diff --git a/mysql-test/suite/plugins/r/auth_ed25519.result b/mysql-test/suite/plugins/r/auth_ed25519.result index 7b26530ed12..a7008b318ba 100644 --- a/mysql-test/suite/plugins/r/auth_ed25519.result +++ b/mysql-test/suite/plugins/r/auth_ed25519.result @@ -39,6 +39,10 @@ show grants for test1@localhost; Grants for test1@localhost GRANT USAGE ON *.* TO 'test1'@'localhost' IDENTIFIED VIA ed25519 USING 'ZIgUREUg5PVgQ6LskhXmO+eZLS0nC8be6HPjYWR4YJY' drop user test1@localhost; +create user test1@localhost identified via ed25519 using 'foo'; +ERROR HY000: Password hash should be 43 characters long +create user test1@localhost identified via ed25519 using '>>>1234567890123456789012345678901234567890'; +ERROR HY000: Password hash should be base64 encoded create user test1@localhost identified via ed25519 using password('foo'); show grants for test1@localhost; Grants for test1@localhost diff --git a/mysql-test/suite/plugins/t/auth_ed25519.test b/mysql-test/suite/plugins/t/auth_ed25519.test index b8a7b996f65..8e0bdd1d460 100644 --- a/mysql-test/suite/plugins/t/auth_ed25519.test +++ b/mysql-test/suite/plugins/t/auth_ed25519.test @@ -29,6 +29,10 @@ let $pwd=`select ed25519_password("secret")`; eval create user test1@localhost identified via ed25519 using '$pwd'; show grants for test1@localhost; drop user test1@localhost; +--error ER_PASSWD_LENGTH +create user test1@localhost identified via ed25519 using 'foo'; +--error ER_PASSWD_LENGTH +create user test1@localhost identified via ed25519 using '>>>1234567890123456789012345678901234567890'; create user test1@localhost identified via ed25519 using password('foo'); show grants for test1@localhost; select ed25519_password('foo'); diff --git a/plugin/auth_ed25519/server_ed25519.c b/plugin/auth_ed25519/server_ed25519.c index 06c25558653..d2e9e70a9b9 100644 --- a/plugin/auth_ed25519/server_ed25519.c +++ b/plugin/auth_ed25519/server_ed25519.c @@ -15,6 +15,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */ #include +#include #include "common.h" #if !defined(__attribute__) && !defined(__GNUC__) @@ -77,12 +78,18 @@ static int digest_to_binary(const char *d, size_t dlen, char pw[PASSWORD_LEN_BUF]; if (*blen < CRYPTO_PUBLICKEYBYTES || dlen != PASSWORD_LEN) + { + my_printf_error(ER_PASSWD_LENGTH, "Password hash should be %d characters long", 0, PASSWORD_LEN); return 1; + } *blen= CRYPTO_PUBLICKEYBYTES; memcpy(pw, d, PASSWORD_LEN); pw[PASSWORD_LEN]= '='; - return my_base64_decode(pw, PASSWORD_LEN_BUF, b, 0, 0) != CRYPTO_PUBLICKEYBYTES; + if (my_base64_decode(pw, PASSWORD_LEN_BUF, b, 0, 0) == CRYPTO_PUBLICKEYBYTES) + return 0; + my_printf_error(ER_PASSWD_LENGTH, "Password hash should be base64 encoded", 0); + return 1; } static struct st_mysql_auth info = diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index b4ceec66a9e..1880bc7246a 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1792,7 +1792,7 @@ static int set_user_salt(ACL_USER *acl_user, plugin_ref plugin) size_t len= sizeof(buf); if (auth->preprocess_hash(acl_user->auth_string.str, acl_user->auth_string.length, buf, &len)) - return 1; // ER_PASSWD_LENGTH? + return 1; acl_user->salt.str= (char*)memdup_root(&acl_memroot, buf, len); acl_user->salt.length= len; }