Skip to content

Commit 15a2ff1

Browse files
sanja-byelkinsanja-byelkin
committed
MDEV-26647 (simple_password_check) Include password validation plugin information in the error message if the SQL statement is not satisfied password policy
Make the plugin reporting cause of the error.
1 parent cc6bba0 commit 15a2ff1

File tree

4 files changed

+113
-0
lines changed

4 files changed

+113
-0
lines changed

mysql-test/suite/plugins/r/simple_password_check.result

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,12 +72,36 @@ READ_ONLY NO
7272
COMMAND_LINE_ARGUMENT REQUIRED
7373
create user foo1 identified by 'pwd';
7474
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
75+
show warnings;
76+
Level Code Message
77+
Warning 1819 simple_password_check: Too short password (< 8)
78+
Warning 1819 simple_password_check: Not enough upper case letters (< 1)
79+
Warning 1819 simple_password_check: Not enough digits (< 1)
80+
Warning 1819 simple_password_check: Not enough special characters (< 1)
81+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
82+
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
7583
create user foo1;
7684
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
85+
show warnings;
86+
Level Code Message
87+
Warning 1819 simple_password_check: The password equal to the user name
88+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
89+
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
7790
grant select on *.* to foo1 identified by 'pwd';
7891
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
92+
show warnings;
93+
Level Code Message
94+
Warning 1819 simple_password_check: Too short password (< 8)
95+
Warning 1819 simple_password_check: Not enough upper case letters (< 1)
96+
Warning 1819 simple_password_check: Not enough digits (< 1)
97+
Warning 1819 simple_password_check: Not enough special characters (< 1)
98+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
7999
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
80100
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
101+
show warnings;
102+
Level Code Message
103+
Warning 1819 simple_password_check: The password equal to the user name
104+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
81105
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
82106
drop user `BarFoo1!`;
83107
create user foo1 identified by 'aA.12345';
@@ -100,27 +124,63 @@ create user foo1 identified by '123:qwe:ASD!';
100124
drop user foo1;
101125
create user foo1 identified by '-23:qwe:ASD!';
102126
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
127+
show warnings;
128+
Level Code Message
129+
Warning 1819 simple_password_check: Not enough digits (< 3)
130+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
131+
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
103132
create user foo1 identified by '123:4we:ASD!';
104133
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
134+
show warnings;
135+
Level Code Message
136+
Warning 1819 simple_password_check: Not enough lower case letters (< 3)
137+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
138+
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
105139
create user foo1 identified by '123:qwe:4SD!';
106140
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
141+
show warnings;
142+
Level Code Message
143+
Warning 1819 simple_password_check: Not enough upper case letters (< 3)
144+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
145+
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
107146
create user foo1 identified by '123:qwe:ASD4';
108147
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
148+
show warnings;
149+
Level Code Message
150+
Warning 1819 simple_password_check: Not enough special characters (< 3)
151+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
152+
Error 1396 Operation CREATE USER failed for 'foo1'@'%'
109153
create user foo1 identified by '123:qwe:ASD!';
110154
set password for foo1 = password('qwe:-23:ASD!');
111155
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
156+
show warnings;
157+
Level Code Message
158+
Warning 1819 simple_password_check: Not enough digits (< 3)
159+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
112160
set password for foo1 = old_password('4we:123:ASD!');
113161
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
114162
set password for foo1 = password('qwe:123:4SD!');
115163
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
164+
show warnings;
165+
Level Code Message
166+
Warning 1819 simple_password_check: Not enough upper case letters (< 3)
167+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
116168
set password for foo1 = old_password('qwe:123:ASD4');
117169
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
170+
show warnings;
171+
Level Code Message
172+
Warning 1819 simple_password_check: Not enough special characters (< 3)
173+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
118174
set password for foo1 = password('qwe:123:ASD!');
119175
select @@strict_password_validation;
120176
@@strict_password_validation
121177
1
122178
set password for foo1 = '';
123179
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
180+
show warnings;
181+
Level Code Message
182+
Warning 1819 simple_password_check: The password equal to the user name
183+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
124184
set password for foo1 = '2222222222222222';
125185
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
126186
set password for foo1 = '11111111111111111111111111111111111111111';
@@ -135,12 +195,21 @@ grant select on *.* to foo2 identified with mysql_old_password using '2222222222
135195
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
136196
create user foo2 identified with mysql_native_password using '';
137197
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
198+
show warnings;
199+
Level Code Message
200+
Warning 1819 simple_password_check: The password equal to the user name
201+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
202+
Error 1396 Operation CREATE USER failed for 'foo2'@'%'
138203
grant select on *.* to foo2 identified with mysql_old_password;
139204
ERROR 28000: Can't find any matching row in the user table
140205
update mysql.user set password='xxx' where user='foo1';
141206
set global strict_password_validation=0;
142207
set password for foo1 = '';
143208
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
209+
show warnings;
210+
Level Code Message
211+
Warning 1819 simple_password_check: The password equal to the user name
212+
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
144213
set password for foo1 = '2222222222222222';
145214
set password for foo1 = '11111111111111111111111111111111111111111';
146215
create user foo2 identified by password '11111111111111111111111111111111111111111';

mysql-test/suite/plugins/r/two_password_validations.result

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ grant select on *.* to foobar identified by 'q-%^&*rty';
1414
ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
1515
show warnings;
1616
Level Code Message
17+
Warning 1819 simple_password_check: Not enough upper case letters (< 1)
18+
Warning 1819 simple_password_check: Not enough digits (< 1)
1719
Error 1819 Your password does not satisfy the current policy requirements (simple_password_check)
1820
uninstall plugin simple_password_check;
1921
grant select on *.* to foobar identified by 'q-%^&*rty';

mysql-test/suite/plugins/t/simple_password_check.test

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,16 +15,20 @@ select * from information_schema.system_variables where variable_name like 'simp
1515

1616
--error ER_NOT_VALID_PASSWORD
1717
create user foo1 identified by 'pwd';
18+
show warnings;
1819

1920
# Create user with no password.
2021
--error ER_NOT_VALID_PASSWORD
2122
create user foo1;
23+
show warnings;
2224

2325
--error ER_NOT_VALID_PASSWORD
2426
grant select on *.* to foo1 identified by 'pwd';
27+
show warnings;
2528

2629
--error ER_NOT_VALID_PASSWORD
2730
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
31+
show warnings;
2832

2933
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
3034
drop user `BarFoo1!`;
@@ -43,32 +47,40 @@ drop user foo1;
4347

4448
--error ER_NOT_VALID_PASSWORD
4549
create user foo1 identified by '-23:qwe:ASD!';
50+
show warnings;
4651

4752
--error ER_NOT_VALID_PASSWORD
4853
create user foo1 identified by '123:4we:ASD!';
54+
show warnings;
4955

5056
--error ER_NOT_VALID_PASSWORD
5157
create user foo1 identified by '123:qwe:4SD!';
58+
show warnings;
5259

5360
--error ER_NOT_VALID_PASSWORD
5461
create user foo1 identified by '123:qwe:ASD4';
62+
show warnings;
5563

5664
create user foo1 identified by '123:qwe:ASD!';
5765
--error ER_NOT_VALID_PASSWORD
5866
set password for foo1 = password('qwe:-23:ASD!');
67+
show warnings;
5968
--error ER_NOT_VALID_PASSWORD
6069
set password for foo1 = old_password('4we:123:ASD!');
6170
--error ER_NOT_VALID_PASSWORD
6271
set password for foo1 = password('qwe:123:4SD!');
72+
show warnings;
6373
--error ER_NOT_VALID_PASSWORD
6474
set password for foo1 = old_password('qwe:123:ASD4');
75+
show warnings;
6576
set password for foo1 = password('qwe:123:ASD!');
6677

6778
# now, strict_password_validation
6879
select @@strict_password_validation;
6980

7081
--error ER_NOT_VALID_PASSWORD
7182
set password for foo1 = '';
83+
show warnings;
7284
--error ER_OPTION_PREVENTS_STATEMENT
7385
set password for foo1 = '2222222222222222';
7486
--error ER_OPTION_PREVENTS_STATEMENT
@@ -83,6 +95,7 @@ create user foo2 identified with mysql_native_password using '111111111111111111
8395
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
8496
--error ER_NOT_VALID_PASSWORD
8597
create user foo2 identified with mysql_native_password using '';
98+
show warnings;
8699
--error ER_PASSWORD_NO_MATCH
87100
grant select on *.* to foo2 identified with mysql_old_password;
88101

@@ -93,6 +106,7 @@ set global strict_password_validation=0;
93106

94107
--error ER_NOT_VALID_PASSWORD
95108
set password for foo1 = '';
109+
show warnings;
96110
set password for foo1 = '2222222222222222';
97111
set password for foo1 = '11111111111111111111111111111111111111111';
98112
create user foo2 identified by password '11111111111111111111111111111111111111111';

plugin/simple_password_check/simple_password_check.c

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,13 @@ static int validate(MYSQL_CONST_LEX_STRING *username,
2929
const char *ptr= password->str, *end= ptr + length;
3030

3131
if (strncmp(password->str, username->str, length) == 0)
32+
{
33+
// warning used to do not change error code
34+
my_printf_error(ER_NOT_VALID_PASSWORD,
35+
"simple_password_check: The password equal to the user name",
36+
ME_WARNING);
3237
return 1;
38+
}
3339

3440
/* everything non-ascii is the "other" character and is good for the password */
3541
for(; ptr < end; ptr++)
@@ -43,6 +49,28 @@ static int validate(MYSQL_CONST_LEX_STRING *username,
4349
else
4450
others++;
4551
}
52+
53+
// warnings used to do not change error code
54+
if (length < min_length)
55+
my_printf_error(ER_NOT_VALID_PASSWORD,
56+
"simple_password_check: Too short password (< %u)",
57+
ME_WARNING, min_length);
58+
if (uppers < min_letters)
59+
my_printf_error(ER_NOT_VALID_PASSWORD,
60+
"simple_password_check: Not enough upper case "
61+
"letters (< %u)",ME_WARNING, min_letters);
62+
if (lowers < min_letters)
63+
my_printf_error(ER_NOT_VALID_PASSWORD,
64+
"simple_password_check: Not enough lower case "
65+
"letters (< %u)",ME_WARNING, min_letters);
66+
if (digits < min_digits)
67+
my_printf_error(ER_NOT_VALID_PASSWORD,
68+
"simple_password_check: Not enough digits (< %u)",
69+
ME_WARNING, min_digits);
70+
if (others < min_others)
71+
my_printf_error(ER_NOT_VALID_PASSWORD,
72+
"simple_password_check: Not enough special "
73+
"characters (< %u)",ME_WARNING, min_others);
4674
/* remember TRUE means the password failed the validation */
4775
return length < min_length ||
4876
uppers < min_letters ||

0 commit comments

Comments
 (0)