Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26650

Failed ALTER USER/GRANT statement removes the password from the cache

    XMLWordPrintable

    Details

      Description

      Failed "ALTER USER/GRANT" statement removes the password from cache. We need to forcefully flush privileges to reload the password in cache.

       
      10.7.0-opt>INSTALL SONAME 'password_reuse_check';
      Query OK, 0 rows affected (0.000 sec)
       
      10.7.0-opt>show grants for test_user@localhost ;
      +---------------------------------------------------------------------------------------------------------------------------+
      | Grants for test_user@localhost                                                                                            |
      +---------------------------------------------------------------------------------------------------------------------------+
      | GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` IDENTIFIED BY PASSWORD '*66C77D72F32DC78E989434B9F9057B0C6D50464F' |
      +---------------------------------------------------------------------------------------------------------------------------+
      1 row in set (0.000 sec)
       
      10.7.0-opt>ALTER USER  test_user@localhost identified by 'dummypass';
      ERROR 1396 (HY000): Operation ALTER USER failed for 'test_user'@'localhost'
      10.7.0-opt>show grants for test_user@localhost ;
      +--------------------------------------------------------+
      | Grants for test_user@localhost                         |
      +--------------------------------------------------------+
      | GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` |
      +--------------------------------------------------------+
      1 row in set (0.000 sec)
       
      10.7.0-opt>
      $ ./bin/mysql -utest_user -S/test/mtest/MD160921-mariadb-10.7.0-linux-x86_64-opt/socket.sock -pdummypass
      ERROR 1045 (28000): Access denied for user 'test_user'@'localhost' (using password: YES)
      $
       
      10.7.0-opt>show grants for test_user@localhost;
      +---------------------------------------------------------------------------------------------------------------------------+
      | Grants for test_user@localhost                                                                                            |
      +---------------------------------------------------------------------------------------------------------------------------+
      | GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` IDENTIFIED BY PASSWORD '*BCF4F28E525ED7EE4664FFFF4DAE13EC14A6ABE1' |
      +---------------------------------------------------------------------------------------------------------------------------+
      1 row in set (0.000 sec)
       
      10.7.0-opt>grant all on *.* to test_user@localhost identified by 'Test@123';
      ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
      10.7.0-opt>show grants for test_user@localhost;
      +--------------------------------------------------------+
      | Grants for test_user@localhost                         |
      +--------------------------------------------------------+
      | GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` |
      +--------------------------------------------------------+
      1 row in set (0.000 sec)
       
      10.7.0-opt>
      

      This issue is not present if we UNINSTALL password_reuse_check plugin

      10.7.0-opt>UNINSTALL SONAME 'password_reuse_check';
      Query OK, 0 rows affected (0.009 sec)
       
      10.7.0-opt>
      10.7.0-opt>show grants for test_user@localhost ;
      +---------------------------------------------------------------------------------------------------------------------------+
      | Grants for test_user@localhost                                                                                            |
      +---------------------------------------------------------------------------------------------------------------------------+
      | GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` IDENTIFIED BY PASSWORD '*00E247AC5F9AF26AE0194B41E1E769DEE1429A29' |
      +---------------------------------------------------------------------------------------------------------------------------+
      1 row in set (0.000 sec)
       
      10.7.0-opt>ALTER USER  test_user@localhost identified by 'testpass';
      Query OK, 0 rows affected (0.012 sec)
       
      10.7.0-opt>show grants for test_user@localhost ;
      +---------------------------------------------------------------------------------------------------------------------------+
      | Grants for test_user@localhost                                                                                            |
      +---------------------------------------------------------------------------------------------------------------------------+
      | GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` IDENTIFIED BY PASSWORD '*00E247AC5F9AF26AE0194B41E1E769DEE1429A29' |
      +---------------------------------------------------------------------------------------------------------------------------+
      1 row in set (0.000 sec)
       
      10.7.0-opt>
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sanja Oleksandr Byelkin
              Reporter:
              ramesh Ramesh Sivaraman
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Git Integration