blob: 442585e89d450035d55bb00d2d83b1609e9a7bb3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
--source include/not_embedded.inc
if (!$SIMPLE_PASSWORD_CHECK_SO) {
skip No SIMPLE_PASSWORD_CHECK plugin;
}
install soname "simple_password_check";
--vertical_results
--replace_result .dll .so
select * from information_schema.plugins where plugin_name='simple_password_check';
select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
--horizontal_results
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by 'pwd';
show warnings;
# Create user with no password.
--error ER_NOT_VALID_PASSWORD
create user foo1;
show warnings;
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo1 identified by 'pwd';
show warnings;
--error ER_NOT_VALID_PASSWORD
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
show warnings;
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
drop user `BarFoo1!`;
create user foo1 identified by 'aA.12345';
grant select on *.* to foo1;
drop user foo1;
set global simple_password_check_digits=3;
set global simple_password_check_letters_same_case=3;
set global simple_password_check_other_characters=3;
show variables like 'simple_password_check_%';
create user foo1 identified by '123:qwe:ASD!';
drop user foo1;
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '-23:qwe:ASD!';
show warnings;
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:4we:ASD!';
show warnings;
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:4SD!';
show warnings;
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:ASD4';
show warnings;
create user foo1 identified by '123:qwe:ASD!';
--error ER_NOT_VALID_PASSWORD
set password for foo1 = password('qwe:-23:ASD!');
show warnings;
--error ER_NOT_VALID_PASSWORD
set password for foo1 = old_password('4we:123:ASD!');
--error ER_NOT_VALID_PASSWORD
set password for foo1 = password('qwe:123:4SD!');
show warnings;
--error ER_NOT_VALID_PASSWORD
set password for foo1 = old_password('qwe:123:ASD4');
show warnings;
set password for foo1 = password('qwe:123:ASD!');
# now, strict_password_validation
select @@strict_password_validation;
--error ER_NOT_VALID_PASSWORD
set password for foo1 = '';
show warnings;
--error ER_OPTION_PREVENTS_STATEMENT
set password for foo1 = '2222222222222222';
--error ER_OPTION_PREVENTS_STATEMENT
set password for foo1 = '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
create user foo2 identified by password '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
grant select on *.* to foo2 identified by password '2222222222222222';
--error ER_OPTION_PREVENTS_STATEMENT
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
--error ER_NOT_VALID_PASSWORD
create user foo2 identified with mysql_native_password using '';
show warnings;
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo2 identified with mysql_old_password using '';
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo2 identified with mysql_old_password;
# direct updates are not protected
update mysql.global_priv set priv=json_set(priv, '$.authentication_string', 'xxx') where user='foo1';
set global strict_password_validation=0;
--error ER_NOT_VALID_PASSWORD
set password for foo1 = '';
show warnings;
set password for foo1 = '2222222222222222';
set password for foo1 = '11111111111111111111111111111111111111111';
create user foo2 identified by password '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified by password '2222222222222222';
drop user foo2;
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
drop user foo2;
set global strict_password_validation=1;
drop user foo1;
#
# MDEV-9940 CREATE ROLE blocked by password validation plugin
#
create role r1;
drop role r1;
flush privileges;
uninstall plugin simple_password_check;
create user foo1 identified by 'pwd';
drop user foo1;
--echo #
--echo # MDEV-26650: Failed ALTER USER/GRANT statement removes the
--echo # password from the cache
--echo #
create user foo1@localhost identified by '<GDFH:3ghj';
show grants for foo1@localhost;
install soname "simple_password_check";
--error ER_CANNOT_USER
ALTER USER foo1@localhost identified by 'foo1';
show grants for foo1@localhost;
flush privileges;
show grants for foo1@localhost;
drop user foo1@localhost;
uninstall plugin simple_password_check;
--echo #
--echo # MDEV-22418 mysqladmin wrong error with simple_password_check
--echo #
install soname "simple_password_check";
--replace_regex /.*[\/\\]// /(mysqladmin|mariadb-admin)(\.exe)?/MARIADB-ADMIN/
--error 1
--exec $MYSQLADMIN -uroot password foo 2>&1
--echo # All done
uninstall plugin simple_password_check;
--echo #
--echo # End of 10.4 tests
--echo #
|