Skip to content
Permalink
Browse files

Fix wrong check for valid length of hashed password in MySQL 8 and Ma…

…riaDB. Predefined length of 0, 16 and 41 characters is only valid with mysql_native_password plugin enabled users.

See https://www.heidisql.com/forum.php?t=26945#p27188
  • Loading branch information...
ansgarbecker committed May 26, 2019
1 parent dc0d2fd commit 493138de1c87ca46d9962572333c61a3dd9eda0f
Showing with 11 additions and 2 deletions.
  1. +11 −2 source/usermanager.pas
@@ -244,7 +244,10 @@ procedure TUserManagerForm.FormShow(Sender: TObject);
Users: TDBQuery;
U: TUser;
tmp, PasswordExpr: String;
SkipNameResolve, HasPassword, HasAuthString: Boolean;
SkipNameResolve,
HasPassword,
HasAuthString,
PasswordLengthMatters: Boolean;
UserTableColumns: TStringList;

function InitPrivList(Values: String): TStringList;
@@ -262,6 +265,7 @@ function InitPrivList(Values: String): TStringList;
PrivsTable := InitPrivList('ALTER,CREATE,DELETE,DROP,GRANT,INDEX');
PrivsRoutine := InitPrivList('GRANT');
PrivsColumn := InitPrivList('INSERT,SELECT,UPDATE,REFERENCES');
PasswordLengthMatters := True;

if Version >= 40002 then begin
PrivsGlobal.Add('REPLICATION CLIENT');
@@ -294,6 +298,11 @@ function InitPrivList(Values: String): TStringList;
PrivsDb.Add('PROXY');
end;
}
if Version >= 80000 then begin
// MySQL 8 has predefined length of hashed passwords only with
// mysql_native_password plugin enabled users
PasswordLengthMatters := False;
end;

PrivsTable.AddStrings(PrivsColumn);
PrivsDb.AddStrings(PrivsTable);
@@ -346,7 +355,7 @@ function InitPrivList(Values: String): TStringList;
U.Problem := upNone;
if Length(U.Password) = 0 then
U.Problem := upEmptyPassword;
if not (Length(U.Password) in [0, 16, 41]) then
if PasswordLengthMatters and (not (Length(U.Password) in [0, 16, 41])) then
U.Problem := upInvalidPasswordLen
else if SkipNameResolve and U.HostRequiresNameResolve then
U.Problem := upSkipNameResolve;

0 comments on commit 493138d

Please sign in to comment.
You can’t perform that action at this time.