MDEV-18297 How to reset a forgotten root password
After FLUSH PRIVILEGES remember if the connection started under --skip-grant-tables and keep it all-powerful, not a lowly anonymous. One could use this connection to reset passwords as needed. Also fix a crash in SHOW CREATE USER
This commit is contained in:
Sergei Golubchik
parent
a94b20a8e0
commit
4386d93500
@ -1,14 +1,4 @@
|
||||
use test;
|
||||
DROP VIEW IF EXISTS v1;
|
||||
DROP VIEW IF EXISTS v2;
|
||||
DROP VIEW IF EXISTS v3;
|
||||
DROP TABLE IF EXISTS t1;
|
||||
DROP PROCEDURE IF EXISTS p1;
|
||||
DROP PROCEDURE IF EXISTS p2;
|
||||
DROP PROCEDURE IF EXISTS p3;
|
||||
DROP FUNCTION IF EXISTS f1;
|
||||
DROP FUNCTION IF EXISTS f2;
|
||||
DROP FUNCTION IF EXISTS f3;
|
||||
CREATE TABLE t1(c INT);
|
||||
CREATE TRIGGER t1_bi BEFORE INSERT ON t1
|
||||
FOR EACH ROW
|
||||
@ -95,3 +85,29 @@ Acl_role_grants 0
|
||||
Acl_roles 0
|
||||
Acl_table_grants 0
|
||||
Acl_users 0
|
||||
show create user root@localhost;
|
||||
ERROR HY000: The MariaDB server is running with the --skip-grant-tables option so it cannot execute this statement
|
||||
insert mysql.global_priv values ('foo', 'bar', '{}');
|
||||
insert mysql.global_priv values ('baz', 'baz', '{"plugin":"baz"}');
|
||||
set password for bar@foo = password("pass word");
|
||||
ERROR HY000: The MariaDB server is running with the --skip-grant-tables option so it cannot execute this statement
|
||||
flush privileges;
|
||||
show create user root@localhost;
|
||||
CREATE USER for root@localhost
|
||||
CREATE USER 'root'@'localhost'
|
||||
show create user bar@foo;
|
||||
CREATE USER for bar@foo
|
||||
CREATE USER 'bar'@'foo'
|
||||
show create user baz@baz;
|
||||
CREATE USER for baz@baz
|
||||
CREATE USER 'baz'@'baz' IDENTIFIED VIA baz
|
||||
set password for bar@foo = password("pass word");
|
||||
show create user bar@foo;
|
||||
CREATE USER for bar@foo
|
||||
CREATE USER 'bar'@'foo' IDENTIFIED BY PASSWORD '*EDBBEA7F4E7B5D8B0BC8D7AC5D1936FB7DA10611'
|
||||
alter user baz@baz identified with mysql_native_password as password("baz");
|
||||
show create user baz@baz;
|
||||
CREATE USER for baz@baz
|
||||
CREATE USER 'baz'@'baz' IDENTIFIED BY PASSWORD '*E52096EF8EB0240275A7FE9E069101C33F98CF07'
|
||||
drop user bar@foo;
|
||||
drop user baz@baz;
|
||||
|
||||
@ -15,26 +15,6 @@ use test;
|
||||
# - BUG#13504: creation view with DEFINER clause if --skip-grant-tables
|
||||
#
|
||||
|
||||
# Prepare.
|
||||
|
||||
--disable_warnings
|
||||
|
||||
DROP VIEW IF EXISTS v1;
|
||||
DROP VIEW IF EXISTS v2;
|
||||
DROP VIEW IF EXISTS v3;
|
||||
|
||||
DROP TABLE IF EXISTS t1;
|
||||
|
||||
DROP PROCEDURE IF EXISTS p1;
|
||||
DROP PROCEDURE IF EXISTS p2;
|
||||
DROP PROCEDURE IF EXISTS p3;
|
||||
|
||||
DROP FUNCTION IF EXISTS f1;
|
||||
DROP FUNCTION IF EXISTS f2;
|
||||
DROP FUNCTION IF EXISTS f3;
