mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-16 08:18:12 +02:00
Code Issues Projects Releases Packages Wiki Activity
mariadb/mysql-test/suite/plugins/t/simple_password_check.test
Sergei Golubchik 87b5f813c7 MDEV-30190 Password check plugin prevents changing grants for CURRENT_USER 
CURRENT_USER should not initialize $$->auth, just like explicitly
specified user name doesn't.
2025-07-15 14:25:45 +02:00

183 lines
5.5 KiB
Text
Raw Permalink Blame History

--source include/not_embedded.inc
if (!$SIMPLE_PASSWORD_CHECK_SO) {
skip No SIMPLE_PASSWORD_CHECK plugin;
}
install soname "simple_password_check";
--vertical_results
--replace_result .dll .so
select * from information_schema.plugins where plugin_name='simple_password_check';
select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
--horizontal_results
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by 'pwd';
show warnings;
# Create user with no password.
--error ER_NOT_VALID_PASSWORD
create user foo1;
show warnings;
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo1 identified by 'pwd';
show warnings;
--error ER_NOT_VALID_PASSWORD
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
show warnings;
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
drop user `BarFoo1!`;
create user foo1 identified by 'aA.12345';
grant select on *.* to foo1;
drop user foo1;
set global simple_password_check_digits=3;
set global simple_password_check_letters_same_case=3;
set global simple_password_check_other_characters=3;
show variables like 'simple_password_check_%';
create user foo1 identified by '123:qwe:ASD!';
drop user foo1;
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '-23:qwe:ASD!';
show warnings;
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:4we:ASD!';
show warnings;
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:4SD!';
show warnings;
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:ASD4';
show warnings;
create user foo1 identified by '123:qwe:ASD!';
--error ER_NOT_VALID_PASSWORD
set password for foo1 = password('qwe:-23:ASD!');
show warnings;
--error ER_NOT_VALID_PASSWORD
set password for foo1 = old_password('4we:123:ASD!');
--error ER_NOT_VALID_PASSWORD
set password for foo1 = password('qwe:123:4SD!');
show warnings;
--error ER_NOT_VALID_PASSWORD
set password for foo1 = old_password('qwe:123:ASD4');
show warnings;
set password for foo1 = password('qwe:123:ASD!');
# now, strict_password_validation
select @@strict_password_validation;
--error ER_NOT_VALID_PASSWORD
set password for foo1 = '';
show warnings;
--error ER_OPTION_PREVENTS_STATEMENT
set password for foo1 = '2222222222222222';
--error ER_OPTION_PREVENTS_STATEMENT
set password for foo1 = '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
create user foo2 identified by password '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
grant select on *.* to foo2 identified by password '2222222222222222';
--error ER_OPTION_PREVENTS_STATEMENT
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
--error ER_NOT_VALID_PASSWORD
create user foo2 identified with mysql_native_password using '';
show warnings;
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo2 identified with mysql_old_password using '';
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo2 identified with mysql_old_password;
# direct updates are not protected
update mysql.global_priv set priv=json_set(priv, '$.authentication_string', 'xxx') where user='foo1';
set global strict_password_validation=0;
--error ER_NOT_VALID_PASSWORD
set password for foo1 = '';
show warnings;
set password for foo1 = '2222222222222222';
set password for foo1 = '11111111111111111111111111111111111111111';
create user foo2 identified by password '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified by password '2222222222222222';
drop user foo2;
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
drop user foo2;
set global strict_password_validation=1;
drop user foo1;
#
# MDEV-9940 CREATE ROLE blocked by password validation plugin
#
create role r1;
drop role r1;
flush privileges;
uninstall plugin simple_password_check;
create user foo1 identified by 'pwd';
drop user foo1;
--echo #
--echo # MDEV-26650: Failed ALTER USER/GRANT statement removes the
--echo # password from the cache
--echo #
create user foo1@localhost identified by '<GDFH:3ghj';
show grants for foo1@localhost;
install soname "simple_password_check";
--error ER_CANNOT_USER
ALTER USER foo1@localhost identified by 'foo1';
show grants for foo1@localhost;
flush privileges;
show grants for foo1@localhost;
drop user foo1@localhost;
uninstall plugin simple_password_check;
--echo #
--echo # MDEV-22418 mysqladmin wrong error with simple_password_check
--echo #
install soname "simple_password_check";
--replace_regex /.*[\/\\]// /(mysqladmin|mariadb-admin)(\.exe)?/MARIADB-ADMIN/
--error 1
--exec $MYSQLADMIN -uroot password foo 2>&1
--echo # All done
uninstall plugin simple_password_check;
--echo # End of 10.4 tests
--echo #
--echo # MDEV-30190 Password check plugin prevents changing grants for CURRENT_USER
--echo #
select priv into @old_priv from mysql.global_priv where user='root' and host='localhost';
install soname "simple_password_check";
grant all on db1.* to current_user;
select current_user;
show grants;
revoke all on db1.* from current_user;
uninstall plugin simple_password_check;
#cleanup
update mysql.global_priv set priv=@old_priv where user='root' and host='localhost';
--echo # End of 10.11 tests
Reference in a new issue View git blame Copy permalink