MDEV-6253 MySQL Users Break when Migrating from MySQL 5.1 to MariaDB 10.0.10

When plugin=mysql_native_password (or mysql_old_password) take the password from *either* password *or* authentication_string, whichever is set. This makes no sense, but alas, that's what MySQL-5.6 does.
2025-01-16 12:02:42 +01:00 · 2014-06-11 10:09:29 +02:00 · 2014-06-11 10:09:29 +02:00 · 1eaf2106e5
commit 1eaf2106e5
parent 805d302dec
3 changed files with 48 additions and 8 deletions
--- a/mysql-test/r/connect.result
+++ b/mysql-test/r/connect.result
@ -273,6 +273,20 @@ connect(localhost,mysqltest_nouser,newpw,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: YES)
 connect(localhost,mysqltest_nouser,,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'mysqltest_nouser'@'localhost' (using password: NO)
+update mysql.user set password=authentication_string, authentication_string=''
+                  where user like 'mysqltest_up_';
+select user, password, plugin, authentication_string from mysql.user
+where user like 'mysqltest_up_';
+user	password	plugin	authentication_string
+mysqltest_up1	*E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB	mysql_native_password	
+mysqltest_up2	09301740536db389	mysql_old_password	
+flush privileges;
+select user(), current_user();
+user()	current_user()
+mysqltest_up1@localhost	mysqltest_up1@%
+select user(), current_user();
+user()	current_user()
+mysqltest_up2@localhost	mysqltest_up2@%
 DROP USER mysqltest_up1@'%';
 DROP USER mysqltest_up2@'%';
 #
--- a/mysql-test/t/connect.test
+++ b/mysql-test/t/connect.test
@ -378,8 +378,8 @@ select user(), current_user();
 disconnect pcon4;

 #
-# lpbug#683112 Maria 5.2 incorrectly reports "(using password: NO)"
-#              even when password is specified
+# lp:683112 Maria 5.2 incorrectly reports "(using password: NO)"
+#           even when password is specified
 #
 # test "access denied" error for nonexisting user with and without a password
 #
@ -391,6 +391,31 @@ connect(pcon5,localhost,mysqltest_nouser,newpw,,$MASTER_MYPORT,);
 connect(pcon5,localhost,mysqltest_nouser,,,$MASTER_MYPORT,);

 connection default;
+
+#
+# MDEV-6253 MySQL Users Break when Migrating from MySQL 5.1 to MariaDB 10.0.10
+#
+# cannot connect when password is set and plugin=mysql_native_password
+#
+update mysql.user set password=authentication_string, authentication_string=''
+                  where user like 'mysqltest_up_';
+select user, password, plugin, authentication_string from mysql.user
+                  where user like 'mysqltest_up_';
+flush privileges;                  
+
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+connect(pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,);
+connection pcon6;
+select user(), current_user();
+disconnect pcon6;
+
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+connect(pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,);
+connection pcon7;
+select user(), current_user();
+disconnect pcon7;
+connection default;
+
 DROP USER mysqltest_up1@'%';
 DROP USER mysqltest_up2@'%';

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -877,7 +877,6 @@ static char *fix_plugin_ptr(char *name)
 */
 static bool fix_user_plugin_ptr(ACL_USER *user)
 {
-  user->salt_len= 0;
  if (my_strcasecmp(system_charset_info, user->plugin.str,
                    native_password_plugin_name.str) == 0)
    user->plugin= native_password_plugin_name;
@ -888,7 +887,8 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
  else
    return true;

-  set_user_salt(user, user->auth_string.str, user->auth_string.length);
+  if (user->auth_string.length)
+    set_user_salt(user, user->auth_string.str, user->auth_string.length);
  return false;
 }

@ -1259,7 +1259,11 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
          {
            user.plugin.str= tmpstr;
            user.plugin.length= strlen(user.plugin.str);
-            if (user.auth_string.length)
+            user.auth_string.str=
+              safe_str(get_field(&acl_memroot, table->field[next_field++]));
+            user.auth_string.length= strlen(user.auth_string.str);
+
+            if (user.auth_string.length && password_len)
            {
              sql_print_warning("'user' entry '%s@%s' has both a password "
                                "and an authentication plugin specified. The "
@ -1267,9 +1271,6 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
                                safe_str(user.user.str),
                                safe_str(user.host.hostname));
            }
-            user.auth_string.str=
-              safe_str(get_field(&acl_memroot, table->field[next_field++]));
-            user.auth_string.length= strlen(user.auth_string.str);

            fix_user_plugin_ptr(&user);
          }