hhf/MySQLTuner-perl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Try to fix incorrectly reports roles as users without passwords #598"

Browse source
This commit is contained in:
Jean-Marie Renouard 2022-06-15 18:08:11 +02:00
parent 3edaab3b57
commit 461c8fb60e
1 changed files with 21 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
mysqltuner.pl
View file

@ -1944,9 +1944,25 @@ sub security_recommendations {
} }
debugprint "Password column = $PASS_COLUMN_NAME"; debugprint "Password column = $PASS_COLUMN_NAME";
# IS THERE A ROLE COLUMN
my $is_role_column = select_one "select count(*) from information_schema.columns where TABLE_NAME='user' AND TABLE_SCHEMA='mysql' and COLUMN_NAME='IS_ROLE'";
my $extra_user_condition="1 = 1 OR ";
$extra_user_condition="IS_ROLE = 'N' AND" if $is_role_column > 0;
my @mysqlstatlist;
if ($is_role_column > 0) {
@mysqlstatlist= select_array "SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.user WHERE IS_ROLE='Y'";
foreach my $line ( sort @mysqlstatlist ) {
chomp($line);
infoprint "User $line is User Role";
}
} else {
debugprint "No Role user detected";
goodprint "No Role user detected";
}
# Looking for Anonymous users # Looking for Anonymous users
my @mysqlstatlist = select_array @mysqlstatlist = select_array
"SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.user WHERE TRIM(USER) = '' OR USER IS NULL"; "SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.user WHERE $extra_user_condition (TRIM(USER) = '' OR USER IS NULL)";
#debugprint Dumper \@mysqlstatlist; #debugprint Dumper \@mysqlstatlist;
@ -1977,9 +1993,10 @@ sub security_recommendations {
if ( mysql_version_ge( 10, 4 ) ) { if ( mysql_version_ge( 10, 4 ) ) {
@mysqlstatlist = select_array @mysqlstatlist = select_array
q{SELECT CONCAT(QUOTE(user), '@', QUOTE(host)) FROM mysql.global_priv WHERE q{SELECT CONCAT(QUOTE(user), '@', QUOTE(host)) FROM mysql.global_priv WHERE
user != '' ( user != ''
AND JSON_CONTAINS(Priv, '"mysql_native_password"', '$.plugin') AND JSON_CONTAINS(Priv, '""', '$.authentication_string') AND JSON_CONTAINS(Priv, '"mysql_native_password"', '$.plugin') AND JSON_CONTAINS(Priv, '""', '$.authentication_string')
AND NOT JSON_CONTAINS(Priv, 'true', '$.account_locked')}; AND NOT JSON_CONTAINS(Priv, 'true', '$.account_locked')
)};
} }
else { else {
@mysqlstatlist = select_array @mysqlstatlist = select_array