database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-24965 With ALTER USER ...IDENTIFIED BY command, password doesn't replaced by asterisks in audit log.

Browse Source 
Check for the ALTER USER command added.
This commit is contained in:
Alexey Botchkov
2021-02-26 13:26:00 +04:00
parent 1d80e8e4f3
commit 25ecf8ed4b
3 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
mysql-test/suite/plugins/r/server_audit.result
View File

@ -118,6 +118,7 @@ CREATE USER u1 IDENTIFIED BY 'pwd-123';
GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321"; GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321";
SET PASSWORD FOR u1 = PASSWORD('pwd 098'); SET PASSWORD FOR u1 = PASSWORD('pwd 098');
CREATE USER u3 IDENTIFIED BY ''; CREATE USER u3 IDENTIFIED BY '';
ALTER USER u3 IDENTIFIED BY 'pwd-456';
drop user u1, u2, u3; drop user u1, u2, u3;
set global server_audit_events='query_ddl'; set global server_audit_events='query_ddl';
create table t1(id int); create table t1(id int);
@ -382,6 +383,8 @@ TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u3 IDENTIFIED BY *****',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u3 IDENTIFIED BY *****',0
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'ALTER USER u3 IDENTIFIED BY \'pwd-456\'',0
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv, TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,

1
mysql-test/suite/plugins/t/server_audit.test
View File

@ -95,6 +95,7 @@ CREATE USER u1 IDENTIFIED BY 'pwd-123';
GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321"; GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321";
SET PASSWORD FOR u1 = PASSWORD('pwd 098'); SET PASSWORD FOR u1 = PASSWORD('pwd 098');
CREATE USER u3 IDENTIFIED BY ''; CREATE USER u3 IDENTIFIED BY '';
ALTER USER u3 IDENTIFIED BY 'pwd-456';
drop user u1, u2, u3; drop user u1, u2, u3;
set global server_audit_events='query_ddl'; set global server_audit_events='query_ddl';

3
plugin/server_audit/server_audit.c
View File

@ -819,6 +819,7 @@ enum sa_keywords
SQLCOM_DML, SQLCOM_DML,
SQLCOM_GRANT, SQLCOM_GRANT,
SQLCOM_CREATE_USER, SQLCOM_CREATE_USER,
SQLCOM_ALTER_USER,
SQLCOM_CHANGE_MASTER, SQLCOM_CHANGE_MASTER,
SQLCOM_CREATE_SERVER, SQLCOM_CREATE_SERVER,
SQLCOM_SET_OPTION, SQLCOM_SET_OPTION,
@ -926,6 +927,7 @@ struct sa_keyword passwd_keywords[]=
{ {
{3, "SET", &password_word, SQLCOM_SET_OPTION}, {3, "SET", &password_word, SQLCOM_SET_OPTION},
{5, "ALTER", &server_word, SQLCOM_ALTER_SERVER}, {5, "ALTER", &server_word, SQLCOM_ALTER_SERVER},
{5, "ALTER", &user_word, SQLCOM_ALTER_USER},
{5, "GRANT", 0, SQLCOM_GRANT}, {5, "GRANT", 0, SQLCOM_GRANT},
{6, "CREATE", &user_word, SQLCOM_CREATE_USER}, {6, "CREATE", &user_word, SQLCOM_CREATE_USER},
{6, "CREATE", &server_word, SQLCOM_CREATE_SERVER}, {6, "CREATE", &server_word, SQLCOM_CREATE_SERVER},
@ -1845,6 +1847,7 @@ do_log_query:
{ {
case SQLCOM_GRANT: case SQLCOM_GRANT:
case SQLCOM_CREATE_USER: case SQLCOM_CREATE_USER:
case SQLCOM_ALTER_USER:
csize+= escape_string_hide_passwords(query, query_len, csize+= escape_string_hide_passwords(query, query_len,
uh_buffer, uh_buffer_size, uh_buffer, uh_buffer_size,
"IDENTIFIED", 10, "BY", 2, 0); "IDENTIFIED", 10, "BY", 2, 0);