Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES

PAM AUTHENTICATION SETTINGS

SET PASSWORD code on a account with plugin authentication was errorneously
resetting the in-memory plugin pointer for the user back to native password 
plugin despite the fact that it was sending a warning that the command has 
no immediate effect.
Fixed by not updating the user's plugin if it's already set to a non default value.
Note that the bug affected only the in-memory cache of the user definitions.
Any restart of the server will fix the problem.
Also the salt and the password has are still stored into the user tables (just as 
it's documented now).
Test case added.
One old test case result updated  to have the correct value.

1 files changed, 5 insertions, 5 deletions

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index f4d217c85ff..06a67edda36 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -1881,17 +1881,17 @@ bool change_password(THD *thd, const char *host, const char *user,
     goto end;
   }
 
+  /* update loaded acl entry: */
+  set_user_salt(acl_user, new_password, new_password_len);
+
   if (my_strcasecmp(system_charset_info, acl_user->plugin.str,
                     native_password_plugin_name.str) &&
       my_strcasecmp(system_charset_info, acl_user->plugin.str,
                     old_password_plugin_name.str))
-  {
     push_warning(thd, MYSQL_ERROR::WARN_LEVEL_NOTE,
                  ER_SET_PASSWORD_AUTH_PLUGIN, ER(ER_SET_PASSWORD_AUTH_PLUGIN));
-  }
-  /* update loaded acl entry: */
-  set_user_salt(acl_user, new_password, new_password_len);
-  set_user_plugin(acl_user, new_password_len);
+  else
+    set_user_plugin(acl_user, new_password_len);
 
   if (update_user_table(thd, table,
 			acl_user->host.hostname ? acl_user->host.hostname : "",