624 lines
22 KiB
Plaintext
624 lines
22 KiB
Plaintext
--source include/have_validate_password_component.inc
|
|
--source include/have_debug.inc
|
|
|
|
# Warning is generated when default file (NULL) is used
|
|
CALL mtr.add_suppression("Dictionary file not specified");
|
|
|
|
# Warning is generated when dictionary file is not loaded
|
|
CALL mtr.add_suppression("Dictionary file open failed");
|
|
|
|
# Warning is generated when dictionary file is not provided with
|
|
# PASSWORD_POLICY_STRONG
|
|
CALL mtr.add_suppression("Since the validate_password_policy is mentioned ");
|
|
|
|
# Warning is generated when dictionary file size exceeded
|
|
# MAX_DICTIONARY_FILE_LENGTH
|
|
CALL mtr.add_suppression("Dictionary file size exceeded");
|
|
|
|
# Warning is generated when validate_password.length is chaged
|
|
# as a result of changing value of system variables listed below:
|
|
# VALIDATE_PASSWORD.NUMBER_COUNT
|
|
# VALIDATE_PASSWORD.MIXED_CASE_COUNT
|
|
# VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT
|
|
CALL mtr.add_suppression("Effective value of validate_password.length is changed.");
|
|
|
|
let $MYSQL_ERRMSG_BASEDIR=`select @@lc_messages_dir`;
|
|
|
|
# component is not installed so even 'pass' (very weak) is accepted as
|
|
# a password
|
|
CREATE USER 'base_user'@'localhost' IDENTIFIED BY 'pass';
|
|
CREATE USER 'user1'@'localhost' IDENTIFIED BY 'pass';
|
|
GRANT ALL ON mysql.* TO 'user1'@'localhost';
|
|
|
|
INSTALL COMPONENT "file://component_validate_password";
|
|
|
|
# test for all the three password policy
|
|
# policy: LOW, MEDIUM, STRONG
|
|
|
|
--echo # password policy LOW (which only check for password length)
|
|
--echo # default case: password length should be minimum 8
|
|
|
|
SET @@global.validate_password.policy=LOW;
|
|
--error ER_NOT_VALID_PASSWORD
|
|
CREATE USER 'user'@'localhost' IDENTIFIED BY '';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'aweg';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password3';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'passwor';
|
|
SET @@global.validate_password.length= 12;
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'afrgtyhlp98';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'iuyt567nbvfA';
|
|
SET @@global.validate_password.mixed_case_count= 0;
|
|
SET @@global.validate_password.number_count= 0;
|
|
SET @@global.validate_password.special_char_count= 0;
|
|
SET @@global.validate_password.length= 0;
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY '';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'p';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password';
|
|
SET @@global.validate_password.length= -2;
|
|
-- Error ER_WRONG_TYPE_FOR_VAR
|
|
SET @@global.validate_password.length= 3.5;
|
|
|
|
# test to check maximum value of password_length
|
|
|
|
SET @@global.validate_password.length= 2147483647;
|
|
SET @@global.validate_password.length= 2147483648;
|
|
PREPARE stmt1 FROM 'UPDATE mysql.user SET authentication_string=(?) where USER = ?';
|
|
SET @a = REPEAT('a',2147483647);
|
|
SET @b = 'user@localhost';
|
|
EXECUTE stmt1 USING @a,@b;
|
|
DEALLOCATE PREPARE stmt1;
|
|
SET @@global.validate_password.length= 4294967295;
|
|
SET @@global.validate_password.length= 8;
|
|
PREPARE stmt1 FROM 'UPDATE mysql.user SET authentication_string=(?) where USER = ?';
|
|
SET @a = REPEAT('a',1048576);
|
|
SET @b = 'user@localhost';
|
|
EXECUTE stmt1 USING @a,@b;
|
|
DEALLOCATE PREPARE stmt1;
|
|
|
|
--echo # password policy MEDIUM (check for mixed_case, digits, special_chars)
|
|
--echo # default case : atleast 1 mixed_case, 1 digit, 1 special_char
|
|
|
|
SET @@global.validate_password.mixed_case_count= 1;
|
|
SET @@global.validate_password.number_count= 1;
|
|
SET @@global.validate_password.special_char_count= 1;
|
|
SET @@global.validate_password.policy=MEDIUM;
|
|
SET @@global.validate_password.number_count= 0;
|
|
CREATE USER 'user'@'localhost' IDENTIFIED BY 'aedfoiASE$%';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'foiuiuytd78';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'abcdefgh';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'abcdeFGH';
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'pasretryFRGH&^98';
|
|
