diff options
| author | Vladislav Vaintroub <wlad@mariadb.com> | 2021-11-19 14:14:38 +0100 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2021-12-15 19:13:57 +0100 |
| commit | 4d3ac328482ea2e363cb0be00fd8654d0af5cce0 (patch) | |
| tree | c40e77b41e0be62dca2a6a181aed60c52630c2f6 /sql | |
| parent | ea0a5cb0a4efbca1fc35885599e07baf10dc3e9e (diff) | |
| download | mariadb-git-4d3ac328482ea2e363cb0be00fd8654d0af5cce0.tar.gz | |
MDEV-27093 Do not pass root password in HEX(clear text) from mariadb-install-db.exe to bootstrap
Previously, password was passed as hex(clear_text_password).
The hex encoding was used to avoid masking apostrophe and backslash etc.
However, bootstrap still manages to misinterpert UTF8 password, so that
root would not connect later.
So the fix is to compute the native password hash inside mysql_install_db
already instead, and create user with that hash, rather than letting bootstrap
calculate it by using PASSWORD() function.
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/CMakeLists.txt | 3 | ||||
| -rw-r--r-- | sql/mysql_install_db.cc | 27 |
2 files changed, 11 insertions, 19 deletions
diff --git a/sql/CMakeLists.txt b/sql/CMakeLists.txt index 972cc0b736c..848495190b2 100644 --- a/sql/CMakeLists.txt +++ b/sql/CMakeLists.txt @@ -481,10 +481,11 @@ IF(WIN32) MYSQL_ADD_EXECUTABLE(mariadb-install-db mysql_install_db.cc ${CMAKE_CURRENT_BINARY_DIR}/mysql_bootstrap_sql.c + password.c COMPONENT Server ) SET_TARGET_PROPERTIES(mariadb-install-db PROPERTIES COMPILE_FLAGS -DINSTALL_PLUGINDIR=${INSTALL_PLUGINDIR}) - TARGET_LINK_LIBRARIES(mariadb-install-db mysys shlwapi) + TARGET_LINK_LIBRARIES(mariadb-install-db mysys mysys_ssl shlwapi) ADD_LIBRARY(winservice STATIC winservice.c) TARGET_LINK_LIBRARIES(winservice shell32) diff --git a/sql/mysql_install_db.cc b/sql/mysql_install_db.cc index 026ac3e668e..d2fcb5858a8 100644 --- a/sql/mysql_install_db.cc +++ b/sql/mysql_install_db.cc @@ -21,6 +21,7 @@ #include "mariadb.h" #include <my_getopt.h> #include <m_string.h> +#include <password.h> #include <windows.h> #include <shellapi.h> @@ -443,16 +444,14 @@ static int create_myini() } -static const char update_root_passwd_part1[]= +static constexpr const char* update_root_passwd= "UPDATE mysql.global_priv SET priv=json_set(priv," "'$.password_last_changed', UNIX_TIMESTAMP()," "'$.plugin','mysql_native_password'," - "'$.authentication_string',PASSWORD("; -static const char update_root_passwd_part2[]= - ")) where User='root';\n"; -static const char remove_default_user_cmd[]= + "'$.authentication_string','%s') where User='root';\n"; +static constexpr char remove_default_user_cmd[]= "DELETE FROM mysql.user where User='';\n"; -static const char allow_remote_root_access_cmd[]= +static constexpr char allow_remote_root_access_cmd[]= "CREATE TEMPORARY TABLE tmp_user LIKE global_priv;\n" "INSERT INTO tmp_user SELECT * from global_priv where user='root' " " AND host='localhost';\n" @@ -871,18 +870,10 @@ static int create_db_instance(const char *datadir) /* Change root password if requested. */ if (opt_password && opt_password[0]) { - verbose("Setting root password",remove_default_user_cmd); - fputs(update_root_passwd_part1, in); - - /* Use hex encoding for password, to avoid escaping problems.*/ - fputc('0', in); - fputc('x', in); - for(int i= 0; opt_password[i]; i++) - { - fprintf(in,"%02x",opt_password[i]); - } - - fputs(update_root_passwd_part2, in); + verbose("Setting root password"); + char buf[2 * MY_SHA1_HASH_SIZE + 2]; + my_make_scrambled_password(buf, opt_password, strlen(opt_password)); + fprintf(in, update_root_passwd, buf); fflush(in); } |