Skip to content
Blame Permalink
  • Vamsikrishna Bhagi's avatar
    3bf2d705
    Bug #16083276 GRANT IS SUCCESSFUL FOR ROOT USER TO MAKE IT · 3bf2d705
    Vamsikrishna Bhagi authored 
                  AS PAM WITH IDENTIFIED WITH CLAUSE

Problem: GRANT statement allows 'IDENTIFIED WITH' clause but
         with a restriction that plugin mentioned in the
         query should match with the original value of the
         user. For instance, if a user uses
         mysql_native_password plugin, GRANT query should
         have the same plugin in it. This is verified by
         checking the value of plugin field in mysql.user
         table. Whenever plugin field is left empty for any
         particular user, GRANT statement gets confused.
         The same is observed for root as the root account
         doesn't have any value in plugin field.

         Along with the raised issue, few inconsistencies
         between the execution of SET PASSWORD and
         GRANT using IDENTIFIED BY are found while switching
         between mysql_native_password and
         mysql_old_password plugins.

Solution: GRANT statement using the clause IDENTIFIED WITH
          is no more allowed for existing users since the
          basic purpose of this clause is to create a user
          and should rightly throw an error if user is
          already present.

          Changes are made in the code in such a way that
          both SET PASSWORD and GRANT using IDENTIFIED BY
          can be used to switch between
          mysql_native_password and
          mysql_old_password plugins. The hashing is
          determined by the old_passwords variable.
    3bf2d705
    Bug #16083276 GRANT IS SUCCESSFUL FOR ROOT USER TO MAKE IT
    Vamsikrishna Bhagi authored 
                  AS PAM WITH IDENTIFIED WITH CLAUSE

Problem: GRANT statement allows 'IDENTIFIED WITH' clause but
         with a restriction that plugin mentioned in the
         query should match with the original value of the
         user. For instance, if a user uses
         mysql_native_password plugin, GRANT query should
         have the same plugin in it. This is verified by
         checking the value of plugin field in mysql.user
         table. Whenever plugin field is left empty for any
         particular user, GRANT statement gets confused.
         The same is observed for root as the root account
         doesn't have any value in plugin field.

         Along with the raised issue, few inconsistencies
         between the execution of SET PASSWORD and
         GRANT using IDENTIFIED BY are found while switching
         between mysql_native_password and
         mysql_old_password plugins.

Solution: GRANT statement using the clause IDENTIFIED WITH
          is no more allowed for existing users since the
          basic purpose of this clause is to create a user
          and should rightly throw an error if user is
          already present.

          Changes are made in the code in such a way that
          both SET PASSWORD and GRANT using IDENTIFIED BY
          can be used to switch between
          mysql_native_password and
          mysql_old_password plugins. The hashing is
          determined by the old_passwords variable.