From 4d4468e907fc92d5ebf7d8f10f1e7d4c594b290a Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Sat, 7 Oct 2023 08:51:50 -0700
Subject: [PATCH] Prevent password change when it makes no sense
 https://github.com/virtualmin/virtualmin-gpl/issues/648

---
 mysql/lang/en       |  1 +
 mysql/mysql-lib.pl  | 14 ++++++++++++++
 mysql/root_form.cgi | 32 ++++++++++++++++++++------------
 3 files changed, 35 insertions(+), 12 deletions(-)

diff --git a/mysql/lang/en b/mysql/lang/en
index 8dd25e90f..2f3f42030 100644
--- a/mysql/lang/en
+++ b/mysql/lang/en
@@ -865,6 +865,7 @@ root_epass1=No new password entered
 root_epass2=Passwords do not match
 root_none=No password!
 root_auto=Automatic (typically <tt>root</tt>)
+root_socket=The MySQL <tt>$1</tt> user is using Unix socket authentication, so no password is needed and the password cannot be changed.
 
 mysqlpass_err=MySQL safe mode
 mysqlpass_esafecmd=The command $1 needed to start MySQL with authentication disabled was not found
diff --git a/mysql/mysql-lib.pl b/mysql/mysql-lib.pl
index 498dd9cfc..722ad88ec 100755
--- a/mysql/mysql-lib.pl
+++ b/mysql/mysql-lib.pl
@@ -2005,5 +2005,19 @@ if ($mysql_module_version =~ /mariadb/i) {
 return $htext;
 }
 
+# mysql_login_type(user)
+# Returns one of 'password' or 'socket'
+sub mysql_login_type
+{
+my ($user) = @_;
+my $rv;
+eval {
+	local $main::error_must_die = 1;
+	$rv = &execute_sql_safe($master_db, "select plugin from user where user = ?", $user);
+	};
+return 'password' if ($@);	# Old version without plugins
+return $rv->{'data'}->[0]->[0] =~ /unix_socket/i ? 'socket' : 'password';
+}
+
 1;
 
diff --git a/mysql/root_form.cgi b/mysql/root_form.cgi
index ff032a9e5..6c2112f25 100755
--- a/mysql/root_form.cgi
+++ b/mysql/root_form.cgi
@@ -6,19 +6,27 @@ require './mysql-lib.pl';
 $access{'perms'} == 1 || &error($text{'perms_ecannot'});
 &ui_print_header(undef, $text{'root_title'}, "");
 
-print &ui_form_start("save_root.cgi", "post");
-print &ui_table_start($text{'root_header'}, undef, 2);
+$mode = &mysql_login_type($mysql_login || 'root');
+if ($mode eq 'socket') {
+	print &ui_alert_box(&text('root_socket', $mysql_login), 'warn');
+	}
+else {
+	print &ui_form_start("save_root.cgi", "post");
+	print &ui_table_start($text{'root_header'}, undef, 2);
 
-print &ui_table_row($text{'root_user'},
-	$mysql_login ? "<tt>$mysql_login</tt>" : "<label>$text{'root_auto'}</label>");
-print &ui_table_row($text{'root_pass'},
-	$mysql_pass ? "<tt>$mysql_pass</tt>" : &ui_text_color($text{'root_none'}, 'danger'));
-print &ui_table_row($text{'root_newpass1'},
-	&ui_password("newpass1", undef, 20));
-print &ui_table_row($text{'root_newpass2'},
-	&ui_password("newpass2", undef, 20));
+	print &ui_table_row($text{'root_user'},
+		$mysql_login ? "<tt>$mysql_login</tt>"
+			     : "<label>$text{'root_auto'}</label>");
+	print &ui_table_row($text{'root_pass'},
+		$mysql_pass ? "<tt>$mysql_pass</tt>"
+			    : &ui_text_color($text{'root_none'}, 'danger'));
+	print &ui_table_row($text{'root_newpass1'},
+		&ui_password("newpass1", undef, 20));
+	print &ui_table_row($text{'root_newpass2'},
+		&ui_password("newpass2", undef, 20));
 
-print &ui_table_end();
-print &ui_form_end([ [ undef, $text{'root_ok'} ] ]);
+	print &ui_table_end();
+	print &ui_form_end([ [ undef, $text{'root_ok'} ] ]);
+	}
 
 &ui_print_footer("", $text{'index_return'});