,7 @@ DROP USER plug;
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER plug_dest;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
......@@ -146,7 +146,7 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_pas
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug test_plugin_server plug_dest
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER plug, plug_dest;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
......@@ -156,7 +156,7 @@ DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER plug_dest;
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
......@@ -175,7 +175,7 @@ plug test_plugin_server plug_dest
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
plug *939AEE68989794C0F408277411C26055CDF41119
plug mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER plug;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug IDENTIFIED BY 'plug_dest_passwd';
......@@ -209,7 +209,7 @@ DROP USER plüg;
CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plüg_dest
plüg_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER plüg_dest;
SET NAMES ascii;
CREATE USER 'plüg' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest';
......@@ -220,7 +220,7 @@ DROP USER 'plüg';
CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
pl??g_dest
pl??g_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER 'plüg_dest';
SET NAMES latin1;
========== test 1.1.1.5 ====================================
......@@ -234,7 +234,7 @@ DROP USER 'plug';
CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plüg_dest
plüg_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER 'plüg_dest';
SET NAMES utf8;
CREATE USER plüg IDENTIFIED WITH 'test_plügin_server' AS 'plüg_dest';
......@@ -247,7 +247,7 @@ DROP USER 'plüg';
CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plüg_dest
plüg_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER 'plüg_dest';
CREATE USER plüg IDENTIFIED WITH test_plugin_server AS 'plüg_dest';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
......@@ -257,7 +257,7 @@ DROP USER plüg;
CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plüg_dest
plüg_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER plüg_dest;
========== test 1.1.1.2/1.1.2.2=============================
SET @auth_name= 'test_plugin_server';
......@@ -277,7 +277,7 @@ DROP USER plug;
CREATE USER 'hh''s_plug_dest' IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
hh's_plug_dest
hh's_plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER 'hh''s_plug_dest';
========== test 1.1.1.4 ====================================
CREATE USER plug IDENTIFIED WITH hh''s_test_plugin_server AS 'plug_dest';
......@@ -293,7 +293,7 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
grant_user test_plugin_server plug_dest
plug_dest
plug_dest mysql_native_password
DROP USER grant_user,plug_dest;
set @save_sql_mode= @@sql_mode;
SET @@sql_mode=no_auto_create_user;
......@@ -314,13 +314,13 @@ CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
grant_user test_plugin_server plug_dest
plug_dest *939AEE68989794C0F408277411C26055CDF41119
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
DROP USER plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_user_passwd';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
grant_user test_plugin_server plug_dest
plug_dest *560881EB651416CEF77314D07D55EDCD5FC1BD6D
plug_dest mysql_native_password *560881EB651416CEF77314D07D55EDCD5FC1BD6D
DROP USER grant_user,plug_dest;
set @@sql_mode= @save_sql_mode;
DROP DATABASE test_user_db;
mysql-test/main/plugin_auth_qa_1.result
View file @ 76151f3c
......@@ -20,7 +20,7 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_pas
GRANT PROXY ON plug_dest TO plug_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
plug_user test_plugin_server plug_dest
1)
current_user()
......@@ -71,7 +71,7 @@ GRANT PROXY ON new_dest TO plug_user;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_dest
new_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
plug_user test_plugin_server plug_dest
DROP USER plug_user,new_dest;
CREATE USER plug_user
......@@ -89,7 +89,7 @@ GRANT PROXY ON new_dest TO plug_user;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_dest
new_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
plug_user test_plugin_server plug_dest
DROP USER plug_user,new_dest;
CREATE USER plug_user
......@@ -111,13 +111,13 @@ connection default;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_user test_plugin_server plug_dest
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
disconnect plug_user;
UPDATE mysql.user SET user='plug_user' WHERE user='new_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
plug_user test_plugin_server plug_dest
DROP USER plug_dest,plug_user;
========== test 1.3 ========================================
......@@ -133,26 +133,26 @@ connection default;
disconnect plug_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
plug_user test_plugin_server plug_dest
UPDATE mysql.user SET user='new_user' WHERE user='plug_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_user test_plugin_server plug_dest
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
UPDATE mysql.user SET authentication_string='new_dest' WHERE user='new_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_user test_plugin_server new_dest
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
UPDATE mysql.user SET plugin='new_plugin_server' WHERE user='new_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_user new_plugin_server new_dest
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
ERROR HY000: Plugin 'new_plugin_server' is not loaded
UPDATE mysql.user SET plugin='test_plugin_server' WHERE user='new_user';
UPDATE mysql.user SET USER='new_dest' WHERE user='plug_dest';
......@@ -160,7 +160,7 @@ FLUSH PRIVILEGES;
GRANT PROXY ON new_dest TO new_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_dest
new_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
new_user test_plugin_server new_dest
connect plug_user,localhost,new_user,new_dest;
select USER(),CURRENT_USER();
......@@ -173,9 +173,9 @@ FLUSH PRIVILEGES;
CREATE USER new_dest IDENTIFIED BY 'new_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
new_dest
new_dest mysql_native_password *01422E86A6FFF84618914AF149F9AEF64B84170A
new_user test_plugin_server new_dest
plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
GRANT ALL PRIVILEGES ON test.* TO new_user;
connect plug_user,localhost,new_dest,new_dest_passwd;
select USER(),CURRENT_USER();
......@@ -190,7 +190,7 @@ CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
test_plugin_server proxied_user
proxied_user
proxied_user mysql_native_password *D7A51428CD38DB3C5293B9321DA1228BFB1611DD
connect proxy_con,localhost,proxied_user,proxied_user_passwd;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
......@@ -226,7 +226,7 @@ CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
test_plugin_server proxied_user
proxied_user
proxied_user mysql_native_password *D7A51428CD38DB3C5293B9321DA1228BFB1611DD
connect proxy_con,localhost,proxied_user,proxied_user_passwd;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
......@@ -268,11 +268,11 @@ GRANT PROXY ON proxied_user_5 TO ''@'%%';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
test_plugin_server proxied_user
proxied_user_1
proxied_user_2
proxied_user_3
proxied_user_4
proxied_user_5
proxied_user_1 mysql_native_password *551D5A5177FCC3340F7D2FB0F4D8D1EEA7F7EF71
proxied_user_2 mysql_native_password *3D948F77C6A988AFDCA9755AB2A6724362557220
proxied_user_3 mysql_native_password *41A18925D237DEE738C76581153990B037F462E3
proxied_user_4 mysql_native_password *F990073A9B96FF535C2D0721406042B8751E593F
proxied_user_5 mysql_native_password *5AA915C5D0B5B1336336FD2BF7768BC09FD1F5B2
connect proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd';
connect proxy_con_2,localhost,proxied_user_2,proxied_user_2_pwd;
connect proxy_con_3,localhost,proxied_user_3,proxied_user_3_pwd;
......
mysql-test/main/plugin_auth_qa_2.result
View file @ 76151f3c
......@@ -7,7 +7,7 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_1_dest identified by 'dest_pas
GRANT PROXY ON qa_test_1_dest TO qa_test_1_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
qa_test_1_dest
qa_test_1_dest mysql_native_password *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_1_user qa_auth_interface qa_test_1_dest
SELECT @@proxy_user;
@@proxy_user
......@@ -20,7 +20,7 @@ current_user() user() @@local.proxy_user @@local.external_user
qa_test_1_user@% qa_test_1_user@localhost NULL NULL
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
qa_test_1_dest
qa_test_1_dest mysql_native_password *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_1_user qa_auth_interface qa_test_1_dest
DROP USER qa_test_1_user;
DROP USER qa_test_1_dest;
......@@ -33,8 +33,8 @@ GRANT PROXY ON qa_test_2_dest TO qa_test_2_user;
GRANT PROXY ON authenticated_as TO qa_test_2_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
authenticated_as
qa_test_2_dest
authenticated_as mysql_native_password *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_2_dest mysql_native_password *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_2_user qa_auth_interface qa_test_2_dest
SELECT @@proxy_user;
@@proxy_user
......@@ -47,8 +47,8 @@ current_user() user() @@local.proxy_user @@local.external_user
authenticated_as@% user_name@localhost 'qa_test_2_user'@'%' externaluser
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
authenticated_as
qa_test_2_dest
authenticated_as mysql_native_password *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_2_dest mysql_native_password *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_2_user qa_auth_interface qa_test_2_dest
DROP USER qa_test_2_user;
DROP USER qa_test_2_dest;
......@@ -83,8 +83,8 @@ GRANT PROXY ON qa_test_5_dest TO qa_test_5_user;
GRANT PROXY ON qa_test_5_dest TO ''@'localhost';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
*DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_5_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22
mysql_native_password *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_5_dest mysql_native_password *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_5_user qa_auth_interface qa_test_5_dest
exec MYSQL -h localhost -P MASTER_MYPORT --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'qa_test_5_user'@'localhost' (using password: YES)
......@@ -98,21 +98,21 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_pas
GRANT PROXY ON qa_test_6_dest TO qa_test_6_user;
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
qa_test_6_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_6_dest mysql_native_password *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_6_user qa_auth_interface qa_test_6_dest
exec MYSQL -h localhost -P MASTER_MYPORT --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'qa_test_6_user'@'localhost' (using password: YES)
GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
user plugin authentication_string password
qa_test_6_dest *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_6_dest mysql_native_password *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_6_user qa_auth_interface qa_test_6_dest
exec MYSQL -h localhost -P MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
REVOKE PROXY ON qa_test_6_dest FROM root;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
user plugin authentication_string
qa_test_6_dest
qa_test_6_dest mysql_native_password *DFCACE76914AD7BD801FC1A1ECF6562272621A22
qa_test_6_user qa_auth_interface qa_test_6_dest
exec MYSQL -h localhost -P MASTER_MYPORT --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
......
mysql-test/main/set_password.result
View file @ 76151f3c
......@@ -9,11 +9,11 @@ create user oldpassold@localhost identified with 'mysql_old_password';
set password for oldpassold@localhost = '378b243e220ca493';
select user, host, password, plugin, authentication_string from mysql.user where user != 'root';
user host password plugin authentication_string
natauth localhost *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
newpass localhost *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
natauth localhost mysql_native_password *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
newpass localhost mysql_native_password *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
newpassnat localhost mysql_native_password *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
oldauth localhost 378b243e220ca493
oldpass localhost 378b243e220ca493
oldauth localhost mysql_old_password 378b243e220ca493
oldpass localhost mysql_old_password 378b243e220ca493
oldpassold localhost mysql_old_password 378b243e220ca493
connect con,localhost,natauth,test,;
select current_user();
......
mysql-test/main/show_grants_with_plugin-7985.result
View file @ 76151f3c
......@@ -7,7 +7,7 @@ create user u1;
GRANT SELECT ON mysql.* to u1 IDENTIFIED VIA mysql_native_password;
select user, host, password, plugin, authentication_string from mysql.user where user = 'u1';
user host password plugin authentication_string
u1 %
u1 % mysql_native_password
#
# The user's grants should show no password at all.
#
......@@ -43,7 +43,7 @@ GRANT SELECT ON mysql.* to u1 IDENTIFIED VIA mysql_native_password
USING '*7AFEFD08B6B720E781FB000CAA418F54FA662626';
select user, host, password, plugin, authentication_string from mysql.user where user = 'u1';
user host password plugin authentication_string
u1 % *7AFEFD08B6B720E781FB000CAA418F54FA662626
u1 % mysql_native_password *7AFEFD08B6B720E781FB000CAA418F54FA662626
#
# Test to see if connecting with password is succesful.
#
......
mysql-test/main/sp-security.result
View file @ 76151f3c
......@@ -506,9 +506,9 @@ DROP DATABASE mysqltest;
GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
user19857@localhost;
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
Host User Password
localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C
SELECT Host,User,Plugin,Authentication_string FROM mysql.user WHERE User='user19857';
Host User Plugin Authentication_string
localhost user19857 mysql_native_password *82DC221D557298F6CE9961037DB1C90604792F5C
connect mysqltest_2_con,localhost,user19857,meow,test;
connection mysqltest_2_con;
USE test;
......@@ -533,9 +533,9 @@ connection mysqltest_2_con;
DROP PROCEDURE IF EXISTS test.sp19857;
connection con1root;
disconnect mysqltest_2_con;
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
Host User Password
localhost user19857 *82DC221D557298F6CE9961037DB1C90604792F5C
SELECT Host,User,Plugin,Authentication_string FROM mysql.user WHERE User='user19857';
Host User Plugin Authentication_string
localhost user19857 mysql_native_password *82DC221D557298F6CE9961037DB1C90604792F5C
DROP USER user19857@localhost;
disconnect con1root;
connection default;
......
mysql-test/main/sp-security.test
View file @ 76151f3c
......@@ -742,7 +742,7 @@ DROP DATABASE mysqltest;
GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
user19857@localhost;
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
SELECT Host,User,Plugin,Authentication_string FROM mysql.user WHERE User='user19857';
--connect (mysqltest_2_con,localhost,user19857,meow,test)
--connection mysqltest_2_con
......@@ -770,7 +770,7 @@ DROP PROCEDURE IF EXISTS test.sp19857;
--disconnect mysqltest_2_con
SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
SELECT Host,User,Plugin,Authentication_string FROM mysql.user WHERE User='user19857';
DROP USER user19857@localhost;
......
mysql-test/main/sp_notembedded.result
View file @ 76151f3c
......@@ -324,7 +324,7 @@ DROP EVENT teste_bug11763507;
# -- End of 5.1 tests
# ------------------------------------------------------------------
grant create routine on test.* to foo1@localhost identified by 'foo';
update mysql.user set password = replace(password, '*', '-') where user='foo1';
update mysql.user set authentication_string = replace(authentication_string, '*', '-') where user='foo1';
connect foo,localhost,foo1,foo;
show grants;
Grants for foo1@localhost
......
mysql-test/main/sp_notembedded.test
View file @ 76151f3c
......@@ -465,7 +465,7 @@ DROP EVENT teste_bug11763507;
# (creating a new procedure changes the password)
#
grant create routine on test.* to foo1@localhost identified by 'foo';
update mysql.user set password = replace(password, '*', '-') where user='foo1';
update mysql.user set authentication_string = replace(authentication_string, '*', '-') where user='foo1';
--connect (foo,localhost,foo1,foo)
show grants;
--connection default
......
