MDEV-25258 : SET PASSWORD command fail with wsrep api

Problem was that we should skip strict password validation on applier nodes similarly as is done for slave nodes.
MariaDB · Apr 28, 2021 · f946192 · f946192
1 parent c6dbabe
commit f946192
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 1 deletion.
diff --git a/mysql-test/suite/galera/r/galera_password.result b/mysql-test/suite/galera/r/galera_password.result
@@ -0,0 +1,19 @@
+SHOW VARIABLES LIKE '%password%';
+Variable_name	Value
+old_passwords	OFF
+report_password	
+strict_password_validation	ON
+CREATE USER 'user123456'@'localhost';
+GRANT SELECT, INSERT, UPDATE ON test.* TO 'user123456'@'localhost';
+SET PASSWORD FOR 'user123456'@'localhost' = PASSWORD('A$10abcdDCBA123456%7');
+SHOW GRANTS FOR 'user123456'@'localhost';
+Grants for user123456@localhost
+GRANT USAGE ON *.* TO 'user123456'@'localhost' IDENTIFIED BY PASSWORD '*5846CF4D641598B360B3562E581586155C59F65A'
+GRANT SELECT, INSERT, UPDATE ON `test`.* TO 'user123456'@'localhost'
+connection node_2;
+SHOW GRANTS FOR 'user123456'@'localhost';
+Grants for user123456@localhost
+GRANT USAGE ON *.* TO 'user123456'@'localhost' IDENTIFIED BY PASSWORD '*5846CF4D641598B360B3562E581586155C59F65A'
+GRANT SELECT, INSERT, UPDATE ON `test`.* TO 'user123456'@'localhost'
+connection node_1;
+DROP USER 'user123456'@'localhost';
diff --git a/mysql-test/suite/galera/t/galera_password.test b/mysql-test/suite/galera/t/galera_password.test
@@ -0,0 +1,14 @@
+--source include/galera_cluster.inc
+
+SHOW VARIABLES LIKE '%password%';
+
+CREATE USER 'user123456'@'localhost';
+GRANT SELECT, INSERT, UPDATE ON test.* TO 'user123456'@'localhost';
+SET PASSWORD FOR 'user123456'@'localhost' = PASSWORD('A$10abcdDCBA123456%7');
+SHOW GRANTS FOR 'user123456'@'localhost';
+
+--connection node_2
+SHOW GRANTS FOR 'user123456'@'localhost';
+
+--connection node_1
+DROP USER 'user123456'@'localhost';
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
@@ -1566,7 +1566,11 @@ static bool validate_password(LEX_USER *user, THD *thd)
   else
   {
     if (!thd->slave_thread &&
-        strict_password_validation && has_validation_plugins())
+        strict_password_validation && has_validation_plugins()
+#ifdef WITH_WSREP
+        && !thd->wsrep_applier
+#endif
+       )
     {
       my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--strict-password-validation");
       return true;