MDEV-30487 showed example of missing test case with skip-name-resolve and anonymous user in mtr.
When user connects with anonymous user, connection resolves to USERNAME on Windows only environment, rather to anonymous user.
This situation doesn't occur for non-Windows OS-es.
It may be expected behavior, but I didn't find any reference about in KB.
By testing, this may be related to libmariadb client authentication here where USERNAME is read instead of mysql->user, for which mysql->user[0]='', and I guess because of function read_user_name implementation on Windows, that is using USERNAME.
Attachments
Issue Links
relates to
MDEV-30487Anonymous user with skip-resolve-name recognized as 'USERNAME-' on Windows
anelThe situation does very well occur on non-Windows OSes, but in your environment read_user_name probably resolves to "root", and you accidentally are able to connect with that user and empty password.
Vladislav Vaintroub
added a comment - anel The situation does very well occur on non-Windows OSes, but in your environment read_user_name probably resolves to "root", and you accidentally are able to connect with that user and empty password.
read_user_name() returns the currently logged in user, if user name for mysql_real_connect() was not specified.
This behavior is the same on Windows and Posix systems:
mariadb -e"select current_user()"
+-----------------+
| current_user() |
+-----------------+
| georg@localhost |
+-----------------+
So I wonder which username do you expect on Windows, if none was specified?!
Georg Richter
added a comment - anel
read_user_name() returns the currently logged in user, if user name for mysql_real_connect() was not specified.
This behavior is the same on Windows and Posix systems:
mariadb -e "select current_user()"
+-----------------+
| current_user() |
+-----------------+
| georg @localhost |
+-----------------+
So I wonder which username do you expect on Windows, if none was specified?!
user name not specified, is when NULL is passed to mysql_real_connect.
anonymous user is when "" is passed to mysql_real_connect.
Vladislav Vaintroub
added a comment - user name not specified, is when NULL is passed to mysql_real_connect.
anonymous user is when "" is passed to mysql_real_connect.
"If user is NULL or the empty string "", the current user is assumed".
So yes, it's missing in our documentation.
Georg Richter
added a comment - Same behavior in MySQL, but it is documented:
https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-connect.html
"If user is NULL or the empty string "", the current user is assumed".
So yes, it's missing in our documentation.
By testing I noted that combination anonymous user + skip-name-resolve fails on buildbot and only on Windows (below is proof).
Without skip-name-resolve it works (bb doesn't fail, have seen in bb, but don't have proof to show here since used same branch for testing- can do on other branch, if you want).
I understand resolving of USERNAME, but we have uncovered test case in our suite (anonymous user + skip-name-resolve )
Just wanted to point that mtr is missing this test case to cover and we have failure on buildbot only on Windows.
In order to cover the test case ( anonymous user + skip-name-resolve ), what do you suggest to change in above test case (case 2.) ?
Based on statement [1] for Win and if in buildbot user is verified to be an Adminstrator as an current user, when skip-name-resolve is used, and if this is not a bug, should we have in mtr test pseudo-code like so:
# we are using skip-name-resolve
if OS == Windows
# anonymous userin bb == 'Administrator', since currentusername must be specified explicitly for Windows (see [1]) and we are using skip-name-resolve
Anel Husakovic
added a comment - Thanks wlad , georg .
By testing I noted that combination anonymous user + skip-name-resolve fails on buildbot and only on Windows (below is proof).
Without skip-name-resolve it works (bb doesn't fail, have seen in bb, but don't have proof to show here since used same branch for testing- can do on other branch, if you want).
I understand resolving of USERNAME , but we have uncovered test case in our suite ( anonymous user + skip-name-resolve )
1. Without skip-name-resolve , here we still have anonymous user , buildbot doesn't fail.
I have test case (tested before, verified on bb): https://github.com/MariaDB/server/commit/3b3aa81df64fd9ead56d8b5d1e3325c311d51cea#diff-4f7e5eb7561bba054403ee3a773b92c8bfc44cb1640122d4890e12f8708026b2
2. With skip-name-resolve it fails (only on Windows) - here we may have a bug/or undocumented behavior:
Test case: https://github.com/MariaDB/server/commit/6846913c9fecb7de3eae3470300c16c87c03a591
Failure: https://buildbot.mariadb.org/#/builders/234/builds/15431
See all builds for this case: https://buildbot.mariadb.org/#/grid?branch=bb-10.5-anel-anonymous-user-windows-check
Just wanted to point that mtr is missing this test case to cover and we have failure on buildbot only on Windows .
In order to cover the test case ( anonymous user + skip-name-resolve ), what do you suggest to change in above test case (case 2.) ?
Based on statement [1] for Win and if in buildbot user is verified to be an Adminstrator as an current user, when skip-name-resolve is used, and if this is not a bug, should we have in mtr test pseudo-code like so:
# we are using skip- name -resolve
if OS == Windows
# anonymous user in bb == 'Administrator' , since current user name must be specified explicitly for Windows (see [1]) and we are using skip- name -resolve
connect ( 'Adminstrator' , localhost,,)
else
# yes we can use anonymous user
connect ( '' ,localhost,,,)
[1] https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-connect.html
"If user is NULL or the empty string "", the current user is assumed". we have this too:
"Under Windows ODBC, the current user name must be specified explicitly. "
I derive from looking at the code and from Georg's answer, that there is no anonymous user possible, with Connector C, because connector C does not send empty string. So, I'm not sure what's tested here. What you assume as anonymous is probably root@localhost, or root@127.0.0.1, or root@::1 .
(I'm not commenting, whether localhost is or should be 127.0.0.1 or ::1, with or without skip-name-resolve, I do not care, to me it is the same thing )
Vladislav Vaintroub
added a comment - - edited I derive from looking at the code and from Georg's answer, that there is no anonymous user possible, with Connector C, because connector C does not send empty string. So, I'm not sure what's tested here. What you assume as anonymous is probably root@localhost, or root@127.0.0.1, or root@::1 .
(I'm not commenting, whether localhost is or should be 127.0.0.1 or ::1, with or without skip-name-resolve, I do not care, to me it is the same thing )
People
Georg Richter
Anel Husakovic
Votes:
0Vote for this issue
Watchers:
3Start watching this issue
Dates
Created:
Updated:
Resolved:
Git Integration
Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.
{"report":{"fcp":856.8000001907349,"ttfb":206,"pageVisibility":"visible","entityId":118709,"key":"jira.project.issue.view-issue","isInitial":true,"threshold":1000,"elementTimings":{},"userDeviceMemory":8,"userDeviceProcessors":64,"apdex":1,"journeyId":"d1808dc4-68ea-4575-b226-f49f77708bc1","navigationType":0,"readyForUser":932.4000005722046,"redirectCount":0,"resourceLoadedEnd":972.5,"resourceLoadedStart":216.10000038146973,"resourceTiming":[{"duration":98.59999942779541,"initiatorType":"link","name":"https://jira.mariadb.org/s/2c21342762a6a02add1c328bed317ffd-CDN/lu2cib/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/css/_super/batch.css","startTime":216.10000038146973,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":216.10000038146973,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":314.69999980926514,"responseStart":0,"secureConnectionStart":0},{"duration":98.19999980926514,"initiatorType":"link","name":"https://jira.mariadb.org/s/7ebd35e77e471bc30ff0eba799ebc151-CDN/lu2cib/820016/12ta74/2bf333562ca6724060a9d5f1535471f6/_/download/contextbatch/css/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":216.9000005722046,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":216.9000005722046,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":315.1000003814697,"responseStart":0,"secureConnectionStart":0},{"duration":99.69999980926514,"initiatorType":"script","name":"https://jira.mariadb.org/s/0917945aaa57108d00c5076fea35e069-CDN/lu2cib/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/js/_super/batch.js?locale=en","startTime":217.10000038146973,"connectEnd":217.10000038146973,"connectStart":217.10000038146973,"domainLookupEnd":217.10000038146973,"domainLookupStart":217.10000038146973,"fetchStart":217.10000038146973,"redirectEnd":0,"redirectStart":0,"requestStart":217.10000038146973,"responseEnd":316.80000019073486,"responseStart":316.69999980926514,"secureConnectionStart":217.10000038146973},{"duration":169.19999980926514,"initiatorType":"script","name":"https://jira.mariadb.org/s/2d8175ec2fa4c816e8023260bd8c1786-CDN/lu2cib/820016/12ta74/2bf333562ca6724060a9d5f1535471f6/_/download/contextbatch/js/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":217.30000019073486,"connectEnd":217.30000019073486,"connectStart":217.30000019073486,"domainLookupEnd":217.30000019073486,"domainLookupStart":217.30000019073486,"fetchStart":217.30000019073486,"redirectEnd":0,"redirectStart":0,"requestStart":217.30000019073486,"responseEnd":386.5,"responseStart":386.5,"secureConnectionStart":217.30000019073486},{"duration":173.19999980926514,"initiatorType":"script","name":"https://jira.mariadb.org/s/a9324d6758d385eb45c462685ad88f1d-CDN/lu2cib/820016/12ta74/c92c0caa9a024ae85b0ebdbed7fb4bd7/_/download/contextbatch/js/atl.global,-_super/batch.js?locale=en","startTime":217.5,"connectEnd":217.5,"connectStart":217.5,"domainLookupEnd":217.5,"domainLookupStart":217.5,"fetchStart":217.5,"redirectEnd":0,"redirectStart":0,"requestStart":217.5,"responseEnd":390.69999980926514,"responseStart":390.69999980926514,"secureConnectionStart":217.5},{"duration":173.39999961853027,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2cib/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-en/jira.webresources:calendar-en.js","startTime":217.80000019073486,"connectEnd":217.80000019073486,"connectStart":217.80000019073486,"domainLookupEnd":217.80000019073486,"domainLookupStart":217.80000019073486,"fetchStart":217.80000019073486,"redirectEnd":0,"redirectStart":0,"requestStart":217.80000019073486,"responseEnd":391.19999980926514,"responseStart":391.19999980926514,"secureConnectionStart":217.80000019073486},{"duration":174,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2cib/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-localisation-moment/jira.webresources:calendar-localisation-moment.js","startTime":217.9000005722046,"connectEnd":217.9000005722046,"connectStart":217.9000005722046,"domainLookupEnd":217.9000005722046,"domainLookupStart":217.9000005722046,"fetchStart":217.9000005722046,"redirectEnd":0,"redirectStart":0,"requestStart":217.9000005722046,"responseEnd":391.9000005722046,"responseStart":391.9000005722046,"secureConnectionStart":217.9000005722046},{"duration":243.80000019073486,"initiatorType":"link","name":"https://jira.mariadb.org/s/b04b06a02d1959df322d9cded3aeecc1-CDN/lu2cib/820016/12ta74/a2ff6aa845ffc9a1d22fe23d9ee791fc/_/download/contextbatch/css/jira.global.look-and-feel,-_super/batch.css","startTime":218.10000038146973,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":218.10000038146973,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":461.9000005722046,"responseStart":0,"secureConnectionStart":0},{"duration":174.30000019073486,"initiatorType":"script","name":"https://jira.mariadb.org/rest/api/1.0/shortcuts/820016/47140b6e0a9bc2e4913da06536125810/shortcuts.js?context=issuenavigation&context=issueaction","startTime":218.19999980926514,"connectEnd":218.19999980926514,"connectStart":218.19999980926514,"domainLookupEnd":218.19999980926514,"domainLookupStart":218.19999980926514,"fetchStart":218.19999980926514,"redirectEnd":0,"redirectStart":0,"requestStart":218.19999980926514,"responseEnd":392.5,"responseStart":392.5,"secureConnectionStart":218.19999980926514},{"duration":243.5,"initiatorType":"link","name":"https://jira.mariadb.org/s/3ac36323ba5e4eb0af2aa7ac7211b4bb-CDN/lu2cib/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/css/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.css?jira.create.linked.issue=true","startTime":218.4000005722046,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":218.4000005722046,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":461.9000005722046,"responseStart":0,"secureConnectionStart":0},{"duration":174.5,"initiatorType":"script","name":"https://jira.mariadb.org/s/5d5e8fe91fbc506585e83ea3b62ccc4b-CDN/lu2cib/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/js/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.js?jira.create.linked.issue=true&locale=en","startTime":218.5,"connectEnd":218.5,"connectStart":218.5,"domainLookupEnd":218.5,"domainLookupStart":218.5,"fetchStart":218.5,"redirectEnd":0,"redirectStart":0,"requestStart":218.5,"responseEnd":393,"responseStart":393,"secureConnectionStart":218.5},{"duration":681.1999998092651,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2cib/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-js/jira.webresources:bigpipe-js.js","startTime":219.4000005722046,"connectEnd":219.4000005722046,"connectStart":219.4000005722046,"domainLookupEnd":219.4000005722046,"domainLookupStart":219.4000005722046,"fetchStart":219.4000005722046,"redirectEnd":0,"redirectStart":0,"requestStart":219.4000005722046,"responseEnd":900.6000003814697,"responseStart":900.6000003814697,"secureConnectionStart":219.4000005722046},{"duration":687.9000005722046,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2cib/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-init/jira.webresources:bigpipe-init.js","startTime":219.5,"connectEnd":219.5,"connectStart":219.5,"domainLookupEnd":219.5,"domainLookupStart":219.5,"fetchStart":219.5,"redirectEnd":0,"redirectStart":0,"requestStart":219.5,"responseEnd":907.4000005722046,"responseStart":907.4000005722046,"secureConnectionStart":219.5},{"duration":87.60000038146973,"initiatorType":"xmlhttprequest","name":"https://jira.mariadb.org/rest/webResources/1.0/resources","startTime":473.69999980926514,"connectEnd":473.69999980926514,"connectStart":473.69999980926514,"domainLookupEnd":473.69999980926514,"domainLookupStart":473.69999980926514,"fetchStart":473.69999980926514,"redirectEnd":0,"redirectStart":0,"requestStart":473.69999980926514,"responseEnd":561.3000001907349,"responseStart":561.3000001907349,"secureConnectionStart":473.69999980926514},{"duration":227.5999994277954,"initiatorType":"link","name":"https://jira.mariadb.org/s/d5715adaadd168a9002b108b2b039b50-CDN/lu2cib/820016/12ta74/be4b45e9cec53099498fa61c8b7acba4/_/download/contextbatch/css/jira.project.sidebar,-_super,-project.issue.navigator,-jira.general,-jira.browse.project,-jira.view.issue,-jira.global,-atl.general,-com.atlassian.jira.projects.sidebar.init/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":744.9000005722046,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":744.9000005722046,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":972.5,"responseStart":0,"secureConnectionStart":0},{"duration":312.1000003814697,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2cib/820016/12ta74/e65b778d185daf5aee24936755b43da6/_/download/contextbatch/js/browser-metrics-plugin.contrib,-_super,-project.issue.navigator,-jira.view.issue,-atl.general/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":745.8000001907349,"connectEnd":745.8000001907349,"connectStart":745.8000001907349,"domainLookupEnd":745.8000001907349,"domainLookupStart":745.8000001907349,"fetchStart":745.8000001907349,"redirectEnd":0,"redirectStart":0,"requestStart":745.8000001907349,"responseEnd":1057.9000005722046,"responseStart":1057.9000005722046,"secureConnectionStart":745.8000001907349},{"duration":316,"initiatorType":"script","name":"https://jira.mariadb.org/s/097ae97cb8fbec7d6ea4bbb1f26955b9-CDN/lu2cib/820016/12ta74/be4b45e9cec53099498fa61c8b7acba4/_/download/contextbatch/js/jira.project.sidebar,-_super,-project.issue.navigator,-jira.general,-jira.browse.project,-jira.view.issue,-jira.global,-atl.general,-com.atlassian.jira.projects.sidebar.init/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":746.3000001907349,"connectEnd":746.3000001907349,"connectStart":746.3000001907349,"domainLookupEnd":746.3000001907349,"domainLookupStart":746.3000001907349,"fetchStart":746.3000001907349,"redirectEnd":0,"redirectStart":0,"requestStart":746.3000001907349,"responseEnd":1062.3000001907349,"responseStart":1062.3000001907349,"secureConnectionStart":746.3000001907349}],"fetchStart":0,"domainLookupStart":0,"domainLookupEnd":0,"connectStart":0,"connectEnd":0,"requestStart":14,"responseStart":206,"responseEnd":211,"domLoading":214,"domInteractive":1033,"domContentLoadedEventStart":1033,"domContentLoadedEventEnd":1093,"domComplete":1394,"loadEventStart":1394,"loadEventEnd":1394,"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","marks":[{"name":"bigPipe.sidebar-id.start","time":996.6000003814697},{"name":"bigPipe.sidebar-id.end","time":999},{"name":"bigPipe.activity-panel-pipe-id.start","time":999.1000003814697},{"name":"bigPipe.activity-panel-pipe-id.end","time":1002.3000001907349},{"name":"activityTabFullyLoaded","time":1117.5}],"measures":[],"correlationId":"a00c096bfb82d2","effectiveType":"4g","downlink":10,"rtt":0,"serverDuration":120,"dbReadsTimeInMs":10,"dbConnsTimeInMs":18,"applicationHash":"9d11dbea5f4be3d4cc21f03a88dd11d8c8687422","experiments":[]}}
Bug
Major
)
anelThe situation does very well occur on non-Windows OSes, but in your environment read_user_name probably resolves to "root", and you accidentally are able to connect with that user and empty password.