Bug#27099029: UNLIMITED LENGTH OF THE PASSWORD

harinvadodaria · Hery Ramilison · commit 207dd7160ee6 · 2017-11-27T14:01:59.000+01:00
Post push fix: Handled missing cases of GRANT.

(cherry picked from commit b7430c02d2e07ae5322c6e5caecc32db76170c2e)
diff --git a/sql/auth/auth_common.h b/sql/auth/auth_common.h
@@ -620,7 +620,8 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list);
 bool set_and_validate_user_attributes(THD *thd,
                                       LEX_USER *Str,
                                       ulong &what_to_set,
-                                      bool is_privileged_user);
+                                      bool is_privileged_user,
+                                      const char * cmd);
 
 /* sql_auth_cache */
 int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr);
diff --git a/sql/auth/sql_authorization.cc b/sql/auth/sql_authorization.cc
@@ -1321,7 +1321,8 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
     }
 
     if (set_and_validate_user_attributes(thd, Str, what_to_set,
-                                         is_privileged_user))
+                                         is_privileged_user,
+                                         revoke_grant?"REVOKE":"GRANT"))
     {
       result= TRUE;
       continue;
@@ -1636,7 +1637,8 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc,
     }
 
     if (set_and_validate_user_attributes(thd, Str, what_to_set,
-                                         is_privileged_user))
+                                         is_privileged_user,
+                                         revoke_grant?"REVOKE":"GRANT"))
     {
       result= TRUE;
       continue;
@@ -1887,7 +1889,8 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
     }
 
     if (set_and_validate_user_attributes(thd, Str, what_to_set,
-                                         is_privileged_user))
+                                         is_privileged_user,
+                                         revoke_grant?"REVOKE":"GRANT"))
     {
       result= TRUE;
       continue;
diff --git a/sql/auth/sql_user.cc b/sql/auth/sql_user.cc
@@ -397,6 +397,7 @@ bool mysql_show_create_user(THD *thd, LEX_USER *user_name)
   @param what_to_set  User attributes
   @param is_privileged_user     Whether caller has CREATE_USER_ACL
                                 or UPDATE_ACL over mysql.*
+  @param cmd          Command information
 
   @retval 0 ok
   @retval 1 ERROR;
@@ -405,7 +406,8 @@ bool mysql_show_create_user(THD *thd, LEX_USER *user_name)
 bool set_and_validate_user_attributes(THD *thd,
                                       LEX_USER *Str,
                                       ulong &what_to_set,
-                                      bool is_privileged_user)
+                                      bool is_privileged_user,
+                                      const char * cmd)
 {
   bool user_exists= false;
   ACL_USER *acl_user;
@@ -574,6 +576,17 @@ bool set_and_validate_user_attributes(THD *thd,
                                              inbuflen))
     {
       plugin_unlock(0, plugin);
+
+      /*
+        generate_authentication_string may return error status
+        without setting actual error.
+      */
+      if (!thd->is_error())
+      {
+        String error_user;
+        append_user(thd, &error_user, Str, FALSE, FALSE);
+        my_error(ER_CANNOT_USER, MYF(0), cmd, error_user.c_ptr_safe());
+      }
       return(1);
     }
     if (buflen)
@@ -759,7 +772,8 @@ bool change_password(THD *thd, const char *host, const char *user,
       thd->slave_thread)
     combo->uses_identified_by_clause= false;
     
-  if (set_and_validate_user_attributes(thd, combo, what_to_set, true))
+  if (set_and_validate_user_attributes(thd, combo, what_to_set,
+                                       true, "SET PASSWORD"))
   {
     result= 1;
     mysql_mutex_unlock(&acl_cache->lock);
@@ -1390,7 +1404,8 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool if_not_exists)
       result= TRUE;
       continue;
     }
-    if (set_and_validate_user_attributes(thd, user_name, what_to_update, true))
+    if (set_and_validate_user_attributes(thd, user_name, what_to_update,
+                                         true, "CREATE USER"))
     {
       result= TRUE;
       continue;
@@ -1857,7 +1872,7 @@ bool mysql_alter_user(THD *thd, List <LEX_USER> &list, bool if_exists)
     user_from->alter_status= thd->lex->alter_password;
 
     if (set_and_validate_user_attributes(thd, user_from, what_to_alter,
-                                         is_privileged_user))
+                                         is_privileged_user, "ALTER USER"))
     {
       result= true;
       continue;

Original file line number	Diff line number	Diff line change
`@@ -1321,7 +1321,8 @@ int mysql_table_grant(THD thd, TABLE_LIST table_list,`
`1321`	`1321`	`}`
`1322`	`1322`
`1323`	`1323`	`if (set_and_validate_user_attributes(thd, Str, what_to_set,`
`1324`		`- is_privileged_user))`
	`1324`	`+ is_privileged_user,`
	`1325`	`+ revoke_grant?"REVOKE":"GRANT"))`
`1325`	`1326`	`{`
`1326`	`1327`	`result= TRUE;`
`1327`	`1328`	`continue;`
`@@ -1636,7 +1637,8 @@ bool mysql_routine_grant(THD thd, TABLE_LIST table_list, bool is_proc,`
`1636`	`1637`	`}`
`1637`	`1638`
`1638`	`1639`	`if (set_and_validate_user_attributes(thd, Str, what_to_set,`
`1639`		`- is_privileged_user))`
	`1640`	`+ is_privileged_user,`
	`1641`	`+ revoke_grant?"REVOKE":"GRANT"))`
`1640`	`1642`	`{`
`1641`	`1643`	`result= TRUE;`
`1642`	`1644`	`continue;`
`@@ -1887,7 +1889,8 @@ bool mysql_grant(THD thd, const char db, List <LEX_USER> &list,`
`1887`	`1889`	`}`
`1888`	`1890`
`1889`	`1891`	`if (set_and_validate_user_attributes(thd, Str, what_to_set,`
`1890`		`- is_privileged_user))`
	`1892`	`+ is_privileged_user,`
	`1893`	`+ revoke_grant?"REVOKE":"GRANT"))`
`1891`	`1894`	`{`
`1892`	`1895`	`result= TRUE;`
`1893`	`1896`	`continue;`