Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES

PAM AUTHENTICATION SETTINGS

SET PASSWORD code on a account with plugin authentication was errorneously
resetting the in-memory plugin pointer for the user back to native password 
plugin despite the fact that it was sending a warning that the command has 
no immediate effect.
Fixed by not updating the user's plugin if it's already set to a non default value.
Note that the bug affected only the in-memory cache of the user definitions.
Any restart of the server will fix the problem.
Also the salt and the password has are still stored into the user tables (just as 
it's documented now).
Test case added.
One old test case result updated  to have the correct value.

Author: gkodinov

mysql-test/r/plugin_auth.result

@@ -44,7 +44,7 @@ ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
 ## test correct default plugin
 select USER(),CURRENT_USER();
 USER()	CURRENT_USER()
-plug@localhost	plug@%
+plug@localhost	plug_dest@%
 ## test no_auto_create_user sql mode with plugin users
 SET @@sql_mode=no_auto_create_user;
 GRANT INSERT ON TEST.* TO grant_user IDENTIFIED WITH 'test_plugin_server';
@@ -462,4 +462,24 @@ CREATE USER bug12610784@localhost;
 SET PASSWORD FOR bug12610784@localhost = PASSWORD('secret');
 ERROR 28000: Access denied for user 'bug12610784'@'localhost' (using password: NO)
 DROP USER bug12610784@localhost;
+#
+# Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM 
+#   AUTHENTICATION SETTINGS
+#
+CREATE USER bug12818542@localhost 
+IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
+CREATE USER bug12818542_dest@localhost 
+IDENTIFIED BY 'bug12818542_dest_passwd';
+GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
+SELECT USER(),CURRENT_USER();
+USER()	CURRENT_USER()
+bug12818542@localhost	bug12818542_dest@localhost
+SET PASSWORD = PASSWORD('bruhaha');
+Warnings:
+Note	1699	SET PASSWORD has no significance for users authenticating via plugins
+SELECT USER(),CURRENT_USER();
+USER()	CURRENT_USER()
+bug12818542@localhost	bug12818542_dest@localhost
+DROP USER bug12818542@localhost;
+DROP USER bug12818542_dest@localhost;
 End of 5.5 tests

mysql-test/t/plugin_auth.test

@@ -540,4 +540,35 @@ connection default;
 disconnect b12610784;
 DROP USER bug12610784@localhost;
 
+
+--echo #
+--echo # Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM 
+--echo #   AUTHENTICATION SETTINGS
+--echo #
+
+CREATE USER bug12818542@localhost 
+  IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
+CREATE USER bug12818542_dest@localhost 
+  IDENTIFIED BY 'bug12818542_dest_passwd';
+GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
+
+connect(bug12818542_con,localhost,bug12818542,bug12818542_dest);
+connection bug12818542_con;
+SELECT USER(),CURRENT_USER();
+
+SET PASSWORD = PASSWORD('bruhaha');
+
+connection default;
+disconnect bug12818542_con;
+
+connect(bug12818542_con2,localhost,bug12818542,bug12818542_dest);
+connection bug12818542_con2;
+SELECT USER(),CURRENT_USER();
+
+connection default;
+disconnect bug12818542_con2;
+
+DROP USER bug12818542@localhost;
+DROP USER bug12818542_dest@localhost;
+
 --echo End of 5.5 tests

sql/sql_acl.cc

@@ -1881,17 +1881,17 @@ bool change_password(THD *thd, const char *host, const char *user,
     goto end;
   }
 
+  /* update loaded acl entry: */
+  set_user_salt(acl_user, new_password, new_password_len);
+
   if (my_strcasecmp(system_charset_info, acl_user->plugin.str,
                     native_password_plugin_name.str) &&
       my_strcasecmp(system_charset_info, acl_user->plugin.str,
                     old_password_plugin_name.str))
-  {
     push_warning(thd, MYSQL_ERROR::WARN_LEVEL_NOTE,
                  ER_SET_PASSWORD_AUTH_PLUGIN, ER(ER_SET_PASSWORD_AUTH_PLUGIN));
-  }
-  /* update loaded acl entry: */
-  set_user_salt(acl_user, new_password, new_password_len);
-  set_user_plugin(acl_user, new_password_len);
+  else
+    set_user_plugin(acl_user, new_password_len);
 
   if (update_user_table(thd, table,
 			acl_user->host.hostname ? acl_user->host.hostname : "",