Commit ac6877d4 authored by Sergei Golubchik's avatar Sergei Golubchik

SET PASSWORD bugfixes:

* work as documented, use CURRENT_USER()
* move the check for ER_PASSWORD_ANONYMOUS_USER where it can actually work
parent 4cc8cda3
...@@ -335,7 +335,7 @@ delete from mysql.user where user like 'mysqltest\_1'; ...@@ -335,7 +335,7 @@ delete from mysql.user where user like 'mysqltest\_1';
flush privileges; flush privileges;
drop database mysqltest_1; drop database mysqltest_1;
set password = password("changed"); set password = password("changed");
ERROR 42000: Can't find any matching row in the user table ERROR 42000: You are using MariaDB as an anonymous user and anonymous users are not allowed to change passwords
lock table mysql.user write; lock table mysql.user write;
flush privileges; flush privileges;
grant all on *.* to 'mysqltest_1'@'localhost'; grant all on *.* to 'mysqltest_1'@'localhost';
......
...@@ -36,8 +36,6 @@ USER() CURRENT_USER() ...@@ -36,8 +36,6 @@ USER() CURRENT_USER()
plug@localhost plug_dest@% plug@localhost plug_dest@%
## test SET PASSWORD ## test SET PASSWORD
SET PASSWORD = PASSWORD('plug_dest'); SET PASSWORD = PASSWORD('plug_dest');
Warnings:
Note 1699 SET PASSWORD has no significance for users authenticating via plugins
## test bad credentials ## test bad credentials
ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES) ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
## test bad default plugin : should get CR_AUTH_PLUGIN_CANNOT_LOAD ## test bad default plugin : should get CR_AUTH_PLUGIN_CANNOT_LOAD
...@@ -426,8 +424,6 @@ SELECT USER(),CURRENT_USER(); ...@@ -426,8 +424,6 @@ SELECT USER(),CURRENT_USER();
USER() CURRENT_USER() USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost bug12818542@localhost bug12818542_dest@localhost
SET PASSWORD = PASSWORD('bruhaha'); SET PASSWORD = PASSWORD('bruhaha');
Warnings:
Note 1699 SET PASSWORD has no significance for users authenticating via plugins
SELECT USER(),CURRENT_USER(); SELECT USER(),CURRENT_USER();
USER() CURRENT_USER() USER() CURRENT_USER()
bug12818542@localhost bug12818542_dest@localhost bug12818542@localhost bug12818542_dest@localhost
......
...@@ -405,7 +405,7 @@ drop database mysqltest_1; ...@@ -405,7 +405,7 @@ drop database mysqltest_1;
# But anonymous users can't change their password # But anonymous users can't change their password
connect (n5,localhost,test,,test,$MASTER_MYPORT,$MASTER_MYSOCK); connect (n5,localhost,test,,test,$MASTER_MYPORT,$MASTER_MYSOCK);
connection n5; connection n5;
--error ER_PASSWORD_NO_MATCH --error ER_PASSWORD_ANONYMOUS_USER
set password = password("changed"); set password = password("changed");
disconnect n5; disconnect n5;
connection default; connection default;
......
...@@ -832,23 +832,7 @@ int set_var_user::update(THD *thd) ...@@ -832,23 +832,7 @@ int set_var_user::update(THD *thd)
int set_var_password::check(THD *thd) int set_var_password::check(THD *thd)
{ {
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
if (!user->host.str) user= get_current_user(thd, user);
{
DBUG_ASSERT(thd->security_ctx->priv_host);
if (*thd->security_ctx->priv_host != 0)
{
user->host.str= (char *) thd->security_ctx->priv_host;
user->host.length= strlen(thd->security_ctx->priv_host);
}
else
user->host= host_not_specified;
}
if (user->user.str == current_user.str)
{
DBUG_ASSERT(thd->security_ctx->user);
user->user.str= (char *) thd->security_ctx->user;
user->user.length= strlen(thd->security_ctx->user);
}
/* Returns 1 as the function sends error to client */ /* Returns 1 as the function sends error to client */
return check_change_password(thd, user->host.str, user->user.str, return check_change_password(thd, user->host.str, user->user.str,
password, strlen(password)) ? 1 : 0; password, strlen(password)) ? 1 : 0;
......
...@@ -2883,20 +2883,25 @@ int check_change_password(THD *thd, const char *host, const char *user, ...@@ -2883,20 +2883,25 @@ int check_change_password(THD *thd, const char *host, const char *user,
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables"); my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables");
return(1); return(1);
} }
if (!thd->slave_thread && !thd->security_ctx->priv_user[0])
{
my_message(ER_PASSWORD_ANONYMOUS_USER, ER(ER_PASSWORD_ANONYMOUS_USER),
MYF(0));
return(1);
}
if (!host) // Role
{
my_error(ER_PASSWORD_NO_MATCH, MYF(0));
return 1;
}
if (!thd->slave_thread && if (!thd->slave_thread &&
(strcmp(thd->security_ctx->user, user) || (strcmp(thd->security_ctx->priv_user, user) ||
my_strcasecmp(system_charset_info, host, my_strcasecmp(system_charset_info, host,
thd->security_ctx->priv_host))) thd->security_ctx->priv_host)))
{ {
if (check_access(thd, UPDATE_ACL, "mysql", NULL, NULL, 1, 0)) if (check_access(thd, UPDATE_ACL, "mysql", NULL, NULL, 1, 0))
return(1); return(1);
} }
if (!thd->slave_thread && !thd->security_ctx->user[0])
{
my_message(ER_PASSWORD_ANONYMOUS_USER, ER(ER_PASSWORD_ANONYMOUS_USER),
MYF(0));
return(1);
}
size_t len= strlen(new_password); size_t len= strlen(new_password);
if (len && len != SCRAMBLED_PASSWORD_CHAR_LENGTH && if (len && len != SCRAMBLED_PASSWORD_CHAR_LENGTH &&
len != SCRAMBLED_PASSWORD_CHAR_LENGTH_323) len != SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
...@@ -3037,7 +3042,7 @@ bool change_password(THD *thd, const char *host, const char *user, ...@@ -3037,7 +3042,7 @@ bool change_password(THD *thd, const char *host, const char *user,
RETURN RETURN
FALSE user not fond FALSE user not fond
TRUE there are such user TRUE there is such user
*/ */
bool is_acl_user(const char *host, const char *user) bool is_acl_user(const char *host, const char *user)
......
...@@ -3791,40 +3791,56 @@ case SQLCOM_PREPARE: ...@@ -3791,40 +3791,56 @@ case SQLCOM_PREPARE:
if (thd->security_ctx->user) // If not replication if (thd->security_ctx->user) // If not replication
{ {
LEX_USER *user, *tmp_user; LEX_USER *user;
bool first_user= TRUE; bool first_user= TRUE;
List_iterator <LEX_USER> user_list(lex->users_list); List_iterator <LEX_USER> user_list(lex->users_list);
while ((tmp_user= user_list++)) while ((user= user_list++))
{ {
if (!(user= get_current_user(thd, tmp_user)))
goto error;
if (specialflag & SPECIAL_NO_RESOLVE && if (specialflag & SPECIAL_NO_RESOLVE &&
hostname_requires_resolving(user->host.str)) hostname_requires_resolving(user->host.str))
push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN, push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_WARN,
ER_WARN_HOSTNAME_WONT_WORK, ER_WARN_HOSTNAME_WONT_WORK,
ER(ER_WARN_HOSTNAME_WONT_WORK)); ER(ER_WARN_HOSTNAME_WONT_WORK));
// Are we trying to change a password of another user
DBUG_ASSERT(user->host.str != 0);
/* /*
GRANT/REVOKE PROXY has the target user as a first entry in the list. GRANT/REVOKE PROXY has the target user as a first entry in the list.
*/ */
if (lex->type == TYPE_ENUM_PROXY && first_user) if (lex->type == TYPE_ENUM_PROXY && first_user)
{ {
if (!(user= get_current_user(thd, user)) || !user->host.str)
goto error;
first_user= FALSE; first_user= FALSE;
if (acl_check_proxy_grant_access (thd, user->host.str, user->user.str, if (acl_check_proxy_grant_access (thd, user->host.str, user->user.str,
lex->grant & GRANT_ACL)) lex->grant & GRANT_ACL))
goto error; goto error;
} }
else if (is_acl_user(user->host.str, user->user.str) && else if (user->password.str)
user->password.str && {
check_change_password (thd, user->host.str, user->user.str, // Are we trying to change a password of another user?
const char *hostname= user->host.str, *username=user->user.str;
bool userok;
if (username == current_user.str)
{
username= thd->security_ctx->priv_user;
hostname= thd->security_ctx->priv_host;
userok= true;
}
else
{
if (!hostname)
hostname= host_not_specified.str;
userok= is_acl_user(hostname, username);
}
if (userok && check_change_password (thd, hostname, username,
user->password.str, user->password.str,
user->password.length)) user->password.length))
goto error; goto error;
} }
} }
}
if (first_table) if (first_table)
{ {
if (lex->type == TYPE_ENUM_PROCEDURE || if (lex->type == TYPE_ENUM_PROCEDURE ||
......
...@@ -13884,10 +13884,9 @@ option_value: ...@@ -13884,10 +13884,9 @@ option_value:
my_error(ER_SP_BAD_VAR_SHADOW, MYF(0), pw.str); my_error(ER_SP_BAD_VAR_SHADOW, MYF(0), pw.str);
MYSQL_YYABORT; MYSQL_YYABORT;
} }
if (!(user=(LEX_USER*) thd->alloc(sizeof(LEX_USER)))) if (!(user=(LEX_USER*) thd->calloc(sizeof(LEX_USER))))
MYSQL_YYABORT; MYSQL_YYABORT;
user->host=null_lex_str; user->user= current_user;
user->user.str=thd->security_ctx->user;
set_var_password *var= new set_var_password(user, $3); set_var_password *var= new set_var_password(user, $3);
if (var == NULL) if (var == NULL)
MYSQL_YYABORT; MYSQL_YYABORT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment