Commit f5722f58 authored by Sergei Golubchik's avatar Sergei Golubchik

cleanup: normalize LEX_USER to get rid of different representation of the same thing

  username IDENTIFIED BY PASSWORD xxx
  username IDENTIFIED VIA mysql_native_password USING xxx
  etc

also check for valid strlen(xxx)
parent c1204da1
...@@ -273,8 +273,8 @@ connect(localhost,mysqltest_nouser,newpw,test,MASTER_PORT,MASTER_SOCKET); ...@@ -273,8 +273,8 @@ connect(localhost,mysqltest_nouser,newpw,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: YES) ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: YES)
connect(localhost,mysqltest_nouser,,test,MASTER_PORT,MASTER_SOCKET); connect(localhost,mysqltest_nouser,,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: NO) ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: NO)
update mysql.user set password=authentication_string, authentication_string='' update mysql.user set plugin='mysql_native_password' where user = 'mysqltest_up1';
where user like 'mysqltest_up_'; update mysql.user set plugin='mysql_old_password' where user = 'mysqltest_up2';
select user, password, plugin, authentication_string from mysql.user select user, password, plugin, authentication_string from mysql.user
where user like 'mysqltest_up_'; where user like 'mysqltest_up_';
user password plugin authentication_string user password plugin authentication_string
......
...@@ -178,3 +178,37 @@ mysqltest_db1.t1 repair status OK ...@@ -178,3 +178,37 @@ mysqltest_db1.t1 repair status OK
# Switching to connection 'default'. # Switching to connection 'default'.
drop database mysqltest_db1; drop database mysqltest_db1;
drop user mysqltest_u1@localhost; drop user mysqltest_u1@localhost;
create user foo1 identified by password '11111111111111111111111111111111111111111';
create user foo2 identified by password '2222222222222222';
create user foo3 identified via mysql_native_password using '11111111111111111111111111111111111111111';
create user foo4 identified via mysql_old_password using '2222222222222222';
grant select on test.* to foo5 identified by password '11111111111111111111111111111111111111111';
grant select on test.* to foo6 identified by password '2222222222222222';
grant select on test.* to foo7 identified via mysql_native_password using '11111111111111111111111111111111111111111';
grant select on test.* to foo8 identified via mysql_old_password using '2222222222222222';
select user,password,plugin,authentication_string from mysql.user where user like 'foo%';
user password plugin authentication_string
foo1 11111111111111111111111111111111111111111
foo2 2222222222222222
foo3 11111111111111111111111111111111111111111
foo4 2222222222222222
foo5 11111111111111111111111111111111111111111
foo6 2222222222222222
foo7 11111111111111111111111111111111111111111
foo8 2222222222222222
drop user foo1;
drop user foo2;
drop user foo3;
drop user foo4;
drop user foo5;
drop user foo6;
drop user foo7;
drop user foo8;
create user foo1 identified via mysql_native_password using '00';
ERROR HY000: Password hash should be a 41-digit hexadecimal number
create user foo2 identified via mysql_native_password using '2222222222222222';
ERROR HY000: Password hash should be a 41-digit hexadecimal number
create user foo3 identified via mysql_old_password using '00';
ERROR HY000: Password hash should be a 16-digit hexadecimal number
create user foo4 identified via mysql_old_password using '11111111111111111111111111111111111111111';
ERROR HY000: Password hash should be a 16-digit hexadecimal number
...@@ -397,8 +397,8 @@ connection default; ...@@ -397,8 +397,8 @@ connection default;
# #
# cannot connect when password is set and plugin=mysql_native_password # cannot connect when password is set and plugin=mysql_native_password
# #
update mysql.user set password=authentication_string, authentication_string='' update mysql.user set plugin='mysql_native_password' where user = 'mysqltest_up1';
where user like 'mysqltest_up_'; update mysql.user set plugin='mysql_old_password' where user = 'mysqltest_up2';
select user, password, plugin, authentication_string from mysql.user select user, password, plugin, authentication_string from mysql.user
where user like 'mysqltest_up_'; where user like 'mysqltest_up_';
