fix a case where automatic procedure grant was changing user's password

phase out make_password_from_salt() to be removed in 10.1

fix a case where automatic procedure grant was changing user's password
phase out make_password_from_salt() to be removed in 10.1
44cf4d67 · Sergei Golubchik · 865b83e9 · 44cf4d67 · 44cf4d67 · 44cf4d67
Commit 44cf4d67 authored Feb 17, 2015 by Sergei Golubchik
4 changed files
--- a/include/mysql_com.h
+++ b/include/mysql_com.h
@@ -618,14 +618,17 @@ void scramble_323(char *to, const char *message, const char *password);
 my_bool check_scramble_323(const unsigned char *reply, const char *message,
                           unsigned long *salt);
 void get_salt_from_password_323(unsigned long *res, const char *password);
+#if MYSQL_VERSION_ID < 100100
 void make_password_from_salt_323(char *to, const unsigned long *salt);
-
+#endif
 void make_scrambled_password(char *to, const char *password);
 void scramble(char *to, const char *message, const char *password);
 my_bool check_scramble(const unsigned char *reply, const char *message,
                       const unsigned char *hash_stage2);
 void get_salt_from_password(unsigned char *res, const char *password);
+#if MYSQL_VERSION_ID < 100100
 void make_password_from_salt(char *to, const unsigned char *hash_stage2);
+#endif
 char *octet2hex(char *to, const char *str, unsigned int len);

 /* end of password.c */

--- a/mysql-test/r/sp_notembedded.result
+++ b/mysql-test/r/sp_notembedded.result
@@ -284,4 +284,23 @@ DROP EVENT teste_bug11763507;
 # ------------------------------------------------------------------
 # -- End of 5.1 tests
 # ------------------------------------------------------------------
+grant create routine on test.* to foo1@localhost identified by 'foo';
+update mysql.user set password = replace(password, '*', '-') where user='foo1';
+show grants;
+Grants for foo1@localhost
+GRANT USAGE ON *.* TO 'foo1'@'localhost' IDENTIFIED BY PASSWORD '*F3A2A51A9B0F2BE2468926B4132313728C250DBF'
+GRANT CREATE ROUTINE ON `test`.* TO 'foo1'@'localhost'
+flush privileges;
+show grants;
+Grants for foo1@localhost
+GRANT USAGE ON *.* TO 'foo1'@'localhost' IDENTIFIED BY PASSWORD '-F3A2A51A9B0F2BE2468926B4132313728C250DBF'
+GRANT CREATE ROUTINE ON `test`.* TO 'foo1'@'localhost'
+create procedure spfoo() select 1;
+show grants;
+Grants for foo1@localhost
+GRANT USAGE ON *.* TO 'foo1'@'localhost' IDENTIFIED BY PASSWORD '-F3A2A51A9B0F2BE2468926B4132313728C250DBF'
+GRANT CREATE ROUTINE ON `test`.* TO 'foo1'@'localhost'
+GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `test`.`spfoo` TO 'foo1'@'localhost'
+drop procedure spfoo;
+drop user foo1@localhost;
 set @@global.concurrent_insert= @old_concurrent_insert;
--- a/mysql-test/t/sp_notembedded.test
+++ b/mysql-test/t/sp_notembedded.test
@@ -461,6 +461,26 @@ DROP EVENT teste_bug11763507;
 --echo # -- End of 5.1 tests
 --echo # ------------------------------------------------------------------

+#
+# A case of SHOW GRANTS
+# (creating a new procedure changes the password)
+#
+grant create routine on test.* to foo1@localhost identified by 'foo';
+update mysql.user set password = replace(password, '*', '-') where user='foo1';
+--connect (foo,localhost,foo1,foo)
+show grants;
+--connection default
+flush privileges;
+--connection foo
+show grants;
+create procedure spfoo() select 1;
+show grants;
+
+--connection default
+--disconnect foo
+drop procedure spfoo;
+drop user foo1@localhost;
+
 #
 # Restore global concurrent_insert value. Keep in the end of the test file.
 #

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -9840,7 +9840,6 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
  List<LEX_USER> user_list;
  bool result;
  ACL_USER *au;
-  char passwd_buff[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
  Dummy_error_handler error_handler;
  DBUG_ENTER("sp_grant_privileges");

@@ -9881,33 +9880,10 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,

  if(au)
  {
-    if (au->salt_len)
-    {
-      if (au->salt_len == SCRAMBLE_LENGTH)
-      {
-        make_password_from_salt(passwd_buff, au->salt);
-        combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
-      }
-      else if (au->salt_len == SCRAMBLE_LENGTH_323)
-      {
-        make_password_from_salt_323(passwd_buff, (ulong *) au->salt);
-        combo->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
-      }
-      else
-      {
-        push_warning_printf(thd, Sql_condition::WARN_LEVEL_WARN, ER_PASSWD_LENGTH,
-                            ER(ER_PASSWD_LENGTH), SCRAMBLED_PASSWORD_CHAR_LENGTH);
-        return TRUE;
-      }
-      combo->password.str= passwd_buff;
-    }
-
    if (au->plugin.str != native_password_plugin_name.str &&
        au->plugin.str != old_password_plugin_name.str)
-    {
      combo->plugin= au->plugin;
-      combo->auth= au->auth_string;
-    }
+    combo->auth= au->auth_string;
  }

  if (user_list.push_back(combo))