mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-04-08 00:05:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions1

MDEV-23933 main.failed_auth_unixsocket fails on arm

Browse source 
the idea of main.failed_auth_unixsocket was to have existing
user account (root) authenticate with unix_socket, then login with
non-existent user name, Non-existent user name forces the server
to perform the authentication in the name of some random existing
user. But it must still fail at the end, as the user name is wrong.

In 10.4 a second predefined user was added, mariadb.sys, so root
is not the only user in mysql.global_priv and unix_socket auth
must be forced for all existing user accounts, because we cannot
know what user account the server will randomly pick for non-existing
user auth.
This commit is contained in:
Sergei Golubchik 2021-06-09 13:17:58 +02:00
parent bafec28e43
commit f13b80af39
2 changed files with 10 additions and 4 deletions

7
mysql-test/main/failed_auth_unixsocket.result
View file

@ -1,7 +1,10 @@
update mysql.global_priv set priv=json_insert(priv, '$.plugin', 'unix_socket') where user='root';
create table global_priv_backup select * from mysql.global_priv;
update mysql.global_priv set priv=json_insert(priv, '$.plugin', 'unix_socket');
delete from mysql.global_priv where user != 'root';
flush privileges;
connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'USER'@'localhost'
ERROR 28000: Access denied for user 'USER'@'localhost'
update mysql.global_priv set priv=json_compact(json_remove(priv, '$.plugin')) where user='root';
replace mysql.global_priv select * from global_priv_backup;
flush privileges;
drop table global_priv_backup;

7
mysql-test/main/failed_auth_unixsocket.test
View file

@ -4,7 +4,9 @@
# MDEV-3909 remote user enumeration
# unix_socket tests
#
update mysql.global_priv set priv=json_insert(priv, '$.plugin', 'unix_socket') where user='root';
create table global_priv_backup select * from mysql.global_priv;
update mysql.global_priv set priv=json_insert(priv, '$.plugin', 'unix_socket');
delete from mysql.global_priv where user != 'root';
flush privileges;
# Make sure that the replace works, even if $USER is 'user' or something else
@ -22,5 +24,6 @@ connect (fail,localhost,$USER);
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
change_user $USER;
update mysql.global_priv set priv=json_compact(json_remove(priv, '$.plugin')) where user='root';
replace mysql.global_priv select * from global_priv_backup;
flush privileges;
drop table global_priv_backup;