mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/scripts/mysql_system_tables_data.sql

53 lines
3.6 KiB
MySQL
Raw Normal View History

mysql-5.5.31 merge
2013-05-07 13:05:09 +02:00
-- Copyright (c) 2007, 2013, Oracle and/or its affiliates.
- Added/updated copyright headers - Removed files specific to compiling on OS/2 - Removed files specific to SCO Unix packaging - Removed "libmysqld/copyright", text is included in documentation - Removed LaTeX headers for NDB Doxygen documentation - Removed obsolete NDB files - Removed "mkisofs" binaries - Removed the "cvs2cl.pl" script - Changed a few GPL texts to use "program" instead of "library"
2010-12-28 19:57:23 +01:00
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; version 2 of the License.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
Updated/added copyright headers
2011-06-30 17:31:31 +02:00
-- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- Added/updated copyright headers - Removed files specific to compiling on OS/2 - Removed files specific to SCO Unix packaging - Removed "libmysqld/copyright", text is included in documentation - Removed LaTeX headers for NDB Doxygen documentation - Removed obsolete NDB files - Removed "mkisofs" binaries - Removed the "cvs2cl.pl" script - Changed a few GPL texts to use "program" instead of "library"
2010-12-28 19:57:23 +01:00
Bug#20166 mysql-test-run.pl does not test system privilege tables creation - Split out initial data in mysql_system_tables.sql to it's own file - Use file from mysql_install_db and mysql-test-run scripts/mysql_system_tables_fix.sql: Rename: scripts/mysql_fix_privilege_tables.sql.in -> scripts/mysql_system_tables_fix.sql mysql-test/mysql-test-run.pl: - Add mysql_system_tables_data.sql as part of the bootstrap - Remove the addition of pid to end of bootstrap.sql, now to file used for bootstrap will be $opt_vardir/tmp/bootstrap.sql - Improve error message descibing how to find cause of a failed bootstrap scripts/Makefile.am: - Rename mysql_fix_privileg_tables.sql.in to mysql_system_tables_fix.sql - Build mysql_fix_privilege_tables from mysql_system_tables.sql and mysql_system_tables_fix.sql - Add mysql_system_tables_fix.sql to EXTRA_DIST scripts/mysql_install_db.sh: - Use mysql_system_tables_data.sql file when bootstrapping mysql, it will contain initial data for MysQL system tables scripts/mysql_system_tables.sql: Move initial data for system tables to it's own file scripts/mysql_system_tables_data.sql: Move initial data for system tables to it's own file
2007-02-28 14:26:58 +01:00
--
-- The inital data for system tables of MySQL Server
--
Bug #32219: too many hosts in default grant tables 6.0.3 Fix is to remove any references to the current hostname when running mysql_install_db --cross-bootstrap. (The dist-hook make target makes this call, and the resulting data directory is included in the source distribution as win/data/*.) Also, a few other clean-ups to mysql_install_db while there. Makefile.am: Adapt to clean-up in mysql_install_db (--windows becomes --cross-bootstrap) scripts/mysql_install_db.sh: Filter out references to the current hostname when performing a cross-bootstrap installation by removing any lines which contain the string "@current_hostname". Deprecate the old --windows option; use --cross-bootstrap instead, since it more accurately reflects the purpose. Other clean-up: the wrong syntax was being used to test the exit status of mysqld --bootstrap. It mostly worked, as long as mysqld succeeded. However, it was not robust. scripts/mysql_system_tables_data.sql: Rename local @hostname variable to @current_hostname, which is a more unique label to search on. mysql_install_db now filters out all lines which include "@current_hostname" during a --cross-bootstrap installation.
2007-11-30 06:14:43 +01:00
-- When setting up a "cross bootstrap" database (e.g., creating data on a Unix
-- host which will later be included in a Windows zip file), any lines
-- containing "@current_hostname" are filtered out by mysql_install_db.
Bug#11746817:MYSQL_INSTALL_DB CREATES WILDCARD GRANTS WHEN HOST HAS '_' IN THE HOSTNAME Problem: ======= '_' and '%' are treated as a wildcards by the ACL code and this is documented in the manual. The problem with mysql_install_db is that it does not take this into account when creating the initial GRANT tables: --- cut --- REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','', 0,0,0,0 FROM dual WHERE LOWER( @current_hostname) != 'localhost'; --- cut --- If @current_hostname contains any wildcard characters, then a wildcard entry will be defined for the 'root' user, which is a flaw. Analysis: ======== As per the bug description when we have a hostname with a wildcard character in it, it allows clients from several other hosts with similar name pattern to connect to the server as root. For example, if the hostname is like 'host_.com' then the same name is logged in mysql.user table. This allows 'root' users from other hosts like 'host1.com', 'host2.com' ... to connect to the server as root user. While creating the intial GRANT tables we do not have a check for wildcard characters in hostname. Fix: === As part of fix escape character "\" is added before wildcard character to make it a plain character, so that the one and only host with the exact name will be able to connect to the server. scripts/mysql_system_tables_data.sql: while creating default users get the hostname and replace the wildcard characters within the hostname after escaping them.
2013-02-19 10:01:11 +01:00
-- Get the hostname, if the hostname has any wildcard character like "_" or "%"
-- add escape character in front of wildcard character to convert "_" or "%" to
-- a plain character
Bug #12917164 DROP USER CAN'T DROP USERS WITH LEGACY UPPER CASE HOST NAME ANYMORE Description: It is not possible to drop users with host names with upper case letters in them. i.e DROP USER 'root'@'Tmp_Host_Name'; is failing with error. Analysis: Since the fix 11748570 we came up with lower case hostnames as standard. But in the current bug the hostname is created by mysql_install_db script is still having upper case hostnames. So, if we have the hostname with upper case letters like(Tmp_Host_Name) then we will have as it is stored in the mysql.user table. In this case if use "'DROP USER 'root'@'Tmp_Host_Name';" it gives error because we do compare with the lower case of hostname since the 11748570 fix. Fix: We need to convert the hostname to lower case before storing into the mysql.user table when we run the mysql_install_db script.
2013-10-31 18:32:44 +01:00
SELECT LOWER( REPLACE((SELECT REPLACE(@@hostname,'_','\_')),'%','\%') )INTO @current_hostname;
Bug #32219: too many hosts in default grant tables 6.0.3 Fix is to remove any references to the current hostname when running mysql_install_db --cross-bootstrap. (The dist-hook make target makes this call, and the resulting data directory is included in the source distribution as win/data/*.) Also, a few other clean-ups to mysql_install_db while there. Makefile.am: Adapt to clean-up in mysql_install_db (--windows becomes --cross-bootstrap) scripts/mysql_install_db.sh: Filter out references to the current hostname when performing a cross-bootstrap installation by removing any lines which contain the string "@current_hostname". Deprecate the old --windows option; use --cross-bootstrap instead, since it more accurately reflects the purpose. Other clean-up: the wrong syntax was being used to test the exit status of mysqld --bootstrap. It mostly worked, as long as mysqld succeeded. However, it was not robust. scripts/mysql_system_tables_data.sql: Rename local @hostname variable to @current_hostname, which is a more unique label to search on. mysql_install_db now filters out all lines which include "@current_hostname" during a --cross-bootstrap installation.
2007-11-30 06:14:43 +01:00
Bug#11746817:MYSQL_INSTALL_DB CREATES WILDCARD GRANTS WHEN HOST HAS '_' IN THE HOSTNAME Problem: ======= '_' and '%' are treated as a wildcards by the ACL code and this is documented in the manual. The problem with mysql_install_db is that it does not take this into account when creating the initial GRANT tables: --- cut --- REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','', 0,0,0,0 FROM dual WHERE LOWER( @current_hostname) != 'localhost'; --- cut --- If @current_hostname contains any wildcard characters, then a wildcard entry will be defined for the 'root' user, which is a flaw. Analysis: ======== As per the bug description when we have a hostname with a wildcard character in it, it allows clients from several other hosts with similar name pattern to connect to the server as root. For example, if the hostname is like 'host_.com' then the same name is logged in mysql.user table. This allows 'root' users from other hosts like 'host1.com', 'host2.com' ... to connect to the server as root user. While creating the intial GRANT tables we do not have a check for wildcard characters in hostname. Fix: === As part of fix escape character "\" is added before wildcard character to make it a plain character, so that the one and only host with the exact name will be able to connect to the server. scripts/mysql_system_tables_data.sql: while creating default users get the hostname and replace the wildcard characters within the hostname after escaping them.
2013-02-19 10:01:11 +01:00
-- Fill "user" table with default users allowing root access
-- from local machine if "user" table didn't exist before
mysql_install_db enhancements to facilitate Debian bug#848616 fix In Debian, the default install is made more secure by omitting the anonymous user and by making the root account authenticate by unix socket authentication instead of the default password-less root. However, Debian hard-codes this change in mysql_install_db, which breaks that program for other users. This commit instead implements new general options for mysql_install_db that can be used by anyone to similarly perform a more secure install: --skip-auth-anonymous-user: omits the anonymous user. --auth-root-authentication-method=normal: Keeps the existing behaviour with a password-less root account. Currently on by default. --auth-root-socket-user=USER --auth-root-authentication-method=socket: creates the MariaDB root user with the name USER (defaults to 'root') and using unix socket authentication. This way, only that user has MariaDB root access after install. The idea with --auth-root-authentication-method=normal is that applications that need this behaviour can give that option explicitly. Then eventually we could make --auth-root-authentication-method=socket the default, giving a more secure default installation. Note that it is perfectly possible to do a secure install with --auth-root-authentication-method=normal. For example, installing a private server just for local access by a single OS-level user, by using --skip-networking and putting the connection socket in a location without public access. So it is important to preserve this API for backwards compatibility.
2017-01-13 11:25:38 +01:00
CREATE TEMPORARY TABLE tmp_user_nopasswd LIKE user;
CREATE TEMPORARY TABLE tmp_user_socket LIKE user;
-- Classic passwordless root account.
SQL: truncate syntax and privilege [closes #229]
2017-09-08 09:22:24 +02:00
INSERT INTO tmp_user_nopasswd VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N', 'N','', 0);
REPLACE INTO tmp_user_nopasswd SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N','',0 FROM dual WHERE @current_hostname != 'localhost';
REPLACE INTO tmp_user_nopasswd VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N','',0);
REPLACE INTO tmp_user_nopasswd VALUES ('::1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','','N','N', '', 0);
MDEV-14578: mysql_install_db install unix_socket plugin when --auth-root-authentication-method=socket $ cmake -DPLUGIN_AUTH_SOCKET=STATIC ../mariadb-server-10.2/ $ scripts/mysql_install_db --datadir=/tmp/mysqldatadir-auth-static --auth-root-socket-user=dan --auth-root-authentication-method=socket --builddir=. --srcdir=../mariadb-server-10.2 Installing MariaDB/MySQL system tables in '/tmp/mysqldatadir-auth-static' ... OK $ client/mysql -S /tmp/mysql.sock -e 'show create user dan@localhost' +----------------------------------------------------------+ | CREATE USER for dan@localhost | +----------------------------------------------------------+ | CREATE USER 'dan'@'localhost' IDENTIFIED VIA unix_socket | +----------------------------------------------------------+ $ cmake -DPLUGIN_AUTH_SOCKET=NO ../mariadb-server-10.2/ $ scripts/mysql_install_db --datadir=/tmp/mysqldatadir-auth-none --auth-root-socket-user=dan --auth-root-authentication-method=socket --builddir=. --srcdir=../mariadb-server-10.2 Installing MariaDB/MySQL system tables in '/tmp/mysqldatadir-auth-none' ... ERROR: 1126 Can't open shared library '.../plugin/auth_socket/auth_socket.so' (errno: 2, cannot open shared object file: No such file or directory) 2018-05-01 11:38:56 0 [ERROR] Aborting $ cmake -DPLUGIN_AUTH_SOCKET=DYNAMIC ../mariadb-server-10.2/ $ scripts/mysql_install_db --datadir=/tmp/mysqldatadir-auth-dyn --auth-root-socket-user=dan --auth-root-authentication-method=socket --builddir=. --srcdir=../mariadb-server-10.2 Installing MariaDB/MySQL system tables in '/tmp/mysqldatadir-auth-dyn' ... OK $ ./sql/mysqld --datadir=/tmp/mysqldatadir-auth-dyn --lc-messages-dir=${PWD}/sql/share --plugin-dir=./plugin/auth_socket/ $ client/mysql -S /tmp/mysql.sock -e 'show create user dan@localhost' +----------------------------------------------------------+ | CREATE USER for dan@localhost | +----------------------------------------------------------+ | CREATE USER 'dan'@'localhost' IDENTIFIED VIA unix_socket | +----------------------------------------------------------+ $ sudo make install $ sudo chmod a+rwx /usr/local/mysql/data $ cd /usr/local/mysql/ $ scripts/mysql_install_db --auth-root-socket-user=dan --auth-root-authentication-method=socket Installing MariaDB/MySQL system tables in './data' ... OK .. $ bin/mysqld_safe $ client/mysql -S /tmp/mysql.sock -e 'show create user dan@localhost' +----------------------------------------------------------+ | CREATE USER for dan@localhost | +----------------------------------------------------------+ | CREATE USER 'dan'@'localhost' IDENTIFIED VIA unix_socket | +----------------------------------------------------------+ Merges #767
2018-05-18 07:10:52 +02:00
-- More secure root account using unix socket auth.
SQL: truncate syntax and privilege [closes #229]
2017-09-08 09:22:24 +02:00
INSERT INTO tmp_user_socket VALUES ('localhost',IFNULL(@auth_root_socket, 'root'),'','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'unix_socket','','N', 'N','', 0);
MDEV-14578: mysql_install_db install unix_socket plugin when --auth-root-authentication-method=socket $ cmake -DPLUGIN_AUTH_SOCKET=STATIC ../mariadb-server-10.2/ $ scripts/mysql_install_db --datadir=/tmp/mysqldatadir-auth-static --auth-root-socket-user=dan --auth-root-authentication-method=socket --builddir=. --srcdir=../mariadb-server-10.2 Installing MariaDB/MySQL system tables in '/tmp/mysqldatadir-auth-static' ... OK $ client/mysql -S /tmp/mysql.sock -e 'show create user dan@localhost' +----------------------------------------------------------+ | CREATE USER for dan@localhost | +----------------------------------------------------------+ | CREATE USER 'dan'@'localhost' IDENTIFIED VIA unix_socket | +----------------------------------------------------------+ $ cmake -DPLUGIN_AUTH_SOCKET=NO ../mariadb-server-10.2/ $ scripts/mysql_install_db --datadir=/tmp/mysqldatadir-auth-none --auth-root-socket-user=dan --auth-root-authentication-method=socket --builddir=. --srcdir=../mariadb-server-10.2 Installing MariaDB/MySQL system tables in '/tmp/mysqldatadir-auth-none' ... ERROR: 1126 Can't open shared library '.../plugin/auth_socket/auth_socket.so' (errno: 2, cannot open shared object file: No such file or directory) 2018-05-01 11:38:56 0 [ERROR] Aborting $ cmake -DPLUGIN_AUTH_SOCKET=DYNAMIC ../mariadb-server-10.2/ $ scripts/mysql_install_db --datadir=/tmp/mysqldatadir-auth-dyn --auth-root-socket-user=dan --auth-root-authentication-method=socket --builddir=. --srcdir=../mariadb-server-10.2 Installing MariaDB/MySQL system tables in '/tmp/mysqldatadir-auth-dyn' ... OK $ ./sql/mysqld --datadir=/tmp/mysqldatadir-auth-dyn --lc-messages-dir=${PWD}/sql/share --plugin-dir=./plugin/auth_socket/ $ client/mysql -S /tmp/mysql.sock -e 'show create user dan@localhost' +----------------------------------------------------------+ | CREATE USER for dan@localhost | +----------------------------------------------------------+ | CREATE USER 'dan'@'localhost' IDENTIFIED VIA unix_socket | +----------------------------------------------------------+ $ sudo make install $ sudo chmod a+rwx /usr/local/mysql/data $ cd /usr/local/mysql/ $ scripts/mysql_install_db --auth-root-socket-user=dan --auth-root-authentication-method=socket Installing MariaDB/MySQL system tables in './data' ... OK .. $ bin/mysqld_safe $ client/mysql -S /tmp/mysql.sock -e 'show create user dan@localhost' +----------------------------------------------------------+ | CREATE USER for dan@localhost | +----------------------------------------------------------+ | CREATE USER 'dan'@'localhost' IDENTIFIED VIA unix_socket | +----------------------------------------------------------+ Merges #767
2018-05-18 07:10:52 +02:00
IF @auth_root_socket is not null THEN
MDEV-14578: mysql_install_db install unix_socket plugin when --auth-root-authentication-method=socket post-merge fixes
2018-06-18 11:51:27 +02:00
IF not exists(select 1 from information_schema.plugins where plugin_name='unix_socket') THEN
INSTALL SONAME 'auth_socket'; END IF; END IF;
mysql_install_db enhancements to facilitate Debian bug#848616 fix In Debian, the default install is made more secure by omitting the anonymous user and by making the root account authenticate by unix socket authentication instead of the default password-less root. However, Debian hard-codes this change in mysql_install_db, which breaks that program for other users. This commit instead implements new general options for mysql_install_db that can be used by anyone to similarly perform a more secure install: --skip-auth-anonymous-user: omits the anonymous user. --auth-root-authentication-method=normal: Keeps the existing behaviour with a password-less root account. Currently on by default. --auth-root-socket-user=USER --auth-root-authentication-method=socket: creates the MariaDB root user with the name USER (defaults to 'root') and using unix socket authentication. This way, only that user has MariaDB root access after install. The idea with --auth-root-authentication-method=normal is that applications that need this behaviour can give that option explicitly. Then eventually we could make --auth-root-authentication-method=socket the default, giving a more secure default installation. Note that it is perfectly possible to do a secure install with --auth-root-authentication-method=normal. For example, installing a private server just for local access by a single OS-level user, by using --skip-networking and putting the connection socket in a location without public access. So it is important to preserve this API for backwards compatibility.
2017-01-13 11:25:38 +01:00
INSERT INTO user SELECT * FROM tmp_user_nopasswd WHERE @had_user_table=0 AND @skip_auth_root_nopasswd IS NULL;
INSERT INTO user SELECT * FROM tmp_user_socket WHERE @had_user_table=0 AND @auth_root_socket IS NOT NULL;
MDEV-12645 - mysql_install_db: no install test db option Added --skip-test-db option to mysql_install_db. If specified, no test database created and relevant grants issued. Removed --skip-auth-anonymous-user option of mysql_install_db. Now it is covered by --skip-test-db. Dropped some Debian patches that did the same. Removed unused make_win_bin_dist.1, make_win_bin_dist and mysql_install_db.pl.in.
2018-04-11 14:50:32 +02:00
DROP TABLE tmp_user_nopasswd, tmp_user_socket;
WL#1054: Pluggable authentication support Merged the implementation to a new base tree.
2010-08-09 10:32:50 +02:00
Bug #57916: Fix the naming of the proxy_priv table 1. Fixed the name of the table to proxies_priv 2. Fixed the column names to be of the form Capitalized_lowecarse instead of Capitalized_Capitalized 3. Added Timestamp and Grantor columns 4. Added tests to plugin_auth to check the table structure 5. Updated the existing tests
2010-11-02 16:45:26 +01:00
CREATE TEMPORARY TABLE tmp_proxies_priv LIKE proxies_priv;
INSERT INTO tmp_proxies_priv VALUES ('localhost', 'root', '', '', TRUE, '', now());
10.0-base merge
2014-02-03 15:22:39 +01:00
REPLACE INTO tmp_proxies_priv SELECT @current_hostname, 'root', '', '', TRUE, '', now() FROM DUAL WHERE @current_hostname != 'localhost';
Bug #57916: Fix the naming of the proxy_priv table 1. Fixed the name of the table to proxies_priv 2. Fixed the column names to be of the form Capitalized_lowecarse instead of Capitalized_Capitalized 3. Added Timestamp and Grantor columns 4. Added tests to plugin_auth to check the table structure 5. Updated the existing tests
2010-11-02 16:45:26 +01:00
INSERT INTO proxies_priv SELECT * FROM tmp_proxies_priv WHERE @had_proxies_priv_table=0;
DROP TABLE tmp_proxies_priv;
Reference in a new issue Copy permalink