diff options
| author | Jan Lindström <jan.lindstrom@mariadb.com> | 2021-04-27 10:41:36 +0300 |
|---|---|---|
| committer | Jan Lindström <jan.lindstrom@mariadb.com> | 2021-04-28 11:11:25 +0300 |
| commit | f946192e6f995fe57f30b135313447f062a8c450 (patch) | |
| tree | 20956a7728340bc0429ea4aa1b3b743842add78a | |
| parent | c6dbabed5659937deb35700635b096fcd488fd94 (diff) | |
| download | mariadb-git-f946192e6f995fe57f30b135313447f062a8c450.tar.gz | |
MDEV-25258 : SET PASSWORD command fail with wsrep api
Problem was that we should skip strict password validation on
applier nodes similarly as is done for slave nodes.
| -rw-r--r-- | mysql-test/suite/galera/r/galera_password.result | 19 | ||||
| -rw-r--r-- | mysql-test/suite/galera/t/galera_password.test | 14 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 6 |
3 files changed, 38 insertions, 1 deletions
diff --git a/mysql-test/suite/galera/r/galera_password.result b/mysql-test/suite/galera/r/galera_password.result new file mode 100644 index 00000000000..7af0c2169a0 --- /dev/null +++ b/mysql-test/suite/galera/r/galera_password.result @@ -0,0 +1,19 @@ +SHOW VARIABLES LIKE '%password%'; +Variable_name Value +old_passwords OFF +report_password +strict_password_validation ON +CREATE USER 'user123456'@'localhost'; +GRANT SELECT, INSERT, UPDATE ON test.* TO 'user123456'@'localhost'; +SET PASSWORD FOR 'user123456'@'localhost' = PASSWORD('A$10abcdDCBA123456%7'); +SHOW GRANTS FOR 'user123456'@'localhost'; +Grants for user123456@localhost +GRANT USAGE ON *.* TO 'user123456'@'localhost' IDENTIFIED BY PASSWORD '*5846CF4D641598B360B3562E581586155C59F65A' +GRANT SELECT, INSERT, UPDATE ON `test`.* TO 'user123456'@'localhost' +connection node_2; +SHOW GRANTS FOR 'user123456'@'localhost'; +Grants for user123456@localhost +GRANT USAGE ON *.* TO 'user123456'@'localhost' IDENTIFIED BY PASSWORD '*5846CF4D641598B360B3562E581586155C59F65A' +GRANT SELECT, INSERT, UPDATE ON `test`.* TO 'user123456'@'localhost' +connection node_1; +DROP USER 'user123456'@'localhost'; diff --git a/mysql-test/suite/galera/t/galera_password.test b/mysql-test/suite/galera/t/galera_password.test new file mode 100644 index 00000000000..7843097c67e --- /dev/null +++ b/mysql-test/suite/galera/t/galera_password.test @@ -0,0 +1,14 @@ +--source include/galera_cluster.inc + +SHOW VARIABLES LIKE '%password%'; + +CREATE USER 'user123456'@'localhost'; +GRANT SELECT, INSERT, UPDATE ON test.* TO 'user123456'@'localhost'; +SET PASSWORD FOR 'user123456'@'localhost' = PASSWORD('A$10abcdDCBA123456%7'); +SHOW GRANTS FOR 'user123456'@'localhost'; + +--connection node_2 +SHOW GRANTS FOR 'user123456'@'localhost'; + +--connection node_1 +DROP USER 'user123456'@'localhost'; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index f1034986f22..2b59a82277e 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1566,7 +1566,11 @@ static bool validate_password(LEX_USER *user, THD *thd) else { if (!thd->slave_thread && - strict_password_validation && has_validation_plugins()) + strict_password_validation && has_validation_plugins() +#ifdef WITH_WSREP + && !thd->wsrep_applier +#endif + ) { my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--strict-password-validation"); return true; |