|
||||
|
||||
--enable_warnings
|
||||
|
||||
# Test case.
|
||||
|
||||
CREATE TABLE t1(c INT);
|
||||
@ -137,3 +117,26 @@ select no_such_function(1);
|
||||
# MDEV-8280 crash in 'show global status' with --skip-grant-tables
|
||||
#
|
||||
show global status like 'Acl%';
|
||||
|
||||
#
|
||||
# MDEV-18297
|
||||
# How to reset a forgotten root password
|
||||
#
|
||||
--error ER_OPTION_PREVENTS_STATEMENT
|
||||
show create user root@localhost;
|
||||
insert mysql.global_priv values ('foo', 'bar', '{}');
|
||||
insert mysql.global_priv values ('baz', 'baz', '{"plugin":"baz"}');
|
||||
--error ER_OPTION_PREVENTS_STATEMENT
|
||||
set password for bar@foo = password("pass word");
|
||||
flush privileges;
|
||||
show create user root@localhost;
|
||||
show create user bar@foo;
|
||||
show create user baz@baz;
|
||||
set password for bar@foo = password("pass word");
|
||||
show create user bar@foo;
|
||||
alter user baz@baz identified with mysql_native_password as password("baz");
|
||||
show create user baz@baz;
|
||||
drop user bar@foo;
|
||||
drop user baz@baz;
|
||||
# need to restart the server to restore the --skip-grant state
|
||||
--source include/restart_mysqld.inc
|
||||
|
||||
@ -2557,6 +2557,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
|
||||
|
||||
init_check_host();
|
||||
|
||||
thd->bootstrap= !initialized; // keep FLUSH PRIVILEGES connection special
|
||||
initialized=1;
|
||||
DBUG_RETURN(FALSE);
|
||||
}
|
||||
@ -8908,6 +8909,11 @@ bool mysql_show_create_user(THD *thd, LEX_USER *lex_user)
|
||||
uint head_length;
|
||||
DBUG_ENTER("mysql_show_create_user");
|
||||
|
||||
if (!initialized)
|
||||
{
|
||||
my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--skip-grant-tables");
|
||||
DBUG_RETURN(TRUE);
|
||||
}
|
||||
if (check_show_access(thd, lex_user, &username, &hostname, NULL))
|
||||
DBUG_RETURN(TRUE);
|
||||
|
||||
|
||||
@ -882,7 +882,7 @@ mysql_rm_db_internal(THD *thd, const LEX_CSTRING *db, bool if_exists, bool silen
|
||||
lock_db_routines(thd, dbnorm))
|
||||
goto exit;
|
||||
|
||||
if (!thd->bootstrap && !rm_mysql_schema)
|
||||
if (!rm_mysql_schema)
|
||||
{
|
||||
for (table= tables; table; table= table->next_local)
|
||||
{
|
||||
|
||||
@ -2098,16 +2098,13 @@ bool mysql_rm_table(THD *thd,TABLE_LIST *tables, bool if_exists,
|
||||
}
|
||||
}
|
||||
/* We remove statistics for table last, after we have the DDL lock */
|
||||
if (!thd->bootstrap)
|
||||
for (table= tables; table; table= table->next_local)
|
||||
{
|
||||
for (table= tables; table; table= table->next_local)
|
||||
{
|
||||
LEX_CSTRING db_name= table->db;
|
||||
LEX_CSTRING table_name= table->table_name;
|
||||
if (table->open_type == OT_BASE_ONLY ||
|
||||
!thd->find_temporary_table(table))
|
||||
(void) delete_statistics_for_table(thd, &db_name, &table_name);
|
||||
}
|
||||
LEX_CSTRING db_name= table->db;
|
||||
LEX_CSTRING table_name= table->table_name;
|
||||
if (table->open_type == OT_BASE_ONLY ||
|
||||
!thd->find_temporary_table(table))
|
||||
(void) delete_statistics_for_table(thd, &db_name, &table_name);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user