Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES

PAM AUTHENTICATION SETTINGS SET PASSWORD code on a account with plugin authentication was errorneously resetting the in-memory plugin pointer for the user back to native password plugin despite the fact that it was sending a warning that the command has no immediate effect. Fixed by not updating the user's plugin if it's already set to a non default value. Note that the bug affected only the in-memory cache of the user definitions. Any restart of the server will fix the problem. Also the salt and the password has are still stored into the user tables (just as it's documented now). Test case added. One old test case result updated to have the correct value.
2025-07-29 05:21:33 +03:00 · 2011-08-12 15:04:05 +03:00
parent c7ac498d9f
commit 9226cfe453
3 changed files with 57 additions and 6 deletions
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -1881,17 +1881,17 @@ bool change_password(THD *thd, const char *host, const char *user,
    goto end;
  }

+  /* update loaded acl entry: */
+  set_user_salt(acl_user, new_password, new_password_len);
+
  if (my_strcasecmp(system_charset_info, acl_user->plugin.str,
                    native_password_plugin_name.str) &&
      my_strcasecmp(system_charset_info, acl_user->plugin.str,
                    old_password_plugin_name.str))
-  {
    push_warning(thd, MYSQL_ERROR::WARN_LEVEL_NOTE,
                 ER_SET_PASSWORD_AUTH_PLUGIN, ER(ER_SET_PASSWORD_AUTH_PLUGIN));
-  }
-  /* update loaded acl entry: */
-  set_user_salt(acl_user, new_password, new_password_len);
-  set_user_plugin(acl_user, new_password_len);
+  else
+    set_user_plugin(acl_user, new_password_len);

  if (update_user_table(thd, table,
 			acl_user->host.hostname ? acl_user->host.hostname : "",