Commit cc04a9fc authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-9835 Valid password is not working after server restart

On SET PASSWORD if the plugin is mysql_native_password
or mysql_old_password, do reset plugin and auth_str
fields.
parent 608c0e1c
create user natauth@localhost identified via 'mysql_native_password' using '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';
create user newpass@localhost identified by password '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';
create user newpassnat@localhost identified via 'mysql_native_password';
set password for newpassnat@localhost = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';
create user oldauth@localhost identified with 'mysql_old_password' using '378b243e220ca493';
create user oldpass@localhost identified by password '378b243e220ca493';
create user oldpassold@localhost identified with 'mysql_old_password';
set password for oldpassold@localhost = '378b243e220ca493';
select user, host, password, plugin, authentication_string from mysql.user where user != 'root';
user host password plugin authentication_string
natauth localhost mysql_native_password *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
newpass localhost *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
newpassnat localhost *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
oldauth localhost mysql_old_password 378b243e220ca493
oldpass localhost 378b243e220ca493
oldpassold localhost 378b243e220ca493
connect con,localhost,natauth,test,;
select current_user();
current_user()
natauth@localhost
disconnect con;
connect con,localhost,newpass,test,;
select current_user();
current_user()
newpass@localhost
disconnect con;
connect con,localhost,newpassnat,test,;
select current_user();
current_user()
newpassnat@localhost
disconnect con;
connect con,localhost,oldauth,test,;
select current_user();
current_user()
oldauth@localhost
disconnect con;
connect con,localhost,oldpass,test,;
select current_user();
current_user()
oldpass@localhost
disconnect con;
connect con,localhost,oldpassold,test,;
select current_user();
current_user()
oldpassold@localhost
disconnect con;
connection default;
flush privileges;
connect con,localhost,natauth,test,;
select current_user();
current_user()
natauth@localhost
disconnect con;
connect con,localhost,newpass,test,;
select current_user();
current_user()
newpass@localhost
disconnect con;
connect con,localhost,newpassnat,test,;
select current_user();
current_user()
newpassnat@localhost
disconnect con;
connect con,localhost,oldauth,test,;
select current_user();
current_user()
oldauth@localhost
disconnect con;
connect con,localhost,oldpass,test,;
select current_user();
current_user()
oldpass@localhost
disconnect con;
connect con,localhost,oldpassold,test,;
select current_user();
current_user()
oldpassold@localhost
disconnect con;
connection default;
set password for natauth@localhost = PASSWORD('test2');
set password for newpass@localhost = PASSWORD('test2');
set password for newpassnat@localhost = PASSWORD('test2');
set password for oldauth@localhost = PASSWORD('test2');
set password for oldpass@localhost = PASSWORD('test2');
set password for oldpassold@localhost = PASSWORD('test2');
select user, host, password, plugin, authentication_string from mysql.user where user != 'root';
user host password plugin authentication_string
natauth localhost *7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E
newpass localhost *7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E
newpassnat localhost *7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E
oldauth localhost *7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E
oldpass localhost *7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E
oldpassold localhost *7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E
connect con,localhost,natauth,test2,;
select current_user();
current_user()
natauth@localhost
disconnect con;
connect con,localhost,newpass,test2,;
select current_user();
current_user()
newpass@localhost
disconnect con;
connect con,localhost,newpassnat,test2,;
select current_user();
current_user()
newpassnat@localhost
disconnect con;
connect con,localhost,oldauth,test2,;
select current_user();
current_user()
oldauth@localhost
disconnect con;
connect con,localhost,oldpass,test2,;
select current_user();
current_user()
oldpass@localhost
disconnect con;
connect con,localhost,oldpassold,test2,;
select current_user();
current_user()
oldpassold@localhost
disconnect con;
connection default;
flush privileges;
connect con,localhost,natauth,test2,;
select current_user();
current_user()
natauth@localhost
disconnect con;
connect con,localhost,newpass,test2,;
select current_user();
current_user()
newpass@localhost
disconnect con;
connect con,localhost,newpassnat,test2,;
select current_user();
current_user()
newpassnat@localhost
disconnect con;
connect con,localhost,oldauth,test2,;
select current_user();
current_user()
oldauth@localhost
disconnect con;
connect con,localhost,oldpass,test2,;
select current_user();
current_user()
oldpass@localhost
disconnect con;
connect con,localhost,oldpassold,test2,;
select current_user();
current_user()
oldpassold@localhost
disconnect con;
connection default;
drop user natauth@localhost, newpass@localhost, newpassnat@localhost;
drop user oldauth@localhost, oldpass@localhost, oldpassold@localhost;
#
# MDEV-9835 Valid password is not working after server restart.
#
# Various combinations of SET PASSWORD and not-empty mysql.user.plugin field
#
--source include/not_embedded.inc
--enable_connect_log
# The hash (old and new) is for 'test'
create user natauth@localhost identified via 'mysql_native_password' using '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';
create user newpass@localhost identified by password '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';
create user newpassnat@localhost identified via 'mysql_native_password';
set password for newpassnat@localhost = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';
create user oldauth@localhost identified with 'mysql_old_password' using '378b243e220ca493';
create user oldpass@localhost identified by password '378b243e220ca493';
create user oldpassold@localhost identified with 'mysql_old_password';
set password for oldpassold@localhost = '378b243e220ca493';
--sorted_result
select user, host, password, plugin, authentication_string from mysql.user where user != 'root';
--connect(con,localhost,natauth,test,)
select current_user();
--disconnect con
--connect(con,localhost,newpass,test,)
select current_user();
--disconnect con
--connect(con,localhost,newpassnat,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldauth,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldpass,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldpassold,test,)
select current_user();
--disconnect con
--connection default
flush privileges;
--connect(con,localhost,natauth,test,)
select current_user();
--disconnect con
--connect(con,localhost,newpass,test,)
select current_user();
--disconnect con
--connect(con,localhost,newpassnat,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldauth,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldpass,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldpassold,test,)
select current_user();
--disconnect con
--connection default
# changing to the NEW password hash
set password for natauth@localhost = PASSWORD('test2');
set password for newpass@localhost = PASSWORD('test2');
set password for newpassnat@localhost = PASSWORD('test2');
set password for oldauth@localhost = PASSWORD('test2');
set password for oldpass@localhost = PASSWORD('test2');
set password for oldpassold@localhost = PASSWORD('test2');
--sorted_result
select user, host, password, plugin, authentication_string from mysql.user where user != 'root';
--connect(con,localhost,natauth,test2,)
select current_user();
--disconnect con
--connect(con,localhost,newpass,test2,)
select current_user();
--disconnect con
--connect(con,localhost,newpassnat,test2,)
select current_user();
--disconnect con
--connect(con,localhost,oldauth,test2,)
select current_user();
--disconnect con
--connect(con,localhost,oldpass,test2,)
select current_user();
--disconnect con
--connect(con,localhost,oldpassold,test2,)
select current_user();
--disconnect con
--connection default
flush privileges;
--connect(con,localhost,natauth,test2,)
select current_user();
--disconnect con
--connect(con,localhost,newpass,test2,)
select current_user();
--disconnect con
--connect(con,localhost,newpassnat,test2,)
select current_user();
--disconnect con
--connect(con,localhost,oldauth,test2,)
select current_user();
--disconnect con
--connect(con,localhost,oldpass,test2,)
select current_user();
--disconnect con
--connect(con,localhost,oldpassold,test2,)
select current_user();
--disconnect con
--connection default
drop user natauth@localhost, newpass@localhost, newpassnat@localhost;
drop user oldauth@localhost, oldpass@localhost, oldpassold@localhost;
...@@ -557,9 +557,8 @@ static void init_check_host(void); ...@@ -557,9 +557,8 @@ static void init_check_host(void);
static void rebuild_check_host(void); static void rebuild_check_host(void);
static ACL_USER *find_acl_user(const char *host, const char *user, static ACL_USER *find_acl_user(const char *host, const char *user,
my_bool exact); my_bool exact);
static bool update_user_table(THD *thd, TABLE *table, const char *host, static bool update_user_table(THD *, TABLE *, const char *, const char *, const
const char *user, const char *new_password, char *, uint, bool);
uint new_password_len);
static my_bool acl_load(THD *thd, TABLE_LIST *tables); static my_bool acl_load(THD *thd, TABLE_LIST *tables);
static my_bool grant_load(THD *thd, TABLE_LIST *tables); static my_bool grant_load(THD *thd, TABLE_LIST *tables);
static inline void get_grantor(THD *thd, char* grantor); static inline void get_grantor(THD *thd, char* grantor);
...@@ -1912,6 +1911,7 @@ bool change_password(THD *thd, const char *host, const char *user, ...@@ -1912,6 +1911,7 @@ bool change_password(THD *thd, const char *host, const char *user,
bool save_binlog_row_based; bool save_binlog_row_based;
uint new_password_len= (uint) strlen(new_password); uint new_password_len= (uint) strlen(new_password);
bool result= 1; bool result= 1;
bool use_salt= 0;
DBUG_ENTER("change_password"); DBUG_ENTER("change_password");
DBUG_PRINT("enter",("host: '%s' user: '%s' new_password: '%s'", DBUG_PRINT("enter",("host: '%s' user: '%s' new_password: '%s'",
host,user,new_password)); host,user,new_password));
...@@ -1967,6 +1967,7 @@ bool change_password(THD *thd, const char *host, const char *user, ...@@ -1967,6 +1967,7 @@ bool change_password(THD *thd, const char *host, const char *user,
acl_user->auth_string.length= new_password_len; acl_user->auth_string.length= new_password_len;
set_user_salt(acl_user, new_password, new_password_len); set_user_salt(acl_user, new_password, new_password_len);
set_user_plugin(acl_user, new_password_len); set_user_plugin(acl_user, new_password_len);
use_salt= 1;
} }
else else
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_NOTE, push_warning(thd, MYSQL_ERROR::WARN_LEVEL_NOTE,
...@@ -1975,7 +1976,7 @@ bool change_password(THD *thd, const char *host, const char *user, ...@@ -1975,7 +1976,7 @@ bool change_password(THD *thd, const char *host, const char *user,
if (update_user_table(thd, table, if (update_user_table(thd, table,
acl_user->host.hostname ? acl_user->host.hostname : "", acl_user->host.hostname ? acl_user->host.hostname : "",
acl_user->user ? acl_user->user : "", acl_user->user ? acl_user->user : "",
new_password, new_password_len)) new_password, new_password_len, use_salt))
{ {
mysql_mutex_unlock(&acl_cache->lock); /* purecov: deadcode */ mysql_mutex_unlock(&acl_cache->lock); /* purecov: deadcode */
goto end; goto end;
...@@ -2223,7 +2224,8 @@ bool hostname_requires_resolving(const char *hostname) ...@@ -2223,7 +2224,8 @@ bool hostname_requires_resolving(const char *hostname)
static bool update_user_table(THD *thd, TABLE *table, static bool update_user_table(THD *thd, TABLE *table,
const char *host, const char *user, const char *host, const char *user,
const char *new_password, uint new_password_len) const char *new_password, uint new_password_len,
bool reset_plugin)
{ {
char user_key[MAX_KEY_LENGTH]; char user_key[MAX_KEY_LENGTH];
int error; int error;
...@@ -2246,6 +2248,11 @@ static bool update_user_table(THD *thd, TABLE *table, ...@@ -2246,6 +2248,11 @@ static bool update_user_table(THD *thd, TABLE *table,
} }
store_record(table,record[1]); store_record(table,record[1]);
table->field[2]->store(new_password, new_password_len, system_charset_info); table->field[2]->store(new_password, new_password_len, system_charset_info);
if (reset_plugin && table->s->fields >= 41)
{
table->field[40]->reset();
table->field[41]->reset();
}
if ((error=table->file->ha_update_row(table->record[1],table->record[0])) && if ((error=table->file->ha_update_row(table->record[1],table->record[0])) &&
error != HA_ERR_RECORD_IS_THE_SAME) error != HA_ERR_RECORD_IS_THE_SAME)
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment