Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
8934794a
Commit
8934794a
authored
Nov 25, 2014
by
Sergei Golubchik
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
password validation function in sql_acl.cc
parent
c98b2b39
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
98 additions
and
0 deletions
+98
-0
mysql-test/suite/plugins/r/simple_password_check.result
mysql-test/suite/plugins/r/simple_password_check.result
+31
-0
mysql-test/suite/plugins/t/simple_password_check.test
mysql-test/suite/plugins/t/simple_password_check.test
+39
-0
sql/sql_acl.cc
sql/sql_acl.cc
+28
-0
No files found.
mysql-test/suite/plugins/r/simple_password_check.result
View file @
8934794a
...
@@ -70,4 +70,35 @@ NUMERIC_BLOCK_SIZE 1
...
@@ -70,4 +70,35 @@ NUMERIC_BLOCK_SIZE 1
ENUM_VALUE_LIST NULL
ENUM_VALUE_LIST NULL
READ_ONLY NO
READ_ONLY NO
COMMAND_LINE_ARGUMENT REQUIRED
COMMAND_LINE_ARGUMENT REQUIRED
create user foo1 identified by 'pwd';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to foo1 identified by 'pwd';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
drop user `BarFoo1!`;
create user foo1 identified by 'aA.12345';
drop user foo1;
set global simple_password_check_digits=3;
set global simple_password_check_letters_same_case=3;
set global simple_password_check_other_characters=3;
show variables like 'simple_password_check_%';
Variable_name Value
simple_password_check_digits 3
simple_password_check_letters_same_case 3
simple_password_check_minimal_length 12
simple_password_check_other_characters 3
create user foo1 identified by '123:qwe:ASD!';
drop user foo1;
create user foo1 identified by '-23:qwe:ASD!';
ERROR HY000: Your password does not satisfy the current policy requirements
create user foo1 identified by '123:4we:ASD!';
ERROR HY000: Your password does not satisfy the current policy requirements
create user foo1 identified by '123:qwe:4SD!';
ERROR HY000: Your password does not satisfy the current policy requirements
create user foo1 identified by '123:qwe:ASD4';
ERROR HY000: Your password does not satisfy the current policy requirements
uninstall plugin simple_password_check;
uninstall plugin simple_password_check;
create user foo1 identified by 'pwd';
drop user foo1;
mysql-test/suite/plugins/t/simple_password_check.test
View file @
8934794a
...
@@ -13,4 +13,43 @@ select * from information_schema.plugins where plugin_name='simple_password_chec
...
@@ -13,4 +13,43 @@ select * from information_schema.plugins where plugin_name='simple_password_chec
select
*
from
information_schema
.
system_variables
where
variable_name
like
'simple_password_check%'
order
by
1
;
select
*
from
information_schema
.
system_variables
where
variable_name
like
'simple_password_check%'
order
by
1
;
--
horizontal_results
--
horizontal_results
--
error
ER_NOT_VALID_PASSWORD
create
user
foo1
identified
by
'pwd'
;
--
error
ER_NOT_VALID_PASSWORD
grant
select
on
*.*
to
foo1
identified
by
'pwd'
;
--
error
ER_NOT_VALID_PASSWORD
grant
select
on
*.*
to
`FooBar1!`
identified
by
'FooBar1!'
;
grant
select
on
*.*
to
`BarFoo1!`
identified
by
'FooBar1!'
;
drop
user
`BarFoo1!`
;
create
user
foo1
identified
by
'aA.12345'
;
drop
user
foo1
;
set
global
simple_password_check_digits
=
3
;
set
global
simple_password_check_letters_same_case
=
3
;
set
global
simple_password_check_other_characters
=
3
;
show
variables
like
'simple_password_check_%'
;
create
user
foo1
identified
by
'123:qwe:ASD!'
;
drop
user
foo1
;
--
error
ER_NOT_VALID_PASSWORD
create
user
foo1
identified
by
'-23:qwe:ASD!'
;
--
error
ER_NOT_VALID_PASSWORD
create
user
foo1
identified
by
'123:4we:ASD!'
;
--
error
ER_NOT_VALID_PASSWORD
create
user
foo1
identified
by
'123:qwe:4SD!'
;
--
error
ER_NOT_VALID_PASSWORD
create
user
foo1
identified
by
'123:qwe:ASD4'
;
uninstall
plugin
simple_password_check
;
uninstall
plugin
simple_password_check
;
create
user
foo1
identified
by
'pwd'
;
drop
user
foo1
;
sql/sql_acl.cc
View file @
8934794a
...
@@ -47,6 +47,7 @@
...
@@ -47,6 +47,7 @@
#include "lock.h" // MYSQL_LOCK_IGNORE_TIMEOUT
#include "lock.h" // MYSQL_LOCK_IGNORE_TIMEOUT
#include <sql_common.h>
#include <sql_common.h>
#include <mysql/plugin_auth.h>
#include <mysql/plugin_auth.h>
#include <mysql/plugin_password_validation.h>
#include "sql_connect.h"
#include "sql_connect.h"
#include "hostname.h"
#include "hostname.h"
#include "sql_db.h"
#include "sql_db.h"
...
@@ -872,6 +873,24 @@ static void free_acl_role(ACL_ROLE *role)
...
@@ -872,6 +873,24 @@ static void free_acl_role(ACL_ROLE *role)
delete_dynamic
(
&
(
role
->
parent_grantee
));
delete_dynamic
(
&
(
role
->
parent_grantee
));
}
}
struct
validation_data
{
LEX_STRING
*
user
,
*
password
;
};
static
my_bool
do_validate
(
THD
*
,
plugin_ref
plugin
,
void
*
arg
)
{
struct
validation_data
*
data
=
(
struct
validation_data
*
)
arg
;
struct
st_mysql_password_validation
*
handler
=
(
st_mysql_password_validation
*
)
plugin_decl
(
plugin
)
->
info
;
return
handler
->
validate_password
(
data
->
user
,
data
->
password
);
}
static
bool
validate_password
(
LEX_STRING
*
user
,
LEX_STRING
*
password
)
{
struct
validation_data
data
=
{
user
,
password
};
return
plugin_foreach
(
NULL
,
do_validate
,
MariaDB_PASSWORD_VALIDATION_PLUGIN
,
&
data
);
}
/**
/**
Convert scrambled password to binary form, according to scramble type,
Convert scrambled password to binary form, according to scramble type,
Binary form is stored in user.salt.
Binary form is stored in user.salt.
...
@@ -977,6 +996,15 @@ static bool fix_lex_user(THD *thd, LEX_USER *user)
...
@@ -977,6 +996,15 @@ static bool fix_lex_user(THD *thd, LEX_USER *user)
return
true
;
return
true
;
}
}
if
(
user
->
password
.
length
||
!
user
->
auth
.
length
)
{
if
(
validate_password
(
&
user
->
user
,
&
user
->
password
))
{
my_error
(
ER_NOT_VALID_PASSWORD
,
MYF
(
0
));
return
true
;
}
}
if
(
user
->
password
.
length
)
if
(
user
->
password
.
length
)
{
{
size_t
scramble_length
;
size_t
scramble_length
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment