maria-developers team mailing list archive

Thread
Date

Re: 6ec64caec5d: MDEV-26650: Failed ALTER USER/GRANT statement removes the password from the cache

To: Oleksandr Byelkin <sanja@xxxxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Fri, 15 Oct 2021 12:30:45 +0200
Cc: maria-developers@xxxxxxxxxxxxxxxxxxx
In-reply-to: <Nl7dt5lYPDI.A.6YH.IHVahB@pweza>

Hi, Oleksandr!

All good, ok to push.
Just add a comment right after memcpy, that

  /*
    if acl_user->nauth was >= nauth, then we've just updated the actual
    acl_user, not the copy. We rely on the fact that acl_update_user()
    cannot fail anywhere below.
  */

On Oct 15, Oleksandr Byelkin wrote:
> revision-id: 6ec64caec5d (mariadb-10.4.21-64-g6ec64caec5d)
> parent(s): a736a3174a4
> author: Oleksandr Byelkin
> committer: Oleksandr Byelkin
> timestamp: 2021-10-14 16:19:09 +0200
> message:
> 
> MDEV-26650: Failed ALTER USER/GRANT statement removes the password from the cache
> 
> Starting from 10.4 AUTH is not part of ACL_USER so changes have to be done
> over a copy, and bring in the cache only in case of success.
> 
Regards,
Sergei
VP of MariaDB Server Engineering
and security@xxxxxxxxxxx