Bug #108919 | acl_cache_lock is not consistent in acl_authenticate function for proxy_user | ||
---|---|---|---|
Submitted: | 28 Oct 2022 14:19 | Modified: | 2 Nov 2022 16:01 |
Reporter: | jingliang shang | Email Updates: | |
Status: | Can't repeat | Impact on me: | |
Category: | MySQL Server: Security: Privileges | Severity: | S2 (Serious) |
Version: | 8.0 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | acl_authenticate, acl_cache_lock, proxy_user |
[28 Oct 2022 14:19]
jingliang shang
[1 Nov 2022 13:28]
MySQL Verification Team
Hi Mr. shang, Thank you for your bug report. However, we are not able to repeat the behaviour. We have ran your C source code on 8.0.31 and 8.0.32 (not yet out) and we have not hit any race condition. Also, your test case does not contain user names and their ACL's , including the one on the proxy user. If there is anything else that needs to be used, we have to be informed. If you supply us with all necessary info for 8.0.31, we shall change the status to "Open". Can't repeat.
[2 Nov 2022 16:01]
jingliang shang
Hi Team, Thanks for the effort. Maybe you can try below steps one more time, hopefully. I am able to repeat this issue with these on mysql-server in 8.0.27 official docker. step 0: Start up mysql-server docker and change root@localhost passwd to test, then open 2 console with docker exec -it ID bash step1: From console 1, run these commands which should never stop. #mysql -uroot -ptest -hlocalhost --execute="set persist check_proxy_users=ON;" #mysql -uroot -ptest -hlocalhost --execute="set persist mysql_native_password_proxy_users=ON;" #mysql -uroot -ptest -hlocalhost --execute='create user test_proxy@localhost identified with mysql_native_password by "test"; grant proxy on root@localhost to test_proxy@localhost;' #while true; do mysql -utest_proxy -ptest -hlocalhost --execute='select current_user;' || exit 1; done step2: From console 2, run this command until console 1 stops and return "ERROR 1045 (28000): Access denied for user 'test_proxy'@'localhost' (using password: YES)" #while true; do mysql -uroot -hlocalhost -ptest --execute='create user a@a; grant proxy on root to a@a; revoke proxy on root from a@a; drop user a@a'; sleep 1& done These script is not as efficient as the c code, but it should trigger issue within minutes. Regards, Shangj
[3 Nov 2022 13:02]
MySQL Verification Team
Hi Mr. shang, First of all , we test standalone MySQL and it's clients, not the ones running in any container. We have tested your test case on 8.0.31 and the syntax that you used is already deprecated. Can't repeat.