Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18151

Skipped error returning for GRANT/SET PASSWORD

Details

    Description

      CREATE USER foo@localhost;
      		 
      GRANT FILE ON *.* TO foo@localhost IDENTIFIED VIA not_installed_plugin;
      		 
       
      		 
      # Cleanup
      		 
      DROP USER foo@localhost;

      10.4 2465d3e00b

      		 
      mysqld: /data/src/10.4/sql/protocol.cc:588: void Protocol::end_statement(): Assertion `0' failed.
      		 
      190106 15:48:06 [ERROR] mysqld got signal 6 ;
      		 
       
      		 
      #7  0x00007f74c9ce7ee2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
      		 
      #8  0x0000555cbf44a39e in Protocol::end_statement (this=0x7f74a80010c0) at /data/src/10.4/sql/protocol.cc:588
      		 
      #9  0x0000555cbf55b05d in dispatch_command (command=COM_QUERY, thd=0x7f74a8000b00, packet=0x7f74a800b421 "GRANT FILE ON *.* TO foo@localhost IDENTIFIED VIA not_installed_plugin", packet_length=70, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:2410
      		 
      #10 0x0000555cbf557e92 in do_command (thd=0x7f74a8000b00) at /data/src/10.4/sql/sql_parse.cc:1396
      		 
      #11 0x0000555cbf6c40ba in do_handle_one_connection (connect=0x555cc30ff6b0) at /data/src/10.4/sql/sql_connect.cc:1402
      		 
      #12 0x0000555cbf6c3e3e in handle_one_connection (arg=0x555cc30ff6b0) at /data/src/10.4/sql/sql_connect.cc:1308
      		 
      #13 0x0000555cbfb83164 in pfs_spawn_thread (arg=0x555cc3043970) at /data/src/10.4/storage/perfschema/pfs.cc:1862
      		 
      #14 0x00007f74cb7a3494 in start_thread (arg=0x7f74c467b700) at pthread_create.c:333
      		 
      #15 0x00007f74c9da493f in clone () from /lib/x86_64-linux-gnu/libc.so.6

      The granted privileges don't seem to matter.
      Not reproducible on 10.3.
      No visible effect on a non-debug build.

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          View 7 older comments
          sanja Oleksandr Byelkin added a comment -

          The Original bug probably fixed by MDEV-11340, where plugin checked before set_user_auth call and error returned (instead of warning in set_user_auth)

          sanja Oleksandr Byelkin added a comment - The Original bug probably fixed by MDEV-11340 , where plugin checked before set_user_auth call and error returned (instead of warning in set_user_auth)
          sanja Oleksandr Byelkin added a comment -

          But the warning still make harm:

          install soname 'auth_0x0100';
          		 
          CREATE USER foo@localhost IDENTIFIED VIA auth_0x0100;
          		 
          uninstall plugin auth_0x0100;
          		 
           
          		 
          select Priv from mysql.global_priv where User = "foo" and host="localhost"
          		 
          into @priv;
          		 
          SET PASSWORD FOR foo@localhost = "1111";
          		 
          select Priv = @priv from mysql.global_priv where User = "foo" and host="localhost";

          result in warning but not changing the password

          CREATE USER foo@localhost;
          		 
          GRANT FILE ON *.* TO foo@localhost IDENTIFIED VIA not_installed_plugin;
          		 
          ERROR HY000: Plugin 'not_installed_plugin' is not loaded
          		 
          DROP USER foo@localhost;
          		 
          CREATE USER foo@localhost IDENTIFIED VIA not_installed_plugin;
          		 
          ERROR HY000: Plugin 'not_installed_plugin' is not loaded
          		 
          install soname 'auth_0x0100';
          		 
          CREATE USER foo@localhost IDENTIFIED VIA auth_0x0100;
          		 
          uninstall plugin auth_0x0100;
          		 
          select Priv from mysql.global_priv where User = "foo" and host="localhost"
          		 
          into @priv;
          		 
          Warnings:
          		 
          Warning	1287	'<select expression> INTO <destination>;' is deprecated and will be removed in a future release. Please use 'SELECT <select list> INTO <destination> FROM...' instead
          		 
          SET PASSWORD FOR foo@localhost = "1111";
          		 
          Warnings:
          		 
          Warning	1524	Plugin 'auth_0x0100' is not loaded
          		 
          select Priv = @priv from mysql.global_priv where User = "foo" and host="localhost";
          		 
          Priv = @priv
          		 
          1
          		 
          DROP USER foo@localhost;

          sanja Oleksandr Byelkin added a comment - But the warning still make harm: install soname 'auth_0x0100'; CREATE USER foo@localhost IDENTIFIED VIA auth_0x0100; uninstall plugin auth_0x0100;   select Priv from mysql.global_priv where User = "foo" and host="localhost" into @priv; SET PASSWORD FOR foo@localhost = "1111"; select Priv = @priv from mysql.global_priv where User = "foo" and host="localhost"; result in warning but not changing the password CREATE USER foo@localhost; GRANT FILE ON *.* TO foo@localhost IDENTIFIED VIA not_installed_plugin; ERROR HY000: Plugin 'not_installed_plugin' is not loaded DROP USER foo@localhost; CREATE USER foo@localhost IDENTIFIED VIA not_installed_plugin; ERROR HY000: Plugin 'not_installed_plugin' is not loaded install soname 'auth_0x0100'; CREATE USER foo@localhost IDENTIFIED VIA auth_0x0100; uninstall plugin auth_0x0100; select Priv from mysql.global_priv where User = "foo" and host="localhost" into @priv; Warnings: Warning 1287 '<select expression> INTO <destination>;' is deprecated and will be removed in a future release. Please use 'SELECT <select list> INTO <destination> FROM...' instead SET PASSWORD FOR foo@localhost = "1111"; Warnings: Warning 1524 Plugin 'auth_0x0100' is not loaded select Priv = @priv from mysql.global_priv where User = "foo" and host="localhost"; Priv = @priv 1 DROP USER foo@localhost;
          sanja Oleksandr Byelkin added a comment - - edited

          Also there is mentioning in the docs https://mariadb.com/kb/en/set-password/ so it should produse warning about using with plugin not required password

          1. It does not and was not from very beginning (even reflected in the tests plugin_auth.test):

          --echo ## test SET PASSWORD
          		 
          #--error ER_SET_PASSWORD_AUTH_PLUGIN
          		 
          SET PASSWORD = PASSWORD('plug_dest');

          (notice commented out error)

          2. if warning return something should be done (password changed) if nothing is done error should be returned

          sanja Oleksandr Byelkin added a comment - - edited Also there is mentioning in the docs https://mariadb.com/kb/en/set-password/ so it should produse warning about using with plugin not required password 1. It does not and was not from very beginning (even reflected in the tests plugin_auth.test): --echo ## test SET PASSWORD #--error ER_SET_PASSWORD_AUTH_PLUGIN SET PASSWORD = PASSWORD('plug_dest'); (notice commented out error) 2. if warning return something should be done (password changed) if nothing is done error should be returned
          sanja Oleksandr Byelkin added a comment - - edited 

          commit 58aa409f161e0899930054f040d19c42a933eceb (HEAD -> bb-10.5-MDEV-18151, origin/bb-10.5-MDEV-18151)
          		 
          Author: Oleksandr Byelkin <sanja@mariadb.com>
          		 
          Date:   Fri Oct 4 10:15:35 2024 +0200
          		 
           
          		 
              MDEV-18151 Skipped error returning for GRANT/SET PASSWORD
          		 
              
              Make message of error not warning.
          		 
           
          		 
          commit e2f7e256e049b83c336b289d903e9749b1b1abe4
          		 
          Author: Oleksandr Byelkin <sanja@mariadb.com>
          		 
          Date:   Fri Oct 4 10:13:10 2024 +0200
          		 
           
          		 
              fix grant5 test to return to the original database.
          		 
           
          		 
          commit 778c67f7af0fc65bed94c9a03c1f07e91e6ecc7a
          		 
          Author: Oleksandr Byelkin <sanja@mariadb.com>
          		 
          Date:   Fri Oct 4 09:28:46 2024 +0200
          		 
           
          		 
              MDEV-18151 Skipped error returning for GRANT/SET PASSWORD
          		 
              
              Make error issueing for GRANT and SET PASSWORD the same.
          		 
              Report errors wich were skipped before.

          sanja Oleksandr Byelkin added a comment - - edited commit 58aa409f161e0899930054f040d19c42a933eceb (HEAD -> bb-10.5-MDEV-18151, origin/bb-10.5-MDEV-18151) Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Fri Oct 4 10:15:35 2024 +0200   MDEV-18151 Skipped error returning for GRANT/SET PASSWORD Make message of error not warning.   commit e2f7e256e049b83c336b289d903e9749b1b1abe4 Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Fri Oct 4 10:13:10 2024 +0200   fix grant5 test to return to the original database.   commit 778c67f7af0fc65bed94c9a03c1f07e91e6ecc7a Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Fri Oct 4 09:28:46 2024 +0200   MDEV-18151 Skipped error returning for GRANT/SET PASSWORD Make error issueing for GRANT and SET PASSWORD the same. Report errors wich were skipped before.
          serg Sergei Golubchik added a comment -

          cc59fbfffa63 is ok to push. 236cdc78f5cd is ok, after changing "is not used for" to "is not applicable to"

          serg Sergei Golubchik added a comment - cc59fbfffa63 is ok to push. 236cdc78f5cd is ok, after changing "is not used for" to "is not applicable to"

          People

            sanja Oleksandr Byelkin
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.