mysql-test/suite/funcs_1/r/is_user_privileges.result
View file @ 76151f3c
......@@ -128,7 +128,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -175,7 +175,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -222,7 +222,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -293,7 +293,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -340,7 +340,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -387,7 +387,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -444,7 +444,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -491,7 +491,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -538,7 +538,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -617,7 +617,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -664,7 +664,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -711,7 +711,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -782,7 +782,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -829,7 +829,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -876,7 +876,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -933,7 +933,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -980,7 +980,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1027,7 +1027,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1136,7 +1136,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1183,7 +1183,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1230,7 +1230,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1334,7 +1334,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1381,7 +1381,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1428,7 +1428,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1485,7 +1485,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1532,7 +1532,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1579,7 +1579,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1643,7 +1643,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1690,7 +1690,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1737,7 +1737,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1816,7 +1816,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1863,7 +1863,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......@@ -1910,7 +1910,7 @@ max_questions 0
max_updates 0
max_connections 0
max_user_connections 0
plugin
plugin mysql_native_password
authentication_string
password_expired N
is_role N
......
mysql-test/suite/plugins/r/simple_password_check.result
View file @ 76151f3c
......@@ -135,8 +135,10 @@ grant select on *.* to foo2 identified with mysql_old_password using '2222222222
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
create user foo2 identified with mysql_native_password using '';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to foo2 identified with mysql_old_password using '';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to foo2 identified with mysql_old_password;
ERROR 28000: Can't find any matching row in the user table
ERROR HY000: Your password does not satisfy the current policy requirements
update mysql.user set password='xxx' where user='foo1';
set global strict_password_validation=0;
set password for foo1 = '';
......
mysql-test/suite/plugins/t/simple_password_check.test
View file @ 76151f3c
......@@ -83,7 +83,9 @@ create user foo2 identified with mysql_native_password using '111111111111111111
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
--error ER_NOT_VALID_PASSWORD
create user foo2 identified with mysql_native_password using '';
--error ER_PASSWORD_NO_MATCH
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo2 identified with mysql_old_password using '';
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo2 identified with mysql_old_password;
# direct updates are not protected
......
mysql-test/suite/rpl/r/rpl_create_drop_user.result
View file @ 76151f3c
......@@ -17,15 +17,15 @@ CURRENT_USER
u2@localhost
disconnect user_a;
connection master;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
user password
u1 *D9553C4CE316A9845CE49E30A2D7E3857AF966C4
u2
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
user password plugin authentication_string
u1 mysql_native_password *D9553C4CE316A9845CE49E30A2D7E3857AF966C4
u2 mysql_native_password
connection slave;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
user password
u1 *D9553C4CE316A9845CE49E30A2D7E3857AF966C4
u2
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
user password plugin authentication_string
u1 mysql_native_password *D9553C4CE316A9845CE49E30A2D7E3857AF966C4
u2 mysql_native_password
connection master;
CREATE OR REPLACE USER u1@localhost IDENTIFIED BY 'abcdefghijk2';
connect user_a, localhost, u1,'abcdefghijk2',;
......@@ -35,25 +35,25 @@ CURRENT_USER
u1@localhost
disconnect user_a;
connection master;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
user password
u1 *A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
u2
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
user password plugin authentication_string
u1 mysql_native_password *A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
u2 mysql_native_password
connection slave;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
user password
u1 *A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
u2
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
user password plugin authentication_string
u1 mysql_native_password *A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
u2 mysql_native_password
connection master;
CREATE USER u1@localhost;
ERROR HY000: Operation CREATE USER failed for 'u1'@'localhost'
DROP USER u3@localhost;
ERROR HY000: Operation DROP USER failed for 'u3'@'localhost'
connection slave;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
user password
u1 *A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
u2
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
user password plugin authentication_string
u1 mysql_native_password *A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
u2 mysql_native_password
connection master;
DROP USER IF EXISTS u1@localhost;
DROP USER u2@localhost;
......@@ -61,6 +61,6 @@ DROP USER IF EXISTS u3@localhost;
Warnings:
Note 1974 Can't drop user 'u3'@'localhost'; it doesn't exist
connection slave;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
user password
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
user password plugin authentication_string
include/rpl_end.inc
mysql-test/suite/rpl/r/rpl_innodb_mixed_dml.result
View file @ 76151f3c
......@@ -482,36 +482,36 @@ SET TRANSACTION ISOLATION LEVEL SERIALIZABLE;
CREATE USER 'user_test_rpl'@'localhost' IDENTIFIED BY PASSWORD '*1111111111111111111111111111111111111111';
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 N
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 N
connection slave;
USE test_rpl;
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 N
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 N
connection master;
******************** GRANT ********************
GRANT SELECT ON *.* TO 'user_test_rpl'@'localhost';
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 Y
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 Y
connection slave;
USE test_rpl;
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 Y
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 Y
connection master;
******************** REVOKE ********************
REVOKE SELECT ON *.* FROM 'user_test_rpl'@'localhost';
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 N
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 N
connection slave;
USE test_rpl;
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 N
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 N
connection master;
******************** SET PASSWORD ********************
......
mysql-test/suite/rpl/t/rpl_create_drop_user.test
View file @ 76151f3c
......@@ -15,9 +15,11 @@ SELECT CURRENT_USER;
disconnect user_a;
connection master;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
--sorted_result
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
sync_slave_with_master;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
--sorted_result
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
connection master;
CREATE OR REPLACE USER u1@localhost IDENTIFIED BY 'abcdefghijk2';
......@@ -26,9 +28,11 @@ connection user_a;
SELECT CURRENT_USER;
disconnect user_a;
connection master;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
--sorted_result
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
sync_slave_with_master;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
--sorted_result
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
connection master;
--error ER_CANNOT_USER
......@@ -38,7 +42,8 @@ CREATE USER u1@localhost;
DROP USER u3@localhost;
sync_slave_with_master;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
--sorted_result
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
connection master;
DROP USER IF EXISTS u1@localhost;
......@@ -46,6 +51,7 @@ DROP USER u2@localhost;
DROP USER IF EXISTS u3@localhost;
sync_slave_with_master;
SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
--sorted_result
SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
--source include/rpl_end.inc
sql/sql_acl.cc
View file @ 76151f3c
......@@ -1386,9 +1386,20 @@ static my_bool do_validate(THD *, plugin_ref plugin, void *arg)
}
static bool can_password(LEX_USER *user)
{
return !user->plugin.length ||
lex_string_eq(&user->plugin, &native_password_plugin_name) ||
lex_string_eq(&user->plugin, &old_password_plugin_name);
}
static bool validate_password(LEX_USER *user, THD *thd)
{
if (user->pwtext.length || !user->pwhash.length)
if (!can_password(user))
return false;
if (user->pwtext.length || !user->auth.length)
{
struct validation_data data= { &user->user,
user->pwtext.str ? &user->pwtext :
......@@ -1468,35 +1479,13 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
}
/*
Validates the password, calculates password hash, transforms
equivalent LEX_USER representations.
Upon entering this function:
- if user->plugin is specified, user->auth is the plugin auth data.
- if user->plugin is mysql_native_password or mysql_old_password,
user->auth is the password hash, and LEX_USER is transformed
to match the next case (that is, user->plugin is cleared).
- if user->plugin is NOT specified, built-in auth is assumed, that is
mysql_native_password or mysql_old_password. In that case,
user->pwhash is the password hash. And user->pwtext is the original
plain-text password. Either one can be set or both.
Upon exiting this function:
- user->pwtext is left untouched
- user->pwhash is the password hash, as the mysql.user.password column
- user->plugin is the plugin name, as the mysql.user.plugin column
- user->auth is the plugin auth data, as the mysql.user.authentication_string column
/**
Validates the password, calculates password hash.
*/
static bool fix_lex_user(THD *thd, LEX_USER *user)
{
size_t check_length;
DBUG_ASSERT(user->plugin.length || !user->auth.length);
DBUG_ASSERT(!(user->plugin.length && (user->pwtext.length || user->pwhash.length)));
if (lex_string_eq(&user->plugin, &native_password_plugin_name))
check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
else
......@@ -1504,38 +1493,41 @@ static bool fix_lex_user(THD *thd, LEX_USER *user)
check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
else
if (user->plugin.length)
return false; // nothing else to do
return 0; // nothing else to do
else if (thd->variables.old_passwords == 1 ||
user->pwhash.length == SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
user->auth.length == SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
{
user->plugin= old_password_plugin_name;
check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
else
check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
if (user->plugin.length)
}
else if (user->auth.length)
{
user->pwhash= user->auth;
user->plugin= empty_clex_str;
user->auth= empty_clex_str;
user->plugin= native_password_plugin_name;
check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
}
else
check_length= 0;
if (user->pwhash.length && user->pwhash.length != check_length)
if (user->auth.length && user->auth.length != check_length)
{
my_error(ER_PASSWD_LENGTH, MYF(0), (int) check_length);
return true;
return 1;
}
if (user->pwtext.length && !user->pwhash.length)
if (user->pwtext.length && !user->auth.length)
{
size_t scramble_length;
void (*make_scramble)(char *, const char *, size_t);
if (thd->variables.old_passwords == 1)
{
user->plugin= old_password_plugin_name;
scramble_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
make_scramble= my_make_scrambled_password_323;
}
else
{
user->plugin= native_password_plugin_name;
scramble_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
make_scramble= my_make_scrambled_password;
}
......@@ -1549,8 +1541,8 @@ static bool fix_lex_user(THD *thd, LEX_USER *user)
if (buff == NULL)
return true;
make_scramble(buff, user->pwtext.str, user->pwtext.length);
user->pwhash.str= buff;
user->pwhash.length= scramble_length;
user->auth.str= buff;
user->auth.length= scramble_length;
}
return false;
......@@ -1822,16 +1814,18 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
continue;
}
LEX_CSTRING password= empty_clex_str;
if (user_table.password())
{
password.str= get_field(&acl_memroot, user_table.password());
password.length= safe_strlen(password.str);
const char *p= safe_str(get_field(&acl_memroot, user_table.password()));
user.auth_string.str= p;
user.auth_string.length= strlen(p);
}
user.auth_string= password;
set_user_salt(&user, password);
else
user.auth_string= empty_clex_str;
if (!is_role && set_user_plugin(&user, password.length))
set_user_salt(&user, user.auth_string);
if (!is_role && set_user_plugin(&user, user.auth_string.length))
continue;
user.access= user_table.get_access() & GLOBAL_ACLS;
......@@ -1919,6 +1913,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
char *tmpstr= get_field(&acl_memroot, user_table.plugin());
if (tmpstr)
{
LEX_CSTRING password= user.auth_string;
user.plugin.str= tmpstr;
user.plugin.length= strlen(user.plugin.str);
user.auth_string.str=
......@@ -2588,20 +2583,13 @@ static void acl_update_user(const LEX_USER &combo, enum SSL_type ssl_type,
ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
if (acl_user->eq(combo.user.str, combo.host.str))
{
if (combo.plugin.str[0])
if (combo.plugin.length)
{
acl_user->plugin= combo.plugin;
acl_user->auth_string= safe_lexcstrdup_root(&acl_memroot, combo.auth);
if (fix_user_plugin_ptr(acl_user))
acl_user->plugin= safe_lexcstrdup_root(&acl_memroot, combo.plugin);
}
else
if (combo.pwhash.length)
{
acl_user->auth_string= safe_lexcstrdup_root(&acl_memroot, combo.pwhash);
set_user_salt(acl_user, combo.pwhash);
set_user_plugin(acl_user, combo.pwhash.length);
}
acl_user->access=privileges;
if (mqh->specified_limits & USER_RESOURCES::QUERIES_PER_HOUR)
acl_user->user_resource.questions=mqh->questions;
......@@ -2657,7 +2645,7 @@ static void acl_insert_user(const LEX_USER &combo, enum SSL_type ssl_type,
bzero(&acl_user, sizeof(acl_user));
acl_user.user= safe_lexcstrdup_root(&acl_memroot, combo.user);
update_hostname(&acl_user.host, safe_strdup_root(&acl_memroot, combo.host.str));
if (combo.plugin.str[0])
if (combo.plugin.length)
{
acl_user.plugin= combo.plugin;
acl_user.auth_string= safe_lexcstrdup_root(&acl_memroot, combo.auth);
......@@ -2666,9 +2654,9 @@ static void acl_insert_user(const LEX_USER &combo, enum SSL_type ssl_type,
}
else
{
acl_user.auth_string= safe_lexcstrdup_root(&acl_memroot, combo.pwhash);
set_user_salt(&acl_user, combo.pwhash);
set_user_plugin(&acl_user, combo.pwhash.length);
DBUG_ASSERT(!combo.auth.length);
acl_user.plugin= native_password_plugin_name;
acl_user.auth_string= empty_clex_str;
}
acl_user.flags= 0;
......@@ -3201,8 +3189,8 @@ bool change_password(THD *thd, LEX_USER *user)
const CSET_STRING query_save __attribute__((unused)) = thd->query_string;
DBUG_ENTER("change_password");
DBUG_PRINT("enter",("host: '%s' user: '%s' new_password: '%s'",
user->host.str, user->user.str, user->pwhash.str));
DBUG_ASSERT(user->host.str != 0); // Ensured by parent
user->host.str, user->user.str, user->auth.str));
DBUG_ASSERT(user->host.str != 0); // Ensured by caller
/*
This statement will be replicated as a statement, even when using
......@@ -3217,8 +3205,7 @@ bool change_password(THD *thd, LEX_USER *user)
(WSREP(thd) && !IF_WSREP(thd->wsrep_applier, 0)))
{
query_length= sprintf(buff, "SET PASSWORD FOR '%-.120s'@'%-.120s'='%-.120s'",
user->user.str, safe_str(user->host.str),
safe_str(user->pwhash.str));
user->user.str, safe_str(user->host.str), user->auth.str);
}
if (WSREP(thd) && !IF_WSREP(thd->wsrep_applier, 0))
......@@ -3246,10 +3233,9 @@ bool change_password(THD *thd, LEX_USER *user)
if (acl_user->plugin.str == native_password_plugin_name.str ||
acl_user->plugin.str == old_password_plugin_name.str)
{
acl_user->auth_string= safe_lexcstrdup_root(&acl_memroot, user->pwhash);
set_user_salt(acl_user, user->pwhash);
set_user_plugin(acl_user, user->pwhash.length);
acl_user->auth_string= safe_lexcstrdup_root(&acl_memroot, user->auth);
set_user_salt(acl_user, user->auth);
set_user_plugin(acl_user, user->auth.length);
}
else
push_warning(thd, Sql_condition::WARN_LEVEL_NOTE,
......@@ -3258,7 +3244,7 @@ bool change_password(THD *thd, LEX_USER *user)
if (update_user_table(thd, tables.user_table(),
safe_str(acl_user->host.hostname),
acl_user->user.str, user->pwhash))
acl_user->user.str, user->auth))
{
mysql_mutex_unlock(&acl_cache->lock); /* purecov: deadcode */
goto end;
......@@ -3777,7 +3763,7 @@ static bool update_user_table(THD *thd, const User_table& user_table,
user_table.password()->reset();
}
else
user_table.password()->store(new_password.str, new_password.len,
user_table.password()->store(new_password.str, new_password.length,
system_charset_info);
......@@ -3846,19 +3832,6 @@ static int replace_user_table(THD *thd, const User_table &user_table,
mysql_mutex_assert_owner(&acl_cache->lock);
if (combo->pwhash.str && combo->pwhash.str[0])
{
if (combo->pwhash.length != SCRAMBLED_PASSWORD_CHAR_LENGTH &&
combo->pwhash.length != SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
{
DBUG_ASSERT(0);
my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
DBUG_RETURN(-1);
}
}
else
combo->pwhash= empty_clex_str;
/* if the user table is not up to date, we can't handle role updates */
if (!user_table.is_role() && handle_as_role)
{
......@@ -3899,7 +3872,7 @@ static int replace_user_table(THD *thd, const User_table &user_table,
see also test_if_create_new_users()
*/
else if (!combo->pwhash.length && !combo->plugin.length && no_auto_create)
else if (!combo->auth.length && !combo->plugin.length && no_auto_create)
{
my_error(ER_PASSWORD_NO_MATCH, MYF(0));
goto end;
......@@ -3909,7 +3882,7 @@ static int replace_user_table(THD *thd, const User_table &user_table,
my_error(ER_CANT_CREATE_USER_WITH_GRANT, MYF(0));
goto end;
}
else if (combo->plugin.str[0])
else if (combo->plugin.length)
{
if (!plugin_is_ready(&combo->plugin, MYSQL_AUTHENTICATION_PLUGIN))
{
......@@ -3917,6 +3890,13 @@ static int replace_user_table(THD *thd, const User_table &user_table,
goto end;
}
}
else /* combo->plugin.length == 0 */
{
if (combo->auth.length == SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
combo->plugin= old_password_plugin_name;
else
combo->plugin= native_password_plugin_name;
}
old_row_exists = 0;
restore_record(table,s->default_values);
......@@ -3931,7 +3911,7 @@ static int replace_user_table(THD *thd, const User_table &user_table,
store_record(table,record[1]); // Save copy for update
}
if (!old_row_exists || combo->pwtext.length || combo->pwhash.length)
if (!old_row_exists || combo->pwtext.length || combo->auth.length)
if (!handle_as_role && validate_password(combo, thd))
goto end;
......@@ -3950,8 +3930,8 @@ static int replace_user_table(THD *thd, const User_table &user_table,
DBUG_PRINT("info",("table fields: %d", user_table.num_fields()));
/* If we don't have a password column, we'll use the authentication_string
column later. */
if (combo->pwhash.str[0] && user_table.password())
user_table.password()->store(combo->pwhash.str, combo->pwhash.length,
if (combo->auth.length && can_password(combo) && user_table.password())
user_table.password()->store(combo->auth.str, combo->auth.length,
system_charset_info);
/* We either have the password column, the plugin column, or both. Otherwise
we have a corrupt user table. */
......@@ -4013,13 +3993,12 @@ static int replace_user_table(THD *thd, const User_table &user_table,
if (user_table.max_user_connections() &&
(mqh.specified_limits & USER_RESOURCES::USER_CONNECTIONS))
user_table.max_user_connections()->store((longlong) mqh.user_conn, FALSE);
if (user_table.plugin())
if (user_table.plugin() && !handle_as_role)
{
user_table.plugin()->set_notnull();
user_table.authentication_string()->set_notnull();
if (combo->plugin.str[0])
if (combo->plugin.length)
{
DBUG_ASSERT(combo->pwhash.str[0] == 0);
if (user_table.password())
user_table.password()->reset();
user_table.plugin()->store(combo->plugin.str, combo->plugin.length,
......@@ -4027,22 +4006,6 @@ static int replace_user_table(THD *thd, const User_table &user_table,
user_table.authentication_string()->store(combo->auth.str, combo->auth.length,
system_charset_info);
}
if (combo->pwhash.str[0])
{
DBUG_ASSERT(combo->plugin.str[0] == 0);
/* We have Password column. */
if (user_table.password())
{
user_table.plugin()->reset();
user_table.authentication_string()->reset();
}
else
{
/* We do not have Password column. Use PLUGIN && Authentication_string
columns instead. */
set_plugin_from_password(user_table, combo->pwhash);
}
}
if (user_table.max_statement_time())
{
......@@ -6219,7 +6182,7 @@ static bool merge_one_role_privileges(ACL_ROLE *grantee)
static bool has_auth(LEX_USER *user, LEX *lex)
{
return user->pwtext.length || user->pwhash.length || user->plugin.length || user->auth.length ||
return user->pwtext.length || user->plugin.length || user->auth.length ||
lex->ssl_type != SSL_TYPE_NOT_SPECIFIED || lex->ssl_cipher ||
lex->x509_issuer || lex->x509_subject ||
lex->mqh.specified_limits;
......@@ -6231,7 +6194,6 @@ static bool fix_and_copy_user(LEX_USER *to, LEX_USER *from, THD *thd)
{
/* preserve authentication information, if LEX_USER was reallocated */
to->pwtext= from->pwtext;
to->pwhash= from->pwhash;
to->plugin= from->plugin;
to->auth= from->auth;
}
......