SET @@global.validate_password.mixed_case_count= 0;
|
|
--error ER_NOT_VALID_PASSWORD
|
|
CREATE USER 'user'@'localhost' IDENTIFIED BY 'aedSWEhjui';
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'gruyuHOIU&*(';
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'passwor0987**&';
|
|
SET @@global.validate_password.special_char_count= 0;
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'piufgklol';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
SET @@global.validate_password.special_char_count= 1;
|
|
SET @@global.validate_password.number_count= 1;
|
|
SET @@global.validate_password.mixed_case_count= 1;
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'erftuiik';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'erftuIIK';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'erftu123';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
SET @@global.validate_password.number_count= 2;
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password12A#';
|
|
SET @@global.validate_password.number_count= 1;
|
|
SET @@global.validate_password.mixed_case_count= 2;
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1AB#';
|
|
SET @@global.validate_password.mixed_case_count= 1;
|
|
SET @@global.validate_password.special_char_count= 2;
|
|
SET @@global.validate_password.special_char_count= 1;
|
|
|
|
--echo # No dictionary file present, no dictionary check
|
|
SET @@global.validate_password.policy=STRONG;
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
|
|
--replace_result $MYSQL_ERRMSG_BASEDIR MYSQL_ERRMSG_BASEDIR
|
|
eval SET @@global.validate_password.dictionary_file="$MYSQL_ERRMSG_BASEDIR/dictionary.txt";
|
|
|
|
--echo # password policy strong
|
|
--echo # default_file : dictionary.txt
|
|
|
|
# file should contain 1 word per line
|
|
# error if substring of password is a dictionary word
|
|
|
|
SET @@global.validate_password.policy=STRONG;
|
|
--error ER_NOT_VALID_PASSWORD
|
|
CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'pass12345A#';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'pass0000A#';
|
|
|
|
--echo # test for password_validate_strength function
|
|
|
|
--error ER_WRONG_PARAMCOUNT_TO_NATIVE_FCT
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('password', 0);
|
|
--error ER_WRONG_PARAMCOUNT_TO_NATIVE_FCT
|
|
SELECT VALIDATE_PASSWORD_STRENGTH();
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('');
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('pass');
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('password');
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('password0000');
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('password1A#');
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('PA12wrd!#');
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('PA00wrd!#');
|
|
|
|
# Test for multibyte character set that have greater size when converted
|
|
# from uppercase to lowercase.
|
|
SET NAMES 'ujis';
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('PA12wrd!#');
|
|
|
|
# default policy is set, all other component variables set to default Test to
|
|
# ensure that only the privileged user can access the component variables
|
|
SET @@global.validate_password.policy=MEDIUM;
|
|
|
|
# New connection
|
|
connect (plug_con,localhost,user1,pass);
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
SET @@global.validate_password.policy=LOW;
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
SET @@global.validate_password.length= 4;
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
SET @@global.validate_password.special_char_count= 0;
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
SET @@global.validate_password.mixed_case_count= 0;
|
|
# user has the update/create privilege but needs to satisfy password policy
|
|
# to update/create new account
|
|
--error ER_NOT_VALID_PASSWORD
|
|
CREATE USER 'user2'@'localhost' IDENTIFIED BY 'password';
|
|
CREATE USER 'user2'@'localhost' IDENTIFIED BY 'PA00wrd!#';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
ALTER USER 'user2'@'localhost' IDENTIFIED BY 'password';
|
|
ALTER USER 'user2'@'localhost' IDENTIFIED BY 'PA00wrd!#';
|
|
DROP USER 'user2'@'localhost';
|
|
disconnect plug_con;
|
|
--source include/wait_until_disconnected.inc
|
