WL#12803: SHOW CREATE USER AND CREATE USER TO WORK WITH HEX STRINGS FOR AUTH DATA

Affects: Server-8.0   —   Status: Complete 

This is a worklog to track a small feature as described in BUG#90947.

The idea is that SHOW CREATE USER will print hex chars for the password hash if
the string is unprintable (non-letters/digits).

And we shall make sure CREATE USER can work with the statements generated by
SHOW CREATE USER too.
FR1. There will be a new system boolean variable (global and session)
(--print_identified_with_as_hex) to turn the new behavior on
(off by default). This will turn printing hex literals on or off. The value
applicable will be the session value for the relevant session.

FR2. The SHOW CREATE USER command, when printing IDENTIFIED WITH the AS 
clause that contains non-printable symbols will be printed as a hex literal
instead of as a normal string literal with quotes.

FR2.1. If the IDENTIFIED WITH AS is not containing non-printable symbols it will
be printed as a normal literal.

FR3. CREATE USER IDENTIFIED WITH AS and ALTER USER IDENTIFIED WITH AS will take
hex literals for the password hash in addition to the string literals it's
currently taking regardless of the flag.
By default the server prints IDENTIFIED WITH as a string literal ('dsffsdfsfd').
When this contains non-printable symbols it might become hard to read. See
BUG#90947 for examples:
mysql> create user user1@'%' identified by '123456';
Query OK, 0 rows affected (0.04 sec)

mysql> show create user user1@'%';
| CREATE USER 'user1'@'%' IDENTIFIED WITH 'caching_sha2_password' AS
'$A$005$i?#ZIgw??tY?re??yr#?o4mKTvyiTIruSORWqUh5Q0u5BMiwr.BxWCnReq155t8'
REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK PASSWORD HISTORY DEFAULT
PASSWORD REUSE INTERVAL DEFAULT |

When the new server system variable is turned on (e.g. SET session
print_identified_with_as_hex) AND the hash contains unprintable
symbols (https://en.cppreference.com/w/cpp/string/byte/isgraph and the mysql
equivalent) the whole hash will be printed as a hexadecimal literal, e.g.
0x01012AF3F.

So the above SHOW CREATE will produce something like:
CREATE USER 'user1'@'%' IDENTIFIED WITH 'caching_sha2_password' AS
0xDEADCODE REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK PASSWORD HISTORY
DEFAULT PASSWORD REUSE INTERVAL DEFAULT

Which is much more readable.

Also the CREATE USER command syntax will accept WITH  in
addition to the literal it accepts now.


Copyright (c) 2000, 2024, Oracle Corporation and/or its affiliates. All rights reserved.