Bug #102699 Access deny for user create by CIDR notation with FULL ip address
Submitted: 23 Feb 6:23 Modified: 23 Feb 13:45
Reporter: Luiz Yao Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Connection Handling Severity:S3 (Non-critical)
Version:8.0.23 OS:Ubuntu (Ubuntu 20.10)
Assigned to: CPU Architecture:x86
Tags: docker

[23 Feb 6:23] Luiz Yao
Description:
I provide MySQL service via docker, the used image is `mysql/mysql-server:8.0.23`.

Now i want to connect database from the host machine, not in the container.

So i create two users:

```
mysql> SELECT user, host FROM user;
+------------------+---------------+
| user             | host          |
+------------------+---------------+
| learner_maskip   | 172.21.0.0/16 |
| learner_fullip   | 172.21.0.2/16 |
| healthchecker    | localhost     |
| mysql.infoschema | localhost     |
| mysql.session    | localhost     |
| mysql.sys        | localhost     |
| root             | localhost     |
+------------------+---------------+
7 rows in set (0.00 sec)
```
 
User `learner_maskip` work well, while `learner_fullip` did not. 

Access database via `learner_fullip` failed:

```
$ mysql -u learner_fullip -h 127.0.0.1 -p
Enter password: 
ERROR 1045 (28000): Access denied for user 'learner_fullip'@'172.21.0.1' (using password: NO)
```

Access database via `learner_maskip` successful:

```
$ mysql -u learner_maskip -h 127.0.0.1 -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 405
Server version: 8.0.23 MySQL Community Server - GPL

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 
```

I expect that both `learner_maskip` and `learner_fullip` should access database successfully.

How to repeat:
Create user, the `host` is CIDR notaion with full ip address.

```
mysql> CREATE USER 'learner_fullip'@'172.21.0.2/16';
```

Try to access database via this new user in the host machine, not in the container.

It will be failed.
[23 Feb 13:45] MySQL Verification Team
Hi Mr. Yao,

Thank you for your bug report.

However, this is not a bug. The privileges that you have granted demand that users come explicitly only from the hosts defined. This is not a case in your installation.

Second, this is a forum for reporting bugs in MySQL database and not a forum for the configuration of the operating systems, various containers and similar.

Not a bug.