mirror of
https://github.com/MariaDB/server.git
synced 2025-02-12 00:15:35 +01:00
266 lines
12 KiB
Text
266 lines
12 KiB
Text
install soname "simple_password_check";
|
|
select * from information_schema.plugins where plugin_name='simple_password_check';
|
|
PLUGIN_NAME simple_password_check
|
|
PLUGIN_VERSION 1.0
|
|
PLUGIN_STATUS ACTIVE
|
|
PLUGIN_TYPE PASSWORD VALIDATION
|
|
PLUGIN_TYPE_VERSION 1.1
|
|
PLUGIN_LIBRARY simple_password_check.so
|
|
PLUGIN_LIBRARY_VERSION 1.15
|
|
PLUGIN_AUTHOR Sergei Golubchik
|
|
PLUGIN_DESCRIPTION Simple password strength checks
|
|
PLUGIN_LICENSE GPL
|
|
LOAD_OPTION ON
|
|
PLUGIN_MATURITY Stable
|
|
PLUGIN_AUTH_VERSION 1.0
|
|
select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
|
|
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_DIGITS
|
|
SESSION_VALUE NULL
|
|
GLOBAL_VALUE 1
|
|
GLOBAL_VALUE_ORIGIN COMPILE-TIME
|
|
DEFAULT_VALUE 1
|
|
VARIABLE_SCOPE GLOBAL
|
|
VARIABLE_TYPE INT UNSIGNED
|
|
VARIABLE_COMMENT Minimal required number of digits
|
|
NUMERIC_MIN_VALUE 0
|
|
NUMERIC_MAX_VALUE 1000
|
|
NUMERIC_BLOCK_SIZE 1
|
|
ENUM_VALUE_LIST NULL
|
|
READ_ONLY NO
|
|
COMMAND_LINE_ARGUMENT REQUIRED
|
|
GLOBAL_VALUE_PATH NULL
|
|
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_LETTERS_SAME_CASE
|
|
SESSION_VALUE NULL
|
|
GLOBAL_VALUE 1
|
|
GLOBAL_VALUE_ORIGIN COMPILE-TIME
|
|
DEFAULT_VALUE 1
|
|
VARIABLE_SCOPE GLOBAL
|
|
VARIABLE_TYPE INT UNSIGNED
|
|
VARIABLE_COMMENT Minimal required number of letters of the same letter case.This limit is applied separately to upper-case and lower-case letters
|
|
NUMERIC_MIN_VALUE 0
|
|
NUMERIC_MAX_VALUE 1000
|
|
NUMERIC_BLOCK_SIZE 1
|
|
ENUM_VALUE_LIST NULL
|
|
READ_ONLY NO
|
|
COMMAND_LINE_ARGUMENT REQUIRED
|
|
GLOBAL_VALUE_PATH NULL
|
|
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_MINIMAL_LENGTH
|
|
SESSION_VALUE NULL
|
|
GLOBAL_VALUE 8
|
|
GLOBAL_VALUE_ORIGIN COMPILE-TIME
|
|
DEFAULT_VALUE 8
|
|
VARIABLE_SCOPE GLOBAL
|
|
VARIABLE_TYPE INT UNSIGNED
|
|
VARIABLE_COMMENT Minimal required password length
|
|
NUMERIC_MIN_VALUE 0
|
|
NUMERIC_MAX_VALUE 1000
|
|
NUMERIC_BLOCK_SIZE 1
|
|
ENUM_VALUE_LIST NULL
|
|
READ_ONLY NO
|
|
COMMAND_LINE_ARGUMENT REQUIRED
|
|
GLOBAL_VALUE_PATH NULL
|
|
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_OTHER_CHARACTERS
|
|
SESSION_VALUE NULL
|
|
GLOBAL_VALUE 1
|
|
GLOBAL_VALUE_ORIGIN COMPILE-TIME
|
|
DEFAULT_VALUE 1
|
|
VARIABLE_SCOPE GLOBAL
|
|
VARIABLE_TYPE INT UNSIGNED
|
|
VARIABLE_COMMENT Minimal required number of other (not letters or digits) characters
|
|
NUMERIC_MIN_VALUE 0
|
|
NUMERIC_MAX_VALUE 1000
|
|
NUMERIC_BLOCK_SIZE 1
|
|
ENUM_VALUE_LIST NULL
|
|
READ_ONLY NO
|
|
COMMAND_LINE_ARGUMENT REQUIRED
|
|
GLOBAL_VALUE_PATH NULL
|
|
create user foo1 identified by 'pwd';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: Too short password (< 8)
|
|
Warning 1819 simple_password_check: Not enough upper case letters (< 1)
|
|
Warning 1819 simple_password_check: Not enough digits (< 1)
|
|
Warning 1819 simple_password_check: Not enough special characters (< 1)
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
|
|
create user foo1;
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: The password equal to the user name
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
|
|
grant select on *.* to foo1 identified by 'pwd';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: Too short password (< 8)
|
|
Warning 1819 simple_password_check: Not enough upper case letters (< 1)
|
|
Warning 1819 simple_password_check: Not enough digits (< 1)
|
|
Warning 1819 simple_password_check: Not enough special characters (< 1)
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: The password equal to the user name
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
|
|
drop user `BarFoo1!`;
|
|
create user foo1 identified by 'aA.12345';
|
|
grant select on *.* to foo1;
|
|
drop user foo1;
|
|
set global simple_password_check_digits=3;
|
|
set global simple_password_check_letters_same_case=3;
|
|
Warnings:
|
|
Warning 1292 Adjusted the value of simple_password_check_minimal_length from 8 to 10
|
|
set global simple_password_check_other_characters=3;
|
|
Warnings:
|
|
Warning 1292 Adjusted the value of simple_password_check_minimal_length from 10 to 12
|
|
show variables like 'simple_password_check_%';
|
|
Variable_name Value
|
|
simple_password_check_digits 3
|
|
simple_password_check_letters_same_case 3
|
|
simple_password_check_minimal_length 12
|
|
simple_password_check_other_characters 3
|
|
create user foo1 identified by '123:qwe:ASD!';
|
|
drop user foo1;
|
|
create user foo1 identified by '-23:qwe:ASD!';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: Not enough digits (< 3)
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
|
|
create user foo1 identified by '123:4we:ASD!';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: Not enough lower case letters (< 3)
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
|
|
create user foo1 identified by '123:qwe:4SD!';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: Not enough upper case letters (< 3)
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
|
|
create user foo1 identified by '123:qwe:ASD4';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: Not enough special characters (< 3)
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
|
|
create user foo1 identified by '123:qwe:ASD!';
|
|
set password for foo1 = password('qwe:-23:ASD!');
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: Not enough digits (< 3)
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
set password for foo1 = old_password('4we:123:ASD!');
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
set password for foo1 = password('qwe:123:4SD!');
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: Not enough upper case letters (< 3)
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
set password for foo1 = old_password('qwe:123:ASD4');
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: Not enough special characters (< 3)
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
set password for foo1 = password('qwe:123:ASD!');
|
|
select @@strict_password_validation;
|
|
@@strict_password_validation
|
|
1
|
|
set password for foo1 = '';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: The password equal to the user name
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
set password for foo1 = '2222222222222222';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
set password for foo1 = '11111111111111111111111111111111111111111';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
create user foo2 identified by password '11111111111111111111111111111111111111111';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
grant select on *.* to foo2 identified by password '2222222222222222';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
create user foo2 identified with mysql_native_password using '';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: The password equal to the user name
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
Error 1396 Operation CREATE USER failed for 'foo2'@'%'
|
|
grant select on *.* to foo2 identified with mysql_old_password using '';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
grant select on *.* to foo2 identified with mysql_old_password;
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
update mysql.global_priv set priv=json_set(priv, '$.authentication_string', 'xxx') where user='foo1';
|
|
set global strict_password_validation=0;
|
|
set password for foo1 = '';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
|
|
show warnings;
|
|
Level Code Message
|
|
Warning 1819 simple_password_check: The password equal to the user name
|
|
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
|
|
set password for foo1 = '2222222222222222';
|
|
set password for foo1 = '11111111111111111111111111111111111111111';
|
|
create user foo2 identified by password '11111111111111111111111111111111111111111';
|
|
drop user foo2;
|
|
grant select on *.* to foo2 identified by password '2222222222222222';
|
|
drop user foo2;
|
|
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
|
|
drop user foo2;
|
|
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
|
|
drop user foo2;
|
|
set global strict_password_validation=1;
|
|
drop user foo1;
|
|
create role r1;
|
|
drop role r1;
|
|
flush privileges;
|
|
uninstall plugin simple_password_check;
|
|
create user foo1 identified by 'pwd';
|
|
drop user foo1;
|
|
#
|
|
# MDEV-26650: Failed ALTER USER/GRANT statement removes the
|
|
# password from the cache
|
|
#
|
|
create user foo1@localhost identified by '<GDFH:3ghj';
|
|
show grants for foo1@localhost;
|
|
Grants for foo1@localhost
|
|
GRANT USAGE ON *.* TO `foo1`@`localhost` IDENTIFIED BY PASSWORD '*1D62FA326F98258451ED56A404F15452423DCC1D'
|
|
install soname "simple_password_check";
|
|
ALTER USER foo1@localhost identified by 'foo1';
|
|
ERROR HY000: Operation ALTER USER failed for 'foo1'@'localhost'
|
|
show grants for foo1@localhost;
|
|
Grants for foo1@localhost
|
|
GRANT USAGE ON *.* TO `foo1`@`localhost` IDENTIFIED BY PASSWORD '*1D62FA326F98258451ED56A404F15452423DCC1D'
|
|
flush privileges;
|
|
show grants for foo1@localhost;
|
|
Grants for foo1@localhost
|
|
GRANT USAGE ON *.* TO `foo1`@`localhost` IDENTIFIED BY PASSWORD '*1D62FA326F98258451ED56A404F15452423DCC1D'
|
|
drop user foo1@localhost;
|
|
uninstall plugin simple_password_check;
|
|
#
|
|
# MDEV-22418 mysqladmin wrong error with simple_password_check
|
|
#
|
|
install soname "simple_password_check";
|
|
MARIADB-ADMIN: unable to change password; error: 'The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement'
|
|
# All done
|
|
uninstall plugin simple_password_check;
|
|
#
|
|
# End of 10.4 tests
|
|
#
|