From 6a5f7ed5cba1735159bcca9579e852317174d7cc Mon Sep 17 00:00:00 2001
From: Konstantin Osipov <kostja@tarantool.org>
Date: Tue, 7 Apr 2015 14:09:11 +0300
Subject: [PATCH] gh-758: password for user guest is not checked

Setting password for user guest has no effect, add a check
that prohibits setting a password for a user just like it does
laready for a role.

Add a test case.
---
 src/box/alter.cc         | 11 +++++++----
 src/box/errcode.h        |  1 +
 test/box/access.result   |  5 +++++
 test/box/access.test.lua |  2 ++
 test/box/misc.result     |  3 ++-
 5 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/box/alter.cc b/src/box/alter.cc
index a1785d78e3..5916372715 100644
--- a/src/box/alter.cc
+++ b/src/box/alter.cc
@@ -1212,10 +1212,13 @@ user_def_create_from_tuple(struct user_def *user, struct tuple *tuple)
 	 */
 	if (tuple_field_count(tuple) > AUTH_MECH_LIST) {
 		const char *auth_data = tuple_field(tuple, AUTH_MECH_LIST);
-		if (user->type == SC_ROLE && strlen(auth_data)) {
-			tnt_raise(ClientError, ER_CREATE_ROLE, user->name,
-				  "authentication data can not be set for "
-				  "a role");
+		if (strlen(auth_data)) {
+			if (user->type == SC_ROLE)
+				tnt_raise(ClientError, ER_CREATE_ROLE,
+					  user->name, "authentication "
+					  "data can not be set for a role");
+			if (user->uid == GUEST)
+				tnt_raise(ClientError, ER_GUEST_USER_PASSWORD);
 		}
 		user_def_fill_auth_data(user, auth_data);
 	}
diff --git a/src/box/errcode.h b/src/box/errcode.h
index 29b950a262..54379d0ec9 100644
--- a/src/box/errcode.h
+++ b/src/box/errcode.h
@@ -147,6 +147,7 @@ struct errcode_record {
 	/* 93 */_(ER_MISSING_SNAPSHOT,		2, "Can't find snapshot") \
 	/* 94 */_(ER_CANT_UPDATE_PRIMARY_KEY,	2, "Attempt to modify a tuple field which is part of index %s") \
 	/* 95 */_(ER_UPDATE_INTEGER_OVERFLOW,   2, "Integer overflow when performing '%c' operation on field %u") \
+	/* 96 */_(ER_GUEST_USER_PASSWORD,       2, "Setting password for guest user has no effect") \
 
 /*
  * !IMPORTANT! Please follow instructions at start of the file
diff --git a/test/box/access.result b/test/box/access.result
index 8757a86003..0e984bf7c3 100644
--- a/test/box/access.result
+++ b/test/box/access.result
@@ -667,3 +667,8 @@ box.schema.func.drop('blah', 'blah')
 ---
 - error: Illegal parameters, options should be a table
 ...
+-- gh-758 attempt to set password for user guest
+box.schema.user.passwd('guest', 'sesame')
+---
+- error: Setting password for guest user has no effect
+...
diff --git a/test/box/access.test.lua b/test/box/access.test.lua
index cb19b135ae..8d7b0d1658 100644
--- a/test/box/access.test.lua
+++ b/test/box/access.test.lua
@@ -261,3 +261,5 @@ box.schema.user.drop('user', 'blah')
 -- gh-664 roles: accepting bad syntax for create
 box.schema.func.create('func', 'blah')
 box.schema.func.drop('blah', 'blah')
+-- gh-758 attempt to set password for user guest
+box.schema.user.passwd('guest', 'sesame')
diff --git a/test/box/misc.result b/test/box/misc.result
index 0fe4994e16..dbd9e79c82 100644
--- a/test/box/misc.result
+++ b/test/box/misc.result
@@ -204,6 +204,7 @@ t;
   - 'box.error.MODIFY_INDEX : 14'
   - 'box.error.PASSWORD_MISMATCH : 47'
   - 'box.error.NO_SUCH_ENGINE : 57'
+  - 'box.error.FIELD_TYPE : 23'
   - 'box.error.ACCESS_DENIED : 42'
   - 'box.error.UPDATE_INTEGER_OVERFLOW : 95'
   - 'box.error.LAST_DROP : 15'
@@ -232,7 +233,7 @@ t;
   - 'box.error.ALTER_SPACE : 12'
   - 'box.error.ACTIVE_TRANSACTION : 79'
   - 'box.error.NO_CONNECTION : 77'
-  - 'box.error.FIELD_TYPE : 23'
+  - 'box.error.GUEST_USER_PASSWORD : 96'
   - 'box.error.INVALID_XLOG_NAME : 75'
   - 'box.error.INVALID_XLOG : 74'
   - 'box.error.REPLICA_MAX : 73'
-- 
GitLab