[MDEV-26647] Include password validation plugin information in the error message if the SQL statement is not satisfied password policy Created: 2021-09-20  Updated: 2023-11-27  Resolved: 2022-07-27

Status: Closed
Project: MariaDB Server
Component/s: Plugins
Affects Version/s: 10.2, 10.3, 10.4, 10.5, 10.6, 10.7
Fix Version/s: 10.7.1, 10.3.36, 10.4.26, 10.5.17, 10.6.9

Type: Bug Priority: Blocker
Reporter: Ramesh Sivaraman Assignee: Oleksandr Byelkin
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Problem/Incident
is caused by MDEV-9245 password "reuse prevention" validatio... Closed
Relates

 Description   

Currently simple_password_check and password_reuse_check shows same error message if the query does not satisfy the plugin policy. I think we should separate the error message on the basis of failure.

simple_password_check password validation

10.7.0-opt>SET PASSWORD FOR user_name@localhost = PASSWORD('test@123');
 
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
 
10.7.0-opt>
 
10.7.0-opt>UNINSTALL SONAME 'simple_password_check';
 
Query OK, 0 rows affected (0.005 sec)

password_reuse_check password validation

10.7.0-opt>SET PASSWORD FOR user_name@localhost = PASSWORD('test@123');
 
Query OK, 0 rows affected (0.011 sec)
 
 
 
10.7.0-opt>SET PASSWORD FOR user_name@localhost = PASSWORD('test@123');
 
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
 
10.7.0-opt>

Similarly ALTER USER also shows different error message.

10.7.0-opt>alter user user_name@localhost identified by 'test_pwd2';
 
ERROR 1396 (HY000): Operation ALTER USER failed for 'user_name'@'localhost'
 
10.7.0-opt>
 
10.7.0-opt>show warnings;
 
+-------+------+----------------------------------------------------------------+
 
| Level | Code | Message                                                        |
 
+-------+------+----------------------------------------------------------------+
 
| Error | 1819 | Your password does not satisfy the current policy requirements |
 
| Error | 1396 | Operation ALTER USER failed for 'user_name'@'localhost'        |
 
+-------+------+----------------------------------------------------------------+
 
2 rows in set (0.000 sec)
 
 
 
10.7.0-opt>



 Comments   
Comment by Oleksandr Byelkin [ 2021-10-20 ]

It is related to all plugins (there is no info even about which plugin generated the error)

Comment by Oleksandr Byelkin [ 2021-10-20 ]

branch bb-10.2-MDEV-26647

commit f355f8e4163200ca27a6082438aa129cd435a7cd (HEAD -> bb-10.2-MDEV-26647, origin/bb-10.2-MDEV-26647)
 
Author: Oleksandr Byelkin <sanja@mariadb.com>
 
Date:   Wed Oct 20 11:37:14 2021 +0200
 
 
 
    MDEV-26647 (simple_password_check) Include password validation plugin information in the error message if the SQL statement is not satisfied password policy
 
    
    Make the plugin reporting cause of the error.
 
 
 
commit f426b7c6e19c5f6209ea1feca2ffba566b107705
 
Author: Oleksandr Byelkin <sanja@mariadb.com>
 
Date:   Wed Oct 20 10:21:00 2021 +0200
 
 
 
    MDEV-26647 (plugin name) Include password validation plugin information in the error message if the SQL statement is not satisfied password policy
 
    
    Add plugin name to the error message.

and 10.7:

commit 45a376dd2d505af343cfff68e4343c7650f2565c (HEAD -> preview-10.7-MDEV-9245-password-reuse)
 
Author: Oleksandr Byelkin <sanja@mariadb.com>
 
Date:   Wed Oct 20 12:02:52 2021 +0200
 
 
 
    MDEV-26647 (reuse info) Include password validation plugin information in the error message if the SQL statement is not satisfied password policy
 
    
    send information about password reusing

Comment by Sergei Golubchik [ 2021-10-20 ]

ok to push

Comment by Daniel Black [ 2022-01-29 ]

10.2 changes appears unmerged.

10.7 appears to be merged.

Generated at Thu Feb 08 09:46:53 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.