Merge pull request #2741 from VWagen1989/SeanWu/fix-account-replication

fulghum · web-flow · commit b8ae9a18358b · 2024-11-11T11:34:18.000-08:00
fix: store the hashed password to 'authentication_string' (to #2740)
diff --git a/enginetest/queries/priv_auth_queries.go b/enginetest/queries/priv_auth_queries.go
@@ -2268,6 +2268,24 @@ FROM ((SELECT 1 as found FROM information_schema.tables WHERE table_schema = 'te
 			},
 		},
 	},
+	{
+		Name: "Test user creation with hashed password",
+		SetUpScript: []string{
+			"CREATE USER 'lol'@'%' IDENTIFIED WITH mysql_native_password AS '*91D9861DFC07DD967611B8C96953474EF270AD5E';",
+		},
+		Assertions: []UserPrivilegeTestAssertion{
+			{
+				Query: "SELECT User, plugin, authentication_string FROM mysql.user WHERE User = 'lol';",
+				Expected: []sql.Row{
+					{
+						"lol",                   // User
+						"mysql_native_password", // plugin
+						"*91D9861DFC07DD967611B8C96953474EF270AD5E", // authentication_string
+					},
+				},
+			},
+		},
+	},
 }
 
 // NoopPlaintextPlugin is used to authenticate plaintext user plugins
diff --git a/sql/plan/create_user_data.go b/sql/plan/create_user_data.go
@@ -126,16 +126,20 @@ func NewDefaultAuthentication(password string) Authentication {
 type AuthenticationOther struct {
 	password string
 	plugin   string
+	identity string
 }
 
-func NewOtherAuthentication(password, plugin string) Authentication {
-	return AuthenticationOther{password, plugin}
+func NewOtherAuthentication(password, plugin, identity string) Authentication {
+	return AuthenticationOther{password, plugin, identity}
 }
 
 func (a AuthenticationOther) Plugin() string {
 	return a.plugin
 }
 
 func (a AuthenticationOther) Password() string {
+	if a.password == "" {
+		return a.identity
+	}
 	return string(a.password)
 }
diff --git a/sql/planbuilder/priv.go b/sql/planbuilder/priv.go
@@ -156,7 +156,7 @@ func (b *Builder) buildAuthenticatedUser(user ast.AccountWithAuth) plan.Authenti
 		if user.Auth1.Plugin == "mysql_native_password" && len(user.Auth1.Password) > 0 {
 			authUser.Auth1 = plan.AuthenticationMysqlNativePassword(user.Auth1.Password)
 		} else if len(user.Auth1.Plugin) > 0 {
-			authUser.Auth1 = plan.NewOtherAuthentication(user.Auth1.Password, user.Auth1.Plugin)
+			authUser.Auth1 = plan.NewOtherAuthentication(user.Auth1.Password, user.Auth1.Plugin, user.Auth1.Identity)
 		} else {
 			// We default to using the password, even if it's empty
 			authUser.Auth1 = plan.NewDefaultAuthentication(user.Auth1.Password)

Original file line number	Diff line number	Diff line change
`@@ -126,16 +126,20 @@ func NewDefaultAuthentication(password string) Authentication {`
`126`	`126`	`type AuthenticationOther struct {`
`127`	`127`	`password string`
`128`	`128`	`plugin string`
	`129`	`+ identity string`
`129`	`130`	`}`
`130`	`131`
`131`		`-func NewOtherAuthentication(password, plugin string) Authentication {`
`132`		`- return AuthenticationOther{password, plugin}`
	`132`	`+func NewOtherAuthentication(password, plugin, identity string) Authentication {`
	`133`	`+ return AuthenticationOther{password, plugin, identity}`
`133`	`134`	`}`
`134`	`135`
`135`	`136`	`func (a AuthenticationOther) Plugin() string {`
`136`	`137`	`return a.plugin`
`137`	`138`	`}`
`138`	`139`
`139`	`140`	`func (a AuthenticationOther) Password() string {`
	`141`	`+ if a.password == "" {`
	`142`	`+ return a.identity`
	`143`	`+ }`
`140`	`144`	`return string(a.password)`
`141`	`145`	`}`