sql/sql_yacc.yy
View file @ 76151f3c
......@@ -16254,14 +16254,14 @@ opt_for_user:
;
text_or_password:
TEXT_STRING { Lex->definer->pwhash= $1;}
TEXT_STRING { Lex->definer->auth= $1;}
| PASSWORD_SYM '(' TEXT_STRING ')' { Lex->definer->pwtext= $3; }
| OLD_PASSWORD_SYM '(' TEXT_STRING ')'
{
Lex->definer->pwtext= $3;
Lex->definer->pwhash.str= Item_func_password::alloc(thd,
Lex->definer->auth.str= Item_func_password::alloc(thd,
$3.str, $3.length, Item_func_password::OLD);
Lex->definer->pwhash.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
Lex->definer->auth.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
}
;
......@@ -16825,7 +16825,7 @@ grant_user:
| user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING
{
$$= $1;
$1->pwhash= $5;
$1->auth= $5;
}
| user IDENTIFIED_SYM via_or_with ident_or_text
{
......
sql/sql_yacc_ora.yy
View file @ 76151f3c
......@@ -16581,14 +16581,14 @@ opt_for_user:
;
text_or_password:
TEXT_STRING { Lex->definer->pwhash= $1;}
TEXT_STRING { Lex->definer->auth= $1;}
| PASSWORD_SYM '(' TEXT_STRING ')' { Lex->definer->pwtext= $3; }
| OLD_PASSWORD_SYM '(' TEXT_STRING ')'
{
Lex->definer->pwtext= $3;
Lex->definer->pwhash.str= Item_func_password::alloc(thd,
Lex->definer->auth.str= Item_func_password::alloc(thd,
$3.str, $3.length, Item_func_password::OLD);
Lex->definer->pwhash.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
Lex->definer->auth.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
}
;
......@@ -17178,7 +17178,7 @@ grant_user:
| user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING
{
$$= $1;
$1->pwhash= $5;
$1->auth= $5;
}
| user IDENTIFIED_SYM via_or_with ident_or_text
{
......
sql/structs.h
View file @ 76151f3c
......@@ -227,12 +227,11 @@ struct AUTHID
struct LEX_USER: public AUTHID
{
LEX_CSTRING plugin, auth;
LEX_CSTRING pwtext, pwhash;
LEX_CSTRING plugin, auth, pwtext;
void reset_auth()
{
pwtext.length= pwhash.length= plugin.length= auth.length= 0;
pwtext.str= pwhash.str= 0;
pwtext.length= plugin.length= auth.length= 0;
pwtext.str= 0;
plugin.str= auth.str= "";
}
};
......
storage/tokudb/mysql-test/rpl/r/rpl_tokudb_mixed_dml.result
View file @ 76151f3c
......@@ -485,36 +485,36 @@ SET TRANSACTION ISOLATION LEVEL SERIALIZABLE;
CREATE USER 'user_test_rpl'@'localhost' IDENTIFIED BY PASSWORD '*1111111111111111111111111111111111111111';
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 N
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 N
connection slave;
USE test_rpl;
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 N
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 N
connection master;
******************** GRANT ********************
GRANT SELECT ON *.* TO 'user_test_rpl'@'localhost';
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 Y
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 Y
connection slave;
USE test_rpl;
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 Y
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 Y
connection master;
******************** REVOKE ********************
REVOKE SELECT ON *.* FROM 'user_test_rpl'@'localhost';
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 N
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 N
connection slave;
USE test_rpl;
SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
host user password plugin authentication_string select_priv
localhost user_test_rpl *1111111111111111111111111111111111111111 N
localhost user_test_rpl mysql_native_password *1111111111111111111111111111111111111111 N
connection master;
******************** SET PASSWORD ********************
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7