File: simple_password_check.test

package info (click to toggle)
mariadb 1%3A11.8.3-1
links: PTS, VCS
area: main
in suites: sid
size: 772,520 kB
sloc: ansic: 2,414,714; cpp: 1,791,394; asm: 381,336; perl: 62,905; sh: 49,647; pascal: 40,897; java: 39,363; python: 20,791; yacc: 20,432; sql: 17,907; xml: 12,344; ruby: 8,544; cs: 6,542; makefile: 6,145; ada: 1,879; lex: 1,193; javascript: 996; objc: 80; tcl: 73; awk: 46; php: 22
file content (183 lines) | stat: -rw-r--r-- 5,586 bytes
--source include/not_embedded.inc

if (!$SIMPLE_PASSWORD_CHECK_SO) {
  skip No SIMPLE_PASSWORD_CHECK plugin;
}

install soname "simple_password_check";

--vertical_results
--replace_result .dll .so
select * from information_schema.plugins where plugin_name='simple_password_check';

select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
--horizontal_results

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by 'pwd';
show warnings;

# Create user with no password.
--error ER_NOT_VALID_PASSWORD
create user foo1;
show warnings;

--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo1 identified by 'pwd';
show warnings;

--error ER_NOT_VALID_PASSWORD
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
show warnings;

grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
drop user `BarFoo1!`;

create user foo1 identified by 'aA.12345';
grant select on *.* to foo1;
drop user foo1;

set global simple_password_check_digits=3;
set global simple_password_check_letters_same_case=3;
set global simple_password_check_other_characters=3;
show variables like 'simple_password_check_%';

create user foo1 identified by '123:qwe:ASD!';
drop user foo1;

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '-23:qwe:ASD!';
show warnings;

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:4we:ASD!';
show warnings;

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:4SD!';
show warnings;

--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:ASD4';
show warnings;

create user foo1 identified by '123:qwe:ASD!';
--error ER_NOT_VALID_PASSWORD
set password for foo1 = password('qwe:-23:ASD!');
show warnings;
--error ER_NOT_VALID_PASSWORD
set password for foo1 = old_password('4we:123:ASD!');
--error ER_NOT_VALID_PASSWORD
set password for foo1 = password('qwe:123:4SD!');
show warnings;
--error ER_NOT_VALID_PASSWORD
set password for foo1 = old_password('qwe:123:ASD4');
show warnings;
set password for foo1 = password('qwe:123:ASD!');

# now, strict_password_validation
select @@strict_password_validation;

--error ER_NOT_VALID_PASSWORD
set password for foo1 = '';
show warnings;
--error ER_OPTION_PREVENTS_STATEMENT
set password for foo1 = '2222222222222222';
--error ER_OPTION_PREVENTS_STATEMENT
set password for foo1 = '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
create user foo2 identified by password '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
grant select on *.* to foo2 identified by password '2222222222222222';
--error ER_OPTION_PREVENTS_STATEMENT
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
--error ER_OPTION_PREVENTS_STATEMENT
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
--error ER_NOT_VALID_PASSWORD
create user foo2 identified with mysql_native_password using '';
show warnings;
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo2 identified with mysql_old_password using '';
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo2 identified with mysql_old_password;

# direct updates are not protected
update mysql.global_priv set priv=json_set(priv, '$.authentication_string', 'xxx') where user='foo1';

set global strict_password_validation=0;

--error ER_NOT_VALID_PASSWORD
set password for foo1 = '';
show warnings;
set password for foo1 = '2222222222222222';
set password for foo1 = '11111111111111111111111111111111111111111';
create user foo2 identified by password '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified by password '2222222222222222';
drop user foo2;
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
drop user foo2;

set global strict_password_validation=1;
drop user foo1;

#
# MDEV-9940 CREATE ROLE blocked by password validation plugin
#
create role r1;
drop role r1;

flush privileges;

uninstall plugin simple_password_check;

create user foo1 identified by 'pwd';
drop user foo1;

--echo #
--echo # MDEV-26650: Failed ALTER USER/GRANT statement removes the
--echo # password from the cache
--echo #
create user foo1@localhost identified by '<GDFH:3ghj';
show grants for foo1@localhost;
install soname "simple_password_check";
--error ER_CANNOT_USER
ALTER USER foo1@localhost identified by 'foo1';
show grants for foo1@localhost;
flush privileges;
show grants for foo1@localhost;
drop user foo1@localhost;
uninstall plugin simple_password_check;


--echo #
--echo # MDEV-22418 mysqladmin wrong error with simple_password_check
--echo #

install soname "simple_password_check";

--replace_regex /.*[\/\\]// /(mysqladmin|mariadb-admin)(\.exe)?/MARIADB-ADMIN/
--error 1
--exec $MYSQLADMIN -uroot password foo 2>&1

--echo # All done
uninstall plugin simple_password_check;

--echo # End of 10.4 tests

--echo #
--echo # MDEV-30190 Password check plugin prevents changing grants for CURRENT_USER
--echo #
select priv into @old_priv from mysql.global_priv where user='root' and host='localhost';
install soname "simple_password_check";
grant all on db1.* to current_user;
select current_user;
show grants;
revoke all on db1.* from current_user;
uninstall plugin simple_password_check;
#cleanup
update mysql.global_priv set priv=@old_priv where user='root' and host='localhost';

--echo # End of 10.11 tests