MDEV-30487 showed example of missing test case with skip-name-resolve and anonymous user in mtr.
When user connects with anonymous user, connection resolves to USERNAME on Windows only environment, rather to anonymous user.
This situation doesn't occur for non-Windows OS-es.
It may be expected behavior, but I didn't find any reference about in KB.
By testing, this may be related to libmariadb client authentication here where USERNAME is read instead of mysql->user, for which mysql->user[0]='', and I guess because of function read_user_name implementation on Windows, that is using USERNAME.
Attachments
Issue Links
relates to
MDEV-30487Anonymous user with skip-resolve-name recognized as 'USERNAME-' on Windows
anelThe situation does very well occur on non-Windows OSes, but in your environment read_user_name probably resolves to "root", and you accidentally are able to connect with that user and empty password.
Vladislav Vaintroub
added a comment - anel The situation does very well occur on non-Windows OSes, but in your environment read_user_name probably resolves to "root", and you accidentally are able to connect with that user and empty password.
read_user_name() returns the currently logged in user, if user name for mysql_real_connect() was not specified.
This behavior is the same on Windows and Posix systems:
mariadb -e"select current_user()"
+-----------------+
| current_user() |
+-----------------+
| georg@localhost |
+-----------------+
So I wonder which username do you expect on Windows, if none was specified?!
Georg Richter
added a comment - anel
read_user_name() returns the currently logged in user, if user name for mysql_real_connect() was not specified.
This behavior is the same on Windows and Posix systems:
mariadb -e "select current_user()"
+-----------------+
| current_user() |
+-----------------+
| georg @localhost |
+-----------------+
So I wonder which username do you expect on Windows, if none was specified?!
user name not specified, is when NULL is passed to mysql_real_connect.
anonymous user is when "" is passed to mysql_real_connect.
Vladislav Vaintroub
added a comment - user name not specified, is when NULL is passed to mysql_real_connect.
anonymous user is when "" is passed to mysql_real_connect.
"If user is NULL or the empty string "", the current user is assumed".
So yes, it's missing in our documentation.
Georg Richter
added a comment - Same behavior in MySQL, but it is documented:
https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-connect.html
"If user is NULL or the empty string "", the current user is assumed".
So yes, it's missing in our documentation.
By testing I noted that combination anonymous user + skip-name-resolve fails on buildbot and only on Windows (below is proof).
Without skip-name-resolve it works (bb doesn't fail, have seen in bb, but don't have proof to show here since used same branch for testing- can do on other branch, if you want).
I understand resolving of USERNAME, but we have uncovered test case in our suite (anonymous user + skip-name-resolve )
Just wanted to point that mtr is missing this test case to cover and we have failure on buildbot only on Windows.
In order to cover the test case ( anonymous user + skip-name-resolve ), what do you suggest to change in above test case (case 2.) ?
Based on statement [1] for Win and if in buildbot user is verified to be an Adminstrator as an current user, when skip-name-resolve is used, and if this is not a bug, should we have in mtr test pseudo-code like so:
# we are using skip-name-resolve
if OS == Windows
# anonymous userin bb == 'Administrator', since currentusername must be specified explicitly for Windows (see [1]) and we are using skip-name-resolve
Anel Husakovic
added a comment - Thanks wlad , georg .
By testing I noted that combination anonymous user + skip-name-resolve fails on buildbot and only on Windows (below is proof).
Without skip-name-resolve it works (bb doesn't fail, have seen in bb, but don't have proof to show here since used same branch for testing- can do on other branch, if you want).
I understand resolving of USERNAME , but we have uncovered test case in our suite ( anonymous user + skip-name-resolve )
1. Without skip-name-resolve , here we still have anonymous user , buildbot doesn't fail.
I have test case (tested before, verified on bb): https://github.com/MariaDB/server/commit/3b3aa81df64fd9ead56d8b5d1e3325c311d51cea#diff-4f7e5eb7561bba054403ee3a773b92c8bfc44cb1640122d4890e12f8708026b2
2. With skip-name-resolve it fails (only on Windows) - here we may have a bug/or undocumented behavior:
Test case: https://github.com/MariaDB/server/commit/6846913c9fecb7de3eae3470300c16c87c03a591
Failure: https://buildbot.mariadb.org/#/builders/234/builds/15431
See all builds for this case: https://buildbot.mariadb.org/#/grid?branch=bb-10.5-anel-anonymous-user-windows-check
Just wanted to point that mtr is missing this test case to cover and we have failure on buildbot only on Windows .
In order to cover the test case ( anonymous user + skip-name-resolve ), what do you suggest to change in above test case (case 2.) ?
Based on statement [1] for Win and if in buildbot user is verified to be an Adminstrator as an current user, when skip-name-resolve is used, and if this is not a bug, should we have in mtr test pseudo-code like so:
# we are using skip- name -resolve
if OS == Windows
# anonymous user in bb == 'Administrator' , since current user name must be specified explicitly for Windows (see [1]) and we are using skip- name -resolve
connect ( 'Adminstrator' , localhost,,)
else
# yes we can use anonymous user
connect ( '' ,localhost,,,)
[1] https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-connect.html
"If user is NULL or the empty string "", the current user is assumed". we have this too:
"Under Windows ODBC, the current user name must be specified explicitly. "
I derive from looking at the code and from Georg's answer, that there is no anonymous user possible, with Connector C, because connector C does not send empty string. So, I'm not sure what's tested here. What you assume as anonymous is probably root@localhost, or root@127.0.0.1, or root@::1 .
(I'm not commenting, whether localhost is or should be 127.0.0.1 or ::1, with or without skip-name-resolve, I do not care, to me it is the same thing )
Vladislav Vaintroub
added a comment - - edited I derive from looking at the code and from Georg's answer, that there is no anonymous user possible, with Connector C, because connector C does not send empty string. So, I'm not sure what's tested here. What you assume as anonymous is probably root@localhost, or root@127.0.0.1, or root@::1 .
(I'm not commenting, whether localhost is or should be 127.0.0.1 or ::1, with or without skip-name-resolve, I do not care, to me it is the same thing )
People
Georg Richter
Anel Husakovic
Votes:
0Vote for this issue
Watchers:
3Start watching this issue
Dates
Created:
Updated:
Resolved:
Git Integration
Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.
{"report":{"fcp":864.3999996185303,"ttfb":213.5999994277954,"pageVisibility":"visible","entityId":118709,"key":"jira.project.issue.view-issue","isInitial":true,"threshold":1000,"elementTimings":{},"userDeviceMemory":8,"userDeviceProcessors":64,"apdex":1,"journeyId":"7ce1a14a-2462-4ff2-8de5-d5ca95c1ef4f","navigationType":0,"readyForUser":944.6999998092651,"redirectCount":0,"resourceLoadedEnd":968.3999996185303,"resourceLoadedStart":218.69999980926514,"resourceTiming":[{"duration":27.300000190734863,"initiatorType":"link","name":"https://jira.mariadb.org/s/2c21342762a6a02add1c328bed317ffd-CDN/lu2bv2/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/css/_super/batch.css","startTime":218.69999980926514,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":218.69999980926514,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":246,"responseStart":0,"secureConnectionStart":0},{"duration":27.600000381469727,"initiatorType":"link","name":"https://jira.mariadb.org/s/7ebd35e77e471bc30ff0eba799ebc151-CDN/lu2bv2/820016/12ta74/2380add21a9a1006587582385952de73/_/download/contextbatch/css/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":218.89999961853027,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":218.89999961853027,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":246.5,"responseStart":0,"secureConnectionStart":0},{"duration":106.80000019073486,"initiatorType":"script","name":"https://jira.mariadb.org/s/e9b27a47da5fb0f74a35acd57e9847fb-CDN/lu2bv2/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/js/_super/batch.js?locale=en","startTime":219.0999994277954,"connectEnd":219.0999994277954,"connectStart":219.0999994277954,"domainLookupEnd":219.0999994277954,"domainLookupStart":219.0999994277954,"fetchStart":219.0999994277954,"redirectEnd":0,"redirectStart":0,"requestStart":219.0999994277954,"responseEnd":325.8999996185303,"responseStart":325.8999996185303,"secureConnectionStart":219.0999994277954},{"duration":209.30000019073486,"initiatorType":"script","name":"https://jira.mariadb.org/s/c32eb0da7ad9831253f8397e6cc26afd-CDN/lu2bv2/820016/12ta74/2380add21a9a1006587582385952de73/_/download/contextbatch/js/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":219.29999923706055,"connectEnd":219.29999923706055,"connectStart":219.29999923706055,"domainLookupEnd":219.29999923706055,"domainLookupStart":219.29999923706055,"fetchStart":219.29999923706055,"redirectEnd":0,"redirectStart":0,"requestStart":219.29999923706055,"responseEnd":428.5999994277954,"responseStart":428.5999994277954,"secureConnectionStart":219.29999923706055},{"duration":212.89999961853027,"initiatorType":"script","name":"https://jira.mariadb.org/s/bc0bcb146314416123c992714ee00ff7-CDN/lu2bv2/820016/12ta74/c92c0caa9a024ae85b0ebdbed7fb4bd7/_/download/contextbatch/js/atl.global,-_super/batch.js?locale=en","startTime":219.5,"connectEnd":219.5,"connectStart":219.5,"domainLookupEnd":219.5,"domainLookupStart":219.5,"fetchStart":219.5,"redirectEnd":0,"redirectStart":0,"requestStart":219.5,"responseEnd":432.3999996185303,"responseStart":432.3999996185303,"secureConnectionStart":219.5},{"duration":213.10000038146973,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-en/jira.webresources:calendar-en.js","startTime":219.79999923706055,"connectEnd":219.79999923706055,"connectStart":219.79999923706055,"domainLookupEnd":219.79999923706055,"domainLookupStart":219.79999923706055,"fetchStart":219.79999923706055,"redirectEnd":0,"redirectStart":0,"requestStart":219.79999923706055,"responseEnd":432.8999996185303,"responseStart":432.8999996185303,"secureConnectionStart":219.79999923706055},{"duration":213.39999961853027,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-localisation-moment/jira.webresources:calendar-localisation-moment.js","startTime":219.89999961853027,"connectEnd":219.89999961853027,"connectStart":219.89999961853027,"domainLookupEnd":219.89999961853027,"domainLookupStart":219.89999961853027,"fetchStart":219.89999961853027,"redirectEnd":0,"redirectStart":0,"requestStart":219.89999961853027,"responseEnd":433.29999923706055,"responseStart":433.29999923706055,"secureConnectionStart":219.89999961853027},{"duration":252.19999980926514,"initiatorType":"link","name":"https://jira.mariadb.org/s/b04b06a02d1959df322d9cded3aeecc1-CDN/lu2bv2/820016/12ta74/a2ff6aa845ffc9a1d22fe23d9ee791fc/_/download/contextbatch/css/jira.global.look-and-feel,-_super/batch.css","startTime":220.0999994277954,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":220.0999994277954,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":472.29999923706055,"responseStart":0,"secureConnectionStart":0},{"duration":213.4000005722046,"initiatorType":"script","name":"https://jira.mariadb.org/rest/api/1.0/shortcuts/820016/47140b6e0a9bc2e4913da06536125810/shortcuts.js?context=issuenavigation&context=issueaction","startTime":220.29999923706055,"connectEnd":220.29999923706055,"connectStart":220.29999923706055,"domainLookupEnd":220.29999923706055,"domainLookupStart":220.29999923706055,"fetchStart":220.29999923706055,"redirectEnd":0,"redirectStart":0,"requestStart":220.29999923706055,"responseEnd":433.69999980926514,"responseStart":433.69999980926514,"secureConnectionStart":220.29999923706055},{"duration":252.10000038146973,"initiatorType":"link","name":"https://jira.mariadb.org/s/3ac36323ba5e4eb0af2aa7ac7211b4bb-CDN/lu2bv2/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/css/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.css?jira.create.linked.issue=true","startTime":220.39999961853027,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":220.39999961853027,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":472.5,"responseStart":0,"secureConnectionStart":0},{"duration":213.5999994277954,"initiatorType":"script","name":"https://jira.mariadb.org/s/719848dd97ebe0663199f49a3936487a-CDN/lu2bv2/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/js/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.js?jira.create.linked.issue=true&locale=en","startTime":220.69999980926514,"connectEnd":220.69999980926514,"connectStart":220.69999980926514,"domainLookupEnd":220.69999980926514,"domainLookupStart":220.69999980926514,"fetchStart":220.69999980926514,"redirectEnd":0,"redirectStart":0,"requestStart":220.69999980926514,"responseEnd":434.29999923706055,"responseStart":434.29999923706055,"secureConnectionStart":220.69999980926514},{"duration":638.1000003814697,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-js/jira.webresources:bigpipe-js.js","startTime":226.39999961853027,"connectEnd":226.39999961853027,"connectStart":226.39999961853027,"domainLookupEnd":226.39999961853027,"domainLookupStart":226.39999961853027,"fetchStart":226.39999961853027,"redirectEnd":0,"redirectStart":0,"requestStart":226.39999961853027,"responseEnd":864.5,"responseStart":864.5,"secureConnectionStart":226.39999961853027},{"duration":638.2999992370605,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-init/jira.webresources:bigpipe-init.js","startTime":226.5,"connectEnd":226.5,"connectStart":226.5,"domainLookupEnd":226.5,"domainLookupStart":226.5,"fetchStart":226.5,"redirectEnd":0,"redirectStart":0,"requestStart":226.5,"responseEnd":864.7999992370605,"responseStart":864.7999992370605,"secureConnectionStart":226.5},{"duration":93.89999961853027,"initiatorType":"xmlhttprequest","name":"https://jira.mariadb.org/rest/webResources/1.0/resources","startTime":484.69999980926514,"connectEnd":484.69999980926514,"connectStart":484.69999980926514,"domainLookupEnd":484.69999980926514,"domainLookupStart":484.69999980926514,"fetchStart":484.69999980926514,"redirectEnd":0,"redirectStart":0,"requestStart":484.69999980926514,"responseEnd":578.5999994277954,"responseStart":578.5,"secureConnectionStart":484.69999980926514},{"duration":192.60000038146973,"initiatorType":"link","name":"https://jira.mariadb.org/s/d5715adaadd168a9002b108b2b039b50-CDN/lu2bv2/820016/12ta74/be4b45e9cec53099498fa61c8b7acba4/_/download/contextbatch/css/jira.project.sidebar,-_super,-project.issue.navigator,-jira.general,-jira.browse.project,-jira.view.issue,-jira.global,-atl.general,-com.atlassian.jira.projects.sidebar.init/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":775.7999992370605,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":775.7999992370605,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":968.3999996185303,"responseStart":0,"secureConnectionStart":0},{"duration":157.80000019073486,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/e65b778d185daf5aee24936755b43da6/_/download/contextbatch/js/browser-metrics-plugin.contrib,-_super,-project.issue.navigator,-jira.view.issue,-atl.general/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":776.7999992370605,"connectEnd":776.7999992370605,"connectStart":776.7999992370605,"domainLookupEnd":776.7999992370605,"domainLookupStart":776.7999992370605,"fetchStart":776.7999992370605,"redirectEnd":0,"redirectStart":0,"requestStart":776.7999992370605,"responseEnd":934.5999994277954,"responseStart":934.5999994277954,"secureConnectionStart":776.7999992370605},{"duration":162.69999980926514,"initiatorType":"script","name":"https://jira.mariadb.org/s/53a43b6764f587426c7bb9a150184c00-CDN/lu2bv2/820016/12ta74/be4b45e9cec53099498fa61c8b7acba4/_/download/contextbatch/js/jira.project.sidebar,-_super,-project.issue.navigator,-jira.general,-jira.browse.project,-jira.view.issue,-jira.global,-atl.general,-com.atlassian.jira.projects.sidebar.init/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":777.0999994277954,"connectEnd":777.0999994277954,"connectStart":777.0999994277954,"domainLookupEnd":777.0999994277954,"domainLookupStart":777.0999994277954,"fetchStart":777.0999994277954,"redirectEnd":0,"redirectStart":0,"requestStart":777.0999994277954,"responseEnd":939.7999992370605,"responseStart":939.7999992370605,"secureConnectionStart":777.0999994277954},{"duration":128.19999980926514,"initiatorType":"script","name":"https://www.google-analytics.com/analytics.js","startTime":857.6999998092651,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":857.6999998092651,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":985.8999996185303,"responseStart":0,"secureConnectionStart":0}],"fetchStart":0,"domainLookupStart":0,"domainLookupEnd":0,"connectStart":0,"connectEnd":0,"requestStart":39,"responseStart":214,"responseEnd":222,"domLoading":217,"domInteractive":1033,"domContentLoadedEventStart":1033,"domContentLoadedEventEnd":1095,"domComplete":1295,"loadEventStart":1295,"loadEventEnd":1296,"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","marks":[{"name":"bigPipe.sidebar-id.start","time":988.2999992370605},{"name":"bigPipe.sidebar-id.end","time":989.1999998092651},{"name":"bigPipe.activity-panel-pipe-id.start","time":989.3999996185303},{"name":"bigPipe.activity-panel-pipe-id.end","time":992.0999994277954},{"name":"activityTabFullyLoaded","time":1111.2999992370605}],"measures":[],"correlationId":"8ffe00b5762d2d","effectiveType":"4g","downlink":9,"rtt":0,"serverDuration":108,"dbReadsTimeInMs":11,"dbConnsTimeInMs":18,"applicationHash":"9d11dbea5f4be3d4cc21f03a88dd11d8c8687422","experiments":[]}}
Bug
Major
)
anelThe situation does very well occur on non-Windows OSes, but in your environment read_user_name probably resolves to "root", and you accidentally are able to connect with that user and empty password.