Commit 30a9ac42 authored by Alexey Botchkov's avatar Alexey Botchkov

MDEV-10956 Strict Password Validation Breaks Replication.

        strict_password_validation variable now has
        no effect in the slave thread.
parent 3953c559
include/master-slave.inc
[connection master]
install soname "simple_password_check";
select @@strict_password_validation;
@@strict_password_validation
1
create user foo1 identified by password '11111111111111111111111111111111111111111';
set password for foo1 = PASSWORD('PLAINtext-password!!99');
drop user foo1;
create user foo1 identified by password '11111111111111111111111111111111111111111';
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
uninstall plugin simple_password_check;
include/rpl_end.inc
if (!$SIMPLE_PASSWORD_CHECK_SO) {
skip No SIMPLE_PASSWORD_CHECK plugin;
}
--source include/master-slave.inc
--connection slave
install soname "simple_password_check";
select @@strict_password_validation;
--connection master
create user foo1 identified by password '11111111111111111111111111111111111111111';
set password for foo1 = PASSWORD('PLAINtext-password!!99');
drop user foo1;
--sync_slave_with_master
--connection slave
--error ER_OPTION_PREVENTS_STATEMENT
create user foo1 identified by password '11111111111111111111111111111111111111111';
uninstall plugin simple_password_check;
--source include/rpl_end.inc
...@@ -895,7 +895,7 @@ static my_bool do_validate(THD *, plugin_ref plugin, void *arg) ...@@ -895,7 +895,7 @@ static my_bool do_validate(THD *, plugin_ref plugin, void *arg)
} }
static bool validate_password(LEX_USER *user) static bool validate_password(LEX_USER *user, THD *thd)
{ {
if (user->pwtext.length || !user->pwhash.length) if (user->pwtext.length || !user->pwhash.length)
{ {
...@@ -911,7 +911,8 @@ static bool validate_password(LEX_USER *user) ...@@ -911,7 +911,8 @@ static bool validate_password(LEX_USER *user)
} }
else else
{ {
if (strict_password_validation && has_validation_plugins()) if (!thd->slave_thread &&
strict_password_validation && has_validation_plugins())
{ {
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--strict-password-validation"); my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--strict-password-validation");
return true; return true;
...@@ -2750,7 +2751,7 @@ bool check_change_password(THD *thd, LEX_USER *user) ...@@ -2750,7 +2751,7 @@ bool check_change_password(THD *thd, LEX_USER *user)
LEX_USER *real_user= get_current_user(thd, user); LEX_USER *real_user= get_current_user(thd, user);
if (fix_and_copy_user(real_user, user, thd) || if (fix_and_copy_user(real_user, user, thd) ||
validate_password(real_user)) validate_password(real_user, thd))
return true; return true;
*user= *real_user; *user= *real_user;
...@@ -3465,7 +3466,7 @@ static int replace_user_table(THD *thd, TABLE *table, LEX_USER &combo, ...@@ -3465,7 +3466,7 @@ static int replace_user_table(THD *thd, TABLE *table, LEX_USER &combo,
} }
if (!old_row_exists || combo.pwtext.length || combo.pwhash.length) if (!old_row_exists || combo.pwtext.length || combo.pwhash.length)
if (!handle_as_role && validate_password(&combo)) if (!handle_as_role && validate_password(&combo, thd))
goto end; goto end;
/* Update table columns with new privileges */ /* Update table columns with new privileges */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment