Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-24111

Activated simple password check does not allow to create user identified via unix_socket

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Won't Fix
    • 10.2.26, 10.3.25
    • N/A
    • Server
    • None

    Description

      Same as: MDEV-20631

      But for 10.2 and 10.3 where it does not seem to be the fix as in 10.4.

      MariaDB [(none)]> CREATE USER IF NOT EXISTS 'claudio'@'localhost' IDENTIFIED VIA unix_socket;
      		 
      ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

      As workaround I have found this:

      MariaDB [(none)]> CREATE USER IF NOT EXISTS 'claudio'@'localhost' IDENTIFIED BY 'Abcdefgh_0123456';
      		 
      Query OK, 0 rows affected (0.001 sec)
      		 
       
      		 
      MariaDB [(none)]> ALTER USER claudio@localhost IDENTIFIED VIA unix_socket;
      		 
      Query OK, 0 rows affected (0.000 sec)
      		 
       
      		 
      MariaDB [(none)]> Bye
      		 
      [claudio@tossanc 10323]$ bin/mysql --socket=data/10323.sock
      		 
      Welcome to the MariaDB monitor. Commands end with ; or \g.
      		 
      Your MariaDB connection id is 21
      		 
      Server version: 10.3.23-MariaDB-log MariaDB Server
      		 
       
      		 
      Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
      		 
       
      		 
      Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
      		 
       
      		 
      MariaDB [(none)]> select current_user(),user();
      		 
      +-------------------+-------------------+
      		 
      | current_user() | user() |
      		 
      +-------------------+-------------------+
      		 
      | claudio@localhost | claudio@localhost |
      		 
      +-------------------+-------------------+
      		 
      1 row in set (0.000 sec)

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20631 Activated simple password check does not allow to create user identified via unix_socket

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            serg Sergei Golubchik added a comment -

            This cannot be backported, it's a new functionality and an API change for authentication plugins.

            serg Sergei Golubchik added a comment - This cannot be backported, it's a new functionality and an API change for authentication plugins.
            danblack Daniel Black added a comment -

            Seems this was fixed in 10.4+ (which I'm happy about).

            $ podman run  -d  --rm --name m104 -e MARIADB_ROOT_PASSWORD="so\"big3SCARY102yes"  mariadb:10.4 --plugin-load-add=auth_socket --plugin-load-add=simple_password_check
            		 
            cba3866cb0948b5932086082792ed36302dab939bc93a944568a895b036f94a1
            		 
             
            		 
            $ podman exec m104 mysql -p"so\"big3SCARY102yes"   -e 'create user bob@localhost identified via unix_socket'
            		 
             
            		 
            $  podman exec m104 mysql -p"so\"big3SCARY102yes"   -e 'show create user bob@localhost'
            		 
            CREATE USER for bob@localhost
            		 
            CREATE USER `bob`@`localhost` IDENTIFIED VIA unix_socket
            		 
             
            		 
            $  podman exec m104 mysql -p"so\"big3SCARY102yes"   -e 'select version()'
            		 
            version()
            		 
            10.4.22-MariaDB-1:10.4.22+maria~focal
            		 
             
            		 
            $ podman run  -d  --rm --name m103 -e MARIADB_ROOT_PASSWORD="so\"big3SCARY102yes"  mariadb:10.3 --plugin-load-add=auth_socket --plugin-load-add=simple_password_check
            		 
            27371bc087a03cec006e8ca37f6ac8a37fbfb56fffa8638a91da464875cfb573
            		 
             
            		 
            $ podman exec m103 mysql -p"so\"big3SCARY102yes"   -e 'create user bob@localhost identified via unix_socket'
            		 
            ERROR 1819 (HY000) at line 1: Your password does not satisfy the current policy requirements

            danblack Daniel Black added a comment - Seems this was fixed in 10.4+ (which I'm happy about). $ podman run -d --rm --name m104 -e MARIADB_ROOT_PASSWORD="so\"big3SCARY102yes" mariadb:10.4 --plugin-load-add=auth_socket --plugin-load-add=simple_password_check cba3866cb0948b5932086082792ed36302dab939bc93a944568a895b036f94a1   $ podman exec m104 mysql -p"so\"big3SCARY102yes" -e 'create user bob@localhost identified via unix_socket'   $ podman exec m104 mysql -p"so\"big3SCARY102yes" -e 'show create user bob@localhost' CREATE USER for bob@localhost CREATE USER `bob`@`localhost` IDENTIFIED VIA unix_socket   $ podman exec m104 mysql -p"so\"big3SCARY102yes" -e 'select version()' version() 10.4.22-MariaDB-1:10.4.22+maria~focal   $ podman run -d --rm --name m103 -e MARIADB_ROOT_PASSWORD="so\"big3SCARY102yes" mariadb:10.3 --plugin-load-add=auth_socket --plugin-load-add=simple_password_check 27371bc087a03cec006e8ca37f6ac8a37fbfb56fffa8638a91da464875cfb573   $ podman exec m103 mysql -p"so\"big3SCARY102yes" -e 'create user bob@localhost identified via unix_socket' ERROR 1819 (HY000) at line 1: Your password does not satisfy the current policy requirements

            People

              serg Sergei Golubchik
              claudio.nanni Claudio Nanni
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.