apply in SET PASSWORD same checks as in GRANT, to let only valid hashes through

2852862c · serg@serg.mylan · f66b4a1b · 2852862c · 2852862c · 2852862c
Commit 2852862c authored Jul 30, 2004 by serg@serg.mylan
5 changed files
--- a/mysql-test/r/connect.result
+++ b/mysql-test/r/connect.result
@@ -40,6 +40,8 @@ show tables;
 Tables_in_test
 update mysql.user set password=old_password("gambling2") where user=_binary"test";
 flush privileges;
+set password='gambling3';
+ERROR HY000: Password hash should be a 41-digit hexadecimal number
 set password=old_password('gambling3');
 show tables;
 Tables_in_mysql

--- a/mysql-test/t/connect.test
+++ b/mysql-test/t/connect.test
@@ -48,6 +48,8 @@ flush privileges;
 #connect (con1,localhost,test,gambling2,"");
 #show tables;
 connect (con1,localhost,test,gambling2,mysql);
+--error 1105
+set password='gambling3';
 set password=old_password('gambling3');
 show tables;
 connect (con1,localhost,test,gambling3,test);

--- a/sql/set_var.cc
+++ b/sql/set_var.cc
@@ -2851,7 +2851,8 @@ int set_var_password::check(THD *thd)
  if (!user->host.str)
    user->host.str= (char*) thd->host_or_ip;
  /* Returns 1 as the function sends error to client */
-  return check_change_password(thd, user->host.str, user->user.str) ? 1 : 0;
+  return check_change_password(thd, user->host.str, user->user.str, password) ?
+         1 : 0;
 #else
  return 0;
 #endif
@@ -2861,8 +2862,8 @@ int set_var_password::update(THD *thd)
 {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
  /* Returns 1 as the function sends error to client */
-  return (change_password(thd, user->host.str, user->user.str, password) ?
+  return change_password(thd, user->host.str, user->user.str, password) ?
-	  1 : 0);
+	  1 : 0;
 #else
  return 0;
 #endif

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -1127,13 +1127,14 @@ bool acl_check_host(const char *host, const char *ip)
      1		ERROR  ; In this case the error is sent to the client.
 */
-bool check_change_password(THD *thd, const char *host, const char *user)
+bool check_change_password(THD *thd, const char *host, const char *user,
+                           char *new_password)
 {
  if (!initialized)
  {
    net_printf(thd,ER_OPTION_PREVENTS_STATEMENT,
-             "--skip-grant-tables"); /* purecov: inspected */
+             "--skip-grant-tables");
-    return(1);                             /* purecov: inspected */
+    return(1);
  }
  if (!thd->slave_thread &&
      (strcmp(thd->user,user) ||
@@ -1147,6 +1148,15 @@ bool check_change_password(THD *thd, const char *host, const char *user)
    send_error(thd, ER_PASSWORD_ANONYMOUS_USER);
    return(1);
  }
+  uint len=strlen(new_password);
+  if (len != SCRAMBLED_PASSWORD_CHAR_LENGTH &&
+      len != SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
+  {
+    net_printf(thd, 0,
+               "Password hash should be a %d-digit hexadecimal number",
+               SCRAMBLED_PASSWORD_CHAR_LENGTH);
+    return -1;
+  }
  return(0);
 }
@@ -1174,7 +1184,7 @@ bool change_password(THD *thd, const char *host, const char *user,
 		      host,user,new_password));
  DBUG_ASSERT(host != 0);			// Ensured by parent
-  if (check_change_password(thd, host, user))
+  if (check_change_password(thd, host, user, new_password))
    DBUG_RETURN(1);
  VOID(pthread_mutex_lock(&acl_cache->lock));
@@ -1433,7 +1443,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
    if (combo.password.length != SCRAMBLED_PASSWORD_CHAR_LENGTH &&
        combo.password.length != SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
    {
-      my_printf_error(ER_PASSWORD_NO_MATCH,
+      my_printf_error(ER_UNKNOWN_ERROR,
                      "Password hash should be a %d-digit hexadecimal number",
                      MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
      DBUG_RETURN(-1);

--- a/sql/sql_acl.h
+++ b/sql/sql_acl.h
@@ -142,7 +142,8 @@ ulong acl_get(const char *host, const char *ip,
 int acl_getroot(THD *thd, USER_RESOURCES *mqh, const char *passwd,
                uint passwd_len);
 bool acl_check_host(const char *host, const char *ip);
-bool check_change_password(THD *thd, const char *host, const char *user);
+bool check_change_password(THD *thd, const char *host, const char *user,
+                           char *password);
 bool change_password(THD *thd, const char *host, const char *user,
 		     char *password);
 int mysql_grant(THD *thd, const char *db, List <LEX_USER> &user_list,