1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
|
CREATE DATABASE test_user_db;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
========== test 1.1.3.2 ====================================
CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON `plug%dest` TO plug_user;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
REVOKE PROXY ON `plug%dest` FROM plug_user;
GRANT PROXY ON plug_dest TO plug_user;
current_user()
plug_dest@%
user()
plug_user@localhost
Tables_in_test_user_db
t1
REVOKE PROXY ON plug_dest FROM plug_user;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
DROP USER plug_user,plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
plug_user test_plugin_server plug_dest
1)
current_user()
plug_dest@%
user()
plug_user@localhost
Tables_in_test_user_db
t1
REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user';
2)
current_user()
plug_dest@%
user()
plug_user@localhost
Tables_in_test_user_db
t1
REVOKE PROXY ON plug_dest FROM plug_user;
3)
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
DROP USER plug_user,plug_dest;
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
1)
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
GRANT PROXY ON plug_dest TO plug_user;
2)
current_user()
plug_dest@%
user()
plug_user@localhost
Tables_in_test_user_db
t1
REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user';
DROP USER plug_user,plug_dest;
========== test 1.2 ========================================
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
current_user()
plug_dest@%
user()
plug_user@localhost
RENAME USER plug_dest TO new_dest;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
GRANT PROXY ON new_dest TO plug_user;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
new_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
plug_user test_plugin_server plug_dest
DROP USER plug_user,new_dest;
CREATE USER plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
GRANT PROXY ON plug_dest TO plug_user;
current_user()
plug_dest@%
user()
plug_user@localhost
RENAME USER plug_dest TO new_dest;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
GRANT PROXY ON new_dest TO plug_user;
ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
new_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
plug_user test_plugin_server plug_dest
DROP USER plug_user,new_dest;
CREATE USER plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
connect plug_user,localhost,plug_user,plug_dest;
select USER(),CURRENT_USER();
USER() CURRENT_USER()
plug_user@localhost plug_dest@%
connection default;
disconnect plug_user;
RENAME USER plug_user TO new_user;
connect plug_user,localhost,new_user,plug_dest;
select USER(),CURRENT_USER();
USER() CURRENT_USER()
new_user@localhost plug_dest@%
connection default;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
new_user test_plugin_server plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
disconnect plug_user;
UPDATE mysql.global_priv SET user='plug_user' WHERE user='new_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
plug_user test_plugin_server plug_dest
DROP USER plug_dest,plug_user;
========== test 1.3 ========================================
CREATE USER plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
connect plug_user,localhost,plug_user,plug_dest;
select USER(),CURRENT_USER();
USER() CURRENT_USER()
plug_user@localhost plug_dest@%
connection default;
disconnect plug_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
plug_user test_plugin_server plug_dest
UPDATE mysql.global_priv SET user='new_user' WHERE user='plug_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
new_user test_plugin_server plug_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
UPDATE mysql.global_priv SET priv=JSON_SET(priv, '$.authentication_string', 'new_dest') WHERE user='new_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
new_user test_plugin_server new_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
UPDATE mysql.global_priv SET priv=JSON_SET(priv, '$.plugin', 'new_plugin_server') WHERE user='new_user';
FLUSH PRIVILEGES;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
new_user new_plugin_server new_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
ERROR HY000: Plugin 'new_plugin_server' is not loaded
UPDATE mysql.global_priv SET priv=JSON_SET(priv, '$.plugin', 'test_plugin_server') WHERE user='new_user';
UPDATE mysql.global_priv SET user='new_dest' WHERE user='plug_dest';
FLUSH PRIVILEGES;
GRANT PROXY ON new_dest TO new_user;
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
new_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
new_user test_plugin_server new_dest
connect plug_user,localhost,new_user,new_dest;
select USER(),CURRENT_USER();
USER() CURRENT_USER()
new_user@localhost new_dest@%
connection default;
disconnect plug_user;
UPDATE mysql.global_priv SET user='plug_dest' WHERE user='new_dest';
FLUSH PRIVILEGES;
CREATE USER new_dest IDENTIFIED BY 'new_dest_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
mariadb.sys mysql_native_password
new_dest mysql_native_password *01422E86A6FFF84618914AF149F9AEF64B84170A
new_user test_plugin_server new_dest
