mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-02-12 00:15:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/suite/plugins/t/parsec.test
Nikita Malyavin 583a5a79c9 MDEV-34854 Parsec sends garbage when using an empty password 
When an empty password is set, the server doesn't call
st_mysql_auth::hash_password and leaves MYSQL_SERVER_AUTH_INFO::auth_string
empty.

Fix:
generate hashes by calling hash_password for empty passwords as well. This
changes the api behavior slightly, but since even old plugins support it,
we can ignore this.

Some empty passwords could be already stored with no salt, though. The user
will have to call SET PASSWORD once again, anyway the authentication wouldn't
have worked for such password.
2024-11-08 07:17:44 +01:00

60 lines
1.9 KiB
Text
Raw Permalink Blame History

source include/platform.inc;
source include/not_embedded.inc;
if (`select count(*) = 0 from information_schema.plugins where plugin_name = 'parsec'`)
{
--skip Needs parsec plugin
}
if (!$PARSEC_SO) {
skip No auth_parsec plugin;
}
--error ER_PASSWD_LENGTH
create user test1@'%' identified via parsec using 'pwd';
create user test1@'%' identified via parsec using PASSWORD('pwd');
--replace_regex /:[A-Za-z0-9+\/]{43}'/:password'/ /:[A-Za-z0-9+\/]{24}:/:salt:/
show grants for test1@'%';
connect con1, localhost, test1, pwd;
select 1, USER(), CURRENT_USER();
disconnect con1;
connect con2, localhost, test1, pwd;
select 2, USER(), CURRENT_USER();
disconnect con2;
--replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT
--error ER_ACCESS_DENIED_ERROR
connect con3, localhost, test1, wrong_pwd;
connection default;
create function have_ssl() returns char(3)
return (select if(variable_value > '','yes','no') as 'have_ssl'
from information_schema.session_status
where variable_name='ssl_cipher');
grant execute on test.* to test1@'%';
let host=;
if ($MTR_COMBINATION_WIN) {
# see ssl_autoverify.test
let host=--host=127.0.0.2;
}
--echo # mysql -utest1 -ppwd --ssl-verify-server-cert -e "select test.have_ssl()"
--exec $MYSQL --protocol tcp $host -utest1 -ppwd --ssl-verify-server-cert -e "select test.have_ssl()" 2>&1
drop function have_ssl;
drop user test1@'%';
--echo # MDEV-34854 Parsec sends garbage when using an empty password
create user test2@'%' identified via parsec using PASSWORD('');
--replace_regex /:[A-Za-z0-9+\/]{43}'/:password'/ /:[A-Za-z0-9+\/]{24}:/:salt:/
show grants for test2@'%';
connect con4, localhost, test2,;
select 4, USER(), CURRENT_USER();
disconnect con4;
--replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT
--error ER_ACCESS_DENIED_ERROR
connect con5, localhost, test2, "wrong_pwd";
connection default;
drop user test2@'%';
Reference in a new issue View git blame Copy permalink