mirror of
https://github.com/MariaDB/server.git
synced 2025-01-31 19:11:46 +01:00
68910e7092
Cannot do password validation in fix_lex_user(), we don't know there what "GRANT ... TO user" means - creating a new user with an empty password (need validation) or granting privileges to an existing user (no validation needed). Move validation down into replace_user_table(). And copy into check_change_password().
110 lines
3.6 KiB
Text
110 lines
3.6 KiB
Text
--source include/not_embedded.inc
|
|
|
|
if (!$SIMPLE_PASSWORD_CHECK_SO) {
|
|
skip No SIMPLE_PASSWORD_CHECK plugin;
|
|
}
|
|
|
|
install soname "simple_password_check";
|
|
|
|
--vertical_results
|
|
--replace_result .dll .so
|
|
select * from information_schema.plugins where plugin_name='simple_password_check';
|
|
|
|
select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
|
|
--horizontal_results
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
create user foo1 identified by 'pwd';
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
grant select on *.* to foo1 identified by 'pwd';
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
|
|
|
|
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
|
|
drop user `BarFoo1!`;
|
|
|
|
create user foo1 identified by 'aA.12345';
|
|
grant select on *.* to foo1;
|
|
drop user foo1;
|
|
|
|
set global simple_password_check_digits=3;
|
|
set global simple_password_check_letters_same_case=3;
|
|
set global simple_password_check_other_characters=3;
|
|
show variables like 'simple_password_check_%';
|
|
|
|
create user foo1 identified by '123:qwe:ASD!';
|
|
drop user foo1;
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
create user foo1 identified by '-23:qwe:ASD!';
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
create user foo1 identified by '123:4we:ASD!';
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
create user foo1 identified by '123:qwe:4SD!';
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
create user foo1 identified by '123:qwe:ASD4';
|
|
|
|
create user foo1 identified by '123:qwe:ASD!';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
set password for foo1 = password('qwe:-23:ASD!');
|
|
--error ER_NOT_VALID_PASSWORD
|
|
set password for foo1 = old_password('4we:123:ASD!');
|
|
--error ER_NOT_VALID_PASSWORD
|
|
set password for foo1 = password('qwe:123:4SD!');
|
|
--error ER_NOT_VALID_PASSWORD
|
|
set password for foo1 = old_password('qwe:123:ASD4');
|
|
set password for foo1 = password('qwe:123:ASD!');
|
|
|
|
# now, strict_password_validation
|
|
select @@strict_password_validation;
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
set password for foo1 = '';
|
|
--error ER_OPTION_PREVENTS_STATEMENT
|
|
set password for foo1 = '2222222222222222';
|
|
--error ER_OPTION_PREVENTS_STATEMENT
|
|
set password for foo1 = '11111111111111111111111111111111111111111';
|
|
--error ER_OPTION_PREVENTS_STATEMENT
|
|
create user foo2 identified by password '11111111111111111111111111111111111111111';
|
|
--error ER_OPTION_PREVENTS_STATEMENT
|
|
grant select on *.* to foo2 identified by password '2222222222222222';
|
|
--error ER_OPTION_PREVENTS_STATEMENT
|
|
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
|
|
--error ER_OPTION_PREVENTS_STATEMENT
|
|
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
create user foo2 identified with mysql_native_password using '';
|
|
--error ER_PASSWORD_NO_MATCH
|
|
grant select on *.* to foo2 identified with mysql_old_password;
|
|
|
|
# direct updates are not protected
|
|
update mysql.user set password='xxx' where user='foo1';
|
|
|
|
set global strict_password_validation=0;
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
set password for foo1 = '';
|
|
set password for foo1 = '2222222222222222';
|
|
set password for foo1 = '11111111111111111111111111111111111111111';
|
|
create user foo2 identified by password '11111111111111111111111111111111111111111';
|
|
drop user foo2;
|
|
grant select on *.* to foo2 identified by password '2222222222222222';
|
|
drop user foo2;
|
|
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
|
|
drop user foo2;
|
|
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
|
|
drop user foo2;
|
|
|
|
set global strict_password_validation=1;
|
|
drop user foo1;
|
|
|
|
uninstall plugin simple_password_check;
|
|
|
|
create user foo1 identified by 'pwd';
|
|
drop user foo1;
|
|
|