database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-09 22:24:09 +03:00
Code Activity

MDEV-10956 Strict Password Validation Breaks Replication.

Browse Source 
strict_password_validation variable now has
        no effect in the slave thread.
This commit is contained in:
Alexey Botchkov
2017-01-17 15:32:41 +04:00
parent 3953c55978
commit 30a9ac4250
3 changed files with 42 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
mysql-test/suite/rpl/r/rpl_strict_password_validation.result Normal file
View File

@@ -0,0 +1,13 @@
include/master-slave.inc
[connection master]
install soname "simple_password_check";
select @@strict_password_validation;
@@strict_password_validation
1
create user foo1 identified by password '11111111111111111111111111111111111111111';
set password for foo1 = PASSWORD('PLAINtext-password!!99');
drop user foo1;
create user foo1 identified by password '11111111111111111111111111111111111111111';
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
uninstall plugin simple_password_check;
include/rpl_end.inc

24
mysql-test/suite/rpl/t/rpl_strict_password_validation.test Normal file
View File

@@ -0,0 +1,24 @@
if (!$SIMPLE_PASSWORD_CHECK_SO) {
skip No SIMPLE_PASSWORD_CHECK plugin;
}
--source include/master-slave.inc
--connection slave
install soname "simple_password_check";
select @@strict_password_validation;
--connection master
create user foo1 identified by password '11111111111111111111111111111111111111111';
set password for foo1 = PASSWORD('PLAINtext-password!!99');
drop user foo1;
--sync_slave_with_master
--connection slave
--error ER_OPTION_PREVENTS_STATEMENT
create user foo1 identified by password '11111111111111111111111111111111111111111';
uninstall plugin simple_password_check;
--source include/rpl_end.inc

9
sql/sql_acl.cc
View File

@@ -895,7 +895,7 @@ static my_bool do_validate(THD *, plugin_ref plugin, void *arg)
} }
static bool validate_password(LEX_USER *user) static bool validate_password(LEX_USER *user, THD *thd)
{ {
if (user->pwtext.length || !user->pwhash.length) if (user->pwtext.length || !user->pwhash.length)
{ {
@@ -911,7 +911,8 @@ static bool validate_password(LEX_USER *user)
} }
else else
{ {
if (strict_password_validation && has_validation_plugins()) if (!thd->slave_thread &&
strict_password_validation && has_validation_plugins())
{ {
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--strict-password-validation"); my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--strict-password-validation");
return true; return true;
@@ -2750,7 +2751,7 @@ bool check_change_password(THD *thd, LEX_USER *user)
LEX_USER *real_user= get_current_user(thd, user); LEX_USER *real_user= get_current_user(thd, user);
if (fix_and_copy_user(real_user, user, thd) || if (fix_and_copy_user(real_user, user, thd) ||
validate_password(real_user)) validate_password(real_user, thd))
return true; return true;
*user= *real_user; *user= *real_user;
@@ -3465,7 +3466,7 @@ static int replace_user_table(THD *thd, TABLE *table, LEX_USER &combo,
} }
if (!old_row_exists || combo.pwtext.length || combo.pwhash.length) if (!old_row_exists || combo.pwtext.length || combo.pwhash.length)
if (!handle_as_role && validate_password(&combo)) if (!handle_as_role && validate_password(&combo, thd))
goto end; goto end;
/* Update table columns with new privileges */ /* Update table columns with new privileges */