[MDEV-18119] upgrading from 10.3 to 10.4 can result in the password for a user to be wiped out - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.4(EOL)
Fix Version/s: 10.4.3
Component/s: Authentication and Privilege System
Labels:
None
Environment:
OS: CentOS Linux release 7.5.1804 (Core)
Kernel: 3.10.0-862.3.2.el7.x86_64
Arch: x86_64
Environment: unknown-envtype
CPU: Intel Xeon E312xx (Sandy Bridge) w/ 4 core(s)

Description

Details

Upgrading from 10.3 to 10.4 can result in the password for a user using 'mysql_native_password' to be removed.

version 10.3

# mysql --version

mysql  Ver 15.1 Distrib 10.3.11-MariaDB, for Linux (x86_64) using readline 5.1

# mysql mysql -e "select User,Host,plugin,Password,authentication_string from user where User='cptest';"

+--------+------+-----------------------+-------------------------------------------+-----------------------+

| User   | Host | plugin                | Password                                  | authentication_string |

+--------+------+-----------------------+-------------------------------------------+-----------------------+

| cptest | %    | mysql_native_password | *A8C0FBBC868C0ABC516A6CED06C02974BEC047C2 |                       |

+--------+------+-----------------------+-------------------------------------------+-----------------------+

upgrade to 10.4

notice that the user no longer has a password:

# mysql --version

mysql  Ver 15.1 Distrib 10.4.1-MariaDB, for Linux (x86_64) using readline 5.1

# mysql mysql -e "select User,Host,plugin,Password,authentication_string from user where User='cptest';"

+--------+------+-----------------------+----------+-----------------------+

| User   | Host | plugin                | Password | authentication_string |

+--------+------+-----------------------+----------+-----------------------+

| cptest | %    | mysql_native_password |          |                       |

+--------+------+-----------------------+----------+-----------------------+

Suggested Resolution / Expected Behavior

I would expect that the password maintained in the Password column would either be retained upon upgrading to 10.4 or it would be migrated over to the authentication_string column if the expectation is that all passwords are maintained there

Attachments

Issue Links

relates to

MDEV-18118 MySQL users can break if using mysql_native_plugin in version 10.2

Closed

Activity

Ascending order - Click to sort in descending order

Travis created issue - 2019-01-02 18:48

Elena Stepanova made changes - 2019-01-03 23:29

Field	Original Value	New Value
Status	Open [ 1 ]	Confirmed [ 10101 ]

Elena Stepanova made changes - 2019-01-03 23:30

Component/s		Authentication and Privilege System [ 13101 ]
Fix Version/s		10.4 [ 22408 ]
Assignee		Sergei Golubchik [ serg ]

Sergei Golubchik made changes - 2019-01-04 11:01

Priority

Major [ 3 ]

Blocker [ 1 ]

Sergei Golubchik made changes - 2019-01-09 18:40

Status

Confirmed [ 10101 ]

In Progress [ 3 ]

Sergei Golubchik made changes - 2019-01-09 19:24

Status

In Progress [ 3 ]

Stalled [ 10000 ]

Sergei Golubchik made changes - 2019-01-23 19:11

Link

This issue relates to ~~MDEV-18118~~ [ ~~MDEV-18118~~ ]

Sergei Golubchik made changes - 2019-01-29 14:38

Priority

Blocker [ 1 ]

Critical [ 2 ]

Sergei Golubchik made changes - 2019-02-04 15:25

Fix Version/s		10.4.3 [ 23230 ]
Fix Version/s	10.4 [ 22408 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2021-12-06 21:48

Workflow

MariaDB v3 [ 91459 ]

MariaDB v4 [ 155430 ]

People

Assignee:: Sergei Golubchik

Reporter:: Travis

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2019-01-02 18:48

Updated:: 2019-02-04 15:25

Resolved:: 2019-02-04 15:25

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server