diff options
author | Alexey Botchkov <holyfoot@askmonty.org> | 2017-01-17 15:32:41 +0400 |
---|---|---|
committer | Alexey Botchkov <holyfoot@askmonty.org> | 2017-01-17 15:32:41 +0400 |
commit | 30a9ac4250e1b19754dd0ae43705108cc9de2ab0 (patch) | |
tree | a2a6f22a1dd0de0fd1d0e24bd595562f11f8869e | |
parent | 3953c55978d43e3f9d28fe8c247ef8a0edc89d66 (diff) | |
download | mariadb-git-30a9ac4250e1b19754dd0ae43705108cc9de2ab0.tar.gz |
MDEV-10956 Strict Password Validation Breaks Replication.
strict_password_validation variable now has
no effect in the slave thread.
-rw-r--r-- | mysql-test/suite/rpl/r/rpl_strict_password_validation.result | 13 | ||||
-rw-r--r-- | mysql-test/suite/rpl/t/rpl_strict_password_validation.test | 24 | ||||
-rw-r--r-- | sql/sql_acl.cc | 9 |
3 files changed, 42 insertions, 4 deletions
diff --git a/mysql-test/suite/rpl/r/rpl_strict_password_validation.result b/mysql-test/suite/rpl/r/rpl_strict_password_validation.result new file mode 100644 index 00000000000..071d730fa72 --- /dev/null +++ b/mysql-test/suite/rpl/r/rpl_strict_password_validation.result @@ -0,0 +1,13 @@ +include/master-slave.inc +[connection master] +install soname "simple_password_check"; +select @@strict_password_validation; +@@strict_password_validation +1 +create user foo1 identified by password '11111111111111111111111111111111111111111'; +set password for foo1 = PASSWORD('PLAINtext-password!!99'); +drop user foo1; +create user foo1 identified by password '11111111111111111111111111111111111111111'; +ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement +uninstall plugin simple_password_check; +include/rpl_end.inc diff --git a/mysql-test/suite/rpl/t/rpl_strict_password_validation.test b/mysql-test/suite/rpl/t/rpl_strict_password_validation.test new file mode 100644 index 00000000000..c4dda1e1269 --- /dev/null +++ b/mysql-test/suite/rpl/t/rpl_strict_password_validation.test @@ -0,0 +1,24 @@ +if (!$SIMPLE_PASSWORD_CHECK_SO) { + skip No SIMPLE_PASSWORD_CHECK plugin; +} + +--source include/master-slave.inc + + +--connection slave +install soname "simple_password_check"; +select @@strict_password_validation; + +--connection master +create user foo1 identified by password '11111111111111111111111111111111111111111'; +set password for foo1 = PASSWORD('PLAINtext-password!!99'); +drop user foo1; +--sync_slave_with_master + +--connection slave +--error ER_OPTION_PREVENTS_STATEMENT +create user foo1 identified by password '11111111111111111111111111111111111111111'; + +uninstall plugin simple_password_check; + +--source include/rpl_end.inc diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 2accb3abc91..912930d60f3 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -895,7 +895,7 @@ static my_bool do_validate(THD *, plugin_ref plugin, void *arg) } -static bool validate_password(LEX_USER *user) +static bool validate_password(LEX_USER *user, THD *thd) { if (user->pwtext.length || !user->pwhash.length) { @@ -911,7 +911,8 @@ static bool validate_password(LEX_USER *user) } else { - if (strict_password_validation && has_validation_plugins()) + if (!thd->slave_thread && + strict_password_validation && has_validation_plugins()) { my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--strict-password-validation"); return true; @@ -2750,7 +2751,7 @@ bool check_change_password(THD *thd, LEX_USER *user) LEX_USER *real_user= get_current_user(thd, user); if (fix_and_copy_user(real_user, user, thd) || - validate_password(real_user)) + validate_password(real_user, thd)) return true; *user= *real_user; @@ -3465,7 +3466,7 @@ static int replace_user_table(THD *thd, TABLE *table, LEX_USER &combo, } if (!old_row_exists || combo.pwtext.length || combo.pwhash.length) - if (!handle_as_role && validate_password(&combo)) + if (!handle_as_role && validate_password(&combo, thd)) goto end; /* Update table columns with new privileges */ |