Commit 4d0784ee authored by Georgi Kodinov's avatar Georgi Kodinov

Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES

PAM AUTHENTICATION SETTINGS

SET PASSWORD code on a account with plugin authentication was errorneously
resetting the in-memory plugin pointer for the user back to native password 
plugin despite the fact that it was sending a warning that the command has 
no immediate effect.
Fixed by not updating the user's plugin if it's already set to a non default value.
Note that the bug affected only the in-memory cache of the user definitions.
Any restart of the server will fix the problem.
Also the salt and the password has are still stored into the user tables (just as 
it's documented now).
Test case added.
One old test case result updated  to have the correct value.
parent 5a7e0127
......@@ -44,7 +44,7 @@ ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
## test correct default plugin
select USER(),CURRENT_USER();
USER() CURRENT_USER()
plug@localhost plug@%
plug@localhost plug_dest@%
## test no_auto_create_user sql mode with plugin users
SET @@sql_mode=no_auto_create_user;
GRANT INSERT ON TEST.* TO grant_user IDENTIFIED WITH 'test_plugin_server';
......@@ -462,4 +462,24 @@ CREATE USER bug12610784@localhost;
SET PASSWORD FOR bug12610784@localhost = PASSWORD('secret');
ERROR 28000: Access denied for user 'bug12610784'@'localhost' (using password: NO)
DROP USER bug12610784@localhost;
#
# Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM
# AUTHENTICATION SETTINGS
#
CREATE USER bug12818542@localhost
IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
CREATE USER bug12818542_dest@localhost
IDENTIFIED BY 'bug12818542_dest_passwd';
GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost
SET PASSWORD = PASSWORD('bruhaha');
Warnings:
Note 1699 SET PASSWORD has no significance for users authenticating via plugins
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost
DROP USER bug12818542@localhost;
DROP USER bug12818542_dest@localhost;
End of 5.5 tests
......@@ -540,4 +540,35 @@ connection default;
disconnect b12610784;
DROP USER bug12610784@localhost;
--echo #
--echo # Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM
--echo # AUTHENTICATION SETTINGS
--echo #
CREATE USER bug12818542@localhost
IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
CREATE USER bug12818542_dest@localhost
IDENTIFIED BY 'bug12818542_dest_passwd';
GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
connect(bug12818542_con,localhost,bug12818542,bug12818542_dest);
connection bug12818542_con;
SELECT USER(),CURRENT_USER();
SET PASSWORD = PASSWORD('bruhaha');
connection default;
disconnect bug12818542_con;
connect(bug12818542_con2,localhost,bug12818542,bug12818542_dest);
connection bug12818542_con2;
SELECT USER(),CURRENT_USER();
connection default;
disconnect bug12818542_con2;
DROP USER bug12818542@localhost;
DROP USER bug12818542_dest@localhost;
--echo End of 5.5 tests
......@@ -1881,16 +1881,16 @@ bool change_password(THD *thd, const char *host, const char *user,
goto end;
}
/* update loaded acl entry: */
set_user_salt(acl_user, new_password, new_password_len);
if (my_strcasecmp(system_charset_info, acl_user->plugin.str,
native_password_plugin_name.str) &&
my_strcasecmp(system_charset_info, acl_user->plugin.str,
old_password_plugin_name.str))
{
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_NOTE,
ER_SET_PASSWORD_AUTH_PLUGIN, ER(ER_SET_PASSWORD_AUTH_PLUGIN));
}
/* update loaded acl entry: */
set_user_salt(acl_user, new_password, new_password_len);
else
set_user_plugin(acl_user, new_password_len);
if (update_user_table(thd, table,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment