Fix hostcache_ipv4_blocked and hostcache_ipv6_blocked to pass.

Don't abort plugin reads whem mpvio->make_it_fail is set - this can leak information.

mysql-test/r/plugin_auth_qa_3.result

@@ -6,6 +6,6 @@ exec MYSQL --default_auth=qa_auth_client -h localhost -P MASTER_MYPORT -u qa_tes
 current_user()	user()	@@local.proxy_user	@@local.external_user
 qa_test_11_dest@%	qa_test_11_user@localhost	'qa_test_11_user'@'%'	NULL
 exec MYSQL --default_auth=qa_auth_client -h localhost -P MASTER_MYPORT -u qa_test_2_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
-ERROR 1045 (28000): Access denied for user 'qa_test_2_user'@'localhost' (using password: NO)
+ERROR 1045 (28000): Access denied for user 'qa_test_2_user'@'localhost' (using password: YES)
 DROP USER qa_test_11_user, qa_test_11_dest;
 DROP DATABASE test_user_db;

mysql-test/suite/perfschema/r/hostcache_ipv4_blocked.result

@@ -32,7 +32,7 @@ select current_user();
 current_user()
 root@localhost
 set global debug_dbug= "+d,vio_peer_addr_fake_ipv4,getnameinfo_fake_ipv4,getaddrinfo_fake_good_ipv4,native_password_bad_reply";
-ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv4.example.com' (using password: NO)
+ERROR 08S01: Bad handshake
 "Dumping performance_schema.host_cache"
 IP	192.0.2.4
 HOST	santa.claus.ipv4.example.com
@@ -61,7 +61,7 @@ COUNT_LOCAL_ERRORS	0
 COUNT_UNKNOWN_ERRORS	0
 FIRST_ERROR_SEEN	set
 LAST_ERROR_SEEN	set
-ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv4.example.com' (using password: NO)
+ERROR 08S01: Bad handshake
 "Dumping performance_schema.host_cache"
 IP	192.0.2.4
 HOST	santa.claus.ipv4.example.com
@@ -90,7 +90,7 @@ COUNT_LOCAL_ERRORS	0
 COUNT_UNKNOWN_ERRORS	0
 FIRST_ERROR_SEEN	set
 LAST_ERROR_SEEN	set
-ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv4.example.com' (using password: NO)
+ERROR 08S01: Bad handshake
 "Dumping performance_schema.host_cache"
 IP	192.0.2.4
 HOST	santa.claus.ipv4.example.com
@@ -178,7 +178,7 @@ COUNT_UNKNOWN_ERRORS	0
 FIRST_ERROR_SEEN	set
 LAST_ERROR_SEEN	set
 flush hosts;
-ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv4.example.com' (using password: NO)
+ERROR 08S01: Bad handshake
 "Dumping performance_schema.host_cache"
 IP	192.0.2.4
 HOST	santa.claus.ipv4.example.com

mysql-test/suite/perfschema/r/hostcache_ipv6_blocked.result

@@ -32,7 +32,7 @@ select current_user();
 current_user()
 root@localhost
 set global debug_dbug= "+d,vio_peer_addr_fake_ipv6,getnameinfo_fake_ipv6,getaddrinfo_fake_good_ipv6,native_password_bad_reply";
-ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv6.example.com' (using password: NO)
+ERROR 08S01: Bad handshake
 "Dumping performance_schema.host_cache"
 IP	2001:db8::6:6
 HOST	santa.claus.ipv6.example.com
@@ -61,7 +61,7 @@ COUNT_LOCAL_ERRORS	0
 COUNT_UNKNOWN_ERRORS	0
 FIRST_ERROR_SEEN	set
 LAST_ERROR_SEEN	set
-ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv6.example.com' (using password: NO)
+ERROR 08S01: Bad handshake
 "Dumping performance_schema.host_cache"
 IP	2001:db8::6:6
 HOST	santa.claus.ipv6.example.com
@@ -90,7 +90,7 @@ COUNT_LOCAL_ERRORS	0
 COUNT_UNKNOWN_ERRORS	0
 FIRST_ERROR_SEEN	set
 LAST_ERROR_SEEN	set
-ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv6.example.com' (using password: NO)
+ERROR 08S01: Bad handshake
 "Dumping performance_schema.host_cache"
 IP	2001:db8::6:6
 HOST	santa.claus.ipv6.example.com
@@ -178,7 +178,7 @@ COUNT_UNKNOWN_ERRORS	0
 FIRST_ERROR_SEEN	set
 LAST_ERROR_SEEN	set
 flush hosts;
-ERROR 28000: Access denied for user 'quota'@'santa.claus.ipv6.example.com' (using password: NO)
+ERROR 08S01: Bad handshake
 "Dumping performance_schema.host_cache"
 IP	2001:db8::6:6
 HOST	santa.claus.ipv6.example.com

mysql-test/suite/perfschema/t/hostcache_ipv4_blocked.test

@@ -31,7 +31,7 @@ disconnect con1;
 set global debug_dbug= "+d,vio_peer_addr_fake_ipv4,getnameinfo_fake_ipv4,getaddrinfo_fake_good_ipv4,native_password_bad_reply";
 
 --disable_query_log
---error ER_ACCESS_DENIED_ERROR
+--error ER_HANDSHAKE_ERROR
 connect (con2a,"127.0.0.1",quota,,test,$MASTER_MYPORT,);
 --enable_query_log
 
@@ -39,7 +39,7 @@ connect (con2a,"127.0.0.1",quota,,test,$MASTER_MYPORT,);
 --source ../include/hostcache_dump.inc
 
 --disable_query_log
---error ER_ACCESS_DENIED_ERROR
+--error ER_HANDSHAKE_ERROR
 connect (con2b,"127.0.0.1",quota,,test,$MASTER_MYPORT,);
 --enable_query_log
 
@@ -47,7 +47,7 @@ connect (con2b,"127.0.0.1",quota,,test,$MASTER_MYPORT,);
 --source ../include/hostcache_dump.inc
 
 --disable_query_log
---error ER_ACCESS_DENIED_ERROR
+--error ER_HANDSHAKE_ERROR
 connect (con2c,"127.0.0.1",quota,,test,$MASTER_MYPORT,);
 --enable_query_log
 
@@ -74,7 +74,7 @@ connect (con2e,"127.0.0.1",quota,,test,$MASTER_MYPORT,);
 flush hosts;
 
 --disable_query_log
---error ER_ACCESS_DENIED_ERROR
+--error ER_HANDSHAKE_ERROR
 connect (con2c,"127.0.0.1",quota,,test,$MASTER_MYPORT,);
 --enable_query_log
 

mysql-test/suite/perfschema/t/hostcache_ipv6_blocked.test

@@ -32,7 +32,7 @@ disconnect con1;
 set global debug_dbug= "+d,vio_peer_addr_fake_ipv6,getnameinfo_fake_ipv6,getaddrinfo_fake_good_ipv6,native_password_bad_reply";
 
 --disable_query_log
---error ER_ACCESS_DENIED_ERROR
+--error ER_HANDSHAKE_ERROR
 connect (con2a,"::1",quota,,test,$MASTER_MYPORT,);
 --enable_query_log
 
@@ -40,7 +40,7 @@ connect (con2a,"::1",quota,,test,$MASTER_MYPORT,);
 --source ../include/hostcache_dump.inc
 
 --disable_query_log
---error ER_ACCESS_DENIED_ERROR
+--error ER_HANDSHAKE_ERROR
 connect (con2b,"::1",quota,,test,$MASTER_MYPORT,);
 --enable_query_log
 
@@ -48,7 +48,7 @@ connect (con2b,"::1",quota,,test,$MASTER_MYPORT,);
 --source ../include/hostcache_dump.inc
 
 --disable_query_log
---error ER_ACCESS_DENIED_ERROR
+--error ER_HANDSHAKE_ERROR
 connect (con2c,"::1",quota,,test,$MASTER_MYPORT,);
 --enable_query_log
 
@@ -75,7 +75,7 @@ connect (con2e,"::1",quota,,test,$MASTER_MYPORT,);
 flush hosts;
 
 --disable_query_log
---error ER_ACCESS_DENIED_ERROR
+--error ER_HANDSHAKE_ERROR
 connect (con2c,"::1",quota,,test,$MASTER_MYPORT,);
 --enable_query_log
 

sql/sql_acl.cc

@@ -11728,9 +11728,6 @@ static int server_mpvio_read_packet(MYSQL_PLUGIN_VIO *param, uchar **buf)
       mpvio->cached_client_reply.pkt= 0;
       mpvio->packets_read++;
 
-      if (mpvio->make_it_fail)
-        goto err;
-
       DBUG_RETURN ((int) mpvio->cached_client_reply.pkt_len);
     }
 
@@ -11765,21 +11762,13 @@ static int server_mpvio_read_packet(MYSQL_PLUGIN_VIO *param, uchar **buf)
   else
     *buf= mpvio->thd->net.read_pos;
 
-  if (mpvio->make_it_fail)
-    goto err;
-
   DBUG_RETURN((int)pkt_len);
 
 err:
   if (mpvio->status == MPVIO_EXT::FAILURE)
   {
     if (!mpvio->thd->is_error())
-    {
-      if (mpvio->make_it_fail)
-        login_failed_error(mpvio->thd);
-      else
-        my_error(ER_HANDSHAKE_ERROR, MYF(0));
-    }
+      my_error(ER_HANDSHAKE_ERROR, MYF(0));
   }
   DBUG_RETURN(-1);
 }
@@ -12044,7 +12033,7 @@ bool acl_authenticate(THD *thd, uint connect_errors,
     auth_plugin_name= &mpvio.acl_user->plugin;
     res= do_auth_once(thd, auth_plugin_name, &mpvio);
   }
-  if (mpvio.make_it_fail)
+  if (mpvio.make_it_fail && res == CR_OK)
   {
     mpvio.status= MPVIO_EXT::FAILURE;
     res= CR_ERROR;
@@ -12342,6 +12331,8 @@ static int native_password_authenticate(MYSQL_PLUGIN_VIO *vio,
   DBUG_RETURN(CR_OK);
 #endif
 
+  DBUG_EXECUTE_IF("native_password_bad_reply", { pkt_len= 12; });
+
   if (pkt_len == 0) /* no password */
     DBUG_RETURN(mpvio->acl_user->salt_len != 0 ? CR_AUTH_USER_CREDENTIALS : CR_OK);