1
0
mirror of https://github.com/MariaDB/server.git synced 2025-07-18 23:03:28 +03:00
Commit Graph

2724 Commits

Author SHA1 Message Date
60ea09eae6 Merge branch '10.2' into 10.3 2021-02-01 13:49:33 +01:00
fc0d9a470c MDEV-22966 Server crashes or hangs with SET ROLE when started with skip-grant-tables 2021-01-11 21:54:47 +01:00
d4c35fb21b MDEV-24207: recognise mysql forms of invalid password for mysql_native_password
The main goal of this patch is to prevent MariaDB's native_password_plugin
from "parsing" the hex (or non hex) authentication_string. Due to how the
current code is written, we convert any string (within native_password_get_salt)
that has the appropriate length to a "binary" representation, that can
potentially match a real password.

More specifically,
"*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE" produces the same results as
"*d13c3c78dafa52d9bce09bdd1adcb7befced1ebe".

The length indicator is the main indicator of an invalid password. We use
use same trick with "invalid" to change its internal representation.

The "parsing" mentioned is by get_salt_from_password down to char_val()
and because if where it is, its effectively a static plugin API that cannot
change.

In supporting these, we support the SHOW CREATE USER from MySQL may have the
hashed password string: *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE.

Obviously this isn't a hash because it contains non-hex characters.

After this patch we do however recognise the pattern;

 [any char, notionally *]{40 chars not all are hex}

as a pattern for an invalid password. This was determined to be the general
pattern that MySQL used.

Reviewers: Sergei G, Vicentiu
2020-12-15 15:15:29 +11:00
e9d86d80be issue ER_USER_IS_BLOCKED also for non-existent users
following the same masquerading logic
2020-12-12 13:07:03 +01:00
589cf8dbf3 Merge 10.3 into 10.4 2020-12-01 19:51:14 +02:00
81ab9ea63f Merge 10.2 into 10.3 2020-12-01 14:55:46 +02:00
1ccd1daaff MDEV-24289: show grants missing with grant option
Reviewed by:serg@mariadb.com
2020-11-26 18:10:40 +01:00
fd7569ea6b MDEV-24098: SHOW CREATE USER invalid for both PASSWORD and LOCKED
The parser of CREATE USER accepts ACCOUNT LOCK before PASSWORD
EXPIRE but not the other way around.

This just changes the SHOW CREATE USER to output a sql syntax that
is valid.

Thanks to Robert Bindar for analysis.
2020-11-04 22:17:04 +11:00
5b779c220d MDEV-22974: mysql_native_password make "invalid" valid
Per b9f3f06857, mysql_system_tables_data.sql creates
a mysql_native_password with a salted hash of "invalid" so that `set password`
will detect a native password can be applied:.

SHOW CREATE USER; diligently uses this value in its output
generating the SQL:

   MariaDB [(none)]> show create user;

   +---------------------------------------------------------------------------------------------------+
   | CREATE USER for dan@localhost                                                                     |
   +---------------------------------------------------------------------------------------------------+
   | CREATE USER `dan`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket |
   +---------------------------------------------------------------------------------------------------+

Attempting to execute this before this patch results in:

  MariaDB [(none)]>  CREATE USER `dan2`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket;
  ERROR 1372 (HY000): Password hash should be a 41-digit hexadecimal number

As such, deep the implementation of mysql_native_password we make "invalid" valid (pun intended)
such that the above create user will succeed. We do this by storing
"*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE" (credit: Oracle MySQL), that is of an INCORRECT
length for a scramble.

In native_password_authenticate we check the length of this cached value
and immediately fail if it is anything other than the scramble length.

native_password_get_salt is only called in the context of set_user_salt, so all setting of native
passwords to hashed content of 'invalid', quite literally create an invalid password.

So other forms of "invalid" are valid SQL in creating invalid passwords:

   MariaDB [(none)]> set password = 'invalid';
   Query OK, 0 rows affected (0.001 sec)

   MariaDB [(none)]> alter user dan@localhost IDENTIFIED BY PASSWORD 'invalid';
   Query OK, 0 rows affected (0.000 sec)

closes #1628

Reviewer: serg@mariadb.com
2020-10-31 09:14:37 +11:00
7b2bb67113 Merge 10.3 into 10.4 2020-10-29 13:38:38 +02:00
a8de8f261d Merge 10.2 into 10.3 2020-10-28 10:01:50 +02:00
4e987b1c6b MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role
Reviewed-by: serg@mariadb.com
2020-10-24 16:32:07 +02:00
57325e4706 Merge branch '10.3' into 10.4 2020-08-03 14:44:06 +02:00
c32f71af7e Merge branch '10.2' into 10.3 2020-08-03 13:41:29 +02:00
ef7cb0a0b5 Merge branch '10.1' into 10.2 2020-08-02 11:05:29 +02:00
78f09b12d3 MDEV-23009 SIGSEGV in get_field from acl_load (on optimized builds)
Classes that handle privilege tables (like Tables_priv_table)
could read some columns conditionally but they expect a certain
minimal number of colunms always to exist.

Add a check for a minimal required number of columns in privilege tables,
don't use a table that has fewer columns than required.
2020-07-31 09:00:05 +02:00
09ec8e2e22 improve the error message for a dropped current role 2020-07-30 23:50:56 +02:00
4635218cb0 MDEV-22521 Server crashes in traverse_role_graph_up or Assertion `user' fails in traverse_role_graph_impl 2020-07-30 23:50:56 +02:00
e54a7ac1b3 MDEV-23010 UPDATE privilege at Database and Table level fail to update with SELECT command denied to user
check both column- and table-level grants when looking for SELECT
privilege on UPDATE statement.
2020-07-29 14:56:24 +02:00
2ba70f69fd cleanup: reduce code duplication 2020-07-29 14:56:24 +02:00
b58586aae9 MDEV-21560 Assertion `grant_table || grant_table_role' failed in check_grant_all_columns
With RETURNING it can happen that the user has some privileges on
the table (namely, DELETE), but later needs different privileges
on individual columns (namely, SELECT).

Do the same as in check_grant_column() - ER_COLUMNACCESS_DENIED_ERROR,
not an assert.
2020-06-13 18:49:42 +02:00
805340936a Merge 10.3 into 10.4 2020-06-13 19:01:28 +03:00
d83a443250 Merge 10.2 into 10.3 2020-06-13 15:11:43 +03:00
8c67ffffe8 Merge branch '10.1' into 10.2 2020-06-11 22:35:30 +03:00
de20091f5c MDEV-22755 CREATE USER leads to indirect SIGABRT in __stack_chk_fail () from fill_schema_user_privileges + *** stack smashing detected *** (on optimized builds)
The code erroneously used buff[100] in a fiew places to make
a GRANTEE value in the form:
  'user'@'host'

Fix:
- Fixing the code to use (USER_HOST_BUFF_SIZE + 6) instead of 100.
- Adding a DBUG_ASSERT to make sure the buffer is enough
- Wrapping the code into a class Grantee_str, to reuse it easier in 4 places.
2020-06-11 09:57:05 +04:00
8059148154 Merge 10.3 into 10.4 2020-06-03 07:32:09 +03:00
8300f639a1 Merge 10.2 into 10.3 2020-06-02 10:25:11 +03:00
d72eebaa3d Merge 10.1 into 10.2 2020-06-01 09:33:03 +03:00
a1b3bebe1f fix pre-definition for embedded server for find_user_or_anon()
Pre-definitions are allowed for non-embedded.
Failur catched with:
```
cmake ../../10.1 -DCMAKE_BUILD_TYPE=Debug -DCMAKE_CXX_COMPILER=g++-9
-DCMAKE_C_COMPILER=gcc-9 -DWITH_EMBEDDED_SERVER=ON -DCMAKE_BUILD_TYPE=Debug
-DPLUGIN_{ARCHIVE,TOKUDB,MROONGA,OQGRAPH,ROCKSDB,PERFSCHEMA,SPIDER,SPHINX}=N
-DMYSQL_MAINTAINER_MODE=ON -DNOT_FOR_DISTRIBUTION=ON
```
Alternative fix would be
```
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -201,8 +201,10 @@ LEX_STRING current_user= { C_STRING_WITH_LEN("*current_user") };
 LEX_STRING current_role= { C_STRING_WITH_LEN("*current_role") };
 LEX_STRING current_user_and_current_role= { C_STRING_WITH_LEN("*current_user_and_current_role") };

+#ifndef EMBEDDED_LIBRARY
 class ACL_USER;
 static ACL_USER *find_user_or_anon(const char *host, const char *user, const char *ip);
+#endif
```
2020-05-28 20:18:25 +02:00
957cb7b7ba MDEV-22312: Bad error message for SET DEFAULT ROLE when user account is not granted the role
- `SET DEFAULT ROLE xxx [FOR yyy]` should say:
  "User yyy has not been granted a role xxx" if:
    - The current user (not the user `yyy` in the FOR clause) can see the
    role xxx. It can see the role if:
      * role exists in `mysql.roles_mappings` (traverse the graph),
      * If the current user has read access on `mysql.user` table - in
    that case, it can see all roles, granted or not.
    - Otherwise it should be "Invalid role specification".

In other words, it should not be possible to use `SET DEFAULT ROLE` to discover whether a specific role exist or not.
2020-05-28 17:08:40 +02:00
6dab094fbd MDEV-20257 Server crashes in Grant_table_base::init_read_record upon crash-upgrade
when opening the `user` table separately, reset `thd->open_tables`
for the duration of open, otherwise auto-repair fallback-and-retry
will close *all* tables (but reopen only `user`)
2020-04-27 09:22:36 +02:00
a58b2b3b2b MDEV-21928 ALTER USER doesn't remove excess authentication plugins from mysql.global_priv
only use auth1 update (no "auth_or":[]) array, if there was no
"auth_or" array in the json yet.
2020-04-27 09:22:36 +02:00
a19782522b MDEV-14735: Fix -Wunused-const-variable 2020-04-24 17:13:04 +03:00
646d1ec83a Merge branch '10.3' into 10.4 2020-02-11 14:40:35 +01:00
fafb35ee51 MDEV-20076: SHOW GRANTS does not quote role names properly
Quotes added to output.
2020-02-05 17:22:26 +01:00
6918157e98 Merge branch '10.3' into 10.4 2020-01-21 23:15:02 +01:00
ade89fc898 Merge branch '10.2' into 10.3 2020-01-21 09:11:14 +01:00
3a1716a7e7 Merge branch '10.1' into 10.2 2020-01-20 16:15:05 +01:00
f31bf6f094 Merge branch '5.5' into 10.1 2020-01-19 12:22:12 +01:00
4d1c1b23e1 Bug#29630767 - USE OF UNINITIALIZED VALUE IN LIBMYSQL (CLIENT.CC FUNCTION RUN_PLUGIN_AUTH) 2020-01-18 00:05:16 +01:00
ec40980ddd Merge 10.3 into 10.4 2019-11-01 15:23:18 +02:00
b62101f84b Fixes for binary logging --read-only mode
- Any temporary tables created under read-only mode will never be logged
  to binary log.  Any usage of these tables to update normal tables, even
  after read-only has been disabled, will use row base logging (as the
  temporary table will not be on the slave).
- Analyze, check and repair table will not be logged in read-only mode.

Other things:
- Removed not used varaibles in
  MYSQL_BIN_LOG::flush_and_set_pending_rows_event.
- Set table_share->table_creation_was_logged for all normal tables.
- THD::binlog_query() now returns -1 if statement was not logged., This
  is used to update table_share->table_creation_was_logged.
- Don't log admin statements in opt_readonly is set.
- Table's that doesn't have table_creation_was_logged will set binlog format to row
  logging.
- Removed not needed/wrong setting of table->s->table_creation_was_logged
  in create_table_from_items()
2019-10-20 11:52:29 +03:00
05619f6989 Fixes based on warnings from gcc/clang and valgrind
- Initialize variables that could be used uninitialized
- Added extra end space to DbugStringItemTypeValue to get rid of warnings
  from c_ptr()
- Session_sysvars_tracker::update() accessed unitialized memory if called
  with NULL value.
- get_schema_stat_record() accessed unitialized memory if HA_KEY_LONG_HASH
  was used
- parse_vcol_defs() accessed random memory for tables without keys.
2019-08-12 10:48:38 +03:00
2792c6e7b0 Merge branch '10.3' into 10.4 2019-07-28 13:43:26 +02:00
d97342b6f2 Merge branch '10.2' into 10.3 2019-07-26 22:42:35 +02:00
cf8c2a3c3b Merge branch '10.1' into 10.2 2019-07-26 07:03:39 +02:00
ae476868a5 Merge branch '5.5' into 10.1 2019-07-25 13:27:11 +02:00
ee555f8fc5 MDEV-19948 SHOW GRANTS return privileges individually update in 10.2 2019-07-24 23:27:10 -07:00
55d8ff0de8 MDEV-19948 SHOW GRANTS FOR user return privileges individually 2019-07-24 23:19:43 -07:00
82563c5fc0 MDEV-20110 don't try to load client plugins with invalid names
reported by lixtelnis
2019-07-21 19:47:44 +02:00