Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
10.6
-
None
Description
for version 10.6.19-15-MariaDB-enterprise while creating user using ed255191 authentication, plain text password writing to audit file.
Create user statement:
MariaDB [(none)]> create user ed255191@'%' IDENTIFIED VIA ed25519 USING PASSWORD('Bnfjusdjg@123');
Query OK, 0 rows affected (0.031 sec)
Audit log entry:
20241011 01:24:06,rocky1,root,localhost,4,25,QUERY,,'create user ed255191@\'%\' IDENTIFIED VIA ed25519 USING PASSWORD(\'Bnfjusdjg@123\')',0
test suite
--source include/have_plugin_auth.inc
--source include/not_embedded.inc
if (!$SERVER_AUDIT_SO) {
skip No SERVER_AUDIT plugin;
}
if (!$AUTH_ED25519_SO) {
skip No auth_ed25519 plugin;
}
--disable_ps2_protocol
let $MYSQLD_DATADIR= `SELECT @@datadir`;
let SEARCH_FILE= $MYSQLD_DATADIR/server_audit.log;
install plugin ed25519 soname 'auth_ed25519';
install plugin server_audit soname 'server_audit';
set global server_audit_file_path='server_audit.log';
set global server_audit_output_type=file;
set global server_audit_logging=on;
--echo # unsafe to log passwords (pwd-123)
CREATE USER u1 IDENTIFIED BY 'pwd_123';
create user u2 IDENTIFIED VIA ed25519 USING PASSWORD('pwd_123');
SET PASSWORD FOR u1 = PASSWORD('pwd_123');
ALTER USER u1 IDENTIFIED BY 'pwd_123';
alter user u2 identified VIA ed25519 USING password('pwd-123');
GRANT ALL ON test TO u1 IDENTIFIED BY "pwd-123";
GRANT ALL ON test TO u1 identified VIA ed25519 USING password('pwd-123');
--let SEARCH_PATTERN=pwd_123
--echo # pattern should not be found
--source include/search_pattern_in_file.inc
--echo # pattern should not be found
--echo # cleaunup
DROP USER u1;
DROP USER u2;
set global server_audit_logging=off;
--remove_file $SEARCH_FILE
UNINSTALL PLUGIN ed25519;
UNINSTALL PLUGIN server_audit;