-
Daniel Black authored
mariadb-install-db --auth-root-authentication-method=normal created 4 root accounts by default, but only two of these had PROXY privilege granted. mariadb-install-db (default option --auth-root-authentication-method=socket) as non-root user also didn't grant PROXY priv to the created nonroot@localhost user. To fix this, in mysql_system_tables_data.sql, we re-use tmp_user_nopasswd as this contains the list of all root users. REPLACE INTO tmp_proxies_priv SELECT @current_hostname, IFNULL(@auth_root_socket, 'root') creates the $user@$current_host but will not error if @auth_root_socket is null. Note @current_hostname lines are filtered out with --cross-bootstrap in mariadb-install-db so it was needed to include this expression for consistency. Like the existing mysql_system_tables.sql is used to create teh $user@localhost proxies_priv. Test cases roles.acl_statistics, perfschema,privilege_table_io depends on the number of proxy users. After: --auth-root-authentication-method=normal: MariaDB [mysql]> select * from global_priv; +-----------+-------------+--------------------------------------------------------------------------------------------------------------------------+ | Host | User | Priv | +-----------+-------------+--------------------------------------------------------------------------------------------------------------------------+ | localhost | mariadb.sys | {"access":0,"plugin":"mysql_native_password","authentication_string":"","account_locked":true,"password_last_changed":0} | | localhost | root | {"access":18446744073709551615} | | bark | root | {"access":18446744073709551615} | | 127.0.0.1 | root | {"access":18446744073709551615} | | ::1 | root | {"access":18446744073709551615} | | localhost | | {} | | bark | | {} | +-----------+-------------+--------------------------------------------------------------------------------------------------------------------------+ 7 rows in set (0.001 sec) MariaDB [mysql]> select * from proxies_priv; +-----------+------+--------------+--------------+------------+---------+---------------------+ | Host | User | Proxied_host | Proxied_user | With_grant | Grantor | Timestamp | +-----------+------+--------------+--------------+------------+---------+---------------------+ | localhost | root | | | 1 | | 2023-07-10 12:12:24 | | 127.0.0.1 | root | | | 1 | | 2023-07-10 12:12:24 | | ::1 | root | | | 1 | | 2023-07-10 12:12:24 | | bark | root | | | 1 | | 2023-07-10 12:12:24 | +-----------+------+--------------+--------------+------------+---------+---------------------+ --auth-root-authentication-method=socket: MariaDB [mysql]> select * from proxies_priv; +-----------+------+--------------+--------------+------------+---------+---------------------+ | Host | User | Proxied_host | Proxied_user | With_grant | Grantor | Timestamp | +-----------+------+--------------+--------------+------------+---------+---------------------+ | localhost | root | | | 1 | | 2023-07-10 12:11:55 | | localhost | dan | | | 1 | | 2023-07-10 12:11:55 | | bark | dan | | | 1 | | 2023-07-10 12:11:55 | +-----------+------+--------------+--------------+------------+---------+---------------------+ 3 rows in set (0.017 sec) MariaDB [mysql]> select * from global_priv; +-----------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------+ | Host | User | Priv | +-----------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------+ | localhost | mariadb.sys | {"access":0,"plugin":"mysql_native_password","authentication_string":"","account_locked":true,"password_last_changed":0} | | localhost | root | {"access":18446744073709551615,"plugin":"mysql_native_password","authentication_string":"invalid","auth_or":[{},{"plugin":"unix_socket"}]} | | localhost | dan | {"access":18446744073709551615,"plugin":"mysql_native_password","authentication_string":"invalid","auth_or":[{},{"plugin":"unix_socket"}]} | | localhost | | {} | | bark | | {} | +-----------+-------------+--------------------------------------------------------------------------------------------------------------------------------------------+ 5 rows in set (0.000 sec) MariaDB [mysql]> show grants; +----------------------------------------------------------------------------------------------------------------------------------------+ | Grants for dan@localhost | +----------------------------------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO `dan`@`localhost` IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket WITH GRANT OPTION | | GRANT PROXY ON ''@'%' TO 'dan'@'localhost' WITH GRANT OPTION | +----------------------------------------------------------------------------------------------------------------------------------------+8bbe3a3c