|
|
|
connection default;
|
|
DROP USER 'base_user'@'localhost';
|
|
DROP USER 'user1'@'localhost';
|
|
DROP USER 'user'@'localhost';
|
|
SET @@global.validate_password.length=default;
|
|
SET @@global.validate_password.number_count=default;
|
|
SET @@global.validate_password.mixed_case_count=default;
|
|
SET @@global.validate_password.special_char_count=default;
|
|
SET @@global.validate_password.policy=default;
|
|
SET @@global.validate_password.dictionary_file=default;
|
|
|
|
SELECT @@validate_password.length,
|
|
@@validate_password.number_count,
|
|
@@validate_password.mixed_case_count,
|
|
@@validate_password.special_char_count,
|
|
@@validate_password.policy,
|
|
@@validate_password.dictionary_file;
|
|
|
|
|
|
--echo #
|
|
--echo # Bug#14588145 - NEED ABILITY TO FLUSH PASSWORD VALIDATION DICTIONARY FILE
|
|
--echo #
|
|
|
|
SET @@global.validate_password.policy=STRONG;
|
|
|
|
--write_file $MYSQLTEST_VARDIR/tmp/dictionary.txt
|
|
password
|
|
validate
|
|
EOF
|
|
|
|
--write_file $MYSQLTEST_VARDIR/tmp/dictionary2.txt
|
|
password
|
|
validate
|
|
monkey
|
|
EOF
|
|
|
|
--echo # No dictionary file, password is accepted
|
|
CREATE USER 'user1'@'localhost' IDENTIFIED BY 'passWORD123#';
|
|
--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
|
|
eval SET @@global.validate_password.dictionary_file="$MYSQLTEST_VARDIR/tmp/dictionary2.txt";
|
|
# Dictionary file loaded
|
|
|
|
--echo # must return 3
|
|
SELECT VARIABLE_VALUE FROM performance_schema.global_status
|
|
WHERE VARIABLE_NAME = 'validate_password.dictionary_file_words_count';
|
|
|
|
SELECT VARIABLE_VALUE into @ts1 FROM performance_schema.global_status
|
|
WHERE VARIABLE_NAME = "validate_password.dictionary_file_last_parsed";
|
|
|
|
--echo # check format of the TS
|
|
--replace_regex /[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]/0000-00-00 00:00:00/
|
|
SELECT @ts1;
|
|
|
|
--echo # must return 19
|
|
SELECT LENGTH(@ts1);
|
|
|
|
--echo # must sleep for at least 1 sec so that the timestamps differ
|
|
--sleep 1
|
|
|
|
--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
|
|
eval SET @@global.validate_password.dictionary_file="$MYSQLTEST_VARDIR/tmp/dictionary.txt";
|
|
|
|
--echo # must return 2
|
|
SELECT VARIABLE_VALUE FROM performance_schema.global_status
|
|
WHERE VARIABLE_NAME = 'validate_password.dictionary_file_words_count';
|
|
|
|
SELECT VARIABLE_VALUE into @ts2 FROM performance_schema.global_status
|
|
WHERE VARIABLE_NAME = "validate_password.dictionary_file_last_parsed";
|
|
|
|
--echo # must return 1
|
|
SELECT @ts1 <> @ts2;
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
CREATE USER 'user2'@'localhost' IDENTIFIED BY 'passWORD123#';
|
|
|
|
SET @@global.validate_password.dictionary_file=NULL;
|
|
|
|
--echo # Cache flushed and no dictionary file is loaded
|
|
CREATE USER 'user2'@'localhost' IDENTIFIED BY 'passWORD123#';
|
|
|
|
--echo # Select commands to show that the validate_password lock is instrumented
|
|
SELECT NAME FROM performance_schema.setup_instruments WHERE NAME LIKE '%validate%';
|
|
SELECT NAME FROM performance_schema.rwlock_instances WHERE NAME LIKE '%validate%';
|
|
|
|
--echo # cleanup
|
|
DROP USER 'user1'@'localhost', 'user2'@'localhost';
|
|
SET @@global.validate_password.policy=DEFAULT;
|
|
remove_file $MYSQLTEST_VARDIR/tmp/dictionary.txt;
|
|
remove_file $MYSQLTEST_VARDIR/tmp/dictionary2.txt;
|
|
|
|
--echo # clean up after the test
|
|
UNINSTALL COMPONENT "file://component_validate_password";
|
|
|
|
--echo #
|
|
--echo # CREATE ROLE DOESN'T WORK WITH PASSWORD VALIDATION PLUGIN
|
|
--echo #
|
|
INSTALL COMPONENT "file://component_validate_password";
|
|
CREATE ROLE r1;
|
|
DROP ROLE r1;
|
|
UNINSTALL COMPONENT "file://component_validate_password";
|
|
|
|
--echo #
|
|
--echo # Lets try to add a variable from the validate_password component
|
|
--echo # while its not installed. (expect warning)
|
|
--echo #
|
|
|
|
call mtr.add_suppression("Dictionary file not specified");
|
|
|
|
SELECT @@global.session_track_system_variables;
|
|
SELECT @@session.session_track_system_variables;
|
|
--echo
|
|
|
|
SET @@session.session_track_system_variables='validate_password.policy,autocommit';
|
|
|
|
--echo # Now lets install the validate password component.
|
|
INSTALL COMPONENT "file://component_validate_password";
|
|
--echo # component installed!
|
|
--echo
|
|
|
|
SELECT @@session.session_track_system_variables;
|
|
--echo # The following SET should now execute successfully without a warning.
|
|
SET @@session.session_track_system_variables='validate_password.policy,autocommit';
|
|
--echo
|
|
|
|
--echo #
|
|
--echo # Bug#14458293 : WRITE PASSED END OF BUFFER IN
|
|
--echo # VALIDATE_DICTIONARY_CHECK
|
|
--echo #
|
|
|
|
SELECT VALIDATE_PASSWORD_STRENGTH(REPEAT("aA1#", 26));
|
|
|
|
|
|
--echo #
|
|
--echo # BUG#14292624 - VALIDATE_PASSWORD_STRENGTH(NULL) CRASHES SERVER
|
|
--echo #
|
|
|
|
SELECT VALIDATE_PASSWORD_STRENGTH(NULL);
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('NULL');
|
|
|
|
|
|
--echo #
|
|
--echo # Bug#14588148: PASSWORD VALIDATION PLUGIN DOES NOT
|
|
--echo # WARN ON INVALID DICTIONARY FILE
|
|
--echo #
|
|
|
|
--echo # restarting server multiple times with different dictionary files
|
|
|
|
# Write file to make mysql-test-run.pl wait for the server to stop
|
|
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
|
|
# Request shutdown
|
|
-- send_shutdown
|
|
|
|
# Call script that will poll the server waiting for it to disapear
|
|
-- source include/wait_until_disconnected.inc
|
|
|
|
#--echo # Restart server with unknown dictionary file.
|
|
--exec echo "restart:--loose-validate_password.dictionary_file=dict.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
|
|
# Turn on reconnect
|
|
--enable_reconnect
|
|
|
|
# Call script that will poll the server waiting for it to be back online again
|
|
--source include/wait_until_connected_again.inc
|
|
|
|
# Turn off reconnect again
|
|
--disable_reconnect
|
|
|
|
# Generate file of size greater than MAX_DICTIONARY_FILE_LENGTH
|
|
--perl EOF
|
|
my $dict_file= "$ENV{MYSQLTEST_VARDIR}/tmp/dict.txt";
|
|
my $outer = 100000;
|
|
|
|
open(DICT_FILE, ">", $dict_file) or die "Can't open $dict_file for write: $!";
|
|
|
|
while ($outer-- > 0) {
|
|
print DICT_FILE "validate_password_plugin\n";
|
|
}
|
|
|
|
close DICT_FILE;
|
|
EOF
|
|
|
|
# restarting server second time
|
|
|
|
# Write file to make mysql-test-run.pl wait for the server to stop
|
|
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
|
|
# Request shutdown
|
|
-- send_shutdown
|
|
|
|
# Call script that will poll the server waiting for it to disapear
|
|
-- source include/wait_until_disconnected.inc
|
|
|
|
--echo # Restart server with file of size greater than MAX_DICTIONARY_FILE_LENGTH
|
|
--exec echo "restart:--loose-validate_password.dictionary_file=$MYSQLTEST_VARDIR/tmp/dict.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
|
|
# Turn on reconnect
|
|
--enable_reconnect
|
|
|
|
# Call script that will poll the server waiting for it to be back online again
|
|
--source include/wait_until_connected_again.inc
|
|
|
|
# Turn off reconnect again
|
|
--disable_reconnect
|
|
|
|
|
|
--echo #
|
|
--echo # Bug#14850601 - VALIDATE_PASSWORD.LENGTH SHOULD NOT ACCEPT BELOW
|
|
--echo # 4 AS ANY WAY NOT ABLE TO SET IT
|
|
--echo #
|
|
|
|
--echo # default values
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT;
|
|
--echo Set password length to a value greater than the default one
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.LENGTH=16;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
|
|
--echo Try to set a value less than
|
|
--echo (2*mixed_case_count + number_count + special char_count)
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.LENGTH=3;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
|
|
--echo set variables that affects effective password length
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT=2;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT=3;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT=4;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
|
|
--echo Reducing value of above variables shoud not have effect on
|
|
--echo password length
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT=1;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT=1;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT=1;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
|
|
--echo Any adjustment in password length which does not go below
|
|
--echo (2*mixed_case_count + number_count + special char_count)
|
|
--echo will be carried out as it is
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.LENGTH=8;
|
|
|
|
--echo # back to default values
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT;
|
|
|
|
--echo #
|
|
--echo # BUG #19388163 PASSWORD VALIDATION PLUGIN CRASH WITH
|
|
--echo # USER VARIABLE + DICTIONARY LOOKUP
|
|
--echo #
|
|
SET @a='Aaaaaaaaa1!';
|
|
# must not crash
|
|
--disable_result_log
|
|
SELECT VALIDATE_PASSWORD_STRENGTH(@a);
|
|
--enable_result_log
|
|
|
|
--echo #
|
|
--echo # BUG#14843970 - VALIDATE_PASSWORD ALLOWS BLANK PASSWORDS
|
|
--echo #
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
SET PASSWORD= '';
|
|
--error ER_NOT_VALID_PASSWORD
|
|
SET PASSWORD='';
|
|
|
|
# checking for empty password string in sha256 mode
|
|
--error ER_NOT_VALID_PASSWORD
|
|
CREATE USER 'sha256user'@'localhost' IDENTIFIED WITH sha256_password;
|
|
|
|
--echo #
|
|
--echo # Bug #16346443 - EMPTY PASSWORDS ARE ALLOWED WITH VALIDATE-PASSWORD-POLICY SET
|
|
--echo #
|
|
|
|
--error ER_NOT_VALID_PASSWORD
|
|
CREATE USER passtest@localhost;
|
|
CREATE TABLE test.t1 (a int);
|
|
--error ER_NOT_VALID_PASSWORD
|
|
CREATE USER 'passtest'@'localhost' IDENTIFIED WITH 'caching_sha2_password' AS '';
|
|
DROP TABLE test.t1;
|
|
|
|
|
|
--echo #
|
|
--echo # Bug#18636874 - PASSWORD VALIDATE PLUGIN: DICTIONARY CHECK MISBEHAVES WITH GOOD HEX INPUT
|
|
--echo #
|
|
|
|
SET @@global.validate_password.policy=STRONG;
|
|
|
|
--write_file $MYSQLTEST_VARDIR/tmp/dictionary.txt
|
|
password
|
|
validate
|
|
EOF
|
|
|
|
--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
|
|
eval SET @@global.validate_password.dictionary_file="$MYSQLTEST_VARDIR/tmp/dictionary.txt";
|
|
# Dictionary file loaded
|
|
|
|
SELECT VALIDATE_PASSWORD_STRENGTH( 0x6E616E646F73617135234552 );
|
|
SELECT VALIDATE_PASSWORD_STRENGTH( 0xae4fb3774143790d0036033d6e );
|
|
|
|
eval SET @@global.validate_password.dictionary_file=NULL;
|
|
|
|
SET @@global.validate_password.policy=DEFAULT;
|
|
remove_file $MYSQLTEST_VARDIR/tmp/dictionary.txt;
|
|
|
|
--echo #
|
|
--echo # Bug#16938568: ERROR 1819 (HY000): YOUR PASSWORD DOES NOT SATISFY
|
|
--echo # THE CURRENT POLICY REQUIREMEN
|
|
--echo #
|
|
|
|
CREATE USER 'passtest'@'localhost' IDENTIFIED BY 'My!Complex@Passw0rd';
|
|
# User exsist so grant should work fine
|
|
GRANT ALL ON *.* TO 'passtest'@'localhost';
|
|
DROP USER 'passtest'@'localhost';
|
|
|
|
--echo #
|
|
--echo # Bug #16957721 - VALIDATE_PASSWORD.LENGTH ALLOWED TO HAVE BELOW
|
|
--echo # VALIDATE_PASSWORD PARAMETER VALUE
|
|
--echo #
|
|
|
|
|
|
--echo # Case 1: Less than default value
|
|
--echo # restarting server
|
|
# Write file to make mysql-test-run.pl wait for the server to stop
|
|
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
# Request shutdown
|
|
-- send_shutdown
|
|
# Call script that will poll the server waiting for it to disapear
|
|
-- source include/wait_until_disconnected.inc
|
|
#--echo # Restart server
|
|
--exec echo "restart:--loose-validate_password.mixed_case_count=5 --loose-validate_password.length=4" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
# Turn on reconnect
|
|
--enable_reconnect
|
|
# Call script that will poll the server waiting for it to be back online again
|
|
--source include/wait_until_connected_again.inc
|
|
# Turn off reconnect again
|
|
--disable_reconnect
|
|
|
|
show variables like 'validate_password%';
|
|
|
|
--echo # Case 2: Greater than default value
|
|
--echo # restarting server
|
|
# Write file to make mysql-test-run.pl wait for the server to stop
|
|
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
# Request shutdown
|
|
-- send_shutdown
|
|
# Call script that will poll the server waiting for it to disapear
|
|
-- source include/wait_until_disconnected.inc
|
|
#--echo # Restart server
|
|
--exec echo "restart:--loose-validate_password.number_count=5 --loose-validate_password.length=10" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
# Turn on reconnect
|
|
--enable_reconnect
|
|
# Call script that will poll the server waiting for it to be back online again
|
|
--source include/wait_until_connected_again.inc
|
|
# Turn off reconnect again
|
|
--disable_reconnect
|
|
|
|
show variables like 'validate_password%';
|
|
|
|
--echo # Case 3: Greater than default value for all variables
|
|
--echo # restarting server
|
|
# Write file to make mysql-test-run.pl wait for the server to stop
|
|
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
# Request shutdown
|
|
-- send_shutdown
|
|
# Call script that will poll the server waiting for it to disapear
|
|
-- source include/wait_until_disconnected.inc
|
|
#--echo # Restart server
|
|
--exec echo "restart:--loose-validate_password.number_count=5 --loose-validate_password.mixed_case_count=5 --loose-validate_password.special_char_count=5 --loose-validate_password.length=10" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
# Turn on reconnect
|
|
--enable_reconnect
|
|
# Call script that will poll the server waiting for it to be back online again
|
|
--source include/wait_until_connected_again.inc
|
|
# Turn off reconnect again
|
|
--disable_reconnect
|
|
|
|
show variables like 'validate_password%';
|
|
|
|
--echo #
|
|
--echo # Bug #18636291 VALIDATE_PASSWORD_STRENGTH() FLOORS CPU ON CASTED INPUTS
|
|
--echo #
|
|
|
|
SET NAMES UTF8;
|
|
SELECT VALIDATE_PASSWORD_STRENGTH(CAST(0xd2 AS CHAR(10)));
|
|
|
|
--echo #
|
|
--echo # BUG #20863229 ASSERTION FAILED:
|
|
--echo # PASSWORD != 0 IN AUTH\PASSWORD_POLICY_SERVICE.CC
|
|
--echo #
|
|
|
|
--echo #assert should not fail
|
|
DO validate_password_strength(export_set('a','a','a','a','a'));
|
|
--echo #should return empty string
|
|
SELECT export_set('a','a','a','a','a');
|
|
--echo #should return 0
|
|
SELECT isnull(export_set('a','a','a','a','a'));
|
|
|
|
--echo #
|
|
--echo # Bug #17065383 PASSWORD VALIDATE PLUGIN STORES HASH OF
|
|
--echo # LOWERCASE PASSWORD BY MISTAKE
|
|
--echo #
|
|
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.POLICY=STRONG;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT= 1;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT= 1;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT= 1;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.LENGTH= 8;
|
|
create user user@localhost identified by 'ABCabc1!';
|
|
grant all privileges on *.* to user@localhost;
|
|
# Able to connect
|
|
connect (con1,localhost,user,ABCabc1!,);
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.POLICY=MEDIUM;
|
|
disconnect con1;
|
|
|
|
connection default;
|
|
|
|
--echo # Cleanup.
|
|
UNINSTALL COMPONENT "file://component_validate_password";
|
|
disconnect default;
|
|
|
|
--echo End of tests
|