| Server IP : 172.67.216.182 / Your IP : 172.71.81.229 Web Server : Apache System : Linux krdc-ubuntu-s-2vcpu-4gb-amd-blr1-01.localdomain 5.15.0-142-generic #152-Ubuntu SMP Mon May 19 10:54:31 UTC 2025 x86_64 User : www ( 1000) PHP Version : 7.4.33 Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /www/server/mysql/mysql-test/t/ |
Upload File : |
#
# WL#5706/Bug#58712/Bug#11746378
# Encrypt or remove passwords from slow, query, and binary logs
# (see sql/sql_rewrite.cc for bulk of implementation)
#
--source include/not_windows.inc
# For Bug#16467055 and friends:
--source include/not_embedded.inc
# make sure we start with a clean slate. log_tables.test says this is OK.
TRUNCATE TABLE mysql.slow_log;
SET @old_log_output= @@global.log_output;
SET @old_slow_query_log= @@global.slow_query_log;
SET @old_slow_query_log_file= @@global.slow_query_log_file;
SET @old_long_query_time= @@global.long_query_time;
--replace_result $MYSQLTEST_VARDIR ...
eval SET GLOBAL slow_query_log_file= '$MYSQLTEST_VARDIR/log/rewrite_slow.log';
SET GLOBAL log_output = 'FILE,TABLE';
SET GLOBAL slow_query_log= 'ON';
# The answer is obvious: log everything!
SET SESSION long_query_time= 0;
# Show that obfuscation applies to the slow log at all.
# If one applies, they all do, and we've already demonstrated the individual
# obfuscations above for the general log.
# 1.1.1.1
GRANT ALL on *.* TO test_user1 IDENTIFIED BY 'azundris1';
# 1.1.1.2
CREATE USER test_user2 IDENTIFIED BY 'azundris2';
# 1.1.1.3
--disable_warnings
CHANGE MASTER TO MASTER_PASSWORD='azundris3';
CHANGE MASTER TO MASTER_CONNECT_RETRY = 1, MASTER_HEARTBEAT_PERIOD = 1.01,
MASTER_LOG_FILE = 'master_log_name', MASTER_LOG_POS = 0,
MASTER_SSL = 0, MASTER_SSL_CA = 'ca_file_name',
MASTER_SSL_CAPATH = 'ca_directory_name',
MASTER_SSL_CERT = 'cert_file_name', MASTER_SSL_KEY = 'key_file_name',
MASTER_SSL_CIPHER = 'cipher_list', MASTER_SSL_VERIFY_SERVER_CERT = 0,
IGNORE_SERVER_IDS = (99,100);
# cleanup
CHANGE MASTER TO MASTER_CONNECT_RETRY = 1, MASTER_HEARTBEAT_PERIOD = 1.01,
MASTER_LOG_FILE = '', MASTER_LOG_POS = 0,
MASTER_SSL = 0, MASTER_SSL_CA = '',
MASTER_SSL_CAPATH = '',
MASTER_SSL_CERT = '', MASTER_SSL_KEY = '',
MASTER_SSL_CIPHER = '', MASTER_SSL_VERIFY_SERVER_CERT = 0,
IGNORE_SERVER_IDS = ( );
--enable_warnings
# 1.1.1.4
CREATE USER 'test_user4'@'localhost';
SET PASSWORD FOR 'test_user4'@'localhost' = 'azundris4';
# clean-up
SET SESSION long_query_time= @old_long_query_time;
SET GLOBAL slow_query_log='OFF';
DROP USER 'test_user4'@'localhost';
DROP USER test_user2;
DROP USER test_user1;
let $wait_condition= SELECT sql_text FROM mysql.slow_log WHERE sql_text LIKE "%SET PASSWORD FOR `test_user4`@`localhost`%";
--source include/wait_condition.inc
# show slow-logging to file is correct
CREATE TABLE test_log (sql_text TEXT);
--replace_result $MYSQLTEST_VARDIR ...
eval LOAD DATA LOCAL INFILE '$MYSQLTEST_VARDIR/log/rewrite_slow.log'
INTO TABLE test_log FIELDS TERMINATED BY '\n' LINES TERMINATED BY '\n';
# all passwords ('azundris%') must have been obfuscated -> empty result set
--echo This line should be followed by two SELECTs with empty result sets
SELECT sql_text FROM test_log WHERE sql_text LIKE CONCAT('%azun','dris%');
# same for logging to table
SELECT sql_text FROM mysql.slow_log WHERE sql_text LIKE CONCAT('%azun','dris%');
--echo ------ from file ------
SELECT sql_text FROM test_log WHERE sql_text like '%AS %';
SELECT sql_text FROM test_log WHERE sql_text like 'CHANGE MASTER TO MASTER_PASSWORD %';
SELECT sql_text FROM test_log WHERE sql_text like '%SET PASSWORD %';
--echo ------ from table ------
SELECT sql_text FROM mysql.slow_log WHERE sql_text like '%AS %';
SELECT sql_text FROM test_log WHERE sql_text like 'CHANGE MASTER TO MASTER_PASSWORD %';
SELECT sql_text FROM test_log WHERE sql_text like '%SET PASSWORD %';
--echo ------ done ------
DROP TABLE test_log;
--remove_file $MYSQLTEST_VARDIR/log/rewrite_slow.log
--echo End of 5.6 tests!
--echo #
--echo # Bug#16467055: GRANT STATEMENTS LOGGED TWICE IN SLOW QUERY LOG
--echo #
SET SESSION long_query_time= 0;
SET GLOBAL slow_query_log = 1;
SET GLOBAL log_output = 'TABