[MDEV-30487] Anonymous user with skip-resolve-name recognized as 'USERNAME-' on Windows Created: 2023-01-27  Updated: 2023-01-30

Status: Open
Project: MariaDB Server
Component/s: libmariadb, Server
Affects Version/s: 10.5
Fix Version/s: 10.3

Type: Bug Priority: Major
Reporter: Anel Husakovic Assignee: Georg Richter
Resolution: Unresolved Votes: 0
Labels: None
Environment:

Windows

Issue Links:
Relates
relates to CONC-631 Anonymous user with skip-resolve-name... Closed

 Description   

Based on test patch 6846913c9fecb7d (server branch bb-10.5-anel-anonymous-user-windows-check ), we can see that anonymous user, when used with skip-resolve-name gets Adminstrator user as confermed on buildbot-windows.
I haven't checked localy, only on buildbot. I expect that when run locally, it should be the same output (with other USERNAME, see below) ?

  • Test:
    Start server with skip-resolve-name (add option to file <mtr_file_name>-master.opt, create test case: 

    create role test_role;
    		 
    grant test_role to ''@localhost;
    		 
     
    		 
    connect(con1,localhost,'',,,$MASTER_MYPORT); # here it fails on Windows only
    		 
    SELECT CURRENT_ROLE;
    		 
    SET role test_role;
    		 
    SELECT CURRENT_ROLE;
    		 
    # user cannot set subset role, since it is not granted explicitly
    		 
    --error ER_INVALID_ROLE
    		 
    SET role new_role;
    		 
    --error ER_PASSWORD_ANONYMOUS_USER
    		 
    set default role test_role for ''@localhost;
    		 
     
    		 
    connection default;
    		 
    disconnect con1;
    		 
    REVOKE all privileges, grant option from ''@localhost;
    		 
    --source include/delete_anonymous_users.inc
    		 
    drop role test_role;

  • Output: 

    main.anel                                w5 [ fail ]
    		 
            Test ended at 2023-01-27 16:26:18
    		 
    CURRENT_TEST: main.anel
    		 
    mysqltest: At line 10: query 'connect con1,localhost,'',,,$MASTER_MYPORT' failed: 1045: Access denied for user 'Administrator'@'::1' (using password: NO)
    		 
    The result from queries just before the failure was:
    		 
    # Verify anonymous user on Windows is not 'Administrator'
    		 
    #
    		 
    # Test of anonymous user connection
    		 
    --------------------------------------------------------------
    		 
    create role test_role;
    		 
    grant test_role to ''@localhost;
    		 
     - saving 'D:/Buildbot/amd64-windows/build/mysql-test/var/5/log/main.anel/' to 'D:/Buildbot/amd64-windows/build/mysql-test/var/log/main.anel/'
    		 
    Retrying test main.anel, attempt(2/3)...

  • Note:
    It may be related to libmariadb client authentication here where USERNAME is read instead of mysql->user, for which mysql->user[0]=''.
    It occurs only when skip-name-resolve is used (not sure why?) and only on Windows because of function read_user_name implementation on Windows, that is using USERNAME.
Generated at Thu Feb 08 10:16:36 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.