diff options
author | Sergei Golubchik <serg@mariadb.org> | 2019-02-19 12:58:11 +0100 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2019-02-21 15:04:03 +0100 |
commit | 4386d93500bea0169d0d0d0d9112f47b849d60e4 (patch) | |
tree | 5bfb5b9212308c50f0c6324de00422ac3fdd3909 | |
parent | a94b20a8e0d9e64eeaabdaaa7a3e03fcdb8a686e (diff) | |
download | mariadb-git-4386d93500bea0169d0d0d0d9112f47b849d60e4.tar.gz |
MDEV-18297 How to reset a forgotten root password
After FLUSH PRIVILEGES remember if the connection started under
--skip-grant-tables and keep it all-powerful, not a lowly anonymous.
One could use this connection to reset passwords as needed.
Also fix a crash in SHOW CREATE USER
-rw-r--r-- | mysql-test/main/skip_grants.result | 36 | ||||
-rw-r--r-- | mysql-test/main/skip_grants.test | 43 | ||||
-rw-r--r-- | sql/sql_acl.cc | 6 | ||||
-rw-r--r-- | sql/sql_db.cc | 2 | ||||
-rw-r--r-- | sql/sql_table.cc | 15 |
5 files changed, 62 insertions, 40 deletions
diff --git a/mysql-test/main/skip_grants.result b/mysql-test/main/skip_grants.result index de263074b61..9710f643acb 100644 --- a/mysql-test/main/skip_grants.result +++ b/mysql-test/main/skip_grants.result @@ -1,14 +1,4 @@ use test; -DROP VIEW IF EXISTS v1; -DROP VIEW IF EXISTS v2; -DROP VIEW IF EXISTS v3; -DROP TABLE IF EXISTS t1; -DROP PROCEDURE IF EXISTS p1; -DROP PROCEDURE IF EXISTS p2; -DROP PROCEDURE IF EXISTS p3; -DROP FUNCTION IF EXISTS f1; -DROP FUNCTION IF EXISTS f2; -DROP FUNCTION IF EXISTS f3; CREATE TABLE t1(c INT); CREATE TRIGGER t1_bi BEFORE INSERT ON t1 FOR EACH ROW @@ -95,3 +85,29 @@ Acl_role_grants 0 Acl_roles 0 Acl_table_grants 0 Acl_users 0 +show create user root@localhost; +ERROR HY000: The MariaDB server is running with the --skip-grant-tables option so it cannot execute this statement +insert mysql.global_priv values ('foo', 'bar', '{}'); +insert mysql.global_priv values ('baz', 'baz', '{"plugin":"baz"}'); +set password for bar@foo = password("pass word"); +ERROR HY000: The MariaDB server is running with the --skip-grant-tables option so it cannot execute this statement +flush privileges; +show create user root@localhost; +CREATE USER for root@localhost +CREATE USER 'root'@'localhost' +show create user bar@foo; +CREATE USER for bar@foo +CREATE USER 'bar'@'foo' +show create user baz@baz; +CREATE USER for baz@baz +CREATE USER 'baz'@'baz' IDENTIFIED VIA baz +set password for bar@foo = password("pass word"); +show create user bar@foo; +CREATE USER for bar@foo +CREATE USER 'bar'@'foo' IDENTIFIED BY PASSWORD '*EDBBEA7F4E7B5D8B0BC8D7AC5D1936FB7DA10611' +alter user baz@baz identified with mysql_native_password as password("baz"); +show create user baz@baz; +CREATE USER for baz@baz +CREATE USER 'baz'@'baz' IDENTIFIED BY PASSWORD '*E52096EF8EB0240275A7FE9E069101C33F98CF07' +drop user bar@foo; +drop user baz@baz; diff --git a/mysql-test/main/skip_grants.test b/mysql-test/main/skip_grants.test index 5f79404e7e4..ccad3c2d13f 100644 --- a/mysql-test/main/skip_grants.test +++ b/mysql-test/main/skip_grants.test @@ -15,26 +15,6 @@ use test; # - BUG#13504: creation view with DEFINER clause if --skip-grant-tables # -# Prepare. - ---disable_warnings - -DROP VIEW IF EXISTS v1; -DROP VIEW