ed25519: better error message for an incorrect password hash

103a32fd · Sergei Golubchik · c94ec9fc · 103a32fd · 103a32fd · 103a32fd
Commit 103a32fd authored Jan 18, 2019 by Sergei Golubchik
4 changed files
--- a/mysql-test/suite/plugins/r/auth_ed25519.result
+++ b/mysql-test/suite/plugins/r/auth_ed25519.result
@@ -39,6 +39,10 @@ show grants for test1@localhost;
 Grants for test1@localhost
 GRANT USAGE ON *.* TO 'test1'@'localhost' IDENTIFIED VIA ed25519 USING 'ZIgUREUg5PVgQ6LskhXmO+eZLS0nC8be6HPjYWR4YJY'
 drop user test1@localhost;
+create user test1@localhost identified via ed25519 using 'foo';
+ERROR HY000: Password hash should be 43 characters long
+create user test1@localhost identified via ed25519 using '>>>1234567890123456789012345678901234567890';
+ERROR HY000: Password hash should be base64 encoded
 create user test1@localhost identified via ed25519 using password('foo');
 show grants for test1@localhost;
 Grants for test1@localhost

--- a/mysql-test/suite/plugins/t/auth_ed25519.test
+++ b/mysql-test/suite/plugins/t/auth_ed25519.test
@@ -29,6 +29,10 @@ let $pwd=`select ed25519_password("secret")`;
 eval create user test1@localhost identified via ed25519 using '$pwd';
 show grants for test1@localhost;
 drop user test1@localhost;
+--error ER_PASSWD_LENGTH
+create user test1@localhost identified via ed25519 using 'foo';
+--error ER_PASSWD_LENGTH
+create user test1@localhost identified via ed25519 using '>>>1234567890123456789012345678901234567890';
 create user test1@localhost identified via ed25519 using password('foo');
 show grants for test1@localhost;
 select ed25519_password('foo');

--- a/plugin/auth_ed25519/server_ed25519.c
+++ b/plugin/auth_ed25519/server_ed25519.c
@@ -15,6 +15,7 @@
   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */

 #include <mysql/plugin_auth.h>
+#include <mysqld_error.h>
 #include "common.h"

 #if !defined(__attribute__) && !defined(__GNUC__)
@@ -77,12 +78,18 @@ static int digest_to_binary(const char *d, size_t dlen,
  char pw[PASSWORD_LEN_BUF];

  if (*blen < CRYPTO_PUBLICKEYBYTES || dlen != PASSWORD_LEN)
+  {
+    my_printf_error(ER_PASSWD_LENGTH, "Password hash should be %d characters long", 0, PASSWORD_LEN);
    return 1;
+  }

  *blen= CRYPTO_PUBLICKEYBYTES;
  memcpy(pw, d, PASSWORD_LEN);
  pw[PASSWORD_LEN]= '=';
-  return my_base64_decode(pw, PASSWORD_LEN_BUF, b, 0, 0) != CRYPTO_PUBLICKEYBYTES;
+  if (my_base64_decode(pw, PASSWORD_LEN_BUF, b, 0, 0) == CRYPTO_PUBLICKEYBYTES)
+    return 0;
+  my_printf_error(ER_PASSWD_LENGTH, "Password hash should be base64 encoded", 0);
+  return 1;
 }

 static struct st_mysql_auth info =

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -1792,7 +1792,7 @@ static int set_user_salt(ACL_USER *acl_user, plugin_ref plugin)
    size_t len= sizeof(buf);
    if (auth->preprocess_hash(acl_user->auth_string.str,
                              acl_user->auth_string.length, buf, &len))
-      return 1; // ER_PASSWD_LENGTH?
+      return 1;
    acl_user->salt.str= (char*)memdup_root(&acl_memroot, buf, len);
    acl_user->salt.length= len;
  }