MDEV-9273 ERROR 1819 on grant statment for existing user

Cannot do password validation in fix_lex_user(), we don't know
there what "GRANT ... TO user" means - creating a new user with
an empty password (need validation) or granting privileges
to an existing user (no validation needed).

Move validation down into replace_user_table(). And copy into
check_change_password().

1 files changed, 6 insertions, 4 deletions

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index ca1763209b9..c6793241f70 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -1050,9 +1050,6 @@ static bool fix_lex_user(THD *thd, LEX_USER *user)
     return true;
   }
 
-  if (validate_password(user))
-    return true;
-
   if (user->pwtext.length && !user->pwhash.length)
   {
     size_t scramble_length;
@@ -2747,7 +2744,8 @@ bool check_change_password(THD *thd, LEX_USER *user)
 {
   LEX_USER *real_user= get_current_user(thd, user);
 
-  if (fix_and_copy_user(real_user, user, thd))
+  if (fix_and_copy_user(real_user, user, thd) ||
+      validate_password(real_user))
     return true;
 
   *user= *real_user;
@@ -3461,6 +3459,10 @@ static int replace_user_table(THD *thd, TABLE *table, LEX_USER &combo,
     store_record(table,record[1]);			// Save copy for update
   }
 
+  if (!old_row_exists || combo.pwtext.length || combo.pwhash.length)
+    if (validate_password(&combo))
+      goto end;
+
   /* Update table columns with new privileges */
 
   Field **tmp_field;