Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
2852862c
Commit
2852862c
authored
Jul 30, 2004
by
serg@serg.mylan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apply in SET PASSWORD same checks as in GRANT, to let only valid hashes through
parent
f66b4a1b
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
26 additions
and
10 deletions
+26
-10
mysql-test/r/connect.result
mysql-test/r/connect.result
+2
-0
mysql-test/t/connect.test
mysql-test/t/connect.test
+2
-0
sql/set_var.cc
sql/set_var.cc
+5
-4
sql/sql_acl.cc
sql/sql_acl.cc
+15
-5
sql/sql_acl.h
sql/sql_acl.h
+2
-1
No files found.
mysql-test/r/connect.result
View file @
2852862c
...
@@ -40,6 +40,8 @@ show tables;
...
@@ -40,6 +40,8 @@ show tables;
Tables_in_test
Tables_in_test
update mysql.user set password=old_password("gambling2") where user=_binary"test";
update mysql.user set password=old_password("gambling2") where user=_binary"test";
flush privileges;
flush privileges;
set password='gambling3';
ERROR HY000: Password hash should be a 41-digit hexadecimal number
set password=old_password('gambling3');
set password=old_password('gambling3');
show tables;
show tables;
Tables_in_mysql
Tables_in_mysql
...
...
mysql-test/t/connect.test
View file @
2852862c
...
@@ -48,6 +48,8 @@ flush privileges;
...
@@ -48,6 +48,8 @@ flush privileges;
#connect (con1,localhost,test,gambling2,"");
#connect (con1,localhost,test,gambling2,"");
#show tables;
#show tables;
connect
(
con1
,
localhost
,
test
,
gambling2
,
mysql
);
connect
(
con1
,
localhost
,
test
,
gambling2
,
mysql
);
--
error
1105
set
password
=
'gambling3'
;
set
password
=
old_password
(
'gambling3'
);
set
password
=
old_password
(
'gambling3'
);
show
tables
;
show
tables
;
connect
(
con1
,
localhost
,
test
,
gambling3
,
test
);
connect
(
con1
,
localhost
,
test
,
gambling3
,
test
);
...
...
sql/set_var.cc
View file @
2852862c
...
@@ -2851,8 +2851,9 @@ int set_var_password::check(THD *thd)
...
@@ -2851,8 +2851,9 @@ int set_var_password::check(THD *thd)
if
(
!
user
->
host
.
str
)
if
(
!
user
->
host
.
str
)
user
->
host
.
str
=
(
char
*
)
thd
->
host_or_ip
;
user
->
host
.
str
=
(
char
*
)
thd
->
host_or_ip
;
/* Returns 1 as the function sends error to client */
/* Returns 1 as the function sends error to client */
return
check_change_password
(
thd
,
user
->
host
.
str
,
user
->
user
.
str
)
?
1
:
0
;
return
check_change_password
(
thd
,
user
->
host
.
str
,
user
->
user
.
str
,
password
)
?
#else
1
:
0
;
#else
return
0
;
return
0
;
#endif
#endif
}
}
...
@@ -2861,8 +2862,8 @@ int set_var_password::update(THD *thd)
...
@@ -2861,8 +2862,8 @@ int set_var_password::update(THD *thd)
{
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
#ifndef NO_EMBEDDED_ACCESS_CHECKS
/* Returns 1 as the function sends error to client */
/* Returns 1 as the function sends error to client */
return
(
change_password
(
thd
,
user
->
host
.
str
,
user
->
user
.
str
,
password
)
?
return
change_password
(
thd
,
user
->
host
.
str
,
user
->
user
.
str
,
password
)
?
1
:
0
)
;
1
:
0
;
#else
#else
return
0
;
return
0
;
#endif
#endif
...
...
sql/sql_acl.cc
View file @
2852862c
...
@@ -1127,13 +1127,14 @@ bool acl_check_host(const char *host, const char *ip)
...
@@ -1127,13 +1127,14 @@ bool acl_check_host(const char *host, const char *ip)
1 ERROR ; In this case the error is sent to the client.
1 ERROR ; In this case the error is sent to the client.
*/
*/
bool
check_change_password
(
THD
*
thd
,
const
char
*
host
,
const
char
*
user
)
bool
check_change_password
(
THD
*
thd
,
const
char
*
host
,
const
char
*
user
,
char
*
new_password
)
{
{
if
(
!
initialized
)
if
(
!
initialized
)
{
{
net_printf
(
thd
,
ER_OPTION_PREVENTS_STATEMENT
,
net_printf
(
thd
,
ER_OPTION_PREVENTS_STATEMENT
,
"--skip-grant-tables"
);
/* purecov: inspected */
"--skip-grant-tables"
);
return
(
1
);
/* purecov: inspected */
return
(
1
);
}
}
if
(
!
thd
->
slave_thread
&&
if
(
!
thd
->
slave_thread
&&
(
strcmp
(
thd
->
user
,
user
)
||
(
strcmp
(
thd
->
user
,
user
)
||
...
@@ -1147,6 +1148,15 @@ bool check_change_password(THD *thd, const char *host, const char *user)
...
@@ -1147,6 +1148,15 @@ bool check_change_password(THD *thd, const char *host, const char *user)
send_error
(
thd
,
ER_PASSWORD_ANONYMOUS_USER
);
send_error
(
thd
,
ER_PASSWORD_ANONYMOUS_USER
);
return
(
1
);
return
(
1
);
}
}
uint
len
=
strlen
(
new_password
);
if
(
len
!=
SCRAMBLED_PASSWORD_CHAR_LENGTH
&&
len
!=
SCRAMBLED_PASSWORD_CHAR_LENGTH_323
)
{
net_printf
(
thd
,
0
,
"Password hash should be a %d-digit hexadecimal number"
,
SCRAMBLED_PASSWORD_CHAR_LENGTH
);
return
-
1
;
}
return
(
0
);
return
(
0
);
}
}
...
@@ -1174,7 +1184,7 @@ bool change_password(THD *thd, const char *host, const char *user,
...
@@ -1174,7 +1184,7 @@ bool change_password(THD *thd, const char *host, const char *user,
host
,
user
,
new_password
));
host
,
user
,
new_password
));
DBUG_ASSERT
(
host
!=
0
);
// Ensured by parent
DBUG_ASSERT
(
host
!=
0
);
// Ensured by parent
if
(
check_change_password
(
thd
,
host
,
user
))
if
(
check_change_password
(
thd
,
host
,
user
,
new_password
))
DBUG_RETURN
(
1
);
DBUG_RETURN
(
1
);
VOID
(
pthread_mutex_lock
(
&
acl_cache
->
lock
));
VOID
(
pthread_mutex_lock
(
&
acl_cache
->
lock
));
...
@@ -1433,7 +1443,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
...
@@ -1433,7 +1443,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
if
(
combo
.
password
.
length
!=
SCRAMBLED_PASSWORD_CHAR_LENGTH
&&
if
(
combo
.
password
.
length
!=
SCRAMBLED_PASSWORD_CHAR_LENGTH
&&
combo
.
password
.
length
!=
SCRAMBLED_PASSWORD_CHAR_LENGTH_323
)
combo
.
password
.
length
!=
SCRAMBLED_PASSWORD_CHAR_LENGTH_323
)
{
{
my_printf_error
(
ER_
PASSWORD_NO_MATCH
,
my_printf_error
(
ER_
UNKNOWN_ERROR
,
"Password hash should be a %d-digit hexadecimal number"
,
"Password hash should be a %d-digit hexadecimal number"
,
MYF
(
0
),
SCRAMBLED_PASSWORD_CHAR_LENGTH
);
MYF
(
0
),
SCRAMBLED_PASSWORD_CHAR_LENGTH
);
DBUG_RETURN
(
-
1
);
DBUG_RETURN
(
-
1
);
...
...
sql/sql_acl.h
View file @
2852862c
...
@@ -142,7 +142,8 @@ ulong acl_get(const char *host, const char *ip,
...
@@ -142,7 +142,8 @@ ulong acl_get(const char *host, const char *ip,
int
acl_getroot
(
THD
*
thd
,
USER_RESOURCES
*
mqh
,
const
char
*
passwd
,
int
acl_getroot
(
THD
*
thd
,
USER_RESOURCES
*
mqh
,
const
char
*
passwd
,
uint
passwd_len
);
uint
passwd_len
);
bool
acl_check_host
(
const
char
*
host
,
const
char
*
ip
);
bool
acl_check_host
(
const
char
*
host
,
const
char
*
ip
);
bool
check_change_password
(
THD
*
thd
,
const
char
*
host
,
const
char
*
user
);
bool
check_change_password
(
THD
*
thd
,
const
char
*
host
,
const
char
*
user
,
char
*
password
);
bool
change_password
(
THD
*
thd
,
const
char
*
host
,
const
char
*
user
,
bool
change_password
(
THD
*
thd
,
const
char
*
host
,
const
char
*
user
,
char
*
password
);
char
*
password
);
int
mysql_grant
(
THD
*
thd
,
const
char
*
db
,
List
<
LEX_USER
>
&
user_list
,
int
mysql_grant
(
THD
*
thd
,
const
char
*
db
,
List
<
LEX_USER
>
&
user_list
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment