ed25519: better error message for an incorrect password hash

vuvova · vuvova · commit 103a32fdd368 · 2019-02-04T15:54:10.000+01:00
diff --git a/mysql-test/suite/plugins/r/auth_ed25519.result b/mysql-test/suite/plugins/r/auth_ed25519.result
@@ -39,6 +39,10 @@ show grants for test1@localhost;
 Grants for test1@localhost
 GRANT USAGE ON *.* TO 'test1'@'localhost' IDENTIFIED VIA ed25519 USING 'ZIgUREUg5PVgQ6LskhXmO+eZLS0nC8be6HPjYWR4YJY'
 drop user test1@localhost;
+create user test1@localhost identified via ed25519 using 'foo';
+ERROR HY000: Password hash should be 43 characters long
+create user test1@localhost identified via ed25519 using '>>>1234567890123456789012345678901234567890';
+ERROR HY000: Password hash should be base64 encoded
 create user test1@localhost identified via ed25519 using password('foo');
 show grants for test1@localhost;
 Grants for test1@localhost
diff --git a/mysql-test/suite/plugins/t/auth_ed25519.test b/mysql-test/suite/plugins/t/auth_ed25519.test
@@ -29,6 +29,10 @@ let $pwd=`select ed25519_password("secret")`;
 eval create user test1@localhost identified via ed25519 using '$pwd';
 show grants for test1@localhost;
 drop user test1@localhost;
+--error ER_PASSWD_LENGTH
+create user test1@localhost identified via ed25519 using 'foo';
+--error ER_PASSWD_LENGTH
+create user test1@localhost identified via ed25519 using '>>>1234567890123456789012345678901234567890';
 create user test1@localhost identified via ed25519 using password('foo');
 show grants for test1@localhost;
 select ed25519_password('foo');
diff --git a/plugin/auth_ed25519/server_ed25519.c b/plugin/auth_ed25519/server_ed25519.c
@@ -15,6 +15,7 @@
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */
 
 #include <mysql/plugin_auth.h>
+#include <mysqld_error.h>
 #include "common.h"
 
 #if !defined(__attribute__) && !defined(__GNUC__)
@@ -77,12 +78,18 @@ static int digest_to_binary(const char *d, size_t dlen,
   char pw[PASSWORD_LEN_BUF];
 
   if (*blen < CRYPTO_PUBLICKEYBYTES || dlen != PASSWORD_LEN)
+  {
+    my_printf_error(ER_PASSWD_LENGTH, "Password hash should be %d characters long", 0, PASSWORD_LEN);
     return 1;
+  }
 
   *blen= CRYPTO_PUBLICKEYBYTES;
   memcpy(pw, d, PASSWORD_LEN);
   pw[PASSWORD_LEN]= '=';
-  return my_base64_decode(pw, PASSWORD_LEN_BUF, b, 0, 0) != CRYPTO_PUBLICKEYBYTES;
+  if (my_base64_decode(pw, PASSWORD_LEN_BUF, b, 0, 0) == CRYPTO_PUBLICKEYBYTES)
+    return 0;
+  my_printf_error(ER_PASSWD_LENGTH, "Password hash should be base64 encoded", 0);
+  return 1;
 }
 
 static struct st_mysql_auth info =
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
@@ -1792,7 +1792,7 @@ static int set_user_salt(ACL_USER *acl_user, plugin_ref plugin)
     size_t len= sizeof(buf);
     if (auth->preprocess_hash(acl_user->auth_string.str,
                               acl_user->auth_string.length, buf, &len))
-      return 1; // ER_PASSWD_LENGTH?
+      return 1;
     acl_user->salt.str= (char*)memdup_root(&acl_memroot, buf, len);
     acl_user->salt.length= len;
   }

Original file line number	Diff line number	Diff line change
`@@ -1792,7 +1792,7 @@ static int set_user_salt(ACL_USER *acl_user, plugin_ref plugin)`
`1792`	`1792`	`size_t len= sizeof(buf);`
`1793`	`1793`	`if (auth->preprocess_hash(acl_user->auth_string.str,`
`1794`	`1794`	`acl_user->auth_string.length, buf, &len))`
`1795`		`- return 1; // ER_PASSWD_LENGTH?`
	`1795`	`+ return 1;`
`1796`	`1796`	`acl_user->salt.str= (char*)memdup_root(&acl_memroot, buf, len);`
`1797`	`1797`	`acl_user->salt.length= len;`
`1798`	`1798`	`}`