merge of bug #12818542 mysql-5.5-security->mysql-trunk-security

gkodinov · gkodinov · commit 60a62f6b4da4 · 2011-08-12T15:33:31.000+03:00
diff --git a/mysql-test/r/plugin_auth.result b/mysql-test/r/plugin_auth.result
@@ -45,7 +45,7 @@ ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
 ## test correct default plugin
 select USER(),CURRENT_USER();
 USER()	CURRENT_USER()
-plug@localhost	plug@%
+plug@localhost	plug_dest@%
 ## test no_auto_create_user sql mode with plugin users
 SET @@sql_mode=no_auto_create_user;
 GRANT INSERT ON TEST.* TO grant_user IDENTIFIED WITH 'test_plugin_server';
@@ -471,4 +471,24 @@ DROP USER bug12610784@localhost;
 ERROR 1045 (28000): Access denied for user 'unknown'@'localhost' (using password: YES)
 # shoud contain "using password=no"
 ERROR 1045 (28000): Access denied for user 'unknown'@'localhost' (using password: NO)
+#
+# Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM 
+#   AUTHENTICATION SETTINGS
+#
+CREATE USER bug12818542@localhost 
+IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
+CREATE USER bug12818542_dest@localhost 
+IDENTIFIED BY 'bug12818542_dest_passwd';
+GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
+SELECT USER(),CURRENT_USER();
+USER()	CURRENT_USER()
+bug12818542@localhost	bug12818542_dest@localhost
+SET PASSWORD = PASSWORD('bruhaha');
+Warnings:
+Note	1699	SET PASSWORD has no significance for users authenticating via plugins
+SELECT USER(),CURRENT_USER();
+USER()	CURRENT_USER()
+bug12818542@localhost	bug12818542_dest@localhost
+DROP USER bug12818542@localhost;
+DROP USER bug12818542_dest@localhost;
 End of 5.5 tests
diff --git a/mysql-test/t/plugin_auth.test b/mysql-test/t/plugin_auth.test
@@ -543,4 +543,35 @@ DROP USER bug12610784@localhost;
 --exec $MYSQL -uunknown 2>&1
 
 
+--echo #
+--echo # Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM 
+--echo #   AUTHENTICATION SETTINGS
+--echo #
+
+CREATE USER bug12818542@localhost 
+  IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
+CREATE USER bug12818542_dest@localhost 
+  IDENTIFIED BY 'bug12818542_dest_passwd';
+GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
+
+connect(bug12818542_con,localhost,bug12818542,bug12818542_dest);
+connection bug12818542_con;
+SELECT USER(),CURRENT_USER();
+
+SET PASSWORD = PASSWORD('bruhaha');
+
+connection default;
+disconnect bug12818542_con;
+
+connect(bug12818542_con2,localhost,bug12818542,bug12818542_dest);
+connection bug12818542_con2;
+SELECT USER(),CURRENT_USER();
+
+connection default;
+disconnect bug12818542_con2;
+
+DROP USER bug12818542@localhost;
+DROP USER bug12818542_dest@localhost;
+
+
 --echo End of 5.5 tests
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
@@ -1881,17 +1881,17 @@ bool change_password(THD *thd, const char *host, const char *user,
     goto end;
   }
 
+  /* update loaded acl entry: */
+  set_user_salt(acl_user, new_password, new_password_len);
+
   if (my_strcasecmp(system_charset_info, acl_user->plugin.str,
                     native_password_plugin_name.str) &&
       my_strcasecmp(system_charset_info, acl_user->plugin.str,
                     old_password_plugin_name.str))
-  {
     push_warning(thd, Sql_condition::WARN_LEVEL_NOTE,
                  ER_SET_PASSWORD_AUTH_PLUGIN, ER(ER_SET_PASSWORD_AUTH_PLUGIN));
-  }
-  /* update loaded acl entry: */
-  set_user_salt(acl_user, new_password, new_password_len);
-  set_user_plugin(acl_user, new_password_len);
+  else
+    set_user_plugin(acl_user, new_password_len);
 
   if (update_user_table(thd, table,
 			acl_user->host.hostname ? acl_user->host.hostname : "",
