diff --git a/enginetest/queries/priv_auth_queries.go b/enginetest/queries/priv_auth_queries.go index 3925889f65..7a031265a8 100644 --- a/enginetest/queries/priv_auth_queries.go +++ b/enginetest/queries/priv_auth_queries.go @@ -2268,6 +2268,24 @@ FROM ((SELECT 1 as found FROM information_schema.tables WHERE table_schema = 'te }, }, }, + { + Name: "Test user creation with hashed password", + SetUpScript: []string{ + "CREATE USER 'lol'@'%' IDENTIFIED WITH mysql_native_password AS '*91D9861DFC07DD967611B8C96953474EF270AD5E';", + }, + Assertions: []UserPrivilegeTestAssertion{ + { + Query: "SELECT User, plugin, authentication_string FROM mysql.user WHERE User = 'lol';", + Expected: []sql.Row{ + { + "lol", // User + "mysql_native_password", // plugin + "*91D9861DFC07DD967611B8C96953474EF270AD5E", // authentication_string + }, + }, + }, + }, + }, } // NoopPlaintextPlugin is used to authenticate plaintext user plugins diff --git a/sql/plan/create_user_data.go b/sql/plan/create_user_data.go index 296db54f57..be61d54dc0 100644 --- a/sql/plan/create_user_data.go +++ b/sql/plan/create_user_data.go @@ -126,10 +126,11 @@ func NewDefaultAuthentication(password string) Authentication { type AuthenticationOther struct { password string plugin string + identity string } -func NewOtherAuthentication(password, plugin string) Authentication { - return AuthenticationOther{password, plugin} +func NewOtherAuthentication(password, plugin, identity string) Authentication { + return AuthenticationOther{password, plugin, identity} } func (a AuthenticationOther) Plugin() string { @@ -137,5 +138,8 @@ func (a AuthenticationOther) Plugin() string { } func (a AuthenticationOther) Password() string { + if a.password == "" { + return a.identity + } return string(a.password) } diff --git a/sql/planbuilder/priv.go b/sql/planbuilder/priv.go index f0cc291763..36f6ea0374 100644 --- a/sql/planbuilder/priv.go +++ b/sql/planbuilder/priv.go @@ -156,7 +156,7 @@ func (b *Builder) buildAuthenticatedUser(user ast.AccountWithAuth) plan.Authenti if user.Auth1.Plugin == "mysql_native_password" && len(user.Auth1.Password) > 0 { authUser.Auth1 = plan.AuthenticationMysqlNativePassword(user.Auth1.Password) } else if len(user.Auth1.Plugin) > 0 { - authUser.Auth1 = plan.NewOtherAuthentication(user.Auth1.Password, user.Auth1.Plugin) + authUser.Auth1 = plan.NewOtherAuthentication(user.Auth1.Password, user.Auth1.Plugin, user.Auth1.Identity) } else { // We default to using the password, even if it's empty authUser.Auth1 = plan.NewDefaultAuthentication(user.Auth1.Password)