3 files changed, 48 insertions, 8 deletions

diff --git a/mysql-test/r/connect.result b/mysql-test/r/connect.result
index a2aae923cf7..32c7bdfcf12 100644
--- a/mysql-test/r/connect.result
+++ b/mysql-test/r/connect.result
@@ -273,6 +273,20 @@ connect(localhost,mysqltest_nouser,newpw,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: YES)
 connect(localhost,mysqltest_nouser,,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: NO)
+update mysql.user set password=authentication_string, authentication_string=''
+                  where user like 'mysqltest_up_';
+select user, password, plugin, authentication_string from mysql.user
+where user like 'mysqltest_up_';
+user	password	plugin	authentication_string
+mysqltest_up1	*E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB	mysql_native_password	
+mysqltest_up2	09301740536db389	mysql_old_password	
+flush privileges;
+select user(), current_user();
+user()	current_user()
+mysqltest_up1@localhost	mysqltest_up1@%
+select user(), current_user();
+user()	current_user()
+mysqltest_up2@localhost	mysqltest_up2@%
 DROP USER mysqltest_up1@'%';
 DROP USER mysqltest_up2@'%';
 #
diff --git a/mysql-test/t/connect.test b/mysql-test/t/connect.test
index 916b0150773..fca588de8e8 100644
--- a/mysql-test/t/connect.test
+++ b/mysql-test/t/connect.test
@@ -378,8 +378,8 @@ select user(), current_user();
 disconnect pcon4;
 
 #
-# lpbug#683112 Maria 5.2 incorrectly reports "(using password: NO)"
-#              even when password is specified
+# lp:683112 Maria 5.2 incorrectly reports "(using password: NO)"
+#           even when password is specified
 #
 # test "access denied" error for nonexisting user with and without a password
 #
@@ -391,6 +391,31 @@ connect(pcon5,localhost,mysqltest_nouser,newpw,,$MASTER_MYPORT,);
 connect(pcon5,localhost,mysqltest_nouser,,,$MASTER_MYPORT,);
 
 connection default;
+
+#
+# MDEV-6253 MySQL Users Break when Migrating from MySQL 5.1 to MariaDB 10.0.10
+#
+# cannot connect when password is set and plugin=mysql_native_password
+#
+update mysql.user set password=authentication_string, authentication_string=''
+                  where user like 'mysqltest_up_';
+select user, password, plugin, authentication_string from mysql.user
+                  where user like 'mysqltest_up_';
+flush privileges;                  
+
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+connect(pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,);
+connection pcon6;
+select user(), current_user();
+disconnect pcon6;
+
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+connect(pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,);
+connection pcon7;
+select user(), current_user();
+disconnect pcon7;
+connection default;
+
 DROP USER mysqltest_up1@'%';
 DROP USER mysqltest_up2@'%';
 
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 5f077c22168..5e8e0e7a4e8 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -877,7 +877,6 @@ static char *fix_plugin_ptr(char *name)
 */
 static bool fix_user_plugin_ptr(ACL_USER *user)
 {
-  user->salt_len= 0;
   if (my_strcasecmp(system_charset_info, user->plugin.str,
                     native_password_plugin_name.str) == 0)
     user->plugin= native_password_plugin_name;
@@ -888,7 +887,8 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
   else
     return true;
 
-  set_user_salt(user, user->auth_string.str, user->auth_string.length);
+  if (user->auth_string.length)
+    set_user_salt(user, user->auth_string.str, user->auth_string.length);
   return false;
 }
 
@@ -1259,7 +1259,11 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
           {
             user.plugin.str= tmpstr;
             user.plugin.length= strlen(user.plugin.str);
-            if (user.auth_string.length)
+            user.auth_string.str=
+              safe_str(get_field(&acl_memroot, table->field[next_field++]));
+            user.auth_string.length= strlen(user.auth_string.str);
+
+            if (user.auth_string.length && password_len)
             {
               sql_print_warning("'user' entry '%s@%s' has both a password "
                                 "and an authentication plugin specified. The "
@@ -1267,9 +1271,6 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
                                 safe_str(user.user.str),
                                 safe_str(user.host.hostname));
             }
-            user.auth_string.str=
-              safe_str(get_field(&acl_memroot, table->field[next_field++]));
-            user.auth_string.length= strlen(user.auth_string.str);
 
             fix_user_plugin_ptr(&user);
           }