plug_dest mysql_native_password *939AEE68989794C0F408277411C26055CDF41119
GRANT ALL PRIVILEGES ON test.* TO new_user;
connect plug_user,localhost,new_dest,new_dest_passwd;
select USER(),CURRENT_USER();
USER() CURRENT_USER()
new_dest@localhost new_dest@%
connection default;
disconnect plug_user;
DROP USER new_user,new_dest,plug_dest;
========== test 2, 2.1, 2.2 ================================
CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
test_plugin_server proxied_user
mariadb.sys mysql_native_password
proxied_user mysql_native_password *D7A51428CD38DB3C5293B9321DA1228BFB1611DD
connect proxy_con,localhost,proxied_user,proxied_user_passwd;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user@localhost proxied_user@%
========== test 2.2.1 ======================================
SELECT @@proxy_user;
@@proxy_user
NULL
connection default;
disconnect proxy_con;
ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES)
GRANT PROXY ON proxied_user TO ''@'%%';
connect proxy_con,localhost,proxied_user,proxied_user_passwd;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user@localhost proxied_user@%
connection default;
disconnect proxy_con;
connect proxy_con,localhost,proxy_user,proxied_user;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxy_user@localhost proxied_user@%
========== test 2.2.1 ======================================
SELECT @@proxy_user;
@@proxy_user
''@'%%'
connection default;
disconnect proxy_con;
DROP USER ''@'%%',proxied_user;
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'%%'
IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
test_plugin_server proxied_user
mariadb.sys mysql_native_password
proxied_user mysql_native_password *D7A51428CD38DB3C5293B9321DA1228BFB1611DD
connect proxy_con,localhost,proxied_user,proxied_user_passwd;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user@localhost proxied_user@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection default;
disconnect proxy_con;
ERROR 28000: Access denied for user 'proxy_user'@'localhost' (using password: YES)
GRANT PROXY ON proxied_user TO ''@'%%';
connect proxy_con,localhost,proxied_user,proxied_user_passwd;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user@localhost proxied_user@%
connection default;
disconnect proxy_con;
connect proxy_con,localhost,proxy_user,proxied_user;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxy_user@localhost proxied_user@%
SELECT @@proxy_user;
@@proxy_user
''@'%%'
connection default;
disconnect proxy_con;
DROP USER ''@'%%',proxied_user;
CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user_1 IDENTIFIED BY 'proxied_user_1_pwd';
CREATE USER proxied_user_2 IDENTIFIED BY 'proxied_user_2_pwd';
CREATE USER proxied_user_3 IDENTIFIED BY 'proxied_user_3_pwd';
CREATE USER proxied_user_4 IDENTIFIED BY 'proxied_user_4_pwd';
CREATE USER proxied_user_5 IDENTIFIED BY 'proxied_user_5_pwd';
GRANT PROXY ON proxied_user_1 TO ''@'%%';
GRANT PROXY ON proxied_user_2 TO ''@'%%';
GRANT PROXY ON proxied_user_3 TO ''@'%%';
GRANT PROXY ON proxied_user_4 TO ''@'%%';
GRANT PROXY ON proxied_user_5 TO ''@'%%';
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
User plugin authentication_string
test_plugin_server proxied_user
mariadb.sys mysql_native_password
proxied_user_1 mysql_native_password *551D5A5177FCC3340F7D2FB0F4D8D1EEA7F7EF71
proxied_user_2 mysql_native_password *3D948F77C6A988AFDCA9755AB2A6724362557220
proxied_user_3 mysql_native_password *41A18925D237DEE738C76581153990B037F462E3
proxied_user_4 mysql_native_password *F990073A9B96FF535C2D0721406042B8751E593F
proxied_user_5 mysql_native_password *5AA915C5D0B5B1336336FD2BF7768BC09FD1F5B2
connect proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd';
connect proxy_con_2,localhost,proxied_user_2,proxied_user_2_pwd;
connect proxy_con_3,localhost,proxied_user_3,proxied_user_3_pwd;
connect proxy_con_4,localhost,proxied_user_4,proxied_user_4_pwd;
connect proxy_con_5,localhost,proxied_user_5,proxied_user_5_pwd;
connection proxy_con_1;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user_1@localhost proxied_user_1@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection proxy_con_2;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user_2@localhost proxied_user_2@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection proxy_con_3;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user_3@localhost proxied_user_3@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection proxy_con_4;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user_4@localhost proxied_user_4@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection proxy_con_5;
SELECT USER(),CURRENT_USER();
USER() CURRENT_USER()
proxied_user_5@localhost proxied_user_5@%
SELECT @@proxy_user;
@@proxy_user
NULL
connection default;
disconnect proxy_con_1;
disconnect proxy_con_2;
disconnect proxy_con_3;
disconnect proxy_con_4;
disconnect proxy_con_5;
DROP USER ''@'%%',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5;
========== test 3 ==========================================
GRANT ALL PRIVILEGES ON *.* TO plug_user
IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
FLUSH PRIVILEGES;
DROP USER plug_user, plug_dest;
DROP DATABASE test_user_db;
|