Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22974

SHOW CREATE USER generates invalid SQL

Details

    Description

      MariaDB [(none)]> show create user;
      +---------------------------------------------------------------------------------------------------+
      | CREATE USER for dan@localhost                                                                     |
      +---------------------------------------------------------------------------------------------------+
      | CREATE USER `dan`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket |
      +---------------------------------------------------------------------------------------------------+
      1 row in set (0.000 sec)
       
      MariaDB [(none)]>  CREATE USER `dan2`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket
          -> ;
      ERROR 1372 (HY000): Password hash should be a 41-digit hexadecimal number
      

      Is "invalid" something that should be literally accepted for compatibility?

      To not do so means programs and humans that use SHOW CREATE USER output needs to parse out this text and remove it.

      Attachments

        Issue Links

          Activity

            danblack Daniel Black added a comment - - edited

            Given the "invalid" is a part of the password field instead of a user hash, I saw the easiest way just to accept that one literal.

            per https://github.com/MariaDB/server/pull/1628

            Alternate suggestions welcome

            danblack Daniel Black added a comment - - edited Given the "invalid" is a part of the password field instead of a user hash, I saw the easiest way just to accept that one literal. per https://github.com/MariaDB/server/pull/1628 Alternate suggestions welcome
            danblack Daniel Black added a comment -

            mysql-5.7

            mysql> show create user `mysql.sys`@localhost;
            +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
            | CREATE USER for mysql.sys@localhost                                                                                                                                          |
            +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
            | CREATE USER 'mysql.sys'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK |
            +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
            1 row in set (0.00 sec)
             
            mysql> CREATE USER 'mysql.XXX'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
            Query OK, 0 rows affected (0.00 sec)
             
            mysql> CREATE USER 'mysql.YYY'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*WALKISNOTAVALIDPASSWORDTHATCANBEUSEDFOOD' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
            Query OK, 0 rows affected (0.00 sec)
             
            mysql> CREATE USER 'mysql.XXX'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS 'maybe this can be anything' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
            ERROR 1827 (HY000): The password hash doesn't have the expected format. Check if the correct password algorithm is being used with the PASSWORD() function.
             
            mysql>  CREATE USER 'mysql.ZZZZ'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '!WALKISNOTAVALIDPASSWORDTHATCANBEUSEDFOOD' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
            ERROR 1827 (HY000): The password hash doesn't have the expected format. Check if the correct password algorithm is being used with the PASSWORD() function.
            mysql>  CREATE USER 'mysql.ZZZZ'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*WALKISNOTAVALIDPASSWORDTHATCANBEUSEDfood' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
            Query OK, 0 rows affected (0.00 sec)
            

            So begins with '*' and has the right length is the compatibility to aim for if supporting the mysql-5.7 syntax/definitions.

            danblack Daniel Black added a comment - mysql-5.7 mysql> show create user `mysql.sys`@localhost; +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | CREATE USER for mysql.sys@localhost | +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | CREATE USER 'mysql.sys'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK | +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec)   mysql> CREATE USER 'mysql.XXX'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK; Query OK, 0 rows affected (0.00 sec)   mysql> CREATE USER 'mysql.YYY'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*WALKISNOTAVALIDPASSWORDTHATCANBEUSEDFOOD' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK; Query OK, 0 rows affected (0.00 sec)   mysql> CREATE USER 'mysql.XXX'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS 'maybe this can be anything' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK; ERROR 1827 (HY000): The password hash doesn't have the expected format. Check if the correct password algorithm is being used with the PASSWORD() function.   mysql> CREATE USER 'mysql.ZZZZ'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '!WALKISNOTAVALIDPASSWORDTHATCANBEUSEDFOOD' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK; ERROR 1827 (HY000): The password hash doesn't have the expected format. Check if the correct password algorithm is being used with the PASSWORD() function. mysql> CREATE USER 'mysql.ZZZZ'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*WALKISNOTAVALIDPASSWORDTHATCANBEUSEDfood' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK; Query OK, 0 rows affected (0.00 sec) So begins with '*' and has the right length is the compatibility to aim for if supporting the mysql-5.7 syntax/definitions.
            danblack Daniel Black added a comment -

            First review: https://lists.launchpad.net/maria-developers/msg12435.html

            Addressed review with bb-10.4-danielblack-MDEV-22974-mysql_native_password-make-invalid-valid

            danblack Daniel Black added a comment - First review: https://lists.launchpad.net/maria-developers/msg12435.html Addressed review with bb-10.4-danielblack- MDEV-22974 -mysql_native_password-make-invalid-valid

            People

              danblack Daniel Black
              danblack Daniel Black
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.