diff options
| author | Georgi Kodinov <Georgi.Kodinov@Oracle.com> | 2011-08-12 15:04:05 +0300 |
|---|---|---|
| committer | Georgi Kodinov <Georgi.Kodinov@Oracle.com> | 2011-08-12 15:04:05 +0300 |
| commit | 4d0784eeba8a7017beff553b27a05fc18e17540f (patch) | |
| tree | 7df344468b08b6d9a4d3ed811598dbfdfedf6a82 | |
| parent | 5a7e0127e5b17eb16ede1c09cf1dbc66006547bc (diff) | |
| download | mariadb-git-4d0784eeba8a7017beff553b27a05fc18e17540f.tar.gz | |
Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES
PAM AUTHENTICATION SETTINGS
SET PASSWORD code on a account with plugin authentication was errorneously
resetting the in-memory plugin pointer for the user back to native password
plugin despite the fact that it was sending a warning that the command has
no immediate effect.
Fixed by not updating the user's plugin if it's already set to a non default value.
Note that the bug affected only the in-memory cache of the user definitions.
Any restart of the server will fix the problem.
Also the salt and the password has are still stored into the user tables (just as
it's documented now).
Test case added.
One old test case result updated to have the correct value.
| -rw-r--r-- | mysql-test/r/plugin_auth.result | 22 | ||||
| -rw-r--r-- | mysql-test/t/plugin_auth.test | 31 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 10 |
3 files changed, 57 insertions, 6 deletions
diff --git a/mysql-test/r/plugin_auth.result b/mysql-test/r/plugin_auth.result index 327ba2969e9..64bc870a7fa 100644 --- a/mysql-test/r/plugin_auth.result +++ b/mysql-test/r/plugin_auth.result @@ -44,7 +44,7 @@ ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES) ## test correct default plugin select USER(),CURRENT_USER(); USER() CURRENT_USER() -plug@localhost plug@% +plug@localhost plug_dest@% ## test no_auto_create_user sql mode with plugin users SET @@sql_mode=no_auto_create_user; GRANT INSERT ON TEST.* TO grant_user IDENTIFIED WITH 'test_plugin_server'; @@ -462,4 +462,24 @@ CREATE USER bug12610784@localhost; SET PASSWORD FOR bug12610784@localhost = PASSWORD('secret'); ERROR 28000: Access denied for user 'bug12610784'@'localhost' (using password: NO) DROP USER bug12610784@localhost; +# +# Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM +# AUTHENTICATION SETTINGS +# +CREATE USER bug12818542@localhost +IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest'; +CREATE USER bug12818542_dest@localhost +IDENTIFIED BY 'bug12818542_dest_passwd'; +GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost; +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +bug12818542@localhost bug12818542_dest@localhost +SET PASSWORD = PASSWORD('bruhaha'); +Warnings: +Note 1699 SET PASSWORD has no significance for users authenticating via plugins +SELECT USER(),CURRENT_USER(); +USER() CURRENT_USER() +bug12818542@localhost bug12818542_dest@localhost +DROP USER bug12818542@localhost; +DROP USER bug12818542_dest@localhost; End of 5.5 tests diff --git a/mysql-test/t/plugin_auth.test b/mysql-test/t/plugin_auth.test index 0dc3068de61..f169360cf2e 100644 --- a/mysql-test/t/plugin_auth.test +++ b/mysql-test/t/plugin_auth.test @@ -540,4 +540,35 @@ connection default; disconnect b12610784; DROP USER bug12610784@localhost; + +--echo # +--echo # Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM +--echo # AUTHENTICATION SETTINGS +--echo # + +CREATE USER bug12818542@localhost + IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest'; +CREATE USER bug12818542_dest@localhost + IDENTIFIED BY 'bug12818542_dest_passwd'; +GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost; + +connect(bug12818542_con,localhost,bug12818542,bug12818542_dest); +connection bug12818542_con; +SELECT USER(),CURRENT_USER(); + +SET PASSWORD = PASSWORD('bruhaha'); + +connection default; +disconnect bug12818542_con; + +connect(bug12818542_con2,localhost,bug12818542,bug12818542_dest); +connection bug12818542_con2; +SELECT USER(),CURRENT_USER(); + +connection default; +disconnect bug12818542_con2; + +DROP USER bug12818542@localhost; +DROP USER bug12818542_dest@localhost; + --echo End of 5.5 tests diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index f4d217c85ff..06a67edda36 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1881,17 +1881,17 @@ bool change_password(THD *thd, const char *host, const char *user, goto end; } + /* update loaded acl entry: */ + set_user_salt(acl_user, new_password, new_password_len); + if (my_strcasecmp(system_charset_info, acl_user->plugin.str, native_password_plugin_name.str) && my_strcasecmp(system_charset_info, acl_user->plugin.str, old_password_plugin_name.str)) - { push_warning(thd, MYSQL_ERROR::WARN_LEVEL_NOTE, ER_SET_PASSWORD_AUTH_PLUGIN, ER(ER_SET_PASSWORD_AUTH_PLUGIN)); - } - /* update loaded acl entry: */ - set_user_salt(acl_user, new_password, new_password_len); - set_user_plugin(acl_user, new_password_len); + else + set_user_plugin(acl_user, new_password_len); if (update_user_table(thd, table, acl_user->host.hostname ? acl_user->host.hostname : "", |