flush privileges; flush privileges;
......
...@@ -201,3 +201,34 @@ disconnect con1; ...@@ -201,3 +201,34 @@ disconnect con1;
connection default; connection default;
drop database mysqltest_db1; drop database mysqltest_db1;
drop user mysqltest_u1@localhost; drop user mysqltest_u1@localhost;
create user foo1 identified by password '11111111111111111111111111111111111111111';
create user foo2 identified by password '2222222222222222';
create user foo3 identified via mysql_native_password using '11111111111111111111111111111111111111111';
create user foo4 identified via mysql_old_password using '2222222222222222';
grant select on test.* to foo5 identified by password '11111111111111111111111111111111111111111';
grant select on test.* to foo6 identified by password '2222222222222222';
grant select on test.* to foo7 identified via mysql_native_password using '11111111111111111111111111111111111111111';
grant select on test.* to foo8 identified via mysql_old_password using '2222222222222222';
--sorted_result
select user,password,plugin,authentication_string from mysql.user where user like 'foo%';
drop user foo1;
drop user foo2;
drop user foo3;
drop user foo4;
drop user foo5;
drop user foo6;
drop user foo7;
drop user foo8;
--error ER_PASSWD_LENGTH
create user foo1 identified via mysql_native_password using '00';
--error ER_PASSWD_LENGTH
create user foo2 identified via mysql_native_password using '2222222222222222';
--error ER_PASSWD_LENGTH
create user foo3 identified via mysql_old_password using '00';
--error ER_PASSWD_LENGTH
create user foo4 identified via mysql_old_password using '11111111111111111111111111111111111111111';
...@@ -943,6 +943,43 @@ static bool fix_user_plugin_ptr(ACL_USER *user) ...@@ -943,6 +943,43 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
return false; return false;
} }
/*
transform equivalent LEX_USER values to one:
username IDENTIFIED BY PASSWORD xxx
username IDENTIFIED VIA mysql_native_password USING xxx
etc
*/
static bool fix_lex_user(LEX_USER *user)
{
size_t check_length= 0;
if (my_strcasecmp(system_charset_info, user->plugin.str,
native_password_plugin_name.str) == 0)
{
check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
}
else
if (my_strcasecmp(system_charset_info, user->plugin.str,
old_password_plugin_name.str) == 0)
{
check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
}
if (check_length)
{
user->password= user->auth.length ? user->auth : null_lex_str;
user->plugin= empty_lex_str;
user->auth= empty_lex_str;
if (user->password.length && user->password.length != check_length)
{
my_error(ER_PASSWD_LENGTH, MYF(0), check_length);
return true;
}
}
return false;
}
static bool get_YN_as_bool(Field *field) static bool get_YN_as_bool(Field *field)
{ {
char buff[2]; char buff[2];
...@@ -6350,6 +6387,12 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list, ...@@ -6350,6 +6387,12 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
continue; continue;
} }
if (fix_lex_user(tmp_Str))
{
result= TRUE;
continue;
}
if (copy_and_check_auth(Str, tmp_Str, thd->lex)) if (copy_and_check_auth(Str, tmp_Str, thd->lex))
result= true; result= true;
else else
...@@ -9289,6 +9332,13 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) ...@@ -9289,6 +9332,13 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
if (!user_name->host.str) if (!user_name->host.str)
user_name->host= host_not_specified; user_name->host= host_not_specified;
if (fix_lex_user(user_name))
{
append_user(thd, &wrong_users, user_name);
result= TRUE;
continue;
}
/* /*
Search all in-memory structures and grant tables Search all in-memory structures and grant tables
for a mention of the new user/role name. for a mention of the new user/role name.
...@@ -9296,7 +9346,6 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role) ...@@ -9296,7 +9346,6 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool handle_as_role)
if (handle_grant_data(tables, 0, user_name, NULL)) if (handle_grant_data(tables, 0, user_name, NULL))
{ {
append_user(thd, &wrong_users, user_name); append_user(thd, &wrong_users, user_name);
result= TRUE; result= TRUE;
continue; continue;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment