database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-07 00:04:31 +03:00
Code Activity

MDEV-28838 password_reuse_check plugin mixes username and password

Browse Source 
To prevent the problem of mixing user name and password and
host name and user name we add length of the hostname and user name
to the hash.
This commit is contained in:
Oleksandr Byelkin
2022-06-29 14:56:10 +02:00
parent c12192b1c6
commit a5f78505d7
3 changed files with 77 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
mysql-test/suite/plugins/r/password_reuse_check.result
View File

@@ -30,7 +30,7 @@ Error 1819 Your password does not satisfy the current policy requirements
Error 1396 Operation ALTER USER failed for 'user_name'@'localhost'
select hex(hash) from mysql.password_reuse_check_history;
hex(hash)
6276C87127F2B65FC6B24E94E324A02FF0D393D7FB7DEAF6F5F49F0A8AB006711D5C6EF67E36A251AB6337E7E20D312F9ED66D70EB699A6EC85B1E0BC7F376C0
B9F970DE4DA0145F842526C1BC9DBBBDB3EF80FDD7BE98061DAE3D18F492AA37668C07322DD21650C66B48FC78F0EAF6CB08245CC895BFDC43BE6921B07E5240
# emulate old password
update mysql.password_reuse_check_history set time= date_sub(now(), interval
11 day);
@@ -71,4 +71,24 @@ Level Code Message
Warning 1105 password_reuse_check:[1054] Unknown column 'time' in 'where clause'
Error 1819 Your password does not satisfy the current policy requirements
drop table mysql.password_reuse_check_history;
#
# MDEV-28838: password_reuse_check plugin mixes username and password
#
grant select on *.* to user_name@localhost identified by 'test_pwd';
grant select on *.* to user_nam@localhost identified by 'etest_pwd';
show warnings;
Level Code Message
drop user user_name@localhost;
drop user user_nam@localhost;
drop table mysql.password_reuse_check_history;
grant select on *.* to user_name@localhost identified by 'test_pwd';
grant select on *.* to tuser_name@localhos identified by 'test_pwd';
show warnings;
Level Code Message
drop user user_name@localhost;
drop user tuser_name@localhos;
#
# End of 10.7 tests
#
drop table mysql.password_reuse_check_history;
uninstall plugin password_reuse_check;

27
mysql-test/suite/plugins/t/password_reuse_check.test
View File

@@ -69,5 +69,32 @@ set global password_reuse_check_interval= 10;
grant select on *.* to user_name@localhost identified by 'test_pwd';
show warnings;
drop table mysql.password_reuse_check_history;
--echo #
--echo # MDEV-28838: password_reuse_check plugin mixes username and password
--echo #
grant select on *.* to user_name@localhost identified by 'test_pwd';
grant select on *.* to user_nam@localhost identified by 'etest_pwd';
show warnings;
drop user user_name@localhost;
drop user user_nam@localhost;
drop table mysql.password_reuse_check_history;
grant select on *.* to user_name@localhost identified by 'test_pwd';
grant select on *.* to tuser_name@localhos identified by 'test_pwd';
show warnings;
drop user user_name@localhost;
drop user tuser_name@localhos;
--echo #
--echo # End of 10.7 tests
--echo #
drop table mysql.password_reuse_check_history;
uninstall plugin password_reuse_check;