mysql-test/suite/plugins/t/simple_password_check.test


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

--source include/not_embedded.inc

if (!$SIMPLE_PASSWORD_CHECK_SO) {
  skip No SIMPLE_PASSWORD_CHECK plugin;
}

install soname "simple_password_check";

--vertical_results
--replace_result .dll .so
select * from information_schema.plugins where plugin_name='simple_password_check';

select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
--horizontal_results

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by 'pwd';

# Create user with no password.
--error ER_NOT_VALID_PASSWORD
create user foo1;

--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo1 identified by 'pwd';

--error ER_NOT_VALID_PASSWORD
grant select on *.* to `FooBar1!` identified by 'FooBar1!';

grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
drop user `BarFoo1!`;

create user foo1 identified by 'aA.12345';
grant select on *.* to foo1;
drop user foo1;

set global simple_password_check_digits=3;
set global simple_password_check_letters_same_case=3;
set global simple_password_check_other_characters=3;
show variables like 'simple_password_check_%';

create user foo1 identified by '123:qwe:ASD!';
drop user foo1;

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '-23:qwe:ASD!';

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:4we:ASD!';

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:4SD!';

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:ASD4';

create user foo1 identified by '123:qwe:ASD!';
--error ER_NOT_VALID_PASSWORD
set password for foo1 = password('qwe:-23:ASD!');
--error ER_NOT_VALID_PASSWORD
set password for foo1 = old_password('4we:123:ASD!');
--error ER_NOT_VALID_PASSWORD
set password for foo1 = password('qwe:123:4SD!');
--error ER_NOT_VALID_PASSWORD
set password for foo1 = old_password('qwe:123:ASD4');
set password for foo1 = password('qwe:123:ASD!');

# now, strict_password_validation
select @@strict_password_validation;

--error ER_NOT_VALID_PASSWORD
set password for foo1 = '';
--error ER_OPTION_PREVENTS_STATEMENT
set password for foo1 = '2222222222222222';
--error ER_OPTION_PREVENTS_STATEMENT
set password for foo1 = '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
create user foo2 identified by password '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
grant select on *.* to foo2 identified by password '2222222222222222';
--error ER_OPTION_PREVENTS_STATEMENT
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
--error ER_NOT_VALID_PASSWORD
create user foo2 identified with mysql_native_password using '';
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo2 identified with mysql_old_password using '';
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo2 identified with mysql_old_password;

# direct updates are not protected
update mysql.global_priv set priv=json_set(priv, '$.authentication_string', 'xxx') where user='foo1';

set global strict_password_validation=0;

--error ER_NOT_VALID_PASSWORD
set password for foo1 = '';
set password for foo1 = '2222222222222222';
set password for foo1 = '11111111111111111111111111111111111111111';
create user foo2 identified by password '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified by password '2222222222222222';
drop user foo2;
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
drop user foo2;

set global strict_password_validation=1;
drop user foo1;

#
# MDEV-9940 CREATE ROLE blocked by password validation plugin
#
create role r1;
drop role r1;

flush privileges;

uninstall plugin simple_password_check;

create user foo1 identified by 'pwd';
drop user foo1;

--echo #
--echo # MDEV-26650: Failed ALTER USER/GRANT statement removes the
--echo # password from the cache
--echo #
create user foo1@localhost identified by '<GDFH:3ghj';
show grants for foo1@localhost;
install soname "simple_password_check";
--error ER_CANNOT_USER
ALTER USER foo1@localhost identified by 'foo1';
show grants for foo1@localhost;
flush privileges;
show grants for foo1@localhost;
drop user foo1@localhost;
uninstall plugin simple_password_check;