Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30487

Anonymous user with skip-resolve-name recognized as 'USERNAME-' on Windows

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.5
    • 10.3(EOL)
    • libmariadb, Server
    • None
    • Windows

    Description

      Based on test patch 6846913c9fecb7d (server branch bb-10.5-anel-anonymous-user-windows-check ), we can see that anonymous user, when used with skip-resolve-name gets Adminstrator user as confermed on buildbot-windows.
      I haven't checked localy, only on buildbot. I expect that when run locally, it should be the same output (with other USERNAME, see below) ?

      • Test:
        Start server with skip-resolve-name (add option to file <mtr_file_name>-master.opt, create test case: 

        create role test_role;
        		 
        grant test_role to ''@localhost;
        		 
         
        		 
        connect(con1,localhost,'',,,$MASTER_MYPORT); # here it fails on Windows only
        		 
        SELECT CURRENT_ROLE;
        		 
        SET role test_role;
        		 
        SELECT CURRENT_ROLE;
        		 
        # user cannot set subset role, since it is not granted explicitly
        		 
        --error ER_INVALID_ROLE
        		 
        SET role new_role;
        		 
        --error ER_PASSWORD_ANONYMOUS_USER
        		 
        set default role test_role for ''@localhost;
        		 
         
        		 
        connection default;
        		 
        disconnect con1;
        		 
        REVOKE all privileges, grant option from ''@localhost;
        		 
        --source include/delete_anonymous_users.inc
        		 
        drop role test_role;

      • Output: 

        main.anel                                w5 [ fail ]
        		 
                Test ended at 2023-01-27 16:26:18
        		 
        CURRENT_TEST: main.anel
        		 
        mysqltest: At line 10: query 'connect con1,localhost,'',,,$MASTER_MYPORT' failed: 1045: Access denied for user 'Administrator'@'::1' (using password: NO)
        		 
        The result from queries just before the failure was:
        		 
        # Verify anonymous user on Windows is not 'Administrator'
        		 
        #
        		 
        # Test of anonymous user connection
        		 
        --------------------------------------------------------------
        		 
        create role test_role;
        		 
        grant test_role to ''@localhost;
        		 
         - saving 'D:/Buildbot/amd64-windows/build/mysql-test/var/5/log/main.anel/' to 'D:/Buildbot/amd64-windows/build/mysql-test/var/log/main.anel/'
        		 
        Retrying test main.anel, attempt(2/3)...

      • Note:
        It may be related to libmariadb client authentication here where USERNAME is read instead of mysql->user, for which mysql->user[0]=''.
        It occurs only when skip-name-resolve is used (not sure why?) and only on Windows because of function read_user_name implementation on Windows, that is using USERNAME.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONC-631 Anonymous user with skip-resolve-name recognized as 'USERNAME' on Windows

          • Major - Major loss of function.
          • Closed

          Activity

            People

              georg Georg Richter
              anel Anel Husakovic
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.