MDEV-26647 (plugin name) Include password validation plugin information in the...

MDEV-26647 (plugin name) Include password validation plugin information in the error message if the SQL statement is not satisfied password policy Add plugin name to the error message.

MDEV-26647 (plugin name) Include password validation plugin information in the...
MDEV-26647 (plugin name) Include password validation plugin information in the error message if the SQL statement is not satisfied password policy Add plugin name to the error message.
cc6bba00 · Oleksandr Byelkin · 0ee1082b · cc6bba00 · cc6bba00 · cc6bba00
Commit cc6bba00 authored Oct 20, 2021 by Oleksandr Byelkin
6 changed files
--- a/mysql-test/suite/plugins/r/binlog-simple_plugin_check.result
+++ b/mysql-test/suite/plugins/r/binlog-simple_plugin_check.result
@@ -8,7 +8,7 @@ simple_password_check
 #
 CREATE USER user1@localhost IDENTIFIED BY 'BsG9#9.cem#!85';
 CREATE USER user2@localhost IDENTIFIED BY 'bsg9#d.cem#!85';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 DROP USER user1@localhost;
 include/show_binlog_events.inc
 Log_name	Pos	Event_type	Server_id	End_log_pos	Info

--- a/mysql-test/suite/plugins/r/cracklib_password_check.result
+++ b/mysql-test/suite/plugins/r/cracklib_password_check.result
@@ -14,29 +14,29 @@ LOAD_OPTION	ON
 PLUGIN_MATURITY	Stable
 PLUGIN_AUTH_VERSION	1.0
 grant select on *.* to foocar identified by 'foocar';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (cracklib_password_check)
 show warnings;
 Level	Code	Message
 Warning	1819	cracklib: it is based on your username
-Error	1819	Your password does not satisfy the current policy requirements
+Error	1819	Your password does not satisfy the current policy requirements (cracklib_password_check)
 grant select on *.* to foocar identified by 'racoof';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (cracklib_password_check)
 show warnings;
 Level	Code	Message
 Warning	1819	cracklib: it is based on your username
-Error	1819	Your password does not satisfy the current policy requirements
+Error	1819	Your password does not satisfy the current policy requirements (cracklib_password_check)
 grant select on *.* to foo@barbar identified by 'barbar';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (cracklib_password_check)
 show warnings;
 Level	Code	Message
 Warning	1819	cracklib: it does not contain enough DIFFERENT characters
-Error	1819	Your password does not satisfy the current policy requirements
+Error	1819	Your password does not satisfy the current policy requirements (cracklib_password_check)
 grant select on *.* to foobar identified by 'qwerty';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (cracklib_password_check)
 show warnings;
 Level	Code	Message
 Warning	1819	cracklib: it is based on a dictionary word
-Error	1819	Your password does not satisfy the current policy requirements
+Error	1819	Your password does not satisfy the current policy requirements (cracklib_password_check)
 grant select on *.* to foobar identified by 'q$%^&*rty';
 drop user foobar;
 #
@@ -44,7 +44,7 @@ drop user foobar;
 # when using cracklib plugin
 #
 create user 'newuser'@'localhost';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (cracklib_password_check)
 uninstall plugin cracklib_password_check;
 create user foo1 identified by 'pwd';
 drop user foo1;
--- a/mysql-test/suite/plugins/r/simple_password_check.result
+++ b/mysql-test/suite/plugins/r/simple_password_check.result
@@ -71,13 +71,13 @@ ENUM_VALUE_LIST	NULL
 READ_ONLY	NO
 COMMAND_LINE_ARGUMENT	REQUIRED
 create user foo1 identified by 'pwd';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 create user foo1;
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 grant select on *.* to foo1 identified by 'pwd';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 grant select on *.* to `FooBar1!` identified by 'FooBar1!';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
 drop user `BarFoo1!`;
 create user foo1 identified by 'aA.12345';
@@ -99,28 +99,28 @@ simple_password_check_other_characters	3
 create user foo1 identified by '123:qwe:ASD!';
 drop user foo1;
 create user foo1 identified by '-23:qwe:ASD!';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 create user foo1 identified by '123:4we:ASD!';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 create user foo1 identified by '123:qwe:4SD!';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 create user foo1 identified by '123:qwe:ASD4';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 create user foo1 identified by '123:qwe:ASD!';
 set password for foo1 = password('qwe:-23:ASD!');
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 set password for foo1 = old_password('4we:123:ASD!');
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 set password for foo1 = password('qwe:123:4SD!');
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 set password for foo1 = old_password('qwe:123:ASD4');
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 set password for foo1 = password('qwe:123:ASD!');
 select @@strict_password_validation;
 @@strict_password_validation
 1
 set password for foo1 = '';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 set password for foo1 = '2222222222222222';
 ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
 set password for foo1 = '11111111111111111111111111111111111111111';
@@ -134,13 +134,13 @@ ERROR HY000: The MariaDB server is running with the --strict-password-validation
 grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
 ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
 create user foo2 identified with mysql_native_password using '';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 grant select on *.* to foo2 identified with mysql_old_password;
 ERROR 28000: Can't find any matching row in the user table
 update mysql.user set password='xxx' where user='foo1';
 set global strict_password_validation=0;
 set password for foo1 = '';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 set password for foo1 = '2222222222222222';
 set password for foo1 = '11111111111111111111111111111111111111111';
 create user foo2 identified by password '11111111111111111111111111111111111111111';

--- a/mysql-test/suite/plugins/r/two_password_validations.result
+++ b/mysql-test/suite/plugins/r/two_password_validations.result
@@ -5,16 +5,16 @@ install soname "cracklib_password_check";
 grant select on *.* to foobar identified by 'q$%^&*R1234ty';
 drop user foobar;
 grant select on *.* to Fff_fff1 identified by '1fff_ffF';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (cracklib_password_check)
 show warnings;
 Level	Code	Message
 Warning	1819	cracklib: it does not contain enough DIFFERENT characters
-Error	1819	Your password does not satisfy the current policy requirements
+Error	1819	Your password does not satisfy the current policy requirements (cracklib_password_check)
 grant select on *.* to foobar identified by 'q-%^&*rty';
-ERROR HY000: Your password does not satisfy the current policy requirements
+ERROR HY000: Your password does not satisfy the current policy requirements (simple_password_check)
 show warnings;
 Level	Code	Message
-Error	1819	Your password does not satisfy the current policy requirements
+Error	1819	Your password does not satisfy the current policy requirements (simple_password_check)
 uninstall plugin simple_password_check;
 grant select on *.* to foobar identified by 'q-%^&*rty';
 drop user foobar;

--- a/sql/share/errmsg-utf8.txt
+++ b/sql/share/errmsg-utf8.txt
@@ -6925,7 +6925,8 @@ ER_INVALID_YEAR_COLUMN_LENGTH
  rus "Тип YEAR(%lu) более не поддерживается, вместо него будет создана колонка с типом YEAR(4)"

 ER_NOT_VALID_PASSWORD
-  eng "Your password does not satisfy the current policy requirements"
+  eng "Your password does not satisfy the current policy requirements (%s)"
+  ukr "Ваш пароль не відповідає поточним правилам (%s)"

 ER_MUST_CHANGE_PASSWORD
  eng "You must SET PASSWORD before executing this statement"

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -1450,7 +1450,12 @@ static my_bool do_validate(THD *, plugin_ref plugin, void *arg)
  struct validation_data *data= (struct validation_data *)arg;
  struct st_mariadb_password_validation *handler=
    (st_mariadb_password_validation *)plugin_decl(plugin)->info;
-  return handler->validate_password(data->user, data->password);
+  if (handler->validate_password(data->user, data->password))
+  {
+    my_error(ER_NOT_VALID_PASSWORD, MYF(0), plugin_ref_to_int(plugin)->name.str);
+    return true;
+  }
+  return false;
 }


@@ -1464,7 +1469,6 @@ static bool validate_password(LEX_USER *user, THD *thd)
    if (plugin_foreach(NULL, do_validate,
                       MariaDB_PASSWORD_VALIDATION_PLUGIN, &data))
    {
-      my_error(ER_NOT_VALID_PASSWORD, MYF(0));
      return true;
    }
  }