MDEV-24965 With ALTER USER ...IDENTIFIED BY command, password doesn't replaced...

MDEV-24965 With ALTER USER ...IDENTIFIED BY command, password doesn't replaced by asterisks in audit log. Check for the ALTER USER command added.

MDEV-24965 With ALTER USER ...IDENTIFIED BY command, password doesn't replaced...
MDEV-24965 With ALTER USER ...IDENTIFIED BY command, password doesn't replaced by asterisks in audit log. Check for the ALTER USER command added.
25ecf8ed · Alexey Botchkov · 1d80e8e4 · 25ecf8ed · 25ecf8ed · 25ecf8ed
Commit 25ecf8ed authored Feb 26, 2021 by Alexey Botchkov
3 changed files
--- a/mysql-test/suite/plugins/r/server_audit.result
+++ b/mysql-test/suite/plugins/r/server_audit.result
@@ -118,6 +118,7 @@ CREATE USER u1 IDENTIFIED BY 'pwd-123';
 GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321";
 SET PASSWORD FOR u1 = PASSWORD('pwd 098');
 CREATE USER u3 IDENTIFIED BY '';
+ALTER USER u3 IDENTIFIED BY 'pwd-456';
 drop user u1, u2, u3;
 set global server_audit_events='query_ddl';
 create table t1(id int);
@@ -382,6 +383,8 @@ TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,proxies_priv,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,roles_mapping,
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u3 IDENTIFIED BY *****',0
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
+TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'ALTER USER u3 IDENTIFIED BY \'pwd-456\'',0
+TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,user,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,db,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,tables_priv,
 TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,columns_priv,

--- a/mysql-test/suite/plugins/t/server_audit.test
+++ b/mysql-test/suite/plugins/t/server_audit.test
@@ -95,6 +95,7 @@ CREATE USER u1 IDENTIFIED BY 'pwd-123';
 GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321";
 SET PASSWORD FOR u1 = PASSWORD('pwd 098');
 CREATE USER u3 IDENTIFIED BY '';
+ALTER USER u3 IDENTIFIED BY 'pwd-456';
 drop user u1, u2, u3;
 set global server_audit_events='query_ddl';

--- a/plugin/server_audit/server_audit.c
+++ b/plugin/server_audit/server_audit.c
@@ -819,6 +819,7 @@ enum sa_keywords
  SQLCOM_DML,
  SQLCOM_GRANT,
  SQLCOM_CREATE_USER,
+  SQLCOM_ALTER_USER,
  SQLCOM_CHANGE_MASTER,
  SQLCOM_CREATE_SERVER,
  SQLCOM_SET_OPTION,
@@ -926,6 +927,7 @@ struct sa_keyword passwd_keywords[]=
 {
  {3, "SET", &password_word, SQLCOM_SET_OPTION},
  {5, "ALTER", &server_word, SQLCOM_ALTER_SERVER},
+  {5, "ALTER", &user_word, SQLCOM_ALTER_USER},
  {5, "GRANT", 0, SQLCOM_GRANT},
  {6, "CREATE", &user_word, SQLCOM_CREATE_USER},
  {6, "CREATE", &server_word, SQLCOM_CREATE_SERVER},
@@ -1845,6 +1847,7 @@ static int log_statement_ex(const struct connection_info *cn,
  {
    case SQLCOM_GRANT:
    case SQLCOM_CREATE_USER:
+    case SQLCOM_ALTER_USER:
      csize+= escape_string_hide_passwords(query, query_len,
                                           uh_buffer, uh_buffer_size,
                                           "IDENTIFIED", 10, "BY", 2, 0);