Commit 4d3ac328 authored by Vladislav Vaintroub's avatar Vladislav Vaintroub Committed by Sergei Golubchik

MDEV-27093 Do not pass root password in HEX(clear text) from mariadb-install-db.exe to bootstrap

Previously, password was passed as hex(clear_text_password).
The hex encoding was used to avoid masking apostrophe and backslash etc.

However, bootstrap still manages to misinterpert UTF8 password, so that
root would not connect later.

So the fix is to compute the native password hash inside mysql_install_db
already instead, and create user with that hash, rather than letting bootstrap
calculate it by using PASSWORD() function.
parent ea0a5cb0
...@@ -481,10 +481,11 @@ IF(WIN32) ...@@ -481,10 +481,11 @@ IF(WIN32)
MYSQL_ADD_EXECUTABLE(mariadb-install-db MYSQL_ADD_EXECUTABLE(mariadb-install-db
mysql_install_db.cc mysql_install_db.cc
${CMAKE_CURRENT_BINARY_DIR}/mysql_bootstrap_sql.c ${CMAKE_CURRENT_BINARY_DIR}/mysql_bootstrap_sql.c
password.c
COMPONENT Server COMPONENT Server
) )
SET_TARGET_PROPERTIES(mariadb-install-db PROPERTIES COMPILE_FLAGS -DINSTALL_PLUGINDIR=${INSTALL_PLUGINDIR}) SET_TARGET_PROPERTIES(mariadb-install-db PROPERTIES COMPILE_FLAGS -DINSTALL_PLUGINDIR=${INSTALL_PLUGINDIR})
TARGET_LINK_LIBRARIES(mariadb-install-db mysys shlwapi) TARGET_LINK_LIBRARIES(mariadb-install-db mysys mysys_ssl shlwapi)
ADD_LIBRARY(winservice STATIC winservice.c) ADD_LIBRARY(winservice STATIC winservice.c)
TARGET_LINK_LIBRARIES(winservice shell32) TARGET_LINK_LIBRARIES(winservice shell32)
......
...@@ -21,6 +21,7 @@ ...@@ -21,6 +21,7 @@
#include "mariadb.h" #include "mariadb.h"
#include <my_getopt.h> #include <my_getopt.h>
#include <m_string.h> #include <m_string.h>
#include <password.h>
#include <windows.h> #include <windows.h>
#include <shellapi.h> #include <shellapi.h>
...@@ -443,16 +444,14 @@ static int create_myini() ...@@ -443,16 +444,14 @@ static int create_myini()
} }
static const char update_root_passwd_part1[]= static constexpr const char* update_root_passwd=
"UPDATE mysql.global_priv SET priv=json_set(priv," "UPDATE mysql.global_priv SET priv=json_set(priv,"
"'$.password_last_changed', UNIX_TIMESTAMP()," "'$.password_last_changed', UNIX_TIMESTAMP(),"
"'$.plugin','mysql_native_password'," "'$.plugin','mysql_native_password',"
"'$.authentication_string',PASSWORD("; "'$.authentication_string','%s') where User='root';\n";
static const char update_root_passwd_part2[]= static constexpr char remove_default_user_cmd[]=
")) where User='root';\n";
static const char remove_default_user_cmd[]=
"DELETE FROM mysql.user where User='';\n"; "DELETE FROM mysql.user where User='';\n";
static const char allow_remote_root_access_cmd[]= static constexpr char allow_remote_root_access_cmd[]=
"CREATE TEMPORARY TABLE tmp_user LIKE global_priv;\n" "CREATE TEMPORARY TABLE tmp_user LIKE global_priv;\n"
"INSERT INTO tmp_user SELECT * from global_priv where user='root' " "INSERT INTO tmp_user SELECT * from global_priv where user='root' "
" AND host='localhost';\n" " AND host='localhost';\n"
...@@ -871,18 +870,10 @@ static int create_db_instance(const char *datadir) ...@@ -871,18 +870,10 @@ static int create_db_instance(const char *datadir)
/* Change root password if requested. */ /* Change root password if requested. */
if (opt_password && opt_password[0]) if (opt_password && opt_password[0])
{ {
verbose("Setting root password",remove_default_user_cmd); verbose("Setting root password");
fputs(update_root_passwd_part1, in); char buf[2 * MY_SHA1_HASH_SIZE + 2];
my_make_scrambled_password(buf, opt_password, strlen(opt_password));
/* Use hex encoding for password, to avoid escaping problems.*/ fprintf(in, update_root_passwd, buf);
fputc('0', in);
fputc('x', in);
for(int i= 0; opt_password[i]; i++)
{
fprintf(in,"%02x",opt_password[i]);
}
fputs(update_root_passwd_part2, in);
fflush(in); fflush(in);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment