cleanup: normalize LEX_USER to get rid of different representation of the same thing

username IDENTIFIED BY PASSWORD xxx username IDENTIFIED VIA mysql_native_password USING xxx etc also check for valid strlen(xxx)
2025-08-01 03:47:19 +03:00 · 2014-11-23 20:30:56 +01:00
parent c1204da1c7
commit f5722f5851
5 changed files with 119 additions and 5 deletions
--- a/mysql-test/r/connect.result
+++ b/mysql-test/r/connect.result
@ -273,8 +273,8 @@ connect(localhost,mysqltest_nouser,newpw,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: YES)
 connect(localhost,mysqltest_nouser,,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: NO)
-update mysql.user set password=authentication_string, authentication_string=''
+update mysql.user set plugin='mysql_native_password' where user = 'mysqltest_up1';
-                  where user like 'mysqltest_up_';
+update mysql.user set plugin='mysql_old_password' where user = 'mysqltest_up2';
 select user, password, plugin, authentication_string from mysql.user
 where user like 'mysqltest_up_';
 user	password	plugin	authentication_string
--- a/mysql-test/r/grant4.result
+++ b/mysql-test/r/grant4.result
@ -178,3 +178,37 @@ mysqltest_db1.t1	repair	status	OK
 # Switching to connection 'default'.
 drop database mysqltest_db1;
 drop user mysqltest_u1@localhost;
 create user foo1 identified by password '11111111111111111111111111111111111111111';
 create user foo2 identified by password '2222222222222222';
 create user foo3 identified via mysql_native_password using '11111111111111111111111111111111111111111';
 create user foo4 identified via mysql_old_password using '2222222222222222';
 grant select on test.* to foo5 identified by password '11111111111111111111111111111111111111111';
 grant select on test.* to foo6 identified by password '2222222222222222';
 grant select on test.* to foo7 identified via mysql_native_password using '11111111111111111111111111111111111111111';
 grant select on test.* to foo8 identified via mysql_old_password using '2222222222222222';
 select user,password,plugin,authentication_string from mysql.user where user like 'foo%';
 user	password	plugin	authentication_string
 foo1	11111111111111111111111111111111111111111		
 foo2	2222222222222222		
 foo3	11111111111111111111111111111111111111111		
 foo4	2222222222222222		
 foo5	11111111111111111111111111111111111111111		
 foo6	2222222222222222		
 foo7	11111111111111111111111111111111111111111		
 foo8	2222222222222222		
 drop user foo1;
 drop user foo2;
 drop user foo3;
 drop user foo4;
 drop user foo5;
 drop user foo6;
 drop user foo7;
 drop user foo8;
 create user foo1 identified via mysql_native_password using '00';
 ERROR HY000: Password hash should be a 41-digit hexadecimal number
 create user foo2 identified via mysql_native_password using '2222222222222222';
 ERROR HY000: Password hash should be a 41-digit hexadecimal number
 create user foo3 identified via mysql_old_password using '00';
 ERROR HY000: Password hash should be a 16-digit hexadecimal number
 create user foo4 identified via mysql_old_password using '11111111111111111111111111111111111111111';
 ERROR HY000: Password hash should be a 16-digit hexadecimal number
--- a/mysql-test/t/connect.test
+++ b/mysql-test/t/connect.test
@ -397,8 +397,8 @@ connection default;
 #
 # cannot connect when password is set and plugin=mysql_native_password
 #
-update mysql.user set password=authentication_string, authentication_string=''
+update mysql.user set plugin='mysql_native_password' where user = 'mysqltest_up1';
-                  where user like 'mysqltest_up_';
+update mysql.user set plugin='mysql_old_password' where user = 'mysqltest_up2';
 select user, password, plugin, authentication_string from mysql.user
                  where user like 'mysqltest_up_';
 flush privileges;                  
--- a/mysql-test/t/grant4.test
+++ b/mysql-test/t/grant4.test
@ -201,3 +201,34 @@ disconnect con1;
 connection default;
 drop database mysqltest_db1;
 drop user mysqltest_u1@localhost;
 create user foo1 identified by password '11111111111111111111111111111111111111111';
 create user foo2 identified by password '2222222222222222';
 create user foo3 identified via mysql_native_password using '11111111111111111111111111111111111111111';
 create user foo4 identified via mysql_old_password using '2222222222222222';
 grant select on test.* to foo5 identified by password '11111111111111111111111111111111111111111';
 grant select on test.* to foo6 identified by password '2222222222222222';
 grant select on test.* to foo7 identified via mysql_native_password using '11111111111111111111111111111111111111111';
 grant select on test.* to foo8 identified via mysql_old_password using '2222222222222222';
 --sorted_result
 select user,password,plugin,authentication_string from mysql.user where user like 'foo%';
 drop user foo1;
 drop user foo2;
 drop user foo3;
 drop user foo4;
 drop user foo5;
 drop user foo6;
 drop user foo7;
 drop user foo8;
 --error ER_PASSWD_LENGTH
 create user foo1 identified via mysql_native_password using '00';
 --error ER_PASSWD_LENGTH
 create user foo2 identified via mysql_native_password using '2222222222222222';
 --error ER_PASSWD_LENGTH
 create user foo3 identified via mysql_old_password using '00';
 --error ER_PASSWD_LENGTH
 create user foo4 identified via mysql_old_password using '11111111111111111111111111111111111111111';
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -943,6 +943,43 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
  return false;
 }
 /*
  transform equivalent LEX_USER values to one:
     username IDENTIFIED BY PASSWORD xxx
     username IDENTIFIED VIA mysql_native_password USING xxx
     etc
 */
 static bool fix_lex_user(LEX_USER *user)
 {
  size_t check_length= 0;
  if (my_strcasecmp(system_charset_info, user->plugin.str,
                    native_password_plugin_name.str) == 0)
  {
    check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
  }
  else
  if (my_strcasecmp(system_charset_info, user->plugin.str,
                    old_password_plugin_name.str) == 0)
  {
    check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
  }
  if (check_length)
  {
    user->password= user->auth.length ? user->auth : null_lex_str;
    user->plugin= empty_lex_str;
    user->auth= empty_lex_str;
    if (user->password.length && user->password.length != check_length)
    {
      my_error(ER_PASSWD_LENGTH, MYF(0), check_length);
      return true;
    }
  }
  return false;
 }
 static bool get_YN_as_bool(Field *field)
 {
  char buff[2];
@ -6350,6 +6387,12 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
      continue;
    }
    if (fix_lex_user(tmp_Str))
    {
      result= TRUE;
      continue;
    }
    if (copy_and_check_auth(Str, tmp_Str, thd->lex))
      result= true;
    else
@ -9289,6 +9332,13 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
    if (!user_name->host.str)
      user_name->host= host_not_specified;
    if (fix_lex_user(user_name))
    {
      append_user(thd, &wrong_users, user_name);
      result= TRUE;
      continue;
    }
    /*
      Search all in-memory structures and grant tables
      for a mention of the new user/role name.
@ -9296,7 +9346,6 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
    if (handle_grant_data(tables, 0, user_name, NULL))
    {
      append_user(thd, &wrong_users, user_name);
      result= TRUE;
      continue;
    }