Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

the issue with tidb socket #23460

Closed
wangtianyi2004 opened this issue Mar 22, 2021 · 2 comments · Fixed by #23463
Closed

the issue with tidb socket #23460

wangtianyi2004 opened this issue Mar 22, 2021 · 2 comments · Fixed by #23463
Assignees
@morgo
Labels
component/privilege component/server severity/critical type/bug The issue is confirmed as a bug.
Milestone
v5.0.0 ga

Comments

@wangtianyi2004
Copy link

Bug Report

Please answer these questions before submitting your issue. Thanks!
after I drop the root@'%', I can still logon tidb by root@'XXX'.

### 1. Minimal reproduce step (Required)

[root@r40 topology]# cat tidb-c1.yaml | grep -C 10 sock

# readpool.storage.use-unified-pool

# You can overwrite this configuration via the instance-level config field.

server_configs:
tidb:
log.slow-threshold: 300
binlog.enable: false
binlog.ignore-error: false
tikv-client.copr-cache.enable: true
socket: "/tmp/mysql.sock"
tikv:
server.grpc-concurrency: 4
raftstore.apply-pool-size: 2
raftstore.store-pool-size: 2
rocksdb.max-sub-compactions: 1
storage.block-cache.capacity: "16GB"
readpool.unified.max-thread-count: 12
readpool.storage.use-unified-pool: false
readpool.coprocessor.use-unified-pool: true
raftdb.rate-bytes-per-sec: 0

check the logon user

[root@r40 topology]# mysql -uroot -P14000 -hr41 -e 'select user()'
+----------------+
| user() |
+----------------+
| root@localhost |
+----------------+

create a new user root@'localhost'
mysql> create user 'root'@'%' identified by 'mysql';
ERROR 1396 (HY000): Operation CREATE USER failed for 'root'@'%'
mysql> create user root@'localhost' identified by 'mysql'
-> ;
Query OK, 0 rows affected (0.14 sec)

mysql> grant all privileges on . to root@'localhost';
mysql> flush privileges;

mysql> drop user root@'%';
mysql> flush privileges;

[root@r40 topology]# mysql -uroot -P14000 -hr41 -p
mysql> select host, user from mysql.user;
+-----------+------+
| host | user |
+-----------+------+
| localhost | root |
+-----------+------+
1 row in set (0.01 sec)

### 2. What did you expect to see? (Required)
I logon with the user root@'r41'.
when I check the query select user(), It should show me root@localhost
And after I drop the user root@'%', I shouldn't logon the database from non-tidb server.

3. What did you see instead (Required)

4. What is your TiDB version? (Required)

v4.0.9
@wangtianyi2004 wangtianyi2004 added the type/bug The issue is confirmed as a bug. label Mar 22, 2021
@morgo morgo self-assigned this Mar 22, 2021
@morgo
Copy link
Contributor

morgo commented Mar 22, 2021

Verified as described. I will take a look.

@morgo morgo mentioned this issue Mar 22, 2021
Merged
@zimulala zimulala added this to the v5.0.0 ga milestone Mar 23, 2021
@ti-srebot
Copy link
Contributor

ti-srebot commented Mar 24, 2021
edited by morgo
Loading

Please edit this comment or add a new comment to complete the following information

Bug

TiDB incorrectly handled the user-host portion of privileges when listening on both unix socket and tcp socket.

1. Root Cause Analysis (RCA) (optional)

2. Symptom (optional)

3. All Trigger Conditions (optional)

4. Workaround (optional)

5. Affected versions

[v4.0.1:v4.0.12], [v5.0.0:v5.0.1]

6. Fixed versions

master

This was referenced Mar 24, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@morgo morgo

Labels
component/privilege component/server severity/critical type/bug The issue is confirmed as a bug.
Projects
None yet
Milestone
v5.0.0 ga
Development

Successfully merging a pull request may close this issue.

server: set connection to TCP socket when unix and TCP used morgo/tidb
4 participants
@morgo @zimulala @wangtianyi2004 @ti-srebot