IF EXISTS v2; -DROP VIEW IF EXISTS v3; - -DROP TABLE IF EXISTS t1; - -DROP PROCEDURE IF EXISTS p1; -DROP PROCEDURE IF EXISTS p2; -DROP PROCEDURE IF EXISTS p3; - -DROP FUNCTION IF EXISTS f1; -DROP FUNCTION IF EXISTS f2; -DROP FUNCTION IF EXISTS f3; - ---enable_warnings - # Test case. CREATE TABLE t1(c INT); @@ -137,3 +117,26 @@ select no_such_function(1); # MDEV-8280 crash in 'show global status' with --skip-grant-tables # show global status like 'Acl%'; + +# +# MDEV-18297 +# How to reset a forgotten root password +# +--error ER_OPTION_PREVENTS_STATEMENT +show create user root@localhost; +insert mysql.global_priv values ('foo', 'bar', '{}'); +insert mysql.global_priv values ('baz', 'baz', '{"plugin":"baz"}'); +--error ER_OPTION_PREVENTS_STATEMENT +set password for bar@foo = password("pass word"); +flush privileges; +show create user root@localhost; +show create user bar@foo; +show create user baz@baz; +set password for bar@foo = password("pass word"); +show create user bar@foo; +alter user baz@baz identified with mysql_native_password as password("baz"); +show create user baz@baz; +drop user bar@foo; +drop user baz@baz; +# need to restart the server to restore the --skip-grant state +--source include/restart_mysqld.inc diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index ee07bfd2680..b441356df26 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -2557,6 +2557,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables) init_check_host(); + thd->bootstrap= !initialized; // keep FLUSH PRIVILEGES connection special initialized=1; DBUG_RETURN(FALSE); } @@ -8908,6 +8909,11 @@ bool mysql_show_create_user(THD *thd, LEX_USER *lex_user) uint head_length; DBUG_ENTER("mysql_show_create_user"); + if (!initialized) + { + my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables"); + DBUG_RETURN(TRUE); + } if (check_show_access(thd, lex_user, &username, &hostname, NULL)) DBUG_RETURN(TRUE); diff --git a/sql/sql_db.cc b/sql/sql_db.cc index fcf07f7f920..61d8f12deaa 100644 --- a/sql/sql_db.cc +++ b/sql/sql_db.cc @@ -882,7 +882,7 @@ mysql_rm_db_internal(THD *thd, const LEX_CSTRING *db, bool if_exists, bool silen lock_db_routines(thd, dbnorm)) goto exit; - if (!thd->bootstrap && !rm_mysql_schema) + if (!rm_mysql_schema) { for (table= tables; table; table= table->next_local) { diff --git a/sql/sql_table.cc b/sql/sql_table.cc index a5e55695d02..7348a5a07c1 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -2098,16 +2098,13 @@ bool mysql_rm_table(THD *thd,TABLE_LIST *tables, bool if_exists, } } /* We remove statistics for table last, after we have the DDL lock */ - if (!thd->bootstrap) + for (table= tables; table; table= table->next_local) { - for (table= tables; table; table= table->next_local) - { - LEX_CSTRING db_name= table->db; - LEX_CSTRING table_name= table->table_name; - if (table->open_type == OT_BASE_ONLY || - !thd->find_temporary_table(table)) - (void) delete_statistics_for_table(thd, &db_name, &table_name); - } + LEX_CSTRING db_name= table->db; + LEX_CSTRING table_name= table->table_name; + if (table->open_type == OT_BASE_ONLY || + !thd->find_temporary_table(table)) + (void) delete_statistics_for_table(thd, &db_name, &table_name); } } |