--source include/not_embedded.inc if (!$SIMPLE_PASSWORD_CHECK_SO) { skip No SIMPLE_PASSWORD_CHECK plugin; } install soname "simple_password_check"; --vertical_results --replace_result .dll .so select * from information_schema.plugins where plugin_name='simple_password_check'; select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1; --horizontal_results --error ER_NOT_VALID_PASSWORD create user foo1 identified by 'pwd'; # Create user with no password. --error ER_NOT_VALID_PASSWORD create user foo1; --error ER_NOT_VALID_PASSWORD grant select on *.* to foo1 identified by 'pwd'; --error ER_NOT_VALID_PASSWORD grant select on *.* to `FooBar1!` identified by 'FooBar1!'; grant select on *.* to `BarFoo1!` identified by 'FooBar1!'; drop user `BarFoo1!`; create user foo1 identified by 'aA.12345'; grant select on *.* to foo1; drop user foo1; set global simple_password_check_digits=3; set global simple_password_check_letters_same_case=3; set global simple_password_check_other_characters=3; show variables like 'simple_password_check_%'; create user foo1 identified by '123:qwe:ASD!'; drop user foo1; --error ER_NOT_VALID_PASSWORD create user foo1 identified by '-23:qwe:ASD!'; --error ER_NOT_VALID_PASSWORD create user foo1 identified by '123:4we:ASD!'; --error ER_NOT_VALID_PASSWORD create user foo1 identified by '123:qwe:4SD!'; --error ER_NOT_VALID_PASSWORD create user foo1 identified by '123:qwe:ASD4'; create user foo1 identified by '123:qwe:ASD!'; --error ER_NOT_VALID_PASSWORD set password for foo1 = password('qwe:-23:ASD!'); --error ER_NOT_VALID_PASSWORD set password for foo1 = old_password('4we:123:ASD!'); --error ER_NOT_VALID_PASSWORD set password for foo1 = password('qwe:123:4SD!'); --error ER_NOT_VALID_PASSWORD set password for foo1 = old_password('qwe:123:ASD4'); set password for foo1 = password('qwe:123:ASD!'); # now, strict_password_validation select @@strict_password_validation; --error ER_NOT_VALID_PASSWORD set password for foo1 = ''; --error ER_OPTION_PREVENTS_STATEMENT set password for foo1 = '2222222222222222'; --error ER_OPTION_PREVENTS_STATEMENT set password for foo1 = '11111111111111111111111111111111111111111'; --error ER_OPTION_PREVENTS_STATEMENT create user foo2 identified by password '11111111111111111111111111111111111111111'; --error ER_OPTION_PREVENTS_STATEMENT grant select on *.* to foo2 identified by password '2222222222222222'; --error ER_OPTION_PREVENTS_STATEMENT create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111'; --error ER_OPTION_PREVENTS_STATEMENT grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222'; --error ER_NOT_VALID_PASSWORD create user foo2 identified with mysql_native_password using ''; --error ER_NOT_VALID_PASSWORD grant select on *.* to foo2 identified with mysql_old_password using ''; --error ER_NOT_VALID_PASSWORD grant select on *.* to foo2 identified with mysql_old_password; # direct updates are not protected update mysql.global_priv set priv=json_set(priv, '$.authentication_string', 'xxx') where user='foo1'; set global strict_password_validation=0; --error ER_NOT_VALID_PASSWORD set password for foo1 = ''; set password for foo1 = '2222222222222222'; set password for foo1 = '11111111111111111111111111111111111111111'; create user foo2 identified by password '11111111111111111111111111111111111111111'; drop user foo2; grant select on *.* to foo2 identified by password '2222222222222222'; drop user foo2; create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111'; drop user foo2; grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222'; drop user foo2; set global strict_password_validation=1; drop user foo1; # # MDEV-9940 CREATE ROLE blocked by password validation plugin # create role r1; drop role r1; flush privileges; uninstall plugin simple_password_check; create user foo1 identified by 'pwd'; drop user foo1;