[MDEV-36395] SET SESSION AUTHORIZATION is written in server audit log under the new user - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: N/A
Fix Version/s: 12.0
Component/s: Authentication and Privilege System, Plugin - Audit
Labels:
None

Description

INSTALL SONAME 'server_audit';

SET GLOBAL server_audit_logging=ON;

--let $datadir= `select @@datadir`

create user foo;

--connect (con1,localhost,root,,)

SELECT CURRENT_USER() AS should_be_root;

SET SESSION AUTHORIZATION foo@'%';

SELECT CURRENT_USER() AS should_be_foo;

--exec tail -n 4 $datadir/server_audit.log

--disconnect con1

--connection default

drop user foo;

UNINSTALL SONAME 'server_audit';

d4c600f804af677ac3177497b3770dbd67c448f7
connect con1,localhost,root,,;
SELECT CURRENT_USER() AS should_be_root;
should_be_root
root@localhost
SET SESSION AUTHORIZATION foo@'%';
SELECT CURRENT_USER() AS should_be_foo;
should_be_foo
foo@%
20250326 13:14:26,mesh,root,localhost,5,27,QUERY,test,'SELECT CURRENT_USER() AS should_be_root',0
20250326 13:14:26,mesh,,,5,0,CHANGEUSER,OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO,,0
20250326 13:14:26,mesh,foo,%,5,2,QUERY,,'SET SESSION AUTHORIZATION foo@\'%\'',0
20250326 13:14:26,mesh,foo,%,5,29,QUERY,,'SELECT CURRENT_USER() AS should_be_foo',0
disconnect con1;

The problem with the corrupt CHANGEUSER is not specific to SET SESSION AUTHORIZATION, it is filed as MDEV-36394.
This report is about logging "SET SESSION AUTHORIZATION" SQL command, which is written after CHANGEUSER under the new user name, which doesn't look right.

Attachments

Issue Links

is blocked by

MDEV-36394 Server audit incorrectly logs user or database for COM_CHANGE_USER and following queries

Open

is caused by

MDEV-20299 SET SESSION AUTHORIZATION

In Testing

Activity

No workflow transitions have been executed yet.

People

Assignee:: Sergei Golubchik

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2025-03-26 11:19

Updated:: 2025-03-28 16:40

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server