WL#12803: SHOW CREATE USER AND CREATE USER TO WORK WITH HEX STRINGS FOR AUTH DATA
Affects: Server-8.0 — Status: Complete
This is a worklog to track a small feature as described in BUG#90947. The idea is that SHOW CREATE USER will print hex chars for the password hash if the string is unprintable (non-letters/digits). And we shall make sure CREATE USER can work with the statements generated by SHOW CREATE USER too.
FR1. There will be a new system boolean variable (global and session) (--print_identified_with_as_hex) to turn the new behavior on (off by default). This will turn printing hex literals on or off. The value applicable will be the session value for the relevant session. FR2. The SHOW CREATE USER command, when printing IDENTIFIED WITH the AS
clause that contains non-printable symbols will be printed as a hex literal instead of as a normal string literal with quotes. FR2.1. If the IDENTIFIED WITH AS is not containing non-printable symbols it will be printed as a normal literal. FR3. CREATE USER IDENTIFIED WITH AS and ALTER USER IDENTIFIED WITH AS will take hex literals for the password hash in addition to the string literals it's currently taking regardless of the flag.
By default the server prints IDENTIFIED WITH as a string literal ('dsffsdfsfd'). When this contains non-printable symbols it might become hard to read. See BUG#90947 for examples: mysql> create user user1@'%' identified by '123456'; Query OK, 0 rows affected (0.04 sec) mysql> show create user user1@'%'; | CREATE USER 'user1'@'%' IDENTIFIED WITH 'caching_sha2_password' AS '$A$005$i?#ZIgw??tY?re??yr#?o4mKTvyiTIruSORWqUh5Q0u5BMiwr.BxWCnReq155t8' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK PASSWORD HISTORY DEFAULT PASSWORD REUSE INTERVAL DEFAULT | When the new server system variable is turned on (e.g. SET session print_identified_with_as_hex) AND the hash contains unprintable symbols (https://en.cppreference.com/w/cpp/string/byte/isgraph and the mysql equivalent) the whole hash will be printed as a hexadecimal literal, e.g. 0x01012AF3F. So the above SHOW CREATE will produce something like: CREATE USER 'user1'@'%' IDENTIFIED WITH 'caching_sha2_password' AS 0xDEADCODE REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK PASSWORD HISTORY DEFAULT PASSWORD REUSE INTERVAL DEFAULT Which is much more readable. Also the CREATE USER command syntax will accept WITH
in addition to the literal it accepts now.
Copyright (c) 2000, 2020, Oracle Corporation and/or its affiliates. All rights reserved.