Commit 1eaf2106 authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-6253 MySQL Users Break when Migrating from MySQL 5.1 to MariaDB 10.0.10

When plugin=mysql_native_password (or mysql_old_password) take the password
from *either* password *or* authentication_string, whichever is set.
This makes no sense, but alas, that's what MySQL-5.6 does.
parent 805d302d
......@@ -273,6 +273,20 @@ connect(localhost,mysqltest_nouser,newpw,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: YES)
connect(localhost,mysqltest_nouser,,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: NO)
update mysql.user set password=authentication_string, authentication_string=''
where user like 'mysqltest_up_';
select user, password, plugin, authentication_string from mysql.user
where user like 'mysqltest_up_';
user password plugin authentication_string
mysqltest_up1 *E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB mysql_native_password
mysqltest_up2 09301740536db389 mysql_old_password
flush privileges;
select user(), current_user();
user() current_user()
mysqltest_up1@localhost mysqltest_up1@%
select user(), current_user();
user() current_user()
mysqltest_up2@localhost mysqltest_up2@%
DROP USER mysqltest_up1@'%';
DROP USER mysqltest_up2@'%';
#
......
......@@ -378,7 +378,7 @@ select user(), current_user();
disconnect pcon4;
#
# lpbug#683112 Maria 5.2 incorrectly reports "(using password: NO)"
# lp:683112 Maria 5.2 incorrectly reports "(using password: NO)"
# even when password is specified
#
# test "access denied" error for nonexisting user with and without a password
......@@ -391,6 +391,31 @@ connect(pcon5,localhost,mysqltest_nouser,newpw,,$MASTER_MYPORT,);
connect(pcon5,localhost,mysqltest_nouser,,,$MASTER_MYPORT,);
connection default;
#
# MDEV-6253 MySQL Users Break when Migrating from MySQL 5.1 to MariaDB 10.0.10
#
# cannot connect when password is set and plugin=mysql_native_password
#
update mysql.user set password=authentication_string, authentication_string=''
where user like 'mysqltest_up_';
select user, password, plugin, authentication_string from mysql.user
where user like 'mysqltest_up_';
flush privileges;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
connect(pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,);
connection pcon6;
select user(), current_user();
disconnect pcon6;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
connect(pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,);
connection pcon7;
select user(), current_user();
disconnect pcon7;
connection default;
DROP USER mysqltest_up1@'%';
DROP USER mysqltest_up2@'%';
......
......@@ -877,7 +877,6 @@ static char *fix_plugin_ptr(char *name)
*/
static bool fix_user_plugin_ptr(ACL_USER *user)
{
user->salt_len= 0;
if (my_strcasecmp(system_charset_info, user->plugin.str,
native_password_plugin_name.str) == 0)
user->plugin= native_password_plugin_name;
......@@ -888,6 +887,7 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
else
return true;
if (user->auth_string.length)
set_user_salt(user, user->auth_string.str, user->auth_string.length);
return false;
}
......@@ -1259,7 +1259,11 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
{
user.plugin.str= tmpstr;
user.plugin.length= strlen(user.plugin.str);
if (user.auth_string.length)
user.auth_string.str=
safe_str(get_field(&acl_memroot, table->field[next_field++]));
user.auth_string.length= strlen(user.auth_string.str);
if (user.auth_string.length && password_len)
{
sql_print_warning("'user' entry '%s@%s' has both a password "
"and an authentication plugin specified. The "
......@@ -1267,9 +1271,6 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
safe_str(user.user.str),
safe_str(user.host.hostname));
}
user.auth_string.str=
safe_str(get_field(&acl_memroot, table->field[next_field++]));
user.auth_string.length= strlen(user.auth_string.str);
fix_user_plugin_ptr(&user);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment