[CONC-441] Default user name for C/C is wrong if login user is different from effective user - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.3
Fix Version/s: 3.1.8
Component/s: None
Labels:
None

Description

For command-line tools, if no user name is provided, then the default behavior is supposed to be that the client will use the name of the current Unix user.

From the MySQL documentation:

On Unix, most MySQL clients by default try to log in using the current Unix user name as the MySQL user name, but that is for convenience only.

https://dev.mysql.com/doc/refman/5.7/en/user-names.html

And from the MariaDB documentation:

-u, --user=name User for login, if not current user.

https://mariadb.com/kb/en/library/mysql-command-line-client/

However, at the moment, the wrong user name is used by default if the login user is different from the effective user.

How the Default User Name is Determined

MariaDB Connector/C determines the default user name by calling read_user_name() to get the current user:

https://github.com/MariaDB/mariadb-connector-c/blob/v3.1.3/libmariadb/mariadb_lib.c#L498

It is called in send_client_reply_packet():

https://github.com/MariaDB/mariadb-connector-c/blob/v3.1.3/plugins/auth/my_auth.c#L311

The read_user_name() function gets the user name by checking the following items in the following order:

If geteuid() returns 0, then root is used.
If getlogin() is not NULL, then its return value is used.
If getpwuid(geteuid()) is not NULL, then its return value is used.
If the USER environment variable is set, then its assigned value is used.
If the LOGNAME environment variable is set, then its assigned value is used.
If the LOGIN environment variable is set, then its assigned value is used.

This order can cause unexpected results in some cases.

How to Reproduce

For example, let's say that we change users by doing something like this:

$ whoami

ec2-user

$ sudo -u mysql bash

$ whoami

mysql

$ printenv USER

mysql

$ printenv LOGNAME

mysql

$ printenv LOGIN

$ id

uid=997(mysql) gid=994(mysql) groups=994(mysql),1005(shadow)

$ cat /proc/self/loginuid

$ id 1000

uid=1000(ec2-user) gid=1000(ec2-user) groups=1000(ec2-user),4(adm),10(wheel),190(systemd-journal)

In this case, our effective user is mysql, but the login user is still ec2-user.

Let's start tcpdump:

sudo tcpdump -i any -w mariadb_traffic.pcap port 3306

And then let's run a client without providing a user name:

$ mysql --plugin-dir=/usr/lib64/mysql/plugin/ -h 127.0.0.1

[mariadb] Password:

Authentication will fail, because the user name is wrong.

Let's read the tcpdump file:

sudo tcpdump -q -X -r mariadb_traffic.pcap

The client handshake response looks like this for me:

00:28:51.270909 IP localhost.38338 > localhost.mysql: tcp 0

        0x0000:  4508 0034 54e6 4000 4006 e7d3 7f00 0001  E..4T.@.@.......

        0x0010:  7f00 0001 95c2 0cea 5d84 b993 2a65 a5ae  ........]...*e..

        0x0020:  8010 0156 fe28 0000 0101 080a 0057 ed76  ...V.(.......W.v

        0x0030:  0057 ed76 0000 0000 0000 0000 0000 0000  .W.v............

        0x0040:  0000 0000                                ....

00:28:51.271046 IP localhost.38338 > localhost.mysql: tcp 194

        0x0000:  4508 00f6 54e7 4000 4006 e710 7f00 0001  E...T.@.@.......

        0x0010:  7f00 0001 95c2 0cea 5d84 b993 2a65 a5ae  ........]...*e..

        0x0020:  8018 0156 feea 0000 0101 080a 0057 ed76  ...V.........W.v

        0x0030:  0057 ed76 be00 0001 84a6 9f20 0000 0001  .W.v............

        0x0040:  2100 0000 0000 0000 0000 0000 0000 0000  !...............

        0x0050:  0000 0000 0700 0000 6563 322d 7573 6572  ........ec2-user

        0x0060:  0000 6d79 7371 6c5f 6e61 7469 7665 5f70  ..mysql_native_p

        0x0070:  6173 7377 6f72 6400 7d03 5f6f 7305 4c69  assword.}._os.Li

        0x0080:  6e75 780c 5f63 6c69 656e 745f 6e61 6d65  nux._client_name

        0x0090:  0a6c 6962 6d61 7269 6164 6204 5f70 6964  .libmariadb._pid

        0x00a0:  0435 3937 330f 5f63 6c69 656e 745f 7665  .5973._client_ve

        0x00b0:  7273 696f 6e05 332e 312e 3409 5f70 6c61  rsion.3.1.4._pla

        0x00c0:  7466 6f72 6d06 7838 365f 3634 0c70 726f  tform.x86_64.pro

        0x00d0:  6772 616d 5f6e 616d 6505 6d79 7371 6c0c  gram_name.mysql.

        0x00e0:  5f73 6572 7665 725f 686f 7374 0931 3237  _server_host.127

        0x00f0:  2e30 2e30 2e31 0000 0000 0000 0000 0000  .0.0.1..........

        0x0100:  0000 0000 0000

We can see from the packet content that C/C thinks the user name is ec2-user instead of mysql.

The error message sent by the server also references this incorrect ec2-user user name:

$ mysql --plugin-dir=/usr/lib64/mysql/plugin/ -h 127.0.0.1

[mariadb] Password:

ERROR 1045 (28000): Access denied for user 'ec2-user'@'localhost' (using password: NO)

Suggested Fix

MariaDB Connector/C's version of the read_user_name() function should be fixed to use the effective user as the default user.

Attachments

Issue Links

causes

MDEV-21396 Cannot specify multiple authentication plugins (mysql_native_password and unix_socket)

Closed

relates to

MDEV-20756 Default user name for libmysqlclient is empty

Open

MDEV-21745 mariadb-10.4.11: Client authentication fails: ERROR 1698 (28000): Access denied for user 'root'@'localhost'

Closed

Activity

People

Assignee:: Georg Richter

Reporter:: Geoff Montee (Inactive)

Votes:: 2 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2019-10-05 00:55

Updated:: 2020-03-17 18:08

Resolved:: 2020-03-12 17:11

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.