1
0
mirror of https://github.com/MariaDB/server.git synced 2025-07-21 21:22:27 +03:00
Commit Graph

14 Commits

Author SHA1 Message Date
a34b989f0c MDEV-22418 mysqladmin wrong error with simple_password_check
mysqladmin's presumption about the cause of an error by looking
at the error code was presumptious. Server knows best, so pass
the error along.

Avoid returning -1 as a exit code, Linux makes this 255 and Windows
keeps this as -1.
2023-10-06 11:08:47 +03:00
48e35b8cf6 Merge branch '10.3' into 10.4 2022-08-02 14:15:39 +02:00
15a2ff1231 MDEV-26647 (simple_password_check) Include password validation plugin information in the error message if the SQL statement is not satisfied password policy
Make the plugin reporting cause of the error.
2022-07-27 16:04:20 +02:00
c9a9ae6554 MDEV-26650: Failed ALTER USER/GRANT statement removes the password from the cache
Starting from 10.4 AUTH is not part of ACL_USER so changes have to be done
over a copy, and bring in the cache only in case of success.
2021-10-18 12:09:59 +02:00
4abb8216a0 MDEV-17658 change the structure of mysql.user table
Implement User_table_json.
Fix scripts to use mysql.global_priv.
Fix tests.
2018-12-12 00:31:44 +01:00
7c40996cc8 MDEV-12321 authentication plugin: SET PASSWORD support
Support SET PASSWORD for authentication plugins.

Authentication plugin API is extended with two optional methods:
* hash_password() is used to compute a password hash (or digest)
  from the plain-text password. This digest will be stored in mysql.user
  table
* preprocess_hash() is used to convert this digest into some memory
  representation that can be later used to authenticate a user.
  Build-in plugins convert the hash from hexadecimal or base64 to binary,
  to avoid doing it on every authentication attempt.

Note a change in behavior: when loading privileges (on startup or on
FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a
warning (e.g. "Plugin 'foo' is not loaded"). But such an account could
not be used for authentication until the plugin is installed. Now an
account like that will not be loaded at all (with a warning, still).
Indeed, without plugin's preprocess_hash() method the server cannot know
how to load an account. Thus, if a new authentication plugin is
installed run-time, one might need FLUSH PRIVILEGES to activate all
existing accounts that were using this new plugin.
2018-10-31 16:06:16 +01:00
76151f3cbc Use mysql.user.authentication_string for password
Don't distinguish between a "password hash" and "authentication string"
anymore. Now both are stored in mysql.user.authentication_string, both
are handled identically internally. A "password hash" is just how some
particular plugins interpret authentication string.

Set mysql.user.plugin even if there is no password. The server will use
mysql_native_password plugin in these cases, let's make it expicit.

Remove LEX_USER::pwhash.
2018-10-31 16:06:16 +01:00
1512078a7a MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash when using cracklib plugin
Do not allow NULL password to pass directly to password
validation plugin.
2016-05-05 09:19:40 -04:00
4db2ebb1fe MDEV-9940 CREATE ROLE blocked by password validation plugin 2016-05-05 01:05:05 +02:00
68910e7092 MDEV-9273 ERROR 1819 on grant statment for existing user
Cannot do password validation in fix_lex_user(), we don't know
there what "GRANT ... TO user" means - creating a new user with
an empty password (need validation) or granting privileges
to an existing user (no validation needed).

Move validation down into replace_user_table(). And copy into
check_change_password().
2016-01-25 22:57:53 +01:00
7516a3c7f4 strict_password_validation 2014-12-04 10:41:55 +01:00
b814046719 validate SET PASSWORD 2014-12-04 10:41:55 +01:00
8934794a70 password validation function in sql_acl.cc 2014-12-04 10:41:54 +01:00
c98b2b393d password validation plugin type and a simple plugin 2014-12-04 10:41:54 +01:00