[MDEV-32893] mariadb-backup is not considering O/S user when --user option is omitted Created: 2023-11-27  Updated: 2024-02-06  Resolved: 2024-02-02

Status: Closed
Project: MariaDB Server
Component/s: mariabackup
Affects Version/s: 10.11.6
Fix Version/s: 11.3.2, 11.4.1, 10.5.25, 10.6.18, 10.11.8, 11.0.6, 11.1.5, 11.2.4

Type: Bug Priority: Major
Reporter: Oli Sennhauser Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: beginner-friendly, documentation, mariadb-backup
Environment:

Debian 12, n.a.

Attachments: File MDEV-32893.patch    

 Description   

When the --user option in mariadb-backup is omitted mariadb-backup uses the anonymous user (''@localhost) instead of O/S user (root@localhost)

mariadb-backup --user=root --backup --target-dir=/tmp/backup
-> works as expected

mariadb-backup --backup --target-dir=/tmp/backup
231127 16:00:17 13772 Connect @localhost on using Socket
13772 Connect Access denied for user ''@'localhost' (using password: NO)

This does NEITHER reflect the general behaviour of all other MariaDB client utilities NOR does it match the documentation:

mariadb-backup --help
-u, --user=name This option specifies the MySQL username used when
connecting to the server, if that's not the current user.

Documentation states: https://mariadb.com/kb/en/mariabackup-options/#-user
" Defines the username for connecting to the MariaDB Server.
When Mariabackup runs it connects to the specified MariaDB Server to get its backups. Using this option, you can define the database user uses for authentication."

Further there is a type on in the docu: "database users uses" -> "database user used"

Do we have: a docu typo AND a little bug in the software and a discrepancy between the --help output AND the documentation...

 Comments   
Comment by Siavosh Kasravi [ 2024-01-03 ]

I started working on this.

Comment by Alexander Barkov [ 2024-01-17 ]

The manual is now fixed as suggested: "database users uses" -> "database user used"

Comment by Alexander Barkov [ 2024-01-24 ]

Observations:

Most MariaDB clients are linked against Connector-C and use the mariadb_real_connect() version from the file libmariadb/libmariadb/mariadb_lib.c from the connector-C sources. It uses the following code to detect the user name from the OS if it's not specified explicitly:

#if !defined(_WIN32)
 
void read_user_name(char *name)
 
{
 
  if (geteuid() == 0)
 
    strcpy(name,"root");                /* allow use of surun */
 
  else
 
  {
 
#ifdef HAVE_GETPWUID
 
    struct passwd *skr;
 
    const char *str;
 
    if ((skr=getpwuid(geteuid())) != NULL)
 
    {
 
      str=skr->pw_name;
 
    } else if ((str=getlogin()) == NULL)
 
    {
 
      if (!(str=getenv("USER")) && !(str=getenv("LOGNAME")) &&
 
               !(str=getenv("LOGIN")))
 
        str="UNKNOWN_USER";
 
    }
 
    ma_strmake(name,str,USERNAME_LENGTH);
 
#elif defined(HAVE_CUSERID)
 
    (void) cuserid(name);
 
#else
 
    ma_strmake(name,"UNKNOWN_USER", USERNAME_LENGTH);
 
#endif
 
  }
 
  return;
 
}
 
 
 
#else /* WIN32 */
 
 
 
void read_user_name(char *name)
 
{
 
  char *str=getenv("USERNAME");         /* ODBC will send user variable */
 
  ma_strmake(name,str ? str : "ODBC", USERNAME_LENGTH);
 
}
 
#endif

mariadb-backup is compiled differently - against a simplified mysql_real_connect() version from sql-common/client.c. See CLI_MYSQL_REAL_CONNECT() for details. This version does not detect the user name from the OS:

  if (!user || !user[0])
 
  {
 
    user=mysql->options.user;
 
    if (!user)
 
      user= "";
 
  }

From a glance it seems:

  • The fix should go to sql-common/client.c rather than to extra/mariabackup/backup_mysql.cc.
  • The fix should reproduce the full Connector-C way of the OS user detection, not only add getenv("USER").

But we also need to:

  • Find all applications using the simplified version from sql-common/client.c.
  • Check that this change does not break these applications.
Comment by Sergei Golubchik [ 2024-01-24 ]

it seems that libmysqlclient never used $USER as a default user name. That is, it did, but only on Windows and NetWare (right), that's what the old manual said.

So it's a new C/C feature, convenient, no doubt, but, indeed, perhaps we'd better not add it to libmysqlclient remnants. It'd be safer to do it in mariadb-backup only, I think.

Comment by Alexander Barkov [ 2024-02-02 ]

siakc, thanks for the original patch. As serg suggested, I fixed it in mariadb-backup only, like you did. But I added libmariadb style of the OS user detection instead if just using getenv("USER").

https://github.com/MariaDB/server/commit/78662ddadd5f297116ee1cf5708cbf3e19030152

Generated at Thu Feb 08 10:34:50 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.