Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.4(EOL), 10.5
-
None
Description
MariaDB [(none)]> show create user;
|
+---------------------------------------------------------------------------------------------------+
|
| CREATE USER for dan@localhost |
|
+---------------------------------------------------------------------------------------------------+
|
| CREATE USER `dan`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket |
|
+---------------------------------------------------------------------------------------------------+
|
1 row in set (0.000 sec)
|
|
|
MariaDB [(none)]> CREATE USER `dan2`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket
|
-> ;
|
ERROR 1372 (HY000): Password hash should be a 41-digit hexadecimal number
|
Is "invalid" something that should be literally accepted for compatibility?
To not do so means programs and humans that use SHOW CREATE USER output needs to parse out this text and remove it.
Attachments
Issue Links
- relates to
-
-
- Closed
-
- links to
Activity
|
mysql-5.7 |
mysql> show create user `mysql.sys`@localhost;
|
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| CREATE USER for mysql.sys@localhost |
|
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| CREATE USER 'mysql.sys'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK |
|
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
1 row in set (0.00 sec)
|
|
|
mysql> CREATE USER 'mysql.XXX'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
|
Query OK, 0 rows affected (0.00 sec)
|
|
|
mysql> CREATE USER 'mysql.YYY'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*WALKISNOTAVALIDPASSWORDTHATCANBEUSEDFOOD' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
|
Query OK, 0 rows affected (0.00 sec)
|
|
|
mysql> CREATE USER 'mysql.XXX'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS 'maybe this can be anything' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
|
ERROR 1827 (HY000): The password hash doesn't have the expected format. Check if the correct password algorithm is being used with the PASSWORD() function.
|
|
|
mysql> CREATE USER 'mysql.ZZZZ'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '!WALKISNOTAVALIDPASSWORDTHATCANBEUSEDFOOD' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
|
ERROR 1827 (HY000): The password hash doesn't have the expected format. Check if the correct password algorithm is being used with the PASSWORD() function.
|
mysql> CREATE USER 'mysql.ZZZZ'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*WALKISNOTAVALIDPASSWORDTHATCANBEUSEDfood' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
|
Query OK, 0 rows affected (0.00 sec)
|
So begins with '*' and has the right length is the compatibility to aim for if supporting the mysql-5.7 syntax/definitions.
First review: https://lists.launchpad.net/maria-developers/msg12435.html
Addressed review with bb-10.4-danielblack-MDEV-22974-mysql_native_password-make-invalid-valid
Given the "invalid" is a part of the password field instead of a user hash, I saw the easiest way just to accept that one literal.
per https://github.com/MariaDB/server/pull/1628
Alternate suggestions welcome