WL#6982 Make plugin column in mysql.user non-null

Since the introduction of the post-4.1 authentication method,
the choice of authentication method was performed on the length
of the password hash alone, thus enabling easy change of the
authentication methods through a password change.

This has become a problem with the introduction of other
authentication methods in 5.5. We needed a special value (empty)
of the authentication plugin column and a set of special cases
throughout the code to support the backward compatible behavior.

Since in 5.6 the pre-4.1 password hash is to be deprecated this
worklog aims to remove this backward compatible layer and simplify
the authentication code by removing the special cases.

Now the native authentication methods will be subject to the same
rules as the other authentication methods.

Author: Vamsikrishna Bhagi

mysql-test/r/mysqld--help-notwin.result

@@ -136,8 +136,8 @@ The following options may be given as the first argument:
  --datetime-format=name 
  The DATETIME format (ignored)
  --default-authentication-plugin=name 
- Defines what password- and authentication algorithm to
- use per default
+ The default authentication plugin used by the server to
+ hash the password.
  --default-storage-engine=name 
  The default storage engine for new tables
  --default-time-zone=name 
@@ -1028,6 +1028,7 @@ connect-timeout 10
 console FALSE
 date-format %Y-%m-%d
 datetime-format %Y-%m-%d %H:%i:%s
+default-authentication-plugin mysql_native_password
 default-storage-engine InnoDB
 default-time-zone (No default value)
 default-tmp-storage-engine InnoDB

mysql-test/r/mysqld--help-win.result

@@ -136,8 +136,8 @@ The following options may be given as the first argument:
  --datetime-format=name 
  The DATETIME format (ignored)
  --default-authentication-plugin=name 
- Defines what password- and authentication algorithm to
- use per default
+ The default authentication plugin used by the server to
+ hash the password.
  --default-storage-engine=name 
  The default storage engine for new tables
  --default-time-zone=name 
@@ -1036,6 +1036,7 @@ connect-timeout 10
 console FALSE
 date-format %Y-%m-%d
 datetime-format %Y-%m-%d %H:%i:%s
+default-authentication-plugin mysql_native_password
 default-storage-engine InnoDB
 default-time-zone (No default value)
 default-tmp-storage-engine InnoDB

mysql-test/r/plugin_auth.result

@@ -437,7 +437,7 @@ TABLE_SCHEMA='mysql'
 ORDER BY COLUMN_NAME;
 IS_NULLABLE	COLUMN_NAME
 YES	authentication_string
-YES	plugin
+NO	plugin
 #
 # Bug #11936829: diff. between mysql.user (authentication_string) 
 #   in fresh and upgraded 5.5.11
@@ -448,7 +448,7 @@ COLUMN_NAME IN ('plugin', 'authentication_string')
 ORDER BY COLUMN_NAME;
 IS_NULLABLE	COLUMN_NAME
 YES	authentication_string
-YES	plugin
+NO	plugin
 ALTER TABLE mysql.user MODIFY plugin char(64) DEFAULT '' NOT NULL;
 ALTER TABLE mysql.user MODIFY authentication_string TEXT NOT NULL;
 Run mysql_upgrade on a 5.5.10 external authentication column layout
@@ -493,7 +493,7 @@ COLUMN_NAME IN ('plugin', 'authentication_string')
 ORDER BY COLUMN_NAME;
 IS_NULLABLE	COLUMN_NAME
 YES	authentication_string
-YES	plugin
+NO	plugin
 #
 # Bug #12610784: SET PASSWORD INCORRECTLY KEEP AN OLD EMPTY PASSWORD
 #

mysql-test/r/plugin_auth_qa_2.result

@@ -105,10 +105,10 @@ SELECT user,plugin,authentication_string,password FROM mysql.user;
 user	plugin	authentication_string	password
 qa_test_6_dest	mysql_native_password		*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_6_user	qa_auth_interface	qa_test_6_dest	
-root			
-root			
-root			
-root			
+root	mysql_native_password		
+root	mysql_native_password		
+root	mysql_native_password		
+root	mysql_native_password		
 exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT --user=qa_test_6_user  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
 Warning: Using a password on the command line interface can be insecure.
 ERROR 1045 (28000): Access denied for user 'qa_test_6_user'@'localhost' (using password: YES)
@@ -117,10 +117,10 @@ SELECT user,plugin,authentication_string,password FROM mysql.user;
 user	plugin	authentication_string	password
 qa_test_6_dest	mysql_native_password		*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_6_user	qa_auth_interface	qa_test_6_dest	
-root			
-root			
-root			
-root			
+root	mysql_native_password		
+root	mysql_native_password		
+root	mysql_native_password		
+root	mysql_native_password		
 root	qa_auth_interface	qa_test_6_dest	
 exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT --user=root  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
 Warning: Using a password on the command line interface can be insecure.
@@ -130,10 +130,10 @@ SELECT user,plugin,authentication_string FROM mysql.user;
 user	plugin	authentication_string
 qa_test_6_dest	mysql_native_password	
 qa_test_6_user	qa_auth_interface	qa_test_6_dest
-root		
-root		
-root		
-root		
+root	mysql_native_password	
+root	mysql_native_password	
+root	mysql_native_password	
+root	mysql_native_password	
 root	qa_auth_interface	qa_test_6_dest
 exec MYSQL PLUGIN_AUTH_OPT -h localhost -P MASTER_MYPORT --user=root  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
 Warning: Using a password on the command line interface can be insecure.
@@ -143,10 +143,10 @@ DROP USER qa_test_6_dest;
 DELETE FROM mysql.user WHERE user='root' AND plugin='qa_auth_interface';
 SELECT user,plugin,authentication_string,password FROM mysql.user;
 user	plugin	authentication_string	password
-root			
-root			
-root			
-root			
+root	mysql_native_password		
+root	mysql_native_password		
+root	mysql_native_password		
+root	mysql_native_password		
 === Test of the --default_auth option for clients ====
 CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_11_dest';
 CREATE USER qa_test_11_dest IDENTIFIED BY 'dest_passwd';

mysql-test/r/plugin_auth_sha256.result

@@ -4,10 +4,10 @@ SET SESSION old_passwords= 2;
 SET PASSWORD FOR 'kristofer'=PASSWORD('secret');
 SELECT user, plugin FROM mysql.user;
 user	plugin
-root	
-root	
-root	
-root	
+root	mysql_native_password
+root	mysql_native_password
+root	mysql_native_password
+root	mysql_native_password
 kristofer	sha256_password
 SELECT USER(),CURRENT_USER();
 USER()	CURRENT_USER()
@@ -79,10 +79,10 @@ SET SESSION old_passwords= 2;
 SET PASSWORD FOR 'kristofer'=PASSWORD('secret');
 SELECT user, plugin FROM mysql.user;
 user	plugin
-root	
-root	
-root	
-root	
+root	mysql_native_password
+root	mysql_native_password
+root	mysql_native_password
+root	mysql_native_password
 kristofer	sha256_password
 SELECT USER(),CURRENT_USER();
 USER()	CURRENT_USER()

mysql-test/r/plugin_auth_sha256_2.result

@@ -1,10 +1,10 @@
 CREATE USER 'kristofer' IDENTIFIED BY 'secret';
 SELECT user, plugin FROM mysql.user;
 user	plugin
-root	
-root	
-root	
-root	
+root	mysql_native_password
+root	mysql_native_password
+root	mysql_native_password
+root	mysql_native_password
 kristofer	sha256_password
 user()	current_user()
 kristofer@localhost	kristofer@%

mysql-test/r/plugin_auth_sha256_server_default.result

@@ -3,10 +3,10 @@ SET old_passwords=2;
 SET PASSWORD FOR 'kristofer'=PASSWORD('secret');
 SELECT user, plugin FROM mysql.user;
 user	plugin
-root	
-root	
-root	
-root	
+root	mysql_native_password
+root	mysql_native_password
+root	mysql_native_password
+root	mysql_native_password
 kristofer	sha256_password
 SELECT USER(),CURRENT_USER();
 USER()	CURRENT_USER()

mysql-test/r/plugin_auth_sha256_server_default_tls.result

@@ -3,10 +3,10 @@ SET old_passwords=2;
 SET PASSWORD FOR 'kristofer'=PASSWORD('secret');
 SELECT user, plugin FROM mysql.user;
 user	plugin
-root	
-root	
-root	
-root	
+root	mysql_native_password
+root	mysql_native_password
+root	mysql_native_password
+root	mysql_native_password
 kristofer	sha256_password
 SELECT USER(),CURRENT_USER();
 USER()	CURRENT_USER()

mysql-test/r/system_mysql_db.result

@@ -99,7 +99,7 @@ user	CREATE TABLE `user` (
   `max_updates` int(11) unsigned NOT NULL DEFAULT '0',
   `max_connections` int(11) unsigned NOT NULL DEFAULT '0',
   `max_user_connections` int(11) unsigned NOT NULL DEFAULT '0',
-  `plugin` char(64) COLLATE utf8_bin DEFAULT '',
+  `plugin` char(64) COLLATE utf8_bin NOT NULL DEFAULT 'mysql_native_password',
   `authentication_string` text COLLATE utf8_bin,
   `password_expired` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
   PRIMARY KEY (`Host`,`User`)

mysql-test/suite/funcs_1/r/is_columns_mysql.result

@@ -251,7 +251,7 @@ def	mysql	user	max_updates	38	0	NO	int	NULL	NULL	10	0	NULL	NULL	NULL	int(11) uns
 def	mysql	user	max_user_connections	40	0	NO	int	NULL	NULL	10	0	NULL	NULL	NULL	int(11) unsigned			select,insert,update,references	
 def	mysql	user	Password	3		NO	char	41	41	NULL	NULL	NULL	latin1	latin1_bin	char(41)			select,insert,update,references	
 def	mysql	user	password_expired	43	N	NO	enum	1	3	NULL	NULL	NULL	utf8	utf8_general_ci	enum('N','Y')			select,insert,update,references	
-def	mysql	user	plugin	41		YES	char	64	192	NULL	NULL	NULL	utf8	utf8_bin	char(64)			select,insert,update,references	
+def	mysql	user	plugin	41	mysql_native_password	NO	char	64	192	NULL	NULL	NULL	utf8	utf8_bin	char(64)			select,insert,update,references	
 def	mysql	user	Process_priv	12	N	NO	enum	1	3	NULL	NULL	NULL	utf8	utf8_general_ci	enum('N','Y')			select,insert,update,references	
 def	mysql	user	References_priv	15	N	NO	enum	1	3	NULL	NULL	NULL	utf8	utf8_general_ci	enum('N','Y')			select,insert,update,references	
 def	mysql	user	Reload_priv	10	N	NO	enum	1	3	NULL	NULL	NULL	utf8	utf8_general_ci	enum('N','Y')			select,insert,update,references	

mysql-test/suite/innodb/r/innodb-wl5980-linux.result

@@ -11,6 +11,10 @@
 # Note that lower case option is required because the
 # partition tables will be stored in mixed (Upper & Lower) format on Linux,
 # but on Windows the partition table names are stored in lower case only.
+# Restarting the server with skip-grant-tables and updating mysql.user
+# table to deal with the restriction added to plugin value for users
+# in WL6982.
+# Stop server
 # Check the DB & tables with DML statements.
 use test;
 SHOW CREATE TABLE emp1;

mysql-test/suite/innodb/r/innodb-wl5980-windows.result

@@ -17,6 +17,11 @@ purchase#p#p0#sp#s0.isl
 purchase#p#p0#sp#s1.isl
 purchase#p#p1#sp#s2.isl
 purchase#p#p1#sp#s3.isl
+# Restarting the server with skip-grant-tables option and updating
+# mysql.user table. This is to deal with the restriction imposed on
+# plugin field for users in WL6982.
+# Restart the DB server from unzip location of MySQL Data Dir 
+# Stop server
 # Restart the DB server from unzip location of MySQL Data Dir 
 # Check the DB & tables with DML statements.
 use test;

mysql-test/suite/innodb/t/innodb-wl5980-linux.test

@@ -101,6 +101,20 @@ EOF
 --echo # partition tables will be stored in mixed (Upper & Lower) format on Linux,
 --echo # but on Windows the partition table names are stored in lower case only.
 
+--echo # Restarting the server with skip-grant-tables and updating mysql.user
+--echo # table to deal with the restriction added to plugin value for users
+--echo # in WL6982.
+
+-- exec echo "restart:--lower_case_table_names=1 --datadir=$MYSQL_TMP_DIR/mysqld.5980/data/ --skip-grant-tables" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
+-- enable_reconnect
+-- source include/wait_until_connected_again.inc
+
+-- exec $MYSQL -e "UPDATE mysql.user SET plugin = 'mysql_native_password'"
+-- echo # Stop server
+-- exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
+-- shutdown_server 30
+-- source include/wait_until_disconnected.inc
+
 -- exec echo "restart:--lower_case_table_names=1 --datadir=$MYSQL_TMP_DIR/mysqld.5980/data/ " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
 -- enable_reconnect
 -- source include/wait_until_connected_again.inc

mysql-test/suite/innodb/t/innodb-wl5980-windows.test

@@ -108,6 +108,22 @@ closedir(DIR);
 exit 0;
 EOF
 
+--echo # Restarting the server with skip-grant-tables option and updating
+--echo # mysql.user table. This is to deal with the restriction imposed on
+--echo # plugin field for users in WL6982.
+
+--echo # Restart the DB server from unzip location of MySQL Data Dir 
+-- exec echo "restart: --datadir=$MYSQL_TMP_DIR/mysqld.5980/data/ --skip-grant-tables" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
+-- enable_reconnect
+-- source include/wait_until_connected_again.inc
+
+-- exec $MYSQL -e "UPDATE mysql.user SET plugin = 'mysql_native_password'"
+
+-- echo # Stop server
+-- exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
+-- shutdown_server 30
+-- source include/wait_until_disconnected.inc
+
 --echo # Restart the DB server from unzip location of MySQL Data Dir 
 -- exec echo "restart: --datadir=$MYSQL_TMP_DIR/mysqld.5980/data/ " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
 -- enable_reconnect

mysql-test/suite/sys_vars/r/default_authentication_plugin_basic.result

@@ -0,0 +1,51 @@
+SELECT  @@GLOBAL.default_authentication_plugin;
+@@GLOBAL.default_authentication_plugin
+mysql_native_password
+SELECT COUNT(@@GLOBAL.default_authentication_plugin);
+COUNT(@@GLOBAL.default_authentication_plugin)
+1
+1 Expected
+SET @@GLOBAL.default_authentication_plugin=1;
+ERROR HY000: Variable 'default_authentication_plugin' is a read only variable
+Expected error 'Read only variable'
+SELECT COUNT(@@GLOBAL.default_authentication_plugin);
+COUNT(@@GLOBAL.default_authentication_plugin)
+1
+1 Expected
+SELECT @@GLOBAL.default_authentication_plugin = VARIABLE_VALUE
+FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES
+WHERE VARIABLE_NAME='default_authentication_plugin';
+@@GLOBAL.default_authentication_plugin = VARIABLE_VALUE
+1
+1 Expected
+SELECT COUNT(@@GLOBAL.default_authentication_plugin);
+COUNT(@@GLOBAL.default_authentication_plugin)
+1
+1 Expected
+SELECT COUNT(VARIABLE_VALUE)
+FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES
+WHERE VARIABLE_NAME='default_authentication_plugin';
+COUNT(VARIABLE_VALUE)
+1
+1 Expected
+SELECT @@default_authentication_plugin = @@GLOBAL.default_authentication_plugin;
+@@default_authentication_plugin = @@GLOBAL.default_authentication_plugin
+1
+1 Expected
+SELECT COUNT(@@default_authentication_plugin);
+COUNT(@@default_authentication_plugin)
+1
+1 Expected
+SELECT COUNT(@@local.default_authentication_plugin);
+ERROR HY000: Variable 'default_authentication_plugin' is a GLOBAL variable
+Expected error 'Variable is a GLOBAL variable'
+SELECT COUNT(@@SESSION.default_authentication_plugin);
+ERROR HY000: Variable 'default_authentication_plugin' is a GLOBAL variable
+Expected error 'Variable is a GLOBAL variable'
+SELECT COUNT(@@GLOBAL.default_authentication_plugin);
+COUNT(@@GLOBAL.default_authentication_plugin)
+1
+1 Expected
+SELECT default_authentication_plugin = @@SESSION.default_authentication_plugin;
+ERROR 42S22: Unknown column 'default_authentication_plugin' in 'field list'
+Expected error 'Readonly variable'