mirror of
https://github.com/MariaDB/server.git
synced 2025-07-29 05:21:33 +03:00
password validation function in sql_acl.cc
This commit is contained in:
Sergei Golubchik
@ -70,4 +70,35 @@ NUMERIC_BLOCK_SIZE 1
|
||||
ENUM_VALUE_LIST NULL
|
||||
READ_ONLY NO
|
||||
COMMAND_LINE_ARGUMENT REQUIRED
|
||||
create user foo1 identified by 'pwd';
|
||||
ERROR HY000: Your password does not satisfy the current policy requirements
|
||||
grant select on *.* to foo1 identified by 'pwd';
|
||||
ERROR HY000: Your password does not satisfy the current policy requirements
|
||||
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
|
||||
ERROR HY000: Your password does not satisfy the current policy requirements
|
||||
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
|
||||
drop user `BarFoo1!`;
|
||||
create user foo1 identified by 'aA.12345';
|
||||
drop user foo1;
|
||||
set global simple_password_check_digits=3;
|
||||
set global simple_password_check_letters_same_case=3;
|
||||
set global simple_password_check_other_characters=3;
|
||||
show variables like 'simple_password_check_%';
|
||||
Variable_name Value
|
||||
simple_password_check_digits 3
|
||||
simple_password_check_letters_same_case 3
|
||||
simple_password_check_minimal_length 12
|
||||
simple_password_check_other_characters 3
|
||||
create user foo1 identified by '123:qwe:ASD!';
|
||||
drop user foo1;
|
||||
create user foo1 identified by '-23:qwe:ASD!';
|
||||
ERROR HY000: Your password does not satisfy the current policy requirements
|
||||
create user foo1 identified by '123:4we:ASD!';
|
||||
ERROR HY000: Your password does not satisfy the current policy requirements
|
||||
create user foo1 identified by '123:qwe:4SD!';
|
||||
ERROR HY000: Your password does not satisfy the current policy requirements
|
||||
create user foo1 identified by '123:qwe:ASD4';
|
||||
ERROR HY000: Your password does not satisfy the current policy requirements
|
||||
uninstall plugin simple_password_check;
|
||||
create user foo1 identified by 'pwd';
|
||||
drop user foo1;
|
||||
|
||||
@ -13,4 +13,43 @@ select * from information_schema.plugins where plugin_name='simple_password_chec
|
||||
select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
|
||||
--horizontal_results
|
||||
|
||||
--error ER_NOT_VALID_PASSWORD
|
||||
create user foo1 identified by 'pwd';
|
||||
|
||||
--error ER_NOT_VALID_PASSWORD
|
||||
grant select on *.* to foo1 identified by 'pwd';
|
||||
|
||||
--error ER_NOT_VALID_PASSWORD
|
||||
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
|
||||
|
||||
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
|
||||
drop user `BarFoo1!`;
|
||||
|
||||
create user foo1 identified by 'aA.12345';
|
||||
drop user foo1;
|
||||
|
||||
set global simple_password_check_digits=3;
|
||||
set global simple_password_check_letters_same_case=3;
|
||||
set global simple_password_check_other_characters=3;
|
||||
show variables like 'simple_password_check_%';
|
||||
|
||||
create user foo1 identified by '123:qwe:ASD!';
|
||||
drop user foo1;
|
||||
|
||||
--error ER_NOT_VALID_PASSWORD
|
||||
create user foo1 identified by '-23:qwe:ASD!';
|
||||
|
||||
--error ER_NOT_VALID_PASSWORD
|
||||
create user foo1 identified by '123:4we:ASD!';
|
||||
|
||||
--error ER_NOT_VALID_PASSWORD
|
||||
create user foo1 identified by '123:qwe:4SD!';
|
||||
|
||||
--error ER_NOT_VALID_PASSWORD
|
||||
create user foo1 identified by '123:qwe:ASD4';
|
||||
|
||||
uninstall plugin simple_password_check;
|
||||
|
||||
create user foo1 identified by 'pwd';
|
||||
drop user foo1;
|
||||
|
||||
|
||||
@ -47,6 +47,7 @@
|
||||
#include "lock.h" // MYSQL_LOCK_IGNORE_TIMEOUT
|
||||
#include <sql_common.h>
|
||||
#include <mysql/plugin_auth.h>
|
||||
#include <mysql/plugin_password_validation.h>
|
||||
#include "sql_connect.h"
|
||||
#include "hostname.h"
|
||||
#include "sql_db.h"
|
||||
@ -872,6 +873,24 @@ static void free_acl_role(ACL_ROLE *role)
|
||||
delete_dynamic(&(role->parent_grantee));
|
||||
}
|
||||
|
||||
struct validation_data { LEX_STRING *user, *password; };
|
||||
|
||||
static my_bool do_validate(THD *, plugin_ref plugin, void *arg)
|
||||
{
|
||||
struct validation_data *data= (struct validation_data *)arg;
|
||||
struct st_mysql_password_validation *handler=
|
||||
(st_mysql_password_validation *)plugin_decl(plugin)->info;
|
||||
return handler->validate_password(data->user, data->password);
|
||||
}
|
||||
|
||||
|
||||
static bool validate_password(LEX_STRING *user, LEX_STRING *password)
|
||||
{
|
||||
struct validation_data data= { user, password };
|
||||
return plugin_foreach(NULL, do_validate,
|
||||
MariaDB_PASSWORD_VALIDATION_PLUGIN, &data);
|
||||
}
|
||||
|
||||
/**
|
||||
Convert scrambled password to binary form, according to scramble type,
|
||||
Binary form is stored in user.salt.
|
||||
@ -977,6 +996,15 @@ static bool fix_lex_user(THD *thd, LEX_USER *user)
|
||||
return true;
|
||||
}
|
||||
|
||||
if (user->password.length || !user->auth.length)
|
||||
{
|
||||
if (validate_password(&user->user, &user->password))
|
||||
{
|
||||
my_error(ER_NOT_VALID_PASSWORD, MYF(0));
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
if (user->password.length)
|
||||
{
|
||||
size_t scramble_length;
|
||||
|
||||
Reference in New Issue
Block a user