database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

MDEV-34854 Parsec sends garbage when using an empty password

Browse Source 
When an empty password is set, the server doesn't call
st_mysql_auth::hash_password and leaves MYSQL_SERVER_AUTH_INFO::auth_string
empty.

Fix:
generate hashes by calling hash_password for empty passwords as well. This
changes the api behavior slightly, but since even old plugins support it,
we can ignore this.

Some empty passwords could be already stored with no salt, though. The user
will have to call SET PASSWORD once again, anyway the authentication wouldn't
have worked for such password.
This commit is contained in:
Nikita Malyavin
2024-09-04 19:57:45 +02:00
committed by Oleksandr Byelkin
parent 9e1fb104a3
commit 583a5a79c9
3 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
sql/sql_acl.cc
View File

@ -2401,7 +2401,8 @@ static int set_user_auth(THD *thd, const LEX_CSTRING &user,
res= ER_NOT_VALID_PASSWORD;
goto end;
}
if (pwtext.length)
if (!auth->auth_string.length)
{
if (info->hash_password)
{
@ -2416,7 +2417,7 @@ static int set_user_auth(THD *thd, const LEX_CSTRING &user,
auth->auth_string.str= (char*)memdup_root(&acl_memroot, buf, len+1);
auth->auth_string.length= len;
}
else
else if (pwtext.length)
{
res= ER_SET_PASSWORD_AUTH_PLUGIN;
goto end;