database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-07 00:04:31 +03:00
Code Activity

ed25519: better error message for an incorrect password hash

Browse Source
This commit is contained in:
Sergei Golubchik
2019-01-18 19:28:44 +01:00
parent c94ec9fc67
commit 103a32fdd3
4 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
mysql-test/suite/plugins/r/auth_ed25519.result
View File

@@ -39,6 +39,10 @@ show grants for test1@localhost;
Grants for test1@localhost Grants for test1@localhost
GRANT USAGE ON *.* TO 'test1'@'localhost' IDENTIFIED VIA ed25519 USING 'ZIgUREUg5PVgQ6LskhXmO+eZLS0nC8be6HPjYWR4YJY' GRANT USAGE ON *.* TO 'test1'@'localhost' IDENTIFIED VIA ed25519 USING 'ZIgUREUg5PVgQ6LskhXmO+eZLS0nC8be6HPjYWR4YJY'
drop user test1@localhost; drop user test1@localhost;
create user test1@localhost identified via ed25519 using 'foo';
ERROR HY000: Password hash should be 43 characters long
create user test1@localhost identified via ed25519 using '>>>1234567890123456789012345678901234567890';
ERROR HY000: Password hash should be base64 encoded
create user test1@localhost identified via ed25519 using password('foo'); create user test1@localhost identified via ed25519 using password('foo');
show grants for test1@localhost; show grants for test1@localhost;
Grants for test1@localhost Grants for test1@localhost

4
mysql-test/suite/plugins/t/auth_ed25519.test
View File

@@ -29,6 +29,10 @@ let $pwd=`select ed25519_password("secret")`;
eval create user test1@localhost identified via ed25519 using '$pwd'; eval create user test1@localhost identified via ed25519 using '$pwd';
show grants for test1@localhost; show grants for test1@localhost;
drop user test1@localhost; drop user test1@localhost;
--error ER_PASSWD_LENGTH
create user test1@localhost identified via ed25519 using 'foo';
--error ER_PASSWD_LENGTH
create user test1@localhost identified via ed25519 using '>>>1234567890123456789012345678901234567890';
create user test1@localhost identified via ed25519 using password('foo'); create user test1@localhost identified via ed25519 using password('foo');
show grants for test1@localhost; show grants for test1@localhost;
select ed25519_password('foo'); select ed25519_password('foo');

9
plugin/auth_ed25519/server_ed25519.c
View File

@@ -15,6 +15,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */
#include <mysql/plugin_auth.h> #include <mysql/plugin_auth.h>
#include <mysqld_error.h>
#include "common.h" #include "common.h"
#if !defined(__attribute__) && !defined(__GNUC__) #if !defined(__attribute__) && !defined(__GNUC__)
@@ -77,12 +78,18 @@ static int digest_to_binary(const char *d, size_t dlen,
char pw[PASSWORD_LEN_BUF]; char pw[PASSWORD_LEN_BUF];
if (*blen < CRYPTO_PUBLICKEYBYTES || dlen != PASSWORD_LEN) if (*blen < CRYPTO_PUBLICKEYBYTES || dlen != PASSWORD_LEN)
{
my_printf_error(ER_PASSWD_LENGTH, "Password hash should be %d characters long", 0, PASSWORD_LEN);
return 1; return 1;
}
*blen= CRYPTO_PUBLICKEYBYTES; *blen= CRYPTO_PUBLICKEYBYTES;
memcpy(pw, d, PASSWORD_LEN); memcpy(pw, d, PASSWORD_LEN);
pw[PASSWORD_LEN]= '='; pw[PASSWORD_LEN]= '=';
return my_base64_decode(pw, PASSWORD_LEN_BUF, b, 0, 0) != CRYPTO_PUBLICKEYBYTES; if (my_base64_decode(pw, PASSWORD_LEN_BUF, b, 0, 0) == CRYPTO_PUBLICKEYBYTES)
return 0;
my_printf_error(ER_PASSWD_LENGTH, "Password hash should be base64 encoded", 0);
return 1;
} }
static struct st_mysql_auth info = static struct st_mysql_auth info =

2
sql/sql_acl.cc
View File

@@ -1792,7 +1792,7 @@ static int set_user_salt(ACL_USER *acl_user, plugin_ref plugin)
size_t len= sizeof(buf); size_t len= sizeof(buf);
if (auth->preprocess_hash(acl_user->auth_string.str, if (auth->preprocess_hash(acl_user->auth_string.str,
acl_user->auth_string.length, buf, &len)) acl_user->auth_string.length, buf, &len))
return 1; // ER_PASSWD_LENGTH? return 1;
acl_user->salt.str= (char*)memdup_root(&acl_memroot, buf, len); acl_user->salt.str= (char*)memdup_root(&acl_memroot, buf, len);
acl_user->salt.length= len; acl_user->salt.length= len;
} }