BUG 12610784: SET PASSWORD INCORRECTLY KEEP AN OLD EMPTY PASSWORD

gkodinov · gkodinov · commit 8ae2bb6eaaa5 · 2011-06-01T16:08:13.000+03:00
The check for empty password in the user account was checking the wrong field.
Fixed to check the proper password hash.
Test case added.
Fixed native_password and old_password plugins that suffered from the same
problems.
Unambuguated the auth_string ACL_USER member : previously it was used for 
both password and the authentication string (depending on the plugin). Now
fixed to contain either the authentication string specified or empty string.
diff --git a/mysql-test/r/plugin_auth.result b/mysql-test/r/plugin_auth.result
@@ -447,4 +447,11 @@ ORDER BY COLUMN_NAME;
 IS_NULLABLE	COLUMN_NAME
 YES	authentication_string
 YES	plugin
+#
+# Bug #12610784: SET PASSWORD INCORRECTLY KEEP AN OLD EMPTY PASSWORD
+#
+CREATE USER bug12610784@localhost;
+SET PASSWORD FOR bug12610784@localhost = PASSWORD('secret');
+ERROR 28000: Access denied for user 'bug12610784'@'localhost' (using password: NO)
+DROP USER bug12610784@localhost;
 End of 5.5 tests
diff --git a/mysql-test/t/plugin_auth.test b/mysql-test/t/plugin_auth.test
@@ -512,4 +512,19 @@ SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
   ORDER BY COLUMN_NAME;
 
 
+--echo #
+--echo # Bug #12610784: SET PASSWORD INCORRECTLY KEEP AN OLD EMPTY PASSWORD
+--echo #
+
+CREATE USER bug12610784@localhost; 
+SET PASSWORD FOR bug12610784@localhost = PASSWORD('secret');
+--disable_query_log
+--error ER_ACCESS_DENIED_ERROR
+connect(b12610784,localhost,bug12610784,,test);
+--enable_query_log
+connect(b12610784,localhost,bug12610784,secret,test);
+connection default;
+disconnect b12610784;
+DROP USER bug12610784@localhost;
+
 --echo End of 5.5 tests
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
@@ -825,8 +825,6 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
 
     char *password= get_field(&mem, table->field[2]);
     uint password_len= password ? strlen(password) : 0;
-    user.auth_string.str= password ? password : const_cast<char*>("");
-    user.auth_string.length= password_len;
     set_user_salt(&user, password, password_len);
 
     if (set_user_plugin(&user, password_len))
@@ -915,7 +913,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
           char *tmpstr= get_field(&mem, table->field[next_field++]);
           if (tmpstr)
           {
-            if (user.auth_string.length)
+            if (password_len)
             {
               sql_print_warning("'user' entry '%s@%s' has both a password "
                                 "and an authentication plugin specified. The "
@@ -1483,8 +1481,8 @@ static void acl_insert_user(const char *user, const char *host,
   {
     acl_user.plugin= password_len == SCRAMBLED_PASSWORD_CHAR_LENGTH_323 ?
       old_password_plugin_name : native_password_plugin_name;
-    acl_user.auth_string.str= strmake_root(&mem, password, password_len);
-    acl_user.auth_string.length= password_len;
+    acl_user.auth_string.str= const_cast<char*>("");
+    acl_user.auth_string.length= 0;
   }
 
   acl_user.access=privileges;
@@ -8380,7 +8378,7 @@ static bool parse_com_change_user_packet(MPVIO_EXT *mpvio, uint packet_length)
         old_password_plugin, otherwise MySQL will think that server 
         and client plugins don't match.
       */
-      if (mpvio->acl_user->auth_string.length == 0)
+      if (mpvio->acl_user->salt_len == 0)
         mpvio->acl_user_plugin= old_password_plugin_name;
     }
   }
@@ -8685,7 +8683,7 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
         old_password_plugin, otherwise MySQL will think that server 
         and client plugins don't match.
       */
-      if (mpvio->acl_user->auth_string.length == 0)
+      if (mpvio->acl_user->salt_len == 0)
         mpvio->acl_user_plugin= old_password_plugin_name;
     }
   }
@@ -9473,7 +9471,7 @@ static int native_password_authenticate(MYSQL_PLUGIN_VIO *vio,
 #endif
 
   if (pkt_len == 0) /* no password */
-    DBUG_RETURN(info->auth_string[0] ? CR_ERROR : CR_OK);
+    DBUG_RETURN(mpvio->acl_user->salt_len != 0 ? CR_ERROR : CR_OK);
 
   info->password_used= PASSWORD_USED_YES;
   if (pkt_len == SCRAMBLE_LENGTH)
@@ -9522,7 +9520,7 @@ static int old_password_authenticate(MYSQL_PLUGIN_VIO *vio,
     pkt_len= strnlen((char*)pkt, pkt_len);
 
   if (pkt_len == 0) /* no password */
-    return info->auth_string[0] ? CR_ERROR : CR_OK;
+    return mpvio->acl_user->salt_len != 0 ? CR_ERROR : CR_OK;
 
   if (secure_auth(mpvio))
     return CR_ERROR;
