1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MDEV-18119 upgrading from 10.3 to 10.4 can result in the password for a user to be wiped out

Browse Source 
10.1 part: SHOW CREATE USER didn't show the password, if plugin was set,
but authentication_string was not
This commit is contained in:
Sergei Golubchik 2019-01-09 19:17:06 +01:00
parent d24060b179
commit c2a4bfad22
3 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mysql-test/r/connect.result
View File

@ -82,8 +82,20 @@ connect(localhost,test,zorro,test2,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES) ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
connect(localhost,test,zorro,test,MASTER_PORT,MASTER_SOCKET); connect(localhost,test,zorro,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES) ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
select user,host,password,plugin,authentication_string from mysql.user where user='test';
user host password plugin authentication_string
test localhost *5FDFF3268A50F41C5D18D2CA2F754D7BDB9B3E59
test 127.0.0.1 *5FDFF3268A50F41C5D18D2CA2F754D7BDB9B3E59
update mysql.user set password=old_password("gambling2") where user=_binary"test"; update mysql.user set password=old_password("gambling2") where user=_binary"test";
flush privileges; flush privileges;
show grants for test@localhost;
Grants for test@localhost
GRANT ALL PRIVILEGES ON *.* TO 'test'@'localhost' IDENTIFIED BY PASSWORD '2f27438961437573'
update mysql.user set plugin='mysql_old_password' where user='test';
flush privileges;
show grants for test@localhost;
Grants for test@localhost
GRANT ALL PRIVILEGES ON *.* TO 'test'@'localhost' IDENTIFIED BY PASSWORD '2f27438961437573'
set password=""; set password="";
set password='gambling3'; set password='gambling3';
ERROR HY000: Password hash should be a 41-digit hexadecimal number ERROR HY000: Password hash should be a 41-digit hexadecimal number

5
mysql-test/t/connect.test
View File

@ -66,8 +66,13 @@ connect (fail_con,localhost,test,zorro,test2);
connect (fail_con,localhost,test,zorro,); connect (fail_con,localhost,test,zorro,);
# check if old password version also works # check if old password version also works
select user,host,password,plugin,authentication_string from mysql.user where user='test';
update mysql.user set password=old_password("gambling2") where user=_binary"test"; update mysql.user set password=old_password("gambling2") where user=_binary"test";
flush privileges; flush privileges;
show grants for test@localhost;
update mysql.user set plugin='mysql_old_password' where user='test';
flush privileges;
show grants for test@localhost;
connect (con10,localhost,test,gambling2,); connect (con10,localhost,test,gambling2,);
connect (con5,localhost,test,gambling2,mysql); connect (con5,localhost,test,gambling2,mysql);

8
sql/sql_acl.cc
View File

@ -986,8 +986,7 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
else else
return true; return true;
if (user->auth_string.length) set_user_salt(user, user->auth_string.str, user->auth_string.length);
set_user_salt(user, user->auth_string.str, user->auth_string.length);
return false; return false;
} }
@ -1457,6 +1456,11 @@ static bool acl_load(THD *thd, TABLE_LIST *tables)
safe_str(user.user.str), safe_str(user.user.str),
safe_str(user.host.hostname)); safe_str(user.host.hostname));
} }
else if (password_len)
{
user.auth_string.str= password;
user.auth_string.length= password_len;
}
fix_user_plugin_ptr(&user); fix_user_plugin_ptr(&user);
} }