I have found a weird phenomenon on my MariaDB server (version 10.1.26-MariaDB-0+deb9u1)
I used to have a user XYZ long time ago, and this user probably got deleted sometime. However, I tried to login using this user and I got the following error message:
mysqli_real_connect(): (HY000/1275): Server is running in
--secure-auth mode, but 'XYZ'#'localhost' has a password in the old format; please change the password to the new format
Just to be sure, I tried to login using a non-existing user. For example, I try to login as NOTEXISTING, just to verify that the error message is indeed different.
mysqli_real_connect(): (HY000/1045): Access denied for user
'NOTEXISTING'#'localhost' (using password: YES)
Now, the question is, where is the old user information stored?
The user does not exist in the mysql database:
select * from mysql.user where user = 'XYZ';
=> empty result
grep -r XYZ /path_to_mysql_database_dir/mysql/
=> nothing
I also tried "FLUSH PRIVILEGES" to reload the user table.
Do you have an idea where the user information is stored?
Update
After trying various things and even testing on a completely fresh installed system, I come to the conclusion that it must be some kind of bug, so I opened a bug report: https://jira.mariadb.org/browse/MDEV-17789 . Any other ideas are welcome.
The plaintext password is not stored anywhere.
SELECT user, host, password FROM user may provide something like
| pm_demo | localhost | FFC3F585 |
| dist | localhost | A8900DDB |
| ronly | localhost | 5208517A |
| spent | localhost | 26B08F08 |
| test | 1.2.3.4 | A40C6DCC |
That "password" is really an encrypted version of the plaintext password. It is the "old format", which is not very secure. New passwords look more like
*A5280BD3F8C6BCC6537FCC3E113D794DD53534CC
There are also other authentication mechanisms. (I don't know where you are in the evolution of authentication.)
SELECT * FROM user WHERE user = 'xyz'\G
*************************** 1. row ***************************
Host: localhost
User: xyz
Password: *6D800EA40C6DCC75BFF67DAB58D5D49FC5F8E568
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
...
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin: mysql_native_password
authentication_string:
password_expired: N
1 row in set (0.00 sec)
SHOW GRANTS FOR xyz#localhost;
+------------------------------------------------------------------------------------------------------------+
| Grants for xyz#localhost |
+------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'xyz'#'localhost' IDENTIFIED BY PASSWORD '*6D800EA40C6DCC75BFF67DAB58D5D49FC5F8E568' |
| GRANT ALL PRIVILEGES ON `xyz`.* TO 'xyz'#'localhost' |
+------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
A developer has confirmed that the (in my opinion wrong) error message is intentional behavior, based on a hash of the user table.
https://jira.mariadb.org/plugins/servlet/mobile#issue/MDEV-17789
Related
I'm running CentOS v7.9 with MariaDB v5.5.68. I'm trying to access the MariaDB databases from a Win10 machine using Visual Studio Code with SQLTools & MySQL/MariaDB extensions.
I have configured MariaDB for remote access per this link: Configuring MariaDB for Remote Client Access
[mysqld]
skip-networking=0
skip-bind-address
I created the users and added the privileges - tested by logging in locally with 'bob' and viewing permissions in mysql.user. (BTW, in case not readily apparent, the UID, host, and PWD aren't real.)
CREATE USER 'bob'#'1.2.3.%' IDENTIFIED BY 'myPWD';
GRANT ALL PRIVILEGES ON *.* TO 'bob'#'1.2.3.%' IDENTIFIED BY 'myPWD';
However, when I try to log in remotely (from another Linux box) using mysql -u userID -h hostIP -p, I get the error:
ERROR 2003 (HY000): Can't connect to MySQL server on '1.2.3.4' (110)
When I try to make the database connection using VS Code, SQLTools tells me I've connected, but it won't show any tables, I'm not able to make any queries, and I get this error: Request connection/GetChildrenForTreeItemRequest failed with message: Handshake inactivity timeout.
I have reviewed this SO page and others, but still can't get the connection to work.
UPDATED for clarity - provides mysql.user and netstat info:
MariaDB [(none)]> select user, host from mysql.user;
+------+-------------+
| user | host |
+------+-------------+
| bob | 10.0.2.15 | # Can't connect
| rob | 127.0.0.1 | # Logs in locally via command line
| root | 127.0.0.1 | # Logs in locally via command line
| bob | 192.168.0.% | # Can't connect
| root | 192.168.0.% | # Can't connect
| root | ::1 | # Logs in locally via command line
| rob | localhost | # Logs in locally via command line
| root | localhost | # Logs in locally via command line
+------+-------------+
8 rows in set (0.00 sec)
$ > netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 27 33813 -
Any help is much appreciated as I've been working this problem for 2+ days and have not made any headway.
We are using MarkLogic 9.0-11. We have an ODBC app server that is attached to a SuperDatabase. This SuperDatabase has two sub database .
