Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #11520 #1

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix #11520 #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
62581e3
Fix #11520
devenbansod Oct 1, 2015
c3455fd
Improve related code, add dynamic plugin options
devenbansod Oct 1, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 20 additions & 60 deletions libraries/display_change_password.lib.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,73 +77,33 @@ function PMA_getHtmlForChangePassword($username, $hostname)
. $chg_evt_handler . '="nopass[1].checked = true" />'
. '</td>'
. '</tr>';

$active_auth_plugins = PMA_getActiveAuthPlugins();

$default_auth_plugin = PMA_getCurrentAuthenticationPlugin(
'change', $username, $hostname
);

// See http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-5.html
if (PMA_Util::getServerType() == 'MySQL'
&& PMA_MYSQL_INT_VERSION >= 50705
) {
$html .= '<tr class="vmiddle">'
. '<td>' . __('Password Hashing:') . '</td>'
. '<td>'
. '<input type="radio" name="pw_hash" id="radio_pw_hash_mysql_native" '
. 'value="mysql_native_password"';
if ($default_auth_plugin == 'mysql_native_password') {
$html .= '" checked="checked"';
}
$html .= ' />'
. '<label for="radio_pw_hash_mysql_native">'
. __('MySQL native password')
. '</label>'
. '</td>'
. '</tr>'
. '<tr id="tr_element_before_generate_password">'
. '<td>&nbsp;</td>'
. '<td>'
. '<input type="radio" name="pw_hash" id="radio_pw_hash_sha256" '
. 'value="sha256_password"';
if ($default_auth_plugin == 'sha256_password') {
$html .= '" checked="checked"';
$html .= '<tr class="vmiddle">'
. '<td>' . __('Password Hashing:') . '</td>';

$iter = 0;
foreach ($active_auth_plugins as $plugin) {
if ($iter != 0) {
$html .= '<td>&nbsp;</td>';
}
$html .= ' />'
. '<label for="radio_pw_hash_sha256">'
. __('SHA256 password')
. '</label>'
. '</td>'
. '</tr>';
} elseif (PMA_Util::getServerType() == 'MySQL'
&& PMA_MYSQL_INT_VERSION >= 50606
) {
$html .= '<tr class="vmiddle" id="tr_element_before_generate_password">'
. '<td>' . __('Password Hashing:') . '</td>'
. '<td>'
. '<input type="radio" name="pw_hash" id="radio_pw_hash_new" '
. 'value="' . $default_auth_plugin . '" checked="checked" />'
. '<label for="radio_pw_hash_new">' . $default_auth_plugin . '</label>'
. '</td>'
. '</tr>';
} else {
$html .= '<tr class="vmiddle">'
. '<td>' . __('Password Hashing:') . '</td>'
. '<td>'
. '<input type="radio" name="pw_hash" id="radio_pw_hash_new" '
. 'value="mysql_native_password" checked="checked" />'
. '<label for="radio_pw_hash_new">mysql_native_password</label>'
. '</td>'
. '</tr>'
. '<tr id="tr_element_before_generate_password" >'
. '<td>&nbsp;</td>'
. '<td>'
. '<input type="radio" name="pw_hash" id="radio_pw_hash_old" '
. 'value="old" />'
. '<label for="radio_pw_hash_old">' . __('MySQL 4.0 compatible')
. '</label>'
. '</td>'
. '</tr>';
$html .= '<td>'
. '<input type="radio" name="pw_hash" value="' . $plugin['PLUGIN_NAME'] . '"'
. ($default_auth_plugin == $plugin['PLUGIN_NAME'] ? 'checked="checked" ' : '')
. ' id="radio_pw_hash_' . $plugin['PLUGIN_NAME'] . '" />'
. '<label for="radio_pw_hash_' . $plugin['PLUGIN_NAME'] . '" >'
. __($plugin['PLUGIN_DESCRIPTION']) . ' </label></td></tr><tr>';
$iter++;
}

$html .= '</tr>';
$html .= '<tr id="tr_element_before_generate_password">'
. '<td>&nbsp;</td></tr>';
$html .= '</table>';

$html .= '<div '
Expand Down
137 changes: 108 additions & 29 deletions libraries/server_privileges.lib.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1411,6 +1411,27 @@ function PMA_getHtmlForGlobalPrivTableWithCheckboxes(
return $html_output;
}

/**
* Gets the currently active authentication plugins
*
* @return array $result array of plugin names and descriptions
*/
function PMA_getActiveAuthPlugins()
{
$get_plugins_query = "SELECT `PLUGIN_NAME`, `PLUGIN_DESCRIPTION`"
. " FROM `information_schema`.`PLUGINS` "
. "WHERE `PLUGIN_TYPE` = 'AUTHENTICATION';";
$resultset = $GLOBALS['dbi']->query($get_plugins_query);

$result = array();

while ($row = $GLOBALS['dbi']->fetchAssoc($resultset)) {
$result[] = $row;
}

return $result;
}

/**
* Displays the fields used by the "new user" form as well as the
* "change login information / copy user" form.
Expand Down Expand Up @@ -1631,10 +1652,6 @@ function PMA_getHtmlForLoginInformationFields(
)
. '</div>' . "\n";

$orig_auth_plugin = PMA_getCurrentAuthenticationPlugin(
$mode, $username, $hostname
);

$html_output .= '<div class="item">' . "\n"
. '<label for="select_pred_password">' . "\n"
. ' ' . __('Password:') . "\n"
Expand Down Expand Up @@ -1694,18 +1711,18 @@ function PMA_getHtmlForLoginInformationFields(
. __('Authentication Plugin')
. '</label><span class="options">&nbsp;</span>' . "\n"
. '<select id="select_authentication_plugin" name="authentication_plugin" '
. 'title="' . __('Authentication Plugin') . '" >'
. '<option value="mysql_native_password" '
. ($orig_auth_plugin == 'mysql_native_password' ? 'selected ' : '')
. '>' . __('MySQL native password') . '</option>';
. 'title="' . __('Authentication Plugin') . '" >';

// sha256 auth plugin exists only for 5.6.6+
if (PMA_Util::getServerType() == 'MySQL'
&& PMA_MYSQL_INT_VERSION >= 50606
) {
$html_output .= '<option value="sha256_password" '
. ($orig_auth_plugin == 'sha256_password' ? ' selected ' : '')
. ' >' . __('SHA256 password') . '</option>';
$active_auth_plugins = PMA_getActiveAuthPlugins();

$orig_auth_plugin = PMA_getCurrentAuthenticationPlugin(
$mode, $username, $hostname
);

foreach ($active_auth_plugins as $plugin) {
$html_output .= '<option value="' . $plugin['PLUGIN_NAME'] . '"'
. ($orig_auth_plugin == $plugin['PLUGIN_NAME'] ? 'selected ' : '')
. '>' . __($plugin['PLUGIN_DESCRIPTION']) . '</option>';
}

$html_output .= '</select>'
Expand Down Expand Up @@ -3422,15 +3439,20 @@ function PMA_getHtmlTableBodyForUserRights($db_rights)
$html_output .= '<td>';

$password_column = 'Password';
$serverType = PMA_Util::getServerType();

if (PMA_Util::getServerType() == 'MySQL'
$check_plugin_query = "SELECT * FROM `mysql`.`user` WHERE "
. "`User` = '" . $host['User'] . "' AND `Host` = '"
. $host['Host'] . "'";
$res = $GLOBALS['dbi']->fetchSingleRow($check_plugin_query);

// For MySQL 5.6.6+ to 5.7.6, mysql.user table has both
// `password` and `authentication_string` columns,
// We should use authentication_string for sha256_password
if ($serverType == 'MySQL'
&& PMA_MYSQL_INT_VERSION >= 50606
&& PMA_MYSQL_INT_VERSION < 50706
) {
$check_plugin_query = "SELECT * FROM `mysql`.`user` WHERE "
. "`User` = '" . $host['User'] . "' AND `Host` = '"
. $host['Host'] . "'";
$res = $GLOBALS['dbi']->fetchSingleRow($check_plugin_query);
if (isset($res['plugin'])
&& $res['plugin'] == 'sha256_password'
&& isset($res['authentication_string'])
Expand All @@ -3444,6 +3466,20 @@ function PMA_getHtmlTableBodyForUserRights($db_rights)
}
}

// For MariaDB, even mysql_native_password auth plugin can have
// its password hash stored in `authentication_string` column
if ($serverType == 'MariaDB'
&& PMA_MYSQL_INT_VERSION >= 50200
&& isset($res['plugin'])
&& isset($res['authentication_string'])
&& (! empty($res['authentication_string'])
|| ! empty($res['Password']))
) {
$host[$password_column] = 'Y';
} else {
$host[$password_column] = 'N';
}

switch ($host[$password_column]) {
case 'Y':
$html_output .= __('Yes');
Expand Down Expand Up @@ -4890,6 +4926,25 @@ function PMA_addUserAndCreateDatabase($_error, $real_sql_query, $sql_query,
return array($sql_query, $message);
}

/**
* Get the hashed string for password
*
* @param string $password password
*
* @return string $hashedPassword
*/
function PMA_getHashedPassword($password)
{
$result = $GLOBALS['dbi']->fetchSingleRow(
"SELECT PASSWORD('" . $password . "') AS `password`;"
);

$hashedPassword = $result['password'];

return $hashedPassword;
}


/**
* Get SQL queries for Display and Add user
*
Expand Down Expand Up @@ -4920,8 +4975,19 @@ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
$create_user_stmt .= ' IDENTIFIED WITH '
. $_REQUEST['authentication_plugin'];
}
if (PMA_MYSQL_INT_VERSION >= 50707
&& $serverType == 'MySQL'

if ($serverType == 'MariaDB'
&& PMA_MYSQL_INT_VERSION >= 50200
&& isset($_REQUEST['authentication_plugin'])
) {
$create_user_stmt .= ' IDENTIFIED VIA '
. $_REQUEST['authentication_plugin'];
}

if (((PMA_MYSQL_INT_VERSION >= 50707
&& $serverType == 'MySQL')
|| (PMA_MYSQL_INT_VERSION >= 50200
&& $serverType == 'MariaDB'))
&& strpos($create_user_stmt, '%') !== false
) {
$create_user_stmt = str_replace(
Expand All @@ -4947,8 +5013,10 @@ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
);
$real_sql_query = $sql_query = $sql_query_stmt;

if (PMA_MYSQL_INT_VERSION < 50707
|| $serverType != 'MySQL'
if ((PMA_MYSQL_INT_VERSION < 50707
&& $serverType == 'MySQL')
|| (PMA_MYSQL_INT_VERSION < 50200
&& $serverType == 'MariaDB')
) {
if ($_POST['pred_password'] == 'keep') {
$password_set_real = sprintf(
Expand All @@ -4974,13 +5042,21 @@ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
}
} else {
$password_set_real = null;
$create_user_stmt .= ' BY \'%s\'';

// MariaDB has slightly different syntax for create-user
if ($serverType == 'MariaDB') {
$create_user_stmt .= ' USING \'%s\'';
} else {
$create_user_stmt .= ' BY \'%s\'';
}

$create_user_real = $create_user_show = $create_user_stmt;

if ($_POST['pred_password'] == 'keep') {
$hashedPassword = PMA_getHashedPassword($password);
$create_user_real = sprintf(
$create_user_stmt,
$password
$hashedPassword
);
$create_user_show = sprintf(
$create_user_stmt,
Expand All @@ -4996,9 +5072,10 @@ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
'***'
);
} else {
$hashedPassword = PMA_getHashedPassword($_POST['pma_pw']);
$create_user_real = sprintf(
$create_user_stmt,
$_POST['pma_pw']
$hashedPassword
);
$create_user_show = sprintf(
$create_user_stmt,
Expand Down Expand Up @@ -5033,8 +5110,10 @@ function PMA_getSqlQueriesForDisplayAndAddUser($username, $hostname, $password)
$sql_query = '';
}

if ($serverType == 'MySQL'
&& PMA_MYSQL_INT_VERSION >= 50700
if (($serverType == 'MySQL'
&& PMA_MYSQL_INT_VERSION >= 50700)
|| ($serverType == 'MariaDB'
&& PMA_MYSQL_INT_VERSION >= 50200)
) {
$password_set_real = null;
$password_set_show = null;
Expand Down