diff options
| author | Oleksandr Byelkin <sanja@mariadb.com> | 2021-10-20 11:37:14 +0200 |
|---|---|---|
| committer | Oleksandr Byelkin <sanja@mariadb.com> | 2022-06-20 13:56:38 +0200 |
| commit | d24bf354a25ba8e4b17227398f3bfd38fd35777e (patch) | |
| tree | a692add07b0dbdc4ec44f1559e6528e9d096dc5e | |
| parent | 6c57391acecff24d0ac0d6e3cb9d82311e9526fd (diff) | |
| download | mariadb-git-bb-10.3-MDEV-26647.tar.gz | |
MDEV-26647 (simple_password_check) Include password validation plugin information in the error message if the SQL statement is not satisfied password policybb-10.3-MDEV-26647
Make the plugin reporting cause of the error.
4 files changed, 113 insertions, 0 deletions
diff --git a/mysql-test/suite/plugins/r/simple_password_check.result b/mysql-test/suite/plugins/r/simple_password_check.result index 11005020fe7..e8f98d1a9c8 100644 --- a/mysql-test/suite/plugins/r/simple_password_check.result +++ b/mysql-test/suite/plugins/r/simple_password_check.result @@ -72,12 +72,36 @@ READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED create user foo1 identified by 'pwd'; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: Too short password (< 8) +Warning 1819 simple_password_check: Not enough upper case letters (< 1) +Warning 1819 simple_password_check: Not enough digits (< 1) +Warning 1819 simple_password_check: Not enough special characters (< 1) +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) +Error 1396 Operation CREATE USER failed for 'foo1'@'%' create user foo1; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: The password equal to the user name +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) +Error 1396 Operation CREATE USER failed for 'foo1'@'%' grant select on *.* to foo1 identified by 'pwd'; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: Too short password (< 8) +Warning 1819 simple_password_check: Not enough upper case letters (< 1) +Warning 1819 simple_password_check: Not enough digits (< 1) +Warning 1819 simple_password_check: Not enough special characters (< 1) +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) grant select on *.* to `FooBar1!` identified by 'FooBar1!'; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: The password equal to the user name +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) grant select on *.* to `BarFoo1!` identified by 'FooBar1!'; drop user `BarFoo1!`; create user foo1 identified by 'aA.12345'; @@ -100,27 +124,63 @@ create user foo1 identified by '123:qwe:ASD!'; drop user foo1; create user foo1 identified by '-23:qwe:ASD!'; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: Not enough digits (< 3) +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) +Error 1396 Operation CREATE USER failed for 'foo1'@'%' create user foo1 identified by '123:4we:ASD!'; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: Not enough lower case letters (< 3) +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) +Error 1396 Operation CREATE USER failed for 'foo1'@'%' create user foo1 identified by '123:qwe:4SD!'; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: Not enough upper case letters (< 3) +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) +Error 1396 Operation CREATE USER failed for 'foo1'@'%' create user foo1 identified by '123:qwe:ASD4'; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: Not enough special characters (< 3) +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) +Error 1396 Operation CREATE USER failed for 'foo1'@'%' create user foo1 identified by '123:qwe:ASD!'; set password for foo1 = password('qwe:-23:ASD!'); ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: Not enough digits (< 3) +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) set password for foo1 = old_password('4we:123:ASD!'); ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) set password for foo1 = password('qwe:123:4SD!'); ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: Not enough upper case letters (< 3) +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) set password for foo1 = old_password('qwe:123:ASD4'); ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: Not enough special characters (< 3) +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) set password for foo1 = password('qwe:123:ASD!'); select @@strict_password_validation; @@strict_password_validation 1 set password for foo1 = ''; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: The password equal to the user name +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) set password for foo1 = '2222222222222222'; ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement set password for foo1 = '11111111111111111111111111111111111111111'; @@ -135,12 +195,21 @@ grant select on *.* to foo2 identified with mysql_old_password using '2222222222 ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement create user foo2 identified with mysql_native_password using ''; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: The password equal to the user name +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) +Error 1396 Operation CREATE USER failed for 'foo2'@'%' grant select on *.* to foo2 identified with mysql_old_password; ERROR 28000: Can't find any matching row in the user table update mysql.user set password='xxx' where user='foo1'; set global strict_password_validation=0; set password for foo1 = ''; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) +show warnings; +Level Code Message +Warning 1819 simple_password_check: The password equal to the user name +Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) set password for foo1 = '2222222222222222'; set password for foo1 = '11111111111111111111111111111111111111111'; create user foo2 identified by password '11111111111111111111111111111111111111111'; diff --git a/mysql-test/suite/plugins/r/two_password_validations.result b/mysql-test/suite/plugins/r/two_password_validations.result index be0b7638aa2..4bd674baebb 100644 --- a/mysql-test/suite/plugins/r/two_password_validations.result +++ b/mysql-test/suite/plugins/r/two_password_validations.result @@ -14,6 +14,8 @@ grant select on *.* to foobar identified by 'q-%^&*rty'; ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check) show warnings; Level Code Message +Warning 1819 simple_password_check: Not enough upper case letters (< 1) +Warning 1819 simple_password_check: Not enough digits (< 1) Error 1819 Your password does not satisfy the current policy requirements (simple_password_check) uninstall plugin simple_password_check; grant select on *.* to foobar identified by 'q-%^&*rty'; diff --git a/mysql-test/suite/plugins/t/simple_password_check.test b/mysql-test/suite/plugins/t/simple_password_check.test index 4965ee492d2..d0ba7e1180b 100644 --- a/mysql-test/suite/plugins/t/simple_password_check.test +++ b/mysql-test/suite/plugins/t/simple_password_check.test @@ -15,16 +15,20 @@ select * from information_schema.system_variables where variable_name like 'simp --error ER_NOT_VALID_PASSWORD create user foo1 identified by 'pwd'; +show warnings; # Create user with no password. --error ER_NOT_VALID_PASSWORD create user foo1; +show warnings; --error ER_NOT_VALID_PASSWORD grant select on *.* to foo1 identified by 'pwd'; +show warnings; --error ER_NOT_VALID_PASSWORD grant select on *.* to `FooBar1!` identified by 'FooBar1!'; +show warnings; grant select on *.* to `BarFoo1!` identified by 'FooBar1!'; drop user `BarFoo1!`; @@ -43,25 +47,32 @@ drop user foo1; --error ER_NOT_VALID_PASSWORD create user foo1 identified by '-23:qwe:ASD!'; +show warnings; --error ER_NOT_VALID_PASSWORD create user foo1 identified by '123:4we:ASD!'; +show warnings; --error ER_NOT_VALID_PASSWORD create user foo1 identified by '123:qwe:4SD!'; +show warnings; --error ER_NOT_VALID_PASSWORD create user foo1 identified by '123:qwe:ASD4'; +show warnings; create user foo1 identified by '123:qwe:ASD!'; --error ER_NOT_VALID_PASSWORD set password for foo1 = password('qwe:-23:ASD!'); +show warnings; --error ER_NOT_VALID_PASSWORD set password for foo1 = old_password('4we:123:ASD!'); --error ER_NOT_VALID_PASSWORD set password for foo1 = password('qwe:123:4SD!'); +show warnings; --error ER_NOT_VALID_PASSWORD set password for foo1 = old_password('qwe:123:ASD4'); +show warnings; set password for foo1 = password('qwe:123:ASD!'); # now, strict_password_validation @@ -69,6 +80,7 @@ select @@strict_password_validation; --error ER_NOT_VALID_PASSWORD set password for foo1 = ''; +show warnings; --error ER_OPTION_PREVENTS_STATEMENT set password for foo1 = '2222222222222222'; --error ER_OPTION_PREVENTS_STATEMENT @@ -83,6 +95,7 @@ create user foo2 identified with mysql_native_password using '111111111111111111 grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222'; --error ER_NOT_VALID_PASSWORD create user foo2 identified with mysql_native_password using ''; +show warnings; --error ER_PASSWORD_NO_MATCH grant select on *.* to foo2 identified with mysql_old_password; @@ -93,6 +106,7 @@ set global strict_password_validation=0; --error ER_NOT_VALID_PASSWORD set password for foo1 = ''; +show warnings; set password for foo1 = '2222222222222222'; set password for foo1 = '11111111111111111111111111111111111111111'; create user foo2 identified by password '11111111111111111111111111111111111111111'; diff --git a/plugin/simple_password_check/simple_password_check.c b/plugin/simple_password_check/simple_password_check.c index 36459354755..8c6b3d78ef2 100644 --- a/plugin/simple_password_check/simple_password_check.c +++ b/plugin/simple_password_check/simple_password_check.c @@ -29,7 +29,13 @@ static int validate(MYSQL_CONST_LEX_STRING *username, const char *ptr= password->str, *end= ptr + length; if (strncmp(password->str, username->str, length) == 0) + { + // warning used to do not change error code + my_printf_error(ER_NOT_VALID_PASSWORD, + "simple_password_check: The password equal to the user name", + ME_WARNING); return 1; + } /* everything non-ascii is the "other" character and is good for the password */ for(; ptr < end; ptr++) @@ -43,6 +49,28 @@ static int validate(MYSQL_CONST_LEX_STRING *username, else others++; } + + // warnings used to do not change error code + if (length < min_length) + my_printf_error(ER_NOT_VALID_PASSWORD, + "simple_password_check: Too short password (< %u)", + ME_WARNING, min_length); + if (uppers < min_letters) + my_printf_error(ER_NOT_VALID_PASSWORD, + "simple_password_check: Not enough upper case " + "letters (< %u)",ME_WARNING, min_letters); + if (lowers < min_letters) + my_printf_error(ER_NOT_VALID_PASSWORD, + "simple_password_check: Not enough lower case " + "letters (< %u)",ME_WARNING, min_letters); + if (digits < min_digits) + my_printf_error(ER_NOT_VALID_PASSWORD, + "simple_password_check: Not enough digits (< %u)", + ME_WARNING, min_digits); + if (others < min_others) + my_printf_error(ER_NOT_VALID_PASSWORD, + "simple_password_check: Not enough special " + "characters (< %u)",ME_WARNING, min_others); /* remember TRUE means the password failed the validation */ return length < min_length || uppers < min_letters || |