Commit ac6877d4 authored by Sergei Golubchik's avatar Sergei Golubchik

SET PASSWORD bugfixes:

* work as documented, use CURRENT_USER()
* move the check for ER_PASSWORD_ANONYMOUS_USER where it can actually work
parent 4cc8cda3
......@@ -335,7 +335,7 @@ delete from mysql.user where user like 'mysqltest\_1';
flush privileges;
drop database mysqltest_1;
set password = password("changed");
ERROR 42000: Can't find any matching row in the user table
ERROR 42000: You are using MariaDB as an anonymous user and anonymous users are not allowed to change passwords
lock table mysql.user write;
flush privileges;
grant all on *.* to 'mysqltest_1'@'localhost';
......
......@@ -36,8 +36,6 @@ USER() CURRENT_USER()
plug@localhost plug_dest@%
## test SET PASSWORD
SET PASSWORD = PASSWORD('plug_dest');
Warnings:
Note 1699 SET PASSWORD has no significance for users authenticating via plugins
## test bad credentials
ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
## test bad default plugin : should get CR_AUTH_PLUGIN_CANNOT_LOAD
......@@ -426,8 +424,6 @@ SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost
SET PASSWORD = PASSWORD('bruhaha');
Warnings:
Note 1699 SET PASSWORD has no significance for users authenticating via plugins
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost
......
......@@ -405,7 +405,7 @@ drop database mysqltest_1;
# But anonymous users can't change their password
connect (n5,localhost,test,,test,$MASTER_MYPORT,$MASTER_MYSOCK);
connection n5;
--error ER_PASSWORD_NO_MATCH
--error ER_PASSWORD_ANONYMOUS_USER
set password = password("changed");
disconnect n5;
connection default;
......
......@@ -832,23 +832,7 @@ int set_var_user::update(THD *thd)
int set_var_password::check(THD *thd)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (!user->host.str)
{
DBUG_ASSERT(thd->security_ctx->priv_host);
if (*thd->security_ctx->priv_host != 0)
{
user->host.str= (char *) thd->security_ctx->priv_host;
user->host.length= strlen(thd->security_ctx->priv_host);
}
else
user->host= host_not_specified;
}
if (user->user.str == current_user.str)
{
DBUG_ASSERT(thd->security_ctx->user);
user->user.str= (char *) thd->security_ctx->user;
user->user.length= strlen(thd->security_ctx->user);
}
user= get_current_user(thd, user);
/* Returns 1 as the function sends error to client */
return check_change_password(thd, user->host.str, user->user.str,
password, strlen(password)) ? 1 : 0;
......
......@@ -2883,20 +2883,25 @@ int check_change_password(THD *thd, const char *host, const char *user,
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables");
return(1);
}
if (!thd->slave_thread && !thd->security_ctx->priv_user[0])
{
my_message(ER_PASSWORD_ANONYMOUS_USER, ER(ER_PASSWORD_ANONYMOUS_USER),
MYF(0));
return(1);
}
if (!host) // Role
{
my_error(ER_PASSWORD_NO_MATCH, MYF(0));
return 1;
}
if (!thd->slave_thread &&
(strcmp(thd->security_ctx->user, user) ||
(strcmp(thd->security_ctx->priv_user, user) ||
my_strcasecmp(system_charset_info, host,
thd->security_ctx->priv_host)))
{
if (check_access(thd, UPDATE_ACL, "mysql", NULL, NULL, 1, 0))
return(1);
}
if (!thd->slave_thread && !thd->security_ctx->user[0])
{
my_message(ER_PASSWORD_ANONYMOUS_USER, ER(ER_PASSWORD_ANONYMOUS_USER),
MYF(0));
return(1);
}
size_t len= strlen(new_password);
if (len && len != SCRAMBLED_PASSWORD_CHAR_LENGTH &&
len != SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
......@@ -3037,7 +3042,7 @@ bool change_password(THD *thd, const char *host, const char *user,
RETURN
FALSE user not fond
TRUE there are such user
TRUE there is such user
*/
bool is_acl_user(const char *host, const char *user)
......
......@@ -3791,38 +3791,54 @@ case SQLCOM_PREPARE:
if (thd->security_ctx->user) // If not replication
{
LEX_USER *user, *tmp_user;
LEX_USER *user;
bool first_user= TRUE;
List_iterator <LEX_USER> user_list(lex->users_list);
while ((tmp_user= user_list++))
while ((user= user_list++))
{
if (!(user= get_current_user(thd, tmp_user)))
goto error;
if (specialflag & SPECIAL_NO_RESOLVE &&
hostname_requires_resolving(user->host.str))
push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
ER_WARN_HOSTNAME_WONT_WORK,
ER(ER_WARN_HOSTNAME_WONT_WORK));
// Are we trying to change a password of another user
DBUG_ASSERT(user->host.str != 0);
/*
GRANT/REVOKE PROXY has the target user as a first entry in the list.
*/
if (lex->type == TYPE_ENUM_PROXY && first_user)
{
if (!(user= get_current_user(thd, user)) || !user->host.str)
goto error;
first_user= FALSE;
if (acl_check_proxy_grant_access (thd, user->host.str, user->user.str,
lex->grant & GRANT_ACL))
goto error;
}
else if (is_acl_user(user->host.str, user->user.str) &&
user->password.str &&
check_change_password (thd, user->host.str, user->user.str,
user->password.str,
user->password.length))
goto error;
else if (user->password.str)
{
// Are we trying to change a password of another user?
const char *hostname= user->host.str, *username=user->user.str;
bool userok;
if (username == current_user.str)
{
username= thd->security_ctx->priv_user;
hostname= thd->security_ctx->priv_host;
userok= true;
}
else
{
if (!hostname)
hostname= host_not_specified.str;
userok= is_acl_user(hostname, username);
}
if (userok && check_change_password (thd, hostname, username,
user->password.str,
user->password.length))
goto error;
}
}
}
if (first_table)
......
......@@ -13884,10 +13884,9 @@ option_value:
my_error(ER_SP_BAD_VAR_SHADOW, MYF(0), pw.str);
MYSQL_YYABORT;
}
if (!(user=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
if (!(user=(LEX_USER*) thd->calloc(sizeof(LEX_USER))))
MYSQL_YYABORT;
user->host=null_lex_str;
user->user.str=thd->security_ctx->user;
user->user= current_user;
set_var_password *var= new set_var_password(user, $3);
if (var == NULL)
MYSQL_YYABORT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment