[MDEV-24111] Activated simple password check does not allow to create user identified via unix_socket Created: 2020-11-03  Updated: 2022-01-29  Resolved: 2020-11-09

Status: Closed
Project: MariaDB Server
Component/s: Server
Affects Version/s: 10.2.26, 10.3.25
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Claudio Nanni Assignee: Sergei Golubchik
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-20631 Activated simple password check does ... Closed

 Description   

Same as: MDEV-20631

But for 10.2 and 10.3 where it does not seem to be the fix as in 10.4.

MariaDB [(none)]> CREATE USER IF NOT EXISTS 'claudio'@'localhost' IDENTIFIED VIA unix_socket;
 
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

As workaround I have found this:

MariaDB [(none)]> CREATE USER IF NOT EXISTS 'claudio'@'localhost' IDENTIFIED BY 'Abcdefgh_0123456';
 
Query OK, 0 rows affected (0.001 sec)
 
 
 
MariaDB [(none)]> ALTER USER claudio@localhost IDENTIFIED VIA unix_socket;
 
Query OK, 0 rows affected (0.000 sec)
 
 
 
MariaDB [(none)]> Bye
 
[claudio@tossanc 10323]$ bin/mysql --socket=data/10323.sock
 
Welcome to the MariaDB monitor. Commands end with ; or \g.
 
Your MariaDB connection id is 21
 
Server version: 10.3.23-MariaDB-log MariaDB Server
 
 
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
 
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
 
 
MariaDB [(none)]> select current_user(),user();
 
+-------------------+-------------------+
 
| current_user() | user() |
 
+-------------------+-------------------+
 
| claudio@localhost | claudio@localhost |
 
+-------------------+-------------------+
 
1 row in set (0.000 sec)



 Comments   
Comment by Sergei Golubchik [ 2020-11-09 ]

This cannot be backported, it's a new functionality and an API change for authentication plugins.

Comment by Daniel Black [ 2022-01-29 ]

Seems this was fixed in 10.4+ (which I'm happy about).

$ podman run  -d  --rm --name m104 -e MARIADB_ROOT_PASSWORD="so\"big3SCARY102yes"  mariadb:10.4 --plugin-load-add=auth_socket --plugin-load-add=simple_password_check
 
cba3866cb0948b5932086082792ed36302dab939bc93a944568a895b036f94a1
 
 
 
$ podman exec m104 mysql -p"so\"big3SCARY102yes"   -e 'create user bob@localhost identified via unix_socket'
 
 
 
$  podman exec m104 mysql -p"so\"big3SCARY102yes"   -e 'show create user bob@localhost'
 
CREATE USER for bob@localhost
 
CREATE USER `bob`@`localhost` IDENTIFIED VIA unix_socket
 
 
 
$  podman exec m104 mysql -p"so\"big3SCARY102yes"   -e 'select version()'
 
version()
 
10.4.22-MariaDB-1:10.4.22+maria~focal
 
 
 
$ podman run  -d  --rm --name m103 -e MARIADB_ROOT_PASSWORD="so\"big3SCARY102yes"  mariadb:10.3 --plugin-load-add=auth_socket --plugin-load-add=simple_password_check
 
27371bc087a03cec006e8ca37f6ac8a37fbfb56fffa8638a91da464875cfb573
 
 
 
$ podman exec m103 mysql -p"so\"big3SCARY102yes"   -e 'create user bob@localhost identified via unix_socket'
 
ERROR 1819 (HY000) at line 1: Your password does not satisfy the current policy requirements

Generated at Thu Feb 08 09:27:31 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.