486 lines
20 KiB
Plaintext
486 lines
20 KiB
Plaintext
CALL mtr.add_suppression("Dictionary file not specified");
|
|
CALL mtr.add_suppression("Dictionary file open failed");
|
|
CALL mtr.add_suppression("Since the validate_password_policy is mentioned ");
|
|
CALL mtr.add_suppression("Dictionary file size exceeded");
|
|
CALL mtr.add_suppression("Effective value of validate_password.length is changed.");
|
|
CREATE USER 'base_user'@'localhost' IDENTIFIED BY 'pass';
|
|
CREATE USER 'user1'@'localhost' IDENTIFIED BY 'pass';
|
|
GRANT ALL ON mysql.* TO 'user1'@'localhost';
|
|
INSTALL COMPONENT "file://component_validate_password";
|
|
# password policy LOW (which only check for password length)
|
|
# default case: password length should be minimum 8
|
|
SET @@global.validate_password.policy=LOW;
|
|
CREATE USER 'user'@'localhost' IDENTIFIED BY '';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'aweg';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password3';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'passwor';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
SET @@global.validate_password.length= 12;
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'afrgtyhlp98';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'iuyt567nbvfA';
|
|
SET @@global.validate_password.mixed_case_count= 0;
|
|
SET @@global.validate_password.number_count= 0;
|
|
SET @@global.validate_password.special_char_count= 0;
|
|
SET @@global.validate_password.length= 0;
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY '';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'p';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password';
|
|
SET @@global.validate_password.length= -2;
|
|
Warnings:
|
|
Warning 1292 Truncated incorrect validate_password.length value: '-2'
|
|
SET @@global.validate_password.length= 3.5;
|
|
ERROR 42000: Incorrect argument type to variable 'validate_password.length'
|
|
SET @@global.validate_password.length= 2147483647;
|
|
SET @@global.validate_password.length= 2147483648;
|
|
Warnings:
|
|
Warning 1292 Truncated incorrect validate_password.length value: '2147483648'
|
|
PREPARE stmt1 FROM 'UPDATE mysql.user SET authentication_string=(?) where USER = ?';
|
|
SET @a = REPEAT('a',2147483647);
|
|
Warnings:
|
|
Warning 1301 Result of repeat() was larger than max_allowed_packet (67108864) - truncated
|
|
SET @b = 'user@localhost';
|
|
EXECUTE stmt1 USING @a,@b;
|
|
DEALLOCATE PREPARE stmt1;
|
|
SET @@global.validate_password.length= 4294967295;
|
|
Warnings:
|
|
Warning 1292 Truncated incorrect validate_password.length value: '4294967295'
|
|
SET @@global.validate_password.length= 8;
|
|
PREPARE stmt1 FROM 'UPDATE mysql.user SET authentication_string=(?) where USER = ?';
|
|
SET @a = REPEAT('a',1048576);
|
|
SET @b = 'user@localhost';
|
|
EXECUTE stmt1 USING @a,@b;
|
|
DEALLOCATE PREPARE stmt1;
|
|
# password policy MEDIUM (check for mixed_case, digits, special_chars)
|
|
# default case : atleast 1 mixed_case, 1 digit, 1 special_char
|
|
SET @@global.validate_password.mixed_case_count= 1;
|
|
SET @@global.validate_password.number_count= 1;
|
|
SET @@global.validate_password.special_char_count= 1;
|
|
SET @@global.validate_password.policy=MEDIUM;
|
|
SET @@global.validate_password.number_count= 0;
|
|
CREATE USER 'user'@'localhost' IDENTIFIED BY 'aedfoiASE$%';
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'foiuiuytd78';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'abcdefgh';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'abcdeFGH';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'pasretryFRGH&^98';
|
|
SET @@global.validate_password.mixed_case_count= 0;
|
|
CREATE USER 'user'@'localhost' IDENTIFIED BY 'aedSWEhjui';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'gruyuHOIU&*(';
|
|
ALTER USER 'user'@'localhost' IDENTIFIED BY 'passwor0987**&';
|
|
SET @@global.validate_password.special_char_count= 0;
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'piufgklol';
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
SET @@global.validate_password.special_char_count= 1;
|
|
SET @@global.validate_password.number_count= 1;
|
|
SET @@global.validate_password.mixed_case_count= 1;
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'erftuiik';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'erftuIIK';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'erftu123';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
SET @@global.validate_password.number_count= 2;
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password12A#';
|
|
SET @@global.validate_password.number_count= 1;
|
|
SET @@global.validate_password.mixed_case_count= 2;
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1AB#';
|
|
SET @@global.validate_password.mixed_case_count= 1;
|
|
SET @@global.validate_password.special_char_count= 2;
|
|
SET @@global.validate_password.special_char_count= 1;
|
|
# No dictionary file present, no dictionary check
|
|
SET @@global.validate_password.policy=STRONG;
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
SET @@global.validate_password.dictionary_file="MYSQL_ERRMSG_BASEDIR/dictionary.txt";
|
|
# password policy strong
|
|
# default_file : dictionary.txt
|
|
SET @@global.validate_password.policy=STRONG;
|
|
CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'password1A#';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'pass12345A#';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'base_user'@'localhost' IDENTIFIED BY 'pass0000A#';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
# test for password_validate_strength function
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('password', 0);
|
|
ERROR 42000: Incorrect parameter count in the call to native function 'VALIDATE_PASSWORD_STRENGTH'
|
|
SELECT VALIDATE_PASSWORD_STRENGTH();
|
|
ERROR 42000: Incorrect parameter count in the call to native function 'VALIDATE_PASSWORD_STRENGTH'
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('');
|
|
VALIDATE_PASSWORD_STRENGTH('')
|
|
0
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('pass');
|
|
VALIDATE_PASSWORD_STRENGTH('pass')
|
|
25
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('password');
|
|
VALIDATE_PASSWORD_STRENGTH('password')
|
|
50
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('password0000');
|
|
VALIDATE_PASSWORD_STRENGTH('password0000')
|
|
50
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('password1A#');
|
|
VALIDATE_PASSWORD_STRENGTH('password1A#')
|
|
75
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('PA12wrd!#');
|
|
VALIDATE_PASSWORD_STRENGTH('PA12wrd!#')
|
|
100
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('PA00wrd!#');
|
|
VALIDATE_PASSWORD_STRENGTH('PA00wrd!#')
|
|
100
|
|
SET NAMES 'ujis';
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('PA12wrd!#');
|
|
VALIDATE_PASSWORD_STRENGTH('PA12wrd!#')
|
|
100
|
|
SET @@global.validate_password.policy=MEDIUM;
|
|
SET @@global.validate_password.policy=LOW;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation
|
|
SET @@global.validate_password.length= 4;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation
|
|
SET @@global.validate_password.special_char_count= 0;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation
|
|
SET @@global.validate_password.mixed_case_count= 0;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation
|
|
CREATE USER 'user2'@'localhost' IDENTIFIED BY 'password';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
CREATE USER 'user2'@'localhost' IDENTIFIED BY 'PA00wrd!#';
|
|
ALTER USER 'user2'@'localhost' IDENTIFIED BY 'password';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
ALTER USER 'user2'@'localhost' IDENTIFIED BY 'PA00wrd!#';
|
|
DROP USER 'user2'@'localhost';
|
|
DROP USER 'base_user'@'localhost';
|
|
DROP USER 'user1'@'localhost';
|
|
DROP USER 'user'@'localhost';
|
|
SET @@global.validate_password.length=default;
|
|
SET @@global.validate_password.number_count=default;
|
|
SET @@global.validate_password.mixed_case_count=default;
|
|
SET @@global.validate_password.special_char_count=default;
|
|
SET @@global.validate_password.policy=default;
|
|
SET @@global.validate_password.dictionary_file=default;
|
|
SELECT @@validate_password.length,
|
|
@@validate_password.number_count,
|
|
@@validate_password.mixed_case_count,
|
|
@@validate_password.special_char_count,
|
|
@@validate_password.policy,
|
|
@@validate_password.dictionary_file;
|
|
@@validate_password.length @@validate_password.number_count @@validate_password.mixed_case_count @@validate_password.special_char_count @@validate_password.policy @@validate_password.dictionary_file
|
|
8 1 1 1 MEDIUM NULL
|
|
#
|
|
# Bug#14588145 - NEED ABILITY TO FLUSH PASSWORD VALIDATION DICTIONARY FILE
|
|
#
|
|
SET @@global.validate_password.policy=STRONG;
|
|
# No dictionary file, password is accepted
|
|
CREATE USER 'user1'@'localhost' IDENTIFIED BY 'passWORD123#';
|
|
SET @@global.validate_password.dictionary_file="MYSQLTEST_VARDIR/tmp/dictionary2.txt";
|
|
# must return 3
|
|
SELECT VARIABLE_VALUE FROM performance_schema.global_status
|
|
WHERE VARIABLE_NAME = 'validate_password.dictionary_file_words_count';
|
|
VARIABLE_VALUE
|
|
3
|
|
SELECT VARIABLE_VALUE into @ts1 FROM performance_schema.global_status
|
|
WHERE VARIABLE_NAME = "validate_password.dictionary_file_last_parsed";
|
|
# check format of the TS
|
|
SELECT @ts1;
|
|
@ts1
|
|
0000-00-00 00:00:00
|
|
# must return 19
|
|
SELECT LENGTH(@ts1);
|
|
LENGTH(@ts1)
|
|
19
|
|
# must sleep for at least 1 sec so that the timestamps differ
|
|
SET @@global.validate_password.dictionary_file="MYSQLTEST_VARDIR/tmp/dictionary.txt";
|
|
# must return 2
|
|
SELECT VARIABLE_VALUE FROM performance_schema.global_status
|
|
WHERE VARIABLE_NAME = 'validate_password.dictionary_file_words_count';
|
|
VARIABLE_VALUE
|
|
2
|
|
SELECT VARIABLE_VALUE into @ts2 FROM performance_schema.global_status
|
|
WHERE VARIABLE_NAME = "validate_password.dictionary_file_last_parsed";
|
|
# must return 1
|
|
SELECT @ts1 <> @ts2;
|
|
@ts1 <> @ts2
|
|
1
|
|
CREATE USER 'user2'@'localhost' IDENTIFIED BY 'passWORD123#';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
SET @@global.validate_password.dictionary_file=NULL;
|
|
# Cache flushed and no dictionary file is loaded
|
|
CREATE USER 'user2'@'localhost' IDENTIFIED BY 'passWORD123#';
|
|
# Select commands to show that the validate_password lock is instrumented
|
|
SELECT NAME FROM performance_schema.setup_instruments WHERE NAME LIKE '%validate%';
|
|
NAME
|
|
wait/synch/rwlock/validate_pwd/LOCK_dict_file
|
|
SELECT NAME FROM performance_schema.rwlock_instances WHERE NAME LIKE '%validate%';
|
|
NAME
|
|
wait/synch/rwlock/validate_pwd/LOCK_dict_file
|
|
# cleanup
|
|
DROP USER 'user1'@'localhost', 'user2'@'localhost';
|
|
SET @@global.validate_password.policy=DEFAULT;
|
|
# clean up after the test
|
|
UNINSTALL COMPONENT "file://component_validate_password";
|
|
#
|
|
# CREATE ROLE DOESN'T WORK WITH PASSWORD VALIDATION PLUGIN
|
|
#
|
|
INSTALL COMPONENT "file://component_validate_password";
|
|
CREATE ROLE r1;
|
|
DROP ROLE r1;
|
|
UNINSTALL COMPONENT "file://component_validate_password";
|
|
#
|
|
# Lets try to add a variable from the validate_password component
|
|
# while its not installed. (expect warning)
|
|
#
|
|
call mtr.add_suppression("Dictionary file not specified");
|
|
SELECT @@global.session_track_system_variables;
|
|
@@global.session_track_system_variables
|
|
time_zone,autocommit,character_set_client,character_set_results,character_set_connection
|
|
SELECT @@session.session_track_system_variables;
|
|
@@session.session_track_system_variables
|
|
time_zone,autocommit,character_set_client,character_set_results,character_set_connection
|
|
|
|
SET @@session.session_track_system_variables='validate_password.policy,autocommit';
|
|
Warnings:
|
|
Warning 1231 validate_password.policy is not a valid system variable and will be ignored.
|
|
# Now lets install the validate password component.
|
|
INSTALL COMPONENT "file://component_validate_password";
|
|
# component installed!
|
|
|
|
SELECT @@session.session_track_system_variables;
|
|
@@session.session_track_system_variables
|
|
validate_password.policy,autocommit
|
|
# The following SET should now execute successfully without a warning.
|
|
SET @@session.session_track_system_variables='validate_password.policy,autocommit';
|
|
|
|
#
|
|
# Bug#14458293 : WRITE PASSED END OF BUFFER IN
|
|
# VALIDATE_DICTIONARY_CHECK
|
|
#
|
|
SELECT VALIDATE_PASSWORD_STRENGTH(REPEAT("aA1#", 26));
|
|
VALIDATE_PASSWORD_STRENGTH(REPEAT("aA1#", 26))
|
|
100
|
|
#
|
|
# BUG#14292624 - VALIDATE_PASSWORD_STRENGTH(NULL) CRASHES SERVER
|
|
#
|
|
SELECT VALIDATE_PASSWORD_STRENGTH(NULL);
|
|
VALIDATE_PASSWORD_STRENGTH(NULL)
|
|
NULL
|
|
SELECT VALIDATE_PASSWORD_STRENGTH('NULL');
|
|
VALIDATE_PASSWORD_STRENGTH('NULL')
|
|
25
|
|
#
|
|
# Bug#14588148: PASSWORD VALIDATION PLUGIN DOES NOT
|
|
# WARN ON INVALID DICTIONARY FILE
|
|
#
|
|
# restarting server multiple times with different dictionary files
|
|
# Restart server with file of size greater than MAX_DICTIONARY_FILE_LENGTH
|
|
#
|
|
# Bug#14850601 - VALIDATE_PASSWORD.LENGTH SHOULD NOT ACCEPT BELOW
|
|
# 4 AS ANY WAY NOT ABLE TO SET IT
|
|
#
|
|
# default values
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
@@GLOBAL.VALIDATE_PASSWORD.LENGTH
|
|
8
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT;
|
|
@@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT
|
|
1
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT;
|
|
@@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT
|
|
1
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT;
|
|
@@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT
|
|
1
|
|
Set password length to a value greater than the default one
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.LENGTH=16;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
@@GLOBAL.VALIDATE_PASSWORD.LENGTH
|
|
16
|
|
Try to set a value less than
|
|
(2*mixed_case_count + number_count + special char_count)
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.LENGTH=3;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
@@GLOBAL.VALIDATE_PASSWORD.LENGTH
|
|
4
|
|
set variables that affects effective password length
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT=2;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
@@GLOBAL.VALIDATE_PASSWORD.LENGTH
|
|
6
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT=3;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
@@GLOBAL.VALIDATE_PASSWORD.LENGTH
|
|
8
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT=4;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
@@GLOBAL.VALIDATE_PASSWORD.LENGTH
|
|
11
|
|
Reducing value of above variables shoud not have effect on
|
|
password length
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT=1;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
@@GLOBAL.VALIDATE_PASSWORD.LENGTH
|
|
11
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT=1;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
@@GLOBAL.VALIDATE_PASSWORD.LENGTH
|
|
11
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT=1;
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
@@GLOBAL.VALIDATE_PASSWORD.LENGTH
|
|
11
|
|
Any adjustment in password length which does not go below
|
|
(2*mixed_case_count + number_count + special char_count)
|
|
will be carried out as it is
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.LENGTH=8;
|
|
# back to default values
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.LENGTH;
|
|
@@GLOBAL.VALIDATE_PASSWORD.LENGTH
|
|
8
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT;
|
|
@@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT
|
|
1
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT;
|
|
@@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT
|
|
1
|
|
SELECT @@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT;
|
|
@@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT
|
|
1
|
|
#
|
|
# BUG #19388163 PASSWORD VALIDATION PLUGIN CRASH WITH
|
|
# USER VARIABLE + DICTIONARY LOOKUP
|
|
#
|
|
SET @a='Aaaaaaaaa1!';
|
|
SELECT VALIDATE_PASSWORD_STRENGTH(@a);
|
|
#
|
|
# BUG#14843970 - VALIDATE_PASSWORD ALLOWS BLANK PASSWORDS
|
|
#
|
|
SET PASSWORD= '';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
SET PASSWORD='';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
CREATE USER 'sha256user'@'localhost' IDENTIFIED WITH sha256_password;
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
#
|
|
# Bug #16346443 - EMPTY PASSWORDS ARE ALLOWED WITH VALIDATE-PASSWORD-POLICY SET
|
|
#
|
|
CREATE USER passtest@localhost;
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
CREATE TABLE test.t1 (a int);
|
|
CREATE USER 'passtest'@'localhost' IDENTIFIED WITH 'caching_sha2_password' AS '';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
DROP TABLE test.t1;
|
|
#
|
|
# Bug#18636874 - PASSWORD VALIDATE PLUGIN: DICTIONARY CHECK MISBEHAVES WITH GOOD HEX INPUT
|
|
#
|
|
SET @@global.validate_password.policy=STRONG;
|
|
SET @@global.validate_password.dictionary_file="MYSQLTEST_VARDIR/tmp/dictionary.txt";
|
|
SELECT VALIDATE_PASSWORD_STRENGTH( 0x6E616E646F73617135234552 );
|
|
VALIDATE_PASSWORD_STRENGTH( 0x6E616E646F73617135234552 )
|
|
100
|
|
SELECT VALIDATE_PASSWORD_STRENGTH( 0xae4fb3774143790d0036033d6e );
|
|
VALIDATE_PASSWORD_STRENGTH( 0xae4fb3774143790d0036033d6e )
|
|
100
|
|
SET @@global.validate_password.dictionary_file=NULL;
|
|
SET @@global.validate_password.policy=DEFAULT;
|
|
#
|
|
# Bug#16938568: ERROR 1819 (HY000): YOUR PASSWORD DOES NOT SATISFY
|
|
# THE CURRENT POLICY REQUIREMEN
|
|
#
|
|
CREATE USER 'passtest'@'localhost' IDENTIFIED BY 'My!Complex@Passw0rd';
|
|
GRANT ALL ON *.* TO 'passtest'@'localhost';
|
|
DROP USER 'passtest'@'localhost';
|
|
#
|
|
# Bug #16957721 - VALIDATE_PASSWORD.LENGTH ALLOWED TO HAVE BELOW
|
|
# VALIDATE_PASSWORD PARAMETER VALUE
|
|
#
|
|
# Case 1: Less than default value
|
|
# restarting server
|
|
show variables like 'validate_password%';
|
|
Variable_name Value
|
|
validate_password.check_user_name ON
|
|
validate_password.dictionary_file
|
|
validate_password.length 12
|
|
validate_password.mixed_case_count 5
|
|
validate_password.number_count 1
|
|
validate_password.policy MEDIUM
|
|
validate_password.special_char_count 1
|
|
# Case 2: Greater than default value
|
|
# restarting server
|
|
show variables like 'validate_password%';
|
|
Variable_name Value
|
|
validate_password.check_user_name ON
|
|
validate_password.dictionary_file
|
|
validate_password.length 10
|
|
validate_password.mixed_case_count 1
|
|
validate_password.number_count 5
|
|
validate_password.policy MEDIUM
|
|
validate_password.special_char_count 1
|
|
# Case 3: Greater than default value for all variables
|
|
# restarting server
|
|
show variables like 'validate_password%';
|
|
Variable_name Value
|
|
validate_password.check_user_name ON
|
|
validate_password.dictionary_file
|
|
validate_password.length 20
|
|
validate_password.mixed_case_count 5
|
|
validate_password.number_count 5
|
|
validate_password.policy MEDIUM
|
|
validate_password.special_char_count 5
|
|
#
|
|
# Bug #18636291 VALIDATE_PASSWORD_STRENGTH() FLOORS CPU ON CASTED INPUTS
|
|
#
|
|
SET NAMES UTF8;
|
|
Warnings:
|
|
Warning 3719 'utf8' is currently an alias for the character set UTF8MB3, but will be an alias for UTF8MB4 in a future release. Please consider using UTF8MB4 in order to be unambiguous.
|
|
SELECT VALIDATE_PASSWORD_STRENGTH(CAST(0xd2 AS CHAR(10)));
|
|
VALIDATE_PASSWORD_STRENGTH(CAST(0xd2 AS CHAR(10)))
|
|
0
|
|
#
|
|
# BUG #20863229 ASSERTION FAILED:
|
|
# PASSWORD != 0 IN AUTH\PASSWORD_POLICY_SERVICE.CC
|
|
#
|
|
#assert should not fail
|
|
DO validate_password_strength(export_set('a','a','a','a','a'));
|
|
Warnings:
|
|
Warning 1292 Truncated incorrect INTEGER value: 'a'
|
|
Warning 1292 Truncated incorrect INTEGER value: 'a'
|
|
#should return empty string
|
|
SELECT export_set('a','a','a','a','a');
|
|
export_set('a','a','a','a','a')
|
|
|
|
Warnings:
|
|
Warning 1292 Truncated incorrect INTEGER value: 'a'
|
|
Warning 1292 Truncated incorrect INTEGER value: 'a'
|
|
#should return 0
|
|
SELECT isnull(export_set('a','a','a','a','a'));
|
|
isnull(export_set('a','a','a','a','a'))
|
|
0
|
|
Warnings:
|
|
Warning 1292 Truncated incorrect INTEGER value: 'a'
|
|
Warning 1292 Truncated incorrect INTEGER value: 'a'
|
|
#
|
|
# Bug #17065383 PASSWORD VALIDATE PLUGIN STORES HASH OF
|
|
# LOWERCASE PASSWORD BY MISTAKE
|
|
#
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.POLICY=STRONG;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.NUMBER_COUNT= 1;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.MIXED_CASE_COUNT= 1;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.SPECIAL_CHAR_COUNT= 1;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.LENGTH= 8;
|
|
create user user@localhost identified by 'ABCabc1!';
|
|
grant all privileges on *.* to user@localhost;
|
|
SET @@GLOBAL.VALIDATE_PASSWORD.POLICY=MEDIUM;
|
|
# Cleanup.
|
|
UNINSTALL COMPONENT "file://component_validate_password";
|
|
End of tests
|