Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-441

Default user name for C/C is wrong if login user is different from effective user

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.3
    • Fix Version/s: 3.1.8
    • Labels:
      None

      Description

      For command-line tools, if no user name is provided, then the default behavior is supposed to be that the client will use the name of the current Unix user.

      From the MySQL documentation:

      On Unix, most MySQL clients by default try to log in using the current Unix user name as the MySQL user name, but that is for convenience only.

      https://dev.mysql.com/doc/refman/5.7/en/user-names.html

      And from the MariaDB documentation:

      -u, --user=name User for login, if not current user.

      https://mariadb.com/kb/en/library/mysql-command-line-client/

      However, at the moment, the wrong user name is used by default if the login user is different from the effective user.

      How the Default User Name is Determined

      MariaDB Connector/C determines the default user name by calling read_user_name() to get the current user:

      https://github.com/MariaDB/mariadb-connector-c/blob/v3.1.3/libmariadb/mariadb_lib.c#L498

      It is called in send_client_reply_packet():

      https://github.com/MariaDB/mariadb-connector-c/blob/v3.1.3/plugins/auth/my_auth.c#L311

      The read_user_name() function gets the user name by checking the following items in the following order:

      • If geteuid() returns 0, then root is used.
      • If getlogin() is not NULL, then its return value is used.
      • If getpwuid(geteuid()) is not NULL, then its return value is used.
      • If the USER environment variable is set, then its assigned value is used.
      • If the LOGNAME environment variable is set, then its assigned value is used.
      • If the LOGIN environment variable is set, then its assigned value is used.

      This order can cause unexpected results in some cases.

      How to Reproduce

      For example, let's say that we change users by doing something like this:

      $ whoami
      ec2-user
      $ sudo -u mysql bash
      $ whoami
      mysql
      $ printenv USER
      mysql
      $ printenv LOGNAME
      mysql
      $ printenv LOGIN
      $ id
      uid=997(mysql) gid=994(mysql) groups=994(mysql),1005(shadow)
      $ cat /proc/self/loginuid
      1000
      $ id 1000
      uid=1000(ec2-user) gid=1000(ec2-user) groups=1000(ec2-user),4(adm),10(wheel),190(systemd-journal)
      

      In this case, our effective user is mysql, but the login user is still ec2-user.

      Let's start tcpdump:

      sudo tcpdump -i any -w mariadb_traffic.pcap port 3306
      

      And then let's run a client without providing a user name:

      $ mysql --plugin-dir=/usr/lib64/mysql/plugin/ -h 127.0.0.1
      [mariadb] Password:
      

      Authentication will fail, because the user name is wrong.

      Let's read the tcpdump file:

      sudo tcpdump -q -X -r mariadb_traffic.pcap
      

      The client handshake response looks like this for me:

      00:28:51.270909 IP localhost.38338 > localhost.mysql: tcp 0
              0x0000:  4508 0034 54e6 4000 4006 e7d3 7f00 0001  E..4T.@.@.......
              0x0010:  7f00 0001 95c2 0cea 5d84 b993 2a65 a5ae  ........]...*e..
              0x0020:  8010 0156 fe28 0000 0101 080a 0057 ed76  ...V.(.......W.v
              0x0030:  0057 ed76 0000 0000 0000 0000 0000 0000  .W.v............
              0x0040:  0000 0000                                ....
      00:28:51.271046 IP localhost.38338 > localhost.mysql: tcp 194
              0x0000:  4508 00f6 54e7 4000 4006 e710 7f00 0001  E...T.@.@.......
              0x0010:  7f00 0001 95c2 0cea 5d84 b993 2a65 a5ae  ........]...*e..
              0x0020:  8018 0156 feea 0000 0101 080a 0057 ed76  ...V.........W.v
              0x0030:  0057 ed76 be00 0001 84a6 9f20 0000 0001  .W.v............
              0x0040:  2100 0000 0000 0000 0000 0000 0000 0000  !...............
              0x0050:  0000 0000 0700 0000 6563 322d 7573 6572  ........ec2-user
              0x0060:  0000 6d79 7371 6c5f 6e61 7469 7665 5f70  ..mysql_native_p
              0x0070:  6173 7377 6f72 6400 7d03 5f6f 7305 4c69  assword.}._os.Li
              0x0080:  6e75 780c 5f63 6c69 656e 745f 6e61 6d65  nux._client_name
              0x0090:  0a6c 6962 6d61 7269 6164 6204 5f70 6964  .libmariadb._pid
              0x00a0:  0435 3937 330f 5f63 6c69 656e 745f 7665  .5973._client_ve
              0x00b0:  7273 696f 6e05 332e 312e 3409 5f70 6c61  rsion.3.1.4._pla
              0x00c0:  7466 6f72 6d06 7838 365f 3634 0c70 726f  tform.x86_64.pro
              0x00d0:  6772 616d 5f6e 616d 6505 6d79 7371 6c0c  gram_name.mysql.
              0x00e0:  5f73 6572 7665 725f 686f 7374 0931 3237  _server_host.127
              0x00f0:  2e30 2e30 2e31 0000 0000 0000 0000 0000  .0.0.1..........
              0x0100:  0000 0000 0000
      

      We can see from the packet content that C/C thinks the user name is ec2-user instead of mysql.

      The error message sent by the server also references this incorrect ec2-user user name:

      $ mysql --plugin-dir=/usr/lib64/mysql/plugin/ -h 127.0.0.1
      [mariadb] Password:
      ERROR 1045 (28000): Access denied for user 'ec2-user'@'localhost' (using password: NO)
      

      Suggested Fix

      MariaDB Connector/C's version of the read_user_name() function should be fixed to use the effective user as the default user.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              georg Georg Richter
              Reporter:
              GeoffMontee Geoff Montee
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: