database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-27 18:02:13 +03:00
Code Activity

MDEV-22974: mysql_native_password make "invalid" valid

Browse Source 
Per b9f3f06857, mysql_system_tables_data.sql creates
a mysql_native_password with a salted hash of "invalid" so that `set password`
will detect a native password can be applied:.

SHOW CREATE USER; diligently uses this value in its output
generating the SQL:

   MariaDB [(none)]> show create user;

   +---------------------------------------------------------------------------------------------------+
   | CREATE USER for dan@localhost                                                                     |
   +---------------------------------------------------------------------------------------------------+
   | CREATE USER `dan`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket |
   +---------------------------------------------------------------------------------------------------+

Attempting to execute this before this patch results in:

  MariaDB [(none)]>  CREATE USER `dan2`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket;
  ERROR 1372 (HY000): Password hash should be a 41-digit hexadecimal number

As such, deep the implementation of mysql_native_password we make "invalid" valid (pun intended)
such that the above create user will succeed. We do this by storing
"*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE" (credit: Oracle MySQL), that is of an INCORRECT
length for a scramble.

In native_password_authenticate we check the length of this cached value
and immediately fail if it is anything other than the scramble length.

native_password_get_salt is only called in the context of set_user_salt, so all setting of native
passwords to hashed content of 'invalid', quite literally create an invalid password.

So other forms of "invalid" are valid SQL in creating invalid passwords:

   MariaDB [(none)]> set password = 'invalid';
   Query OK, 0 rows affected (0.001 sec)

   MariaDB [(none)]> alter user dan@localhost IDENTIFIED BY PASSWORD 'invalid';
   Query OK, 0 rows affected (0.000 sec)

closes #1628

Reviewer: serg@mariadb.com
This commit is contained in:
Daniel Black
2020-07-16 16:31:59 +10:00
parent 1fddccf676
commit 5b779c220d
5 changed files with 57 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
sql/sql_acl.cc
View File

@ -14166,7 +14166,7 @@ static int native_password_authenticate(MYSQL_PLUGIN_VIO *vio,
info->password_used= PASSWORD_USED_YES;
if (pkt_len == SCRAMBLE_LENGTH)
{
if (!info->auth_string_length)
if (info->auth_string_length != SCRAMBLE_LENGTH)
DBUG_RETURN(CR_AUTH_USER_CREDENTIALS);
if (check_scramble(pkt, thd->scramble, (uchar*)info->auth_string))
@ -14193,9 +14193,13 @@ static int native_password_make_scramble(const char *password,
return 0;
}
/* As this contains is a string of not a valid SCRAMBLE_LENGTH */
static const char invalid_password[] = "*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE";
static int native_password_get_salt(const char *hash, size_t hash_length,
unsigned char *out, size_t *out_length)
{
DBUG_ASSERT(sizeof(invalid_password) > SCRAMBLE_LENGTH);
DBUG_ASSERT(*out_length >= SCRAMBLE_LENGTH);
if (hash_length == 0)
{
@ -14205,6 +14209,12 @@ static int native_password_get_salt(const char *hash, size_t hash_length,
if (hash_length != SCRAMBLED_PASSWORD_CHAR_LENGTH)
{
if (hash_length == 7 && strcmp(hash, "invalid") == 0)
{
memcpy(out, invalid_password, SCRAMBLED_PASSWORD_CHAR_LENGTH);
*out_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
return 0;
}
my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
return 1;
}