diff options
| author | unknown <serg@serg.mylan> | 2004-07-30 22:05:08 +0200 |
|---|---|---|
| committer | unknown <serg@serg.mylan> | 2004-07-30 22:05:08 +0200 |
| commit | 04f6651c3985efad193a2ce9344d3ced2ff05608 (patch) | |
| tree | 6acb782689f3413275490851b6010dbfd28713a3 | |
| parent | 2585b1938f7027dee83bec20960e6adea0816e3e (diff) | |
| download | mariadb-git-04f6651c3985efad193a2ce9344d3ced2ff05608.tar.gz | |
apply in SET PASSWORD same checks as in GRANT, to let only valid hashes through
| -rw-r--r-- | mysql-test/r/connect.result | 2 | ||||
| -rw-r--r-- | mysql-test/t/connect.test | 2 | ||||
| -rw-r--r-- | sql/set_var.cc | 9 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 20 | ||||
| -rw-r--r-- | sql/sql_acl.h | 3 |
5 files changed, 26 insertions, 10 deletions
diff --git a/mysql-test/r/connect.result b/mysql-test/r/connect.result index 10c5d6cc0b8..ae0def02399 100644 --- a/mysql-test/r/connect.result +++ b/mysql-test/r/connect.result @@ -40,6 +40,8 @@ show tables; Tables_in_test update mysql.user set password=old_password("gambling2") where user=_binary"test"; flush privileges; +set password='gambling3'; +ERROR HY000: Password hash should be a 41-digit hexadecimal number set password=old_password('gambling3'); show tables; Tables_in_mysql diff --git a/mysql-test/t/connect.test b/mysql-test/t/connect.test index 32c1479ae04..c1ecf176470 100644 --- a/mysql-test/t/connect.test +++ b/mysql-test/t/connect.test @@ -48,6 +48,8 @@ flush privileges; #connect (con1,localhost,test,gambling2,""); #show tables; connect (con1,localhost,test,gambling2,mysql); +--error 1105 +set password='gambling3'; set password=old_password('gambling3'); show tables; connect (con1,localhost,test,gambling3,test); diff --git a/sql/set_var.cc b/sql/set_var.cc index e70fdaedb29..bcebb62ae4d 100644 --- a/sql/set_var.cc +++ b/sql/set_var.cc @@ -2851,8 +2851,9 @@ int set_var_password::check(THD *thd) if (!user->host.str) user->host.str= (char*) thd->host_or_ip; /* Returns 1 as the function sends error to client */ - return check_change_password(thd, user->host.str, user->user.str) ? 1 : 0; -#else + return check_change_password(thd, user->host.str, user->user.str, password) ? + 1 : 0; +#else return 0; #endif } @@ -2861,8 +2862,8 @@ int set_var_password::update(THD *thd) { #ifndef NO_EMBEDDED_ACCESS_CHECKS /* Returns 1 as the function sends error to client */ - return (change_password(thd, user->host.str, user->user.str, password) ? - 1 : 0); + return change_password(thd, user->host.str, user->user.str, password) ? + 1 : 0; #else return 0; #endif diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index fddd5b70a2f..f316bca4876 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1127,13 +1127,14 @@ bool acl_check_host(const char *host, const char *ip) 1 ERROR ; In this case the error is sent to the client. */ -bool check_change_password(THD *thd, const char *host, const char *user) +bool check_change_password(THD *thd, const char *host, const char *user, + char *new_password) { if (!initialized) { net_printf(thd,ER_OPTION_PREVENTS_STATEMENT, - "--skip-grant-tables"); /* purecov: inspected */ - return(1); /* purecov: inspected */ + "--skip-grant-tables"); + return(1); } if (!thd->slave_thread && (strcmp(thd->user,user) || @@ -1147,6 +1148,15 @@ bool check_change_password(THD *thd, const char *host, const char *user) send_error(thd, ER_PASSWORD_ANONYMOUS_USER); return(1); } + uint len=strlen(new_password); + if (len != SCRAMBLED_PASSWORD_CHAR_LENGTH && + len != SCRAMBLED_PASSWORD_CHAR_LENGTH_323) + { + net_printf(thd, 0, + "Password hash should be a %d-digit hexadecimal number", + SCRAMBLED_PASSWORD_CHAR_LENGTH); + return -1; + } return(0); } @@ -1174,7 +1184,7 @@ bool change_password(THD *thd, const char *host, const char *user, host,user,new_password)); DBUG_ASSERT(host != 0); // Ensured by parent - if (check_change_password(thd, host, user)) + if (check_change_password(thd, host, user, new_password)) DBUG_RETURN(1); VOID(pthread_mutex_lock(&acl_cache->lock)); @@ -1433,7 +1443,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, if (combo.password.length != SCRAMBLED_PASSWORD_CHAR_LENGTH && combo.password.length != SCRAMBLED_PASSWORD_CHAR_LENGTH_323) { - my_printf_error(ER_PASSWORD_NO_MATCH, + my_printf_error(ER_UNKNOWN_ERROR, "Password hash should be a %d-digit hexadecimal number", MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH); DBUG_RETURN(-1); diff --git a/sql/sql_acl.h b/sql/sql_acl.h index a237b45e29c..68cb1476eb5 100644 --- a/sql/sql_acl.h +++ b/sql/sql_acl.h @@ -142,7 +142,8 @@ ulong acl_get(const char *host, const char *ip, int acl_getroot(THD *thd, USER_RESOURCES *mqh, const char *passwd, uint passwd_len); bool acl_check_host(const char *host, const char *ip); -bool check_change_password(THD *thd, const char *host, const char *user); +bool check_change_password(THD *thd, const char *host, const char *user, + char *password); bool change_password(THD *thd, const char *host, const char *user, char *password); int mysql_grant(THD *thd, const char *db, List <LEX_USER> &user_list, |