MDEV-10956 Strict Password Validation Breaks Replication.

strict_password_validation variable now has no effect in the slave thread.

MDEV-10956 Strict Password Validation Breaks Replication.
strict_password_validation variable now has no effect in the slave thread.
30a9ac42 · Alexey Botchkov · 3953c559 · 30a9ac42 · 30a9ac42 · 30a9ac42
Commit 30a9ac42 authored Jan 17, 2017 by Alexey Botchkov
3 changed files
--- a/mysql-test/suite/rpl/r/rpl_strict_password_validation.result
+++ b/mysql-test/suite/rpl/r/rpl_strict_password_validation.result
+include/master-slave.inc
+[connection master]
+install soname "simple_password_check";
+select @@strict_password_validation;
+@@strict_password_validation
+1
+create user foo1 identified by password '11111111111111111111111111111111111111111';
+set password for foo1 = PASSWORD('PLAINtext-password!!99');
+drop user foo1;
+create user foo1 identified by password '11111111111111111111111111111111111111111';
+ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
+uninstall plugin simple_password_check;
+include/rpl_end.inc
--- a/mysql-test/suite/rpl/t/rpl_strict_password_validation.test
+++ b/mysql-test/suite/rpl/t/rpl_strict_password_validation.test
+if (!$SIMPLE_PASSWORD_CHECK_SO) {
+    skip No SIMPLE_PASSWORD_CHECK plugin;
+}
+
+--source include/master-slave.inc
+
+
+--connection slave
+install soname "simple_password_check";
+select @@strict_password_validation;
+
+--connection master
+create user foo1 identified by password '11111111111111111111111111111111111111111';
+set password for foo1 = PASSWORD('PLAINtext-password!!99');
+drop user foo1;
+--sync_slave_with_master
+
+--connection slave
+--error ER_OPTION_PREVENTS_STATEMENT
+create user foo1 identified by password '11111111111111111111111111111111111111111';
+
+uninstall plugin simple_password_check;
+
+--source include/rpl_end.inc
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -895,7 +895,7 @@ static my_bool do_validate(THD *, plugin_ref plugin, void *arg)
 }


-static bool validate_password(LEX_USER *user)
+static bool validate_password(LEX_USER *user, THD *thd)
 {
  if (user->pwtext.length || !user->pwhash.length)
  {
@@ -911,7 +911,8 @@ static bool validate_password(LEX_USER *user)
  }
  else
  {
-    if (strict_password_validation && has_validation_plugins())
+    if (!thd->slave_thread &&
+        strict_password_validation && has_validation_plugins())
    {
      my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--strict-password-validation");
      return true;
@@ -2750,7 +2751,7 @@ bool check_change_password(THD *thd, LEX_USER *user)
  LEX_USER *real_user= get_current_user(thd, user);

  if (fix_and_copy_user(real_user, user, thd) ||
-      validate_password(real_user))
+      validate_password(real_user, thd))
    return true;

  *user= *real_user;
@@ -3465,7 +3466,7 @@ static int replace_user_table(THD *thd, TABLE *table, LEX_USER &combo,
  }

  if (!old_row_exists || combo.pwtext.length || combo.pwhash.length)
-    if (!handle_as_role && validate_password(&combo))
+    if (!handle_as_role && validate_password(&combo, thd))
      goto end;

  /* Update table columns with new privileges */