MDEV-18119 upgrading from 10.3 to 10.4 can result in the password for a user to be wiped out

vuvova · vuvova · commit c2a4bfad2239 · 2019-01-23T17:34:22.000+01:00
10.1 part: SHOW CREATE USER didn't show the password, if plugin was set,
but authentication_string was not
diff --git a/mysql-test/r/connect.result b/mysql-test/r/connect.result
@@ -82,8 +82,20 @@ connect(localhost,test,zorro,test2,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
 connect(localhost,test,zorro,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
+select user,host,password,plugin,authentication_string from mysql.user where user='test';
+user	host	password	plugin	authentication_string
+test	localhost	*5FDFF3268A50F41C5D18D2CA2F754D7BDB9B3E59		
+test	127.0.0.1	*5FDFF3268A50F41C5D18D2CA2F754D7BDB9B3E59		
 update mysql.user set password=old_password("gambling2") where user=_binary"test";
 flush privileges;
+show grants for test@localhost;
+Grants for test@localhost
+GRANT ALL PRIVILEGES ON *.* TO 'test'@'localhost' IDENTIFIED BY PASSWORD '2f27438961437573'
+update mysql.user set plugin='mysql_old_password' where user='test';
+flush privileges;
+show grants for test@localhost;
+Grants for test@localhost
+GRANT ALL PRIVILEGES ON *.* TO 'test'@'localhost' IDENTIFIED BY PASSWORD '2f27438961437573'
 set password="";
 set password='gambling3';
 ERROR HY000: Password hash should be a 41-digit hexadecimal number
diff --git a/mysql-test/t/connect.test b/mysql-test/t/connect.test
@@ -66,8 +66,13 @@ connect (fail_con,localhost,test,zorro,test2);
 connect (fail_con,localhost,test,zorro,);
 
 # check if old password version also works
+select user,host,password,plugin,authentication_string from mysql.user where user='test';
 update mysql.user set password=old_password("gambling2") where user=_binary"test";
 flush privileges;
+show grants for test@localhost;
+update mysql.user set plugin='mysql_old_password' where user='test';
+flush privileges;
+show grants for test@localhost;
 
 connect (con10,localhost,test,gambling2,);
 connect (con5,localhost,test,gambling2,mysql);
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
@@ -986,8 +986,7 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
   else
     return true;
 
-  if (user->auth_string.length)
-    set_user_salt(user, user->auth_string.str, user->auth_string.length);
+  set_user_salt(user, user->auth_string.str, user->auth_string.length);
   return false;
 }
 
@@ -1457,6 +1456,11 @@ static bool acl_load(THD *thd, TABLE_LIST *tables)
                                 safe_str(user.user.str),
                                 safe_str(user.host.hostname));
             }
+            else if (password_len)
+            {
+              user.auth_string.str= password;
+              user.auth_string.length= password_len;
+            }
 
             fix_user_plugin_ptr(&user);
           }

Original file line number	Diff line number	Diff line change
`@@ -986,8 +986,7 @@ static bool fix_user_plugin_ptr(ACL_USER *user)`
`986`	`986`	`else`
`987`	`987`	`return true;`
`988`	`988`
`989`		`- if (user->auth_string.length)`
`990`		`- set_user_salt(user, user->auth_string.str, user->auth_string.length);`
	`989`	`+ set_user_salt(user, user->auth_string.str, user->auth_string.length);`
`991`	`990`	`return false;`
`992`	`991`	`}`
`993`	`992`
`@@ -1457,6 +1456,11 @@ static bool acl_load(THD thd, TABLE_LIST tables)`
`1457`	`1456`	`safe_str(user.user.str),`
`1458`	`1457`	`safe_str(user.host.hostname));`
`1459`	`1458`	`}`
	`1459`	`+ else if (password_len)`
	`1460`	`+ {`
	`1461`	`+ user.auth_string.str= password;`
	`1462`	`+ user.auth_string.length= password_len;`
	`1463`	`+ }`
`1460`	`1464`
`1461`	`1465`	`fix_user_plugin_ptr(&user);`
`1462`	`1466`	`}`