# # MDEV-9835 Valid password is not working after server restart. # # Various combinations of SET PASSWORD and not-empty mysql.user.plugin field # --source include/not_embedded.inc #enable view protocol after fix MDEV-29542 --source include/no_view_protocol.inc --enable_connect_log set global secure_auth=0; # The hash (old and new) is for 'test' create user natauth@localhost identified via 'mysql_native_password' using '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29'; create user invalidauth@localhost identified via 'mysql_native_password' using 'invalid'; create user newpass@localhost identified by password '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29'; create user invalidpass@localhost identified by password 'invalid'; create user newpassnat@localhost identified via 'mysql_native_password'; set password for newpassnat@localhost = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29'; create user invalidpassnat@localhost identified by password 'invalid'; set password for invalidpassnat@localhost = 'invalid'; create user oldauth@localhost identified with 'mysql_old_password' using '378b243e220ca493'; create user oldpass@localhost identified by password '378b243e220ca493'; create user oldpassold@localhost identified with 'mysql_old_password'; set password for oldpassold@localhost = '378b243e220ca493'; create user invalidmysql57auth@localhost identified via 'mysql_native_password' using '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE'; --sorted_result select user, host, password, plugin, authentication_string from mysql.user where user != 'root'; --connect(con,localhost,natauth,test,) select current_user(); --disconnect con --connect(con,localhost,newpass,test,) select current_user(); --disconnect con --connect(con,localhost,newpassnat,test,) select current_user(); --disconnect con --connect(con,localhost,oldauth,test,) select current_user(); --disconnect con --connect(con,localhost,oldpass,test,) select current_user(); --disconnect con --connect(con,localhost,oldpassold,test,) select current_user(); --disconnect con --connection default flush privileges; --connect(con,localhost,natauth,test,) select current_user(); --disconnect con --connect(con,localhost,newpass,test,) select current_user(); --disconnect con --connect(con,localhost,newpassnat,test,) select current_user(); --disconnect con --connect(con,localhost,oldauth,test,) select current_user(); --disconnect con --connect(con,localhost,oldpass,test,) select current_user(); --disconnect con --connect(con,localhost,oldpassold,test,) select current_user(); --disconnect con --connection default # changing to the NEW password hash set password for natauth@localhost = PASSWORD('test2'); set password for newpass@localhost = PASSWORD('test2'); set password for newpassnat@localhost = PASSWORD('test2'); set password for oldauth@localhost = PASSWORD('test2'); set password for oldpass@localhost = PASSWORD('test2'); set password for oldpassold@localhost = PASSWORD('test2'); --sorted_result select user, host, password, plugin, authentication_string from mysql.user where user != 'root'; --connect(con,localhost,natauth,test2,) select current_user(); --disconnect con --connect(con,localhost,newpass,test2,) select current_user(); --disconnect con --connect(con,localhost,newpassnat,test2,) select current_user(); --disconnect con --connect(con,localhost,oldauth,test2,) select current_user(); --disconnect con --connect(con,localhost,oldpass,test2,) select current_user(); --disconnect con --connect(con,localhost,oldpassold,test2,) select current_user(); --disconnect con --connection default flush privileges; --connect(con,localhost,natauth,test2,) select current_user(); --disconnect con --connect(con,localhost,newpass,test2,) select current_user(); --disconnect con --connect(con,localhost,newpassnat,test2,) select current_user(); --disconnect con --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR --connect(con,localhost,invalidauth,invalid,) --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR --connect(con,localhost,invalidpass,invalid,) --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR --connect(con,localhost,invalidpassnat,invalid,) --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR --connect(con,localhost,invalidmysql57auth,invalid,) --connect(con,localhost,oldauth,test2,) select current_user(); --disconnect con --connect(con,localhost,oldpass,test2,) select current_user(); --disconnect con --connect(con,localhost,oldpassold,test2,) select current_user(); --disconnect con --connection default drop user natauth@localhost, newpass@localhost, newpassnat@localhost; drop user invalidauth@localhost, invalidpass@localhost, invalidpassnat@localhost,invalidmysql57auth@localhost; drop user oldauth@localhost, oldpass@localhost, oldpassold@localhost; set global secure_auth=default; # # MDEV-16238 root/localhost authn prioritizes authentication_string over Password # --source include/switch_to_mysql_user.inc create user foo@localhost identified with mysql_native_password; update mysql.user set authentication_string=password('foo'), plugin='mysql_native_password' where user='foo' and host='localhost'; set password for 'foo'@'localhost' = password('bar'); flush privileges; --connect foo, localhost, foo, bar select user(), current_user(); show grants; --disconnect foo --connection default select user,host,password,plugin,authentication_string from mysql.user where user='foo'; set password for 'foo'@'localhost' = ''; select user,host,password,plugin,authentication_string from mysql.user where user='foo'; drop user foo@localhost; --source include/switch_to_mysql_global_priv.inc