Bug #27619667 MYSQL_SECURE_INSTALLATION TO LOAD THE VALIDATE_PASSWORD

V S Murthy Sidagam · V S Murthy Sidagam · commit 116be67f6889 · 2018-03-12T13:49:01.000+01:00
COMPONENT AND NOT PLUGIN

As part of wl#6667 task, mysql_secure_installation has to load the
validate_password component instead of validate_password plugin.

Modified below files to reflect the changes related to
validate_password component.
    client/mysql_secure_installation.cc
    man/mysql_secure_installation.1
diff --git a/client/mysql_secure_installation.cc b/client/mysql_secure_installation.cc
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -273,17 +273,19 @@ static bool execute_query(const char **query, size_t length) {
 }
 
 /**
-  Checks if the validate_password plugin is installed and returns true if it is.
+  Checks if the validate_password component is installed and returns true
+  if it is.
 */
 static bool validate_password_exists() {
   MYSQL_ROW row;
   bool res = true;
   const char *query =
-      "SELECT NAME FROM mysql.plugin WHERE NAME "
-      "= \'validate_password\'";
+      "SELECT component_urn FROM mysql.component WHERE component_urn "
+      "= \'file://component_validate_password\'";
   if (!execute_query(&query, strlen(query)))
     DBUG_PRINT("info", ("query success!"));
   MYSQL_RES *result = mysql_store_result(&mysql);
+  if (!result) return false;
   row = mysql_fetch_row(result);
   if (!row) res = false;
 
@@ -292,40 +294,29 @@ static bool validate_password_exists() {
 }
 
 /**
-  Installs validate_password plugin and sets the password validation policy.
+  Installs validate_password component and sets the password validation policy.
 
-  @return   Returns 1 on successfully setting the plugin and 0 in case of
+  @return   Returns 1 on successfully setting the component and 0 in case of
             of any error.
 */
-static int install_password_validation_plugin() {
+static int install_password_validation_component() {
   int reply;
-  int plugin_set = 0;
+  int component_set = 0;
   char *strength = NULL;
   bool option_read = false;
-  reply= get_response((const char *) "\nVALIDATE PASSWORD PLUGIN can be used "
-                                     "to test passwords\nand improve security. "
-				     "It checks the strength of password\nand "
-				     "allows the users to set only those "
-				     "passwords which are\nsecure enough. "
-				     "Would you like to setup VALIDATE "
-				     "PASSWORD plugin?\n\nPress y|Y for Yes, "
-				     "any other key for No: ", 'y');
+  reply= get_response((const char *) "\nVALIDATE PASSWORD COMPONENT can be "
+                                     "used to test passwords\nand improve "
+                                     "security. It checks the strength of "
+                                     "password\nand allows the users to set "
+                                     "only those passwords which are\nsecure "
+                                     "enough. Would you like to setup VALIDATE "
+				     "PASSWORD component?\n\nPress y|Y for Yes,"
+				     " any other key for No: ", 'y');
   if (reply == (int)'y' || reply == (int)'Y') {
-#ifdef _WIN32
-    const char *query_tmp;
-    query_tmp =
-        "INSTALL PLUGIN validate_password SONAME "
-        "'validate_password.dll'";
-    if (!execute_query(&query_tmp, strlen(query_tmp)))
-#else
     const char *query_tmp;
-    query_tmp =
-        "INSTALL PLUGIN validate_password SONAME "
-        "'validate_password.so'";
-    if (!execute_query(&query_tmp, strlen(query_tmp)))
-#endif
-    {
-      plugin_set = 1;
+    query_tmp = "INSTALL COMPONENT 'file://component_validate_password'";
+    if (!execute_query(&query_tmp, strlen(query_tmp))) {
+      component_set = 1;
       while (!option_read) {
         reply= get_response((const char *) "\nThere are three levels of "
    "password validation policy:\n\n"
@@ -352,7 +343,7 @@ static int install_password_validation_plugin() {
         }
       }
       char *query, *end;
-      int tmp = sizeof("SET GLOBAL validate_password_policy = ") + 3;
+      int tmp = sizeof("SET GLOBAL validate_password.policy = ") + 3;
       size_t strength_length = strlen(strength);
       /*
         query string needs memory which is atleast the length of initial part
@@ -361,7 +352,7 @@ static int install_password_validation_plugin() {
       query = (char *)my_malloc(PSI_NOT_INSTRUMENTED,
                                 (strength_length * 2 + tmp) * sizeof(char),
                                 MYF(MY_WME));
-      end = my_stpcpy(query, "SET GLOBAL validate_password_policy = ");
+      end = my_stpcpy(query, "SET GLOBAL validate_password.policy = ");
       *end++ = '\'';
       end += mysql_real_escape_string_quote(&mysql, end, strength,
                                             (ulong)strength_length, '\'');
@@ -371,10 +362,10 @@ static int install_password_validation_plugin() {
       my_free(query);
     } else
       fprintf(stdout,
-              "The password validation plugin is not available. "
-              "Proceeding with the further steps without the plugin.\n");
+              "The password validation component is not available. "
+              "Proceeding with the further steps without the component.\n");
   }
-  return (plugin_set);
+  return (component_set);
 }
 
 /**
@@ -474,11 +465,11 @@ static bool mysql_expire_password(MYSQL *mysql) {
   if he wants to continue with the password, or provide a new one,
   depending on the strength displayed.
 
-  @param    plugin_set   1 if validate_password plugin is set and
+  @param component_set   1 if validate_password component is set and
                          0 if it is not.
 */
 
-static void set_opt_user_password(int plugin_set) {
+static void set_opt_user_password(int component_set) {
   char *password1 = 0, *password2 = 0;
   int reply = 0;
 
@@ -506,7 +497,7 @@ static void set_opt_user_password(int plugin_set) {
       continue;
     }
 
-    if (plugin_set == 1) {
+    if (component_set == 1) {
       estimate_password_strength(password1);
       reply = get_response((
           const char *)"Do you wish to continue with the "
@@ -516,7 +507,7 @@ static void set_opt_user_password(int plugin_set) {
 
     size_t pass_length = strlen(password1);
 
-    if ((!plugin_set) || (reply == (int)'y' || reply == (int)'Y')) {
+    if ((!component_set) || (reply == (int)'y' || reply == (int)'Y')) {
       char *query = NULL, *end;
       int tmp = sizeof("SET PASSWORD=") + 3;
       /*
@@ -834,7 +825,7 @@ bool find_temporary_password(char **p) {
 int main(int argc, char *argv[]) {
   int reply;
   int rc;
-  int hadpass, plugin_set = 0;
+  int hadpass, component_set = 0;
 
   MY_INIT(argv[0]);
   DBUG_ENTER("main");
@@ -870,23 +861,23 @@ int main(int argc, char *argv[]) {
   hadpass = get_opt_user_password();
 
   if (!validate_password_exists())
-    plugin_set = install_password_validation_plugin();
+    component_set = install_password_validation_component();
   else {
     fprintf(stdout,
-            "The 'validate_password' plugin is installed on the server.\n"
+            "The 'validate_password' component is installed on the server.\n"
             "The subsequent steps will run with the existing "
-            "configuration\nof the plugin.\n");
-    plugin_set = 1;
+            "configuration\nof the component.\n");
+    component_set = 1;
   }
 
   if (!hadpass) {
     fprintf(stdout, "Please set the password for %s here.\n", opt_user);
-    set_opt_user_password(plugin_set);
+    set_opt_user_password(component_set);
   } else if (opt_use_default == false) {
     char prompt[256];
     fprintf(stdout, "Using existing password for %s.\n", opt_user);
 
-    if (plugin_set == 1) estimate_password_strength(password);
+    if (component_set == 1) estimate_password_strength(password);
 
     snprintf(prompt, sizeof(prompt) - 1,
              "Change the password for %s ? ((Press y|Y "
@@ -895,7 +886,7 @@ int main(int argc, char *argv[]) {
     reply = get_response(prompt, 'n');
 
     if (reply == (int)'y' || reply == (int)'Y')
-      set_opt_user_password(plugin_set);
+      set_opt_user_password(component_set);
     else
       fprintf(stdout, "\n ... skipping.\n");
   }
diff --git a/man/mysql_secure_installation.1 b/man/mysql_secure_installation.1
@@ -111,9 +111,9 @@ prompts you to determine which actions to perform\&.
 .PP
 The
 validate_password
-plugin can be used for password strength checking\&. If the plugin is not installed,
+component can be used for password strength checking\&. If the component is not installed,
 \fBmysql_secure_installation\fR
-prompts the user whether to install it\&. Any passwords entered later are checked using the plugin if it is enabled\&.
+prompts the user whether to install it\&. Any passwords entered later are checked using the component if it is enabled\&.
 .PP
 Most of the usual MySQL client options such as
 \fB\-\-host\fR
diff --git a/mysql-test/suite/interactive_utilities/r/mysql_secure_installation.result b/mysql-test/suite/interactive_utilities/r/mysql_secure_installation.result
@@ -11,10 +11,10 @@ Securing the MySQL server deployment.
 
 Connecting to MySQL using a blank password.
 
-VALIDATE PASSWORD PLUGIN can be used to test passwords
+VALIDATE PASSWORD COMPONENT can be used to test passwords
 and improve security. It checks the strength of password
 and allows the users to set only those passwords which are
-secure enough. Would you like to setup VALIDATE PASSWORD plugin?
+secure enough. Would you like to setup VALIDATE PASSWORD component?
 
 Press y|Y for Yes, any other key for No: Please set the password for root here.
 
@@ -55,10 +55,10 @@ Enter password:
 Securing the MySQL server deployment.
 
 
-VALIDATE PASSWORD PLUGIN can be used to test passwords
+VALIDATE PASSWORD COMPONENT can be used to test passwords
 and improve security. It checks the strength of password
 and allows the users to set only those passwords which are
-secure enough. Would you like to setup VALIDATE PASSWORD plugin?
+secure enough. Would you like to setup VALIDATE PASSWORD component?
 
 Press y|Y for Yes, any other key for No: Using existing password for root.
 Change the password for root ? ((Press y|Y for Yes, any other key for No) : 
@@ -102,10 +102,10 @@ Enter password:
 Securing the MySQL server deployment.
 
 
-VALIDATE PASSWORD PLUGIN can be used to test passwords
+VALIDATE PASSWORD COMPONENT can be used to test passwords
 and improve security. It checks the strength of password
 and allows the users to set only those passwords which are
-secure enough. Would you like to setup VALIDATE PASSWORD plugin?
+secure enough. Would you like to setup VALIDATE PASSWORD component?
 
 Press y|Y for Yes, any other key for No: 
 There are three levels of password validation policy:
@@ -159,9 +159,9 @@ Enter password:
 
 Securing the MySQL server deployment.
 
-The 'validate_password' plugin is installed on the server.
+The 'validate_password' component is installed on the server.
 The subsequent steps will run with the existing configuration
-of the plugin.
+of the component.
 Using existing password for root.
 
 Estimated strength of the password: 100 
@@ -211,9 +211,7 @@ made so far will take effect immediately.
 
 Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Execution number 4 was successful
 Enter password: Execution 5 was successful
-UNINSTALL PLUGIN validate_password;
-Warnings:
-Warning	1287	'validate password plugin' is deprecated and will be removed in a future release. Please use validate_password component instead
+UNINSTALL COMPONENT "file://component_validate_password";
 SET PASSWORD for root@localhost = '';
 CREATE DATABASE test;
 REPLACE INTO mysql.user VALUES ('localhost','root','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'mysql_native_password','','N',NULL,NULL,'N','Y','Y', NULL, NULL);
diff --git a/mysql-test/suite/interactive_utilities/r/mysql_secure_installation_ssl.result b/mysql-test/suite/interactive_utilities/r/mysql_secure_installation_ssl.result
@@ -13,10 +13,10 @@ mysql_secure_installation: [Warning] Using a password on the command line interf
 Securing the MySQL server deployment.
 
 
-VALIDATE PASSWORD PLUGIN can be used to test passwords
+VALIDATE PASSWORD COMPONENT can be used to test passwords
 and improve security. It checks the strength of password
 and allows the users to set only those passwords which are
-secure enough. Would you like to setup VALIDATE PASSWORD plugin?
+secure enough. Would you like to setup VALIDATE PASSWORD component?
 
 Press y|Y for Yes, any other key for No: Using existing password for root.
 Change the password for root ? ((Press y|Y for Yes, any other key for No) : 
@@ -55,10 +55,10 @@ mysql_secure_installation: [Warning] Using a password on the command line interf
 Securing the MySQL server deployment.
 
 
-VALIDATE PASSWORD PLUGIN can be used to test passwords
+VALIDATE PASSWORD COMPONENT can be used to test passwords
 and improve security. It checks the strength of password
 and allows the users to set only those passwords which are
-secure enough. Would you like to setup VALIDATE PASSWORD plugin?
+secure enough. Would you like to setup VALIDATE PASSWORD component?
 
 Press y|Y for Yes, any other key for No: 
 There are three levels of password validation policy:
@@ -114,9 +114,7 @@ CREATE DATABASE test;
 REPLACE INTO mysql.user VALUES ('localhost','root','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'mysql_native_password','','N',NULL,NULL,'N','Y','Y', NULL, NULL);
 REPLACE INTO mysql.user VALUES ('localhost','mysql.sys','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','','','','',0,0,0,0,'mysql_native_password','*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE','N',NULL,NULL,'Y','N','N', NULL, NULL);
 INSERT INTO mysql.db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y');
-UNINSTALL PLUGIN validate_password;
-Warnings:
-Warning	1287	'validate password plugin' is deprecated and will be removed in a future release. Please use validate_password component instead
+UNINSTALL COMPONENT "file://component_validate_password";
 UPDATE mysql.user SET password_last_changed=@plc, authentication_string=@auth_str, plugin= @plugin where user='root';
 UPDATE mysql.user SET password_last_changed=@sys_plc, authentication_string=@sys_auth_str, plugin= @sys_plugin where user='mysql.sys';
 FLUSH PRIVILEGES;
diff --git a/mysql-test/suite/interactive_utilities/t/mysql_secure_installation-master.opt b/mysql-test/suite/interactive_utilities/t/mysql_secure_installation-master.opt
@@ -1 +1 @@
-$VALIDATE_PASSWORD_OPT
+$VALIDATE_PASSWORD_COMPONENT_OPT
diff --git a/mysql-test/suite/interactive_utilities/t/mysql_secure_installation.test b/mysql-test/suite/interactive_utilities/t/mysql_secure_installation.test
@@ -2,6 +2,7 @@
 # If not, the test will be skipped.
 --source include/have_expect.inc
 --source include/not_windows.inc
+--source include/have_validate_password_component.inc
 
 SELECT plugin into @plugin from mysql.user where user= 'root' and host='localhost';
 SELECT password_last_changed into @plc from mysql.user where user= 'root' and host='localhost';
@@ -144,7 +145,7 @@ $i++;
 EOF
 
 # Uninstalling validate_password plugin
-UNINSTALL PLUGIN validate_password;
+UNINSTALL COMPONENT "file://component_validate_password";
 
 # Restoring the server to the state prior to this test.
 SET PASSWORD for root@localhost = '';
diff --git a/mysql-test/suite/interactive_utilities/t/mysql_secure_installation_ssl-master.opt b/mysql-test/suite/interactive_utilities/t/mysql_secure_installation_ssl-master.opt
@@ -1,4 +1,4 @@
-$VALIDATE_PASSWORD_OPT
+$VALIDATE_PASSWORD_COMPONENT_OPT
 --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-sha512.pem
 --ssl-key=$MYSQL_TEST_DIR/std_data/server-key-sha512.pem
 --ssl-cert=$MYSQL_TEST_DIR/std_data/server-cert-sha512.pem
diff --git a/mysql-test/suite/interactive_utilities/t/mysql_secure_installation_ssl.test b/mysql-test/suite/interactive_utilities/t/mysql_secure_installation_ssl.test
@@ -1,6 +1,7 @@
 --source include/have_ssl.inc
 --source include/have_expect.inc
 --source include/not_windows.inc
+--source include/have_validate_password_component.inc
 
 SELECT plugin into @plugin from mysql.user where user= 'root' and host='localhost';
 SELECT password_last_changed into @plc from mysql.user where user= 'root' and host='localhost';
@@ -90,7 +91,7 @@ CREATE DATABASE test;
 REPLACE INTO mysql.user VALUES ('localhost','root','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'mysql_native_password','','N',NULL,NULL,'N','Y','Y', NULL, NULL);
 REPLACE INTO mysql.user VALUES ('localhost','mysql.sys','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','','','','',0,0,0,0,'mysql_native_password','*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE','N',NULL,NULL,'Y','N','N', NULL, NULL);
 INSERT INTO mysql.db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y');
-UNINSTALL PLUGIN validate_password;
+UNINSTALL COMPONENT "file://component_validate_password";
 UPDATE mysql.user SET password_last_changed=@plc, authentication_string=@auth_str, plugin= @plugin where user='root';
 UPDATE mysql.user SET password_last_changed=@sys_plc, authentication_string=@sys_auth_str, plugin= @sys_plugin where user='mysql.sys';
 FLUSH PRIVILEGES;

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-$VALIDATE_PASSWORD_OPT`
	`1`	`+$VALIDATE_PASSWORD_COMPONENT_OPT`