database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

BUG 12610784: SET PASSWORD INCORRECTLY KEEP AN OLD EMPTY PASSWORD

Browse Source 
The check for empty password in the user account was checking the wrong field.
Fixed to check the proper password hash.
Test case added.
Fixed native_password and old_password plugins that suffered from the same
problems.
Unambuguated the auth_string ACL_USER member : previously it was used for 
both password and the authentication string (depending on the plugin). Now
fixed to contain either the authentication string specified or empty string.
This commit is contained in:
Georgi Kodinov
2011-06-01 16:08:13 +03:00
parent 1ab52ab7c7
commit 8ae2bb6eaa
3 changed files with 29 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
sql/sql_acl.cc
View File

@ -825,8 +825,6 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
char *password= get_field(&mem, table->field[2]);
uint password_len= password ? strlen(password) : 0;
user.auth_string.str= password ? password : const_cast<char*>("");
user.auth_string.length= password_len;
set_user_salt(&user, password, password_len);
if (set_user_plugin(&user, password_len))
@ -915,7 +913,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
char *tmpstr= get_field(&mem, table->field[next_field++]);
if (tmpstr)
{
if (user.auth_string.length)
if (password_len)
{
sql_print_warning("'user' entry '%s@%s' has both a password "
"and an authentication plugin specified. The "
@ -1483,8 +1481,8 @@ static void acl_insert_user(const char *user, const char *host,
{
acl_user.plugin= password_len == SCRAMBLED_PASSWORD_CHAR_LENGTH_323 ?
old_password_plugin_name : native_password_plugin_name;
acl_user.auth_string.str= strmake_root(&mem, password, password_len);
acl_user.auth_string.length= password_len;
acl_user.auth_string.str= const_cast<char*>("");
acl_user.auth_string.length= 0;
}
acl_user.access=privileges;
@ -8380,7 +8378,7 @@ static bool parse_com_change_user_packet(MPVIO_EXT *mpvio, uint packet_length)
old_password_plugin, otherwise MySQL will think that server
and client plugins don't match.
*/
if (mpvio->acl_user->auth_string.length == 0)
if (mpvio->acl_user->salt_len == 0)
mpvio->acl_user_plugin= old_password_plugin_name;
}
}
@ -8685,7 +8683,7 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
old_password_plugin, otherwise MySQL will think that server
and client plugins don't match.
*/
if (mpvio->acl_user->auth_string.length == 0)
if (mpvio->acl_user->salt_len == 0)
mpvio->acl_user_plugin= old_password_plugin_name;
}
}
@ -9473,7 +9471,7 @@ static int native_password_authenticate(MYSQL_PLUGIN_VIO *vio,
#endif
if (pkt_len == 0) /* no password */
DBUG_RETURN(info->auth_string[0] ? CR_ERROR : CR_OK);
DBUG_RETURN(mpvio->acl_user->salt_len != 0 ? CR_ERROR : CR_OK);
info->password_used= PASSWORD_USED_YES;
if (pkt_len == SCRAMBLE_LENGTH)
@ -9522,7 +9520,7 @@ static int old_password_authenticate(MYSQL_PLUGIN_VIO *vio,
pkt_len= strnlen((char*)pkt, pkt_len);
if (pkt_len == 0) /* no password */
return info->auth_string[0] ? CR_ERROR : CR_OK;
return mpvio->acl_user->salt_len != 0 ? CR_ERROR : CR_OK;
if (secure_auth(mpvio))
return CR_ERROR;