[MDEV-22974] SHOW CREATE USER generates invalid SQL Created: 2020-06-22  Updated: 2020-12-11  Resolved: 2020-10-30

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System
Affects Version/s: 10.4, 10.5
Fix Version/s: 10.4.16, 10.5.7

Type: Bug Priority: Major
Reporter: Daniel Black Assignee: Daniel Black
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-24207 recognise mysql forms of invalid pass... Closed

 Description    

MariaDB [(none)]> show create user;
 
+---------------------------------------------------------------------------------------------------+
 
| CREATE USER for dan@localhost                                                                     |
 
+---------------------------------------------------------------------------------------------------+
 
| CREATE USER `dan`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket |
 
+---------------------------------------------------------------------------------------------------+
 
1 row in set (0.000 sec)
 
 
 
MariaDB [(none)]>  CREATE USER `dan2`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket
 
    -> ;
 
ERROR 1372 (HY000): Password hash should be a 41-digit hexadecimal number

Is "invalid" something that should be literally accepted for compatibility?

To not do so means programs and humans that use SHOW CREATE USER output needs to parse out this text and remove it.

 Comments   
Comment by Daniel Black [ 2020-07-22 ]

Given the "invalid" is a part of the password field instead of a user hash, I saw the easiest way just to accept that one literal.

per https://github.com/MariaDB/server/pull/1628

Alternate suggestions welcome

Comment by Daniel Black [ 2020-09-03 ]

mysql-5.7

 
mysql> show create user `mysql.sys`@localhost;
 
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
| CREATE USER for mysql.sys@localhost                                                                                                                                          |
 
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
| CREATE USER 'mysql.sys'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK |
 
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
1 row in set (0.00 sec)
 
 
 
mysql> CREATE USER 'mysql.XXX'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
 
Query OK, 0 rows affected (0.00 sec)
 
 
 
mysql> CREATE USER 'mysql.YYY'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*WALKISNOTAVALIDPASSWORDTHATCANBEUSEDFOOD' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
 
Query OK, 0 rows affected (0.00 sec)
 
 
 
mysql> CREATE USER 'mysql.XXX'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS 'maybe this can be anything' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
 
ERROR 1827 (HY000): The password hash doesn't have the expected format. Check if the correct password algorithm is being used with the PASSWORD() function.
 
 
 
mysql>  CREATE USER 'mysql.ZZZZ'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '!WALKISNOTAVALIDPASSWORDTHATCANBEUSEDFOOD' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
 
ERROR 1827 (HY000): The password hash doesn't have the expected format. Check if the correct password algorithm is being used with the PASSWORD() function.
 
mysql>  CREATE USER 'mysql.ZZZZ'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*WALKISNOTAVALIDPASSWORDTHATCANBEUSEDfood' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK;
 
Query OK, 0 rows affected (0.00 sec)

So begins with '*' and has the right length is the compatibility to aim for if supporting the mysql-5.7 syntax/definitions.

Comment by Daniel Black [ 2020-10-24 ]

First review: https://lists.launchpad.net/maria-developers/msg12435.html

Addressed review with bb-10.4-danielblack-MDEV-22974-mysql_native_password-make-invalid-valid

Generated at Thu Feb 08 09:18:54 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.