We are using admin user with admin privileges. When we log into the qconsole using admin user and select our superdatabase in dropdown, we have no problem running a SELECT SQL query and we will get a expected result something like below
Select count{*} from VehicleTable
Result 500
However if i use this SQL query from my ODBC app server in linux box(this ODBC app server is connected to superdatabase), something like below
[testuser#testdev001 ~]$ /usr/local/bin/isql -v MarkLogicSQL admin admintest123
+---------------------------------------+
| Connected! |
| |
| sql-statement |
| help [tablename] |
| quit |
| |
+---------------------------------------+
SQL> Select count{*} from VehicleTable
+------------+
| count(*) |
+------------+
| 0 |
+------------+
SQLRowCount returns 1
1 rows fetched
SQLRowCount returns -1
1 rows fetched
[Note, if we attach one of the sub database in our ODBC app server then we will get the result in SQL query from linux box]
Can anyone suggest why the same query is performing differently on the app server and qconsole. Any ideas?
Returning to an app from a few months ago, I ran:
amplify push
which returned
Current Environment: dev
| Category | Resource name | Operation | Provider plugin |
| -------- | --------------------- | --------- | ----------------- |
| Api | e9app201907021400api | Update | awscloudformation |
| Auth | eauth201907021400 | No Change | awscloudformation |
? Are you sure you want to continue? Yes
GraphQL schema compiled successfully.
Edit your schema at /Projects/2019/june/e9-app/amp<snip>0api/schema
✖ An error occurred when pushing the resources to the cloud
The AWS Access Key Id you provided does not exist in our records.
So I generated a new set of credentials in the console and installed them with aws configure.
I ran aws configure list
and got
Name Value Type Location
---- ----- ---- --------
profile default manual --profile
access_key ****************CAGH shared-credentials-file
secret_key ****************uU0C shared-credentials-file
region eu-west-1 config-file ~/.aws/config
checked:
cat ~/.aws/credentials
which returned:
[default]
aws_access_key_id = ****************CAGH
aws_secret_access_key = ****************uU0C
amplify push continues to return the same message.
When I go back to the console and look at the user it says "access key age Today" - as opposed to 45 days ago (before I requested new credentials).
Any clues as to what else I can check please?
Try to check your configured 'profileName' in /amplify/.config/local-aws-info.json.
In my case, I was trying to run the push command using a different profile and that didn't work. Switching to the correct profile solved the issue.
It would appear the Inactive key associated with the user account was invalidating the Active key. To test the theory I reactivated the Inactive key. I've since delete the inactive key.
So it would seem to me that amplify doesn't see the non-primary key.
I would like to read an external file into MariaDB using the CONNECT engine. However, when trying to read from the file, I get an error message:
MariaDB [test]> create table test ( name varchar(100), team varchar(100) ) engine=CONNECT table_type=CSV file_name='/tmp/data.csv' header=1 sep_char=',' quoted=0;
Query OK, 0 rows affected (0.24 sec)
MariaDB [test]> select * from test;
ERROR 1296 (HY000): Got error 174 'Open() error 13 on /tmp/data.csv: Permission denied' from CONNECT
Checking the filesystem permissions gives me:
divingt#grisu ~ $ ls -l /tmp/data.csv
-rw-rw-rw- 1 divingt divingt 1658 Dec 31 13:59 /tmp/data.csv
So everybody should be able to read and write from the file.
Also in MYSQL the permissions allow for everything:
MariaDB [test]> SHOW GRANTS;
+------------------------------------------------------------------------------------------------+
| Grants for root#localhost |
+------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION |
| GRANT PROXY ON ''#'%' TO 'root'#'localhost' WITH GRANT OPTION |
+------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
I run a Linux Mint system.
Thanks a lot for any help.
It turns out that the reason was that apparmor prevented mysqld from reading from reading the file. Disabling it (or changing the permissions) solved the problem.
CDR was working before 19 march. Unfortunately i dont remember what kind of changes i made to configuration, but this exactly not changes to CDR config.
elastix 2.4.0
asterisk 11.7.0
mysql 5.0.95
elastix*CLI> cdr show status
Call Detail Record (CDR) settings
----------------------------------
Logging: Disabled
Mode: Simple
/etc/asterisk/cdr.conf
[general]
enable=yes
unanswered = yes
/etc/asterisk/cdr_mysql.conf
[global]
hostname = localhost
dbname=asteriskcdrdb
password = *MYPASSWROD*
user = asteriskcdruser
userfield=1
;port=3306
;sock=/tmp/mysql.sock
loguniqueid=yes
mysql> SHOW GRANTS FOR 'asteriskcdruser'#'localhost';
+-----------------------------------------------------------------------------------------------+
| Grants for asteriskcdruser#localhost |
+-----------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'asteriskcdruser'#'localhost' IDENTIFIED BY PASSWORD 'HASHHERE' |
| GRANT ALL PRIVILEGES ON `asteriskcdrdb`.* TO 'asteriskcdruser'#'localhost' |
+-----------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Try do
asterisk -rx " module reload"
For mysql info see
asterisk -rx "cdr mysql status"