diff options
author | Sergei Golubchik <serg@mariadb.org> | 2018-10-17 12:48:13 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2018-10-31 16:06:16 +0100 |
commit | 7c40996cc866ba9c6cf781776312301baa81c452 (patch) | |
tree | 8b685a88b0f3a1fbe854c2a77c2703e6bcdbdd27 /mysql-test/main/plugin_auth_qa_1.test | |
parent | 14e181a43456545380856b922051af881b1c38f8 (diff) | |
download | mariadb-git-7c40996cc866ba9c6cf781776312301baa81c452.tar.gz |
MDEV-12321 authentication plugin: SET PASSWORD support
Support SET PASSWORD for authentication plugins.
Authentication plugin API is extended with two optional methods:
* hash_password() is used to compute a password hash (or digest)
from the plain-text password. This digest will be stored in mysql.user
table
* preprocess_hash() is used to convert this digest into some memory
representation that can be later used to authenticate a user.
Build-in plugins convert the hash from hexadecimal or base64 to binary,
to avoid doing it on every authentication attempt.
Note a change in behavior: when loading privileges (on startup or on
FLUSH PRIVILEGES) an account with an unknown plugin was loaded with a
warning (e.g. "Plugin 'foo' is not loaded"). But such an account could
not be used for authentication until the plugin is installed. Now an
account like that will not be loaded at all (with a warning, still).
Indeed, without plugin's preprocess_hash() method the server cannot know
how to load an account. Thus, if a new authentication plugin is
installed run-time, one might need FLUSH PRIVILEGES to activate all
existing accounts that were using this new plugin.
Diffstat (limited to 'mysql-test/main/plugin_auth_qa_1.test')
-rw-r--r-- | mysql-test/main/plugin_auth_qa_1.test | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mysql-test/main/plugin_auth_qa_1.test b/mysql-test/main/plugin_auth_qa_1.test index b0b8ffb3544..4f45a8aced6 100644 --- a/mysql-test/main/plugin_auth_qa_1.test +++ b/mysql-test/main/plugin_auth_qa_1.test @@ -141,7 +141,7 @@ FLUSH PRIVILEGES; --sorted_result SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; --disable_query_log ---error ER_PLUGIN_IS_NOT_LOADED +--error ER_ACCESS_DENIED_ERROR connect(plug_user,localhost,new_user,new_dest); --enable_query_log UPDATE mysql.user SET plugin='test_plugin_server' WHERE user='new_user'; |