database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-9245 password "reuse prevention" validation plugin

Browse Source
This commit is contained in:
Oleksandr Byelkin
2021-08-19 13:30:45 +02:00
parent 9d1a8665cb
commit bc82b6c03b
4 changed files with 379 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
mysql-test/suite/plugins/t/password_reuse_check.test Normal file
View File

@ -0,0 +1,73 @@
--source include/not_embedded.inc
if (!$PASSWORD_REUSE_CHECK_SO) {
skip No PASSWORD_REUSE_CHECK plugin;
}
install soname "password_reuse_check";
set global password_reuse_check_interval= 0;
--echo # Default value (sould be unlimited i.e. 0)
SHOW GLOBAL VARIABLES like "password_reuse_check%";
--echo # insert user
grant select on *.* to user_name@localhost identified by 'test_pwd';
--error ER_NOT_VALID_PASSWORD
grant select on *.* to user_name@localhost identified by 'test_pwd';
show warnings;
--error ER_CANNOT_USER
alter user user_name@localhost identified by 'test_pwd';
show warnings;
# Plugin does not work for it
#--error ER_NOT_VALID_PASSWORD
#SET PASSWORD FOR user_name@localhost = PASSWORD('test_pwd');
--echo # check exparation
set global password_reuse_check_interval= 10;
--error ER_CANNOT_USER
alter user user_name@localhost identified by 'test_pwd';
show warnings;
select hex(hash) from mysql.password_reuse_check_history;
--echo # emulate old password
update mysql.password_reuse_check_history set time= date_sub(now(), interval
11 day);
alter user user_name@localhost identified by 'test_pwd';
show warnings;
drop user user_name@localhost;
show create table mysql.password_reuse_check_history;
select count(*) from mysql.password_reuse_check_history;
drop table mysql.password_reuse_check_history;
--echo # test error messages
set global password_reuse_check_interval= 0;
drop table if exists mysql.password_reuse_check_history;
--echo # test error messages
create table mysql.password_reuse_check_history (wrong_structure int);
--error ER_NOT_VALID_PASSWORD
grant select on *.* to user_name@localhost identified by 'test_pwd';
show warnings;
set global password_reuse_check_interval= 10;
--error ER_NOT_VALID_PASSWORD
grant select on *.* to user_name@localhost identified by 'test_pwd';
show warnings;
drop table mysql.password_reuse_check_history;
uninstall plugin password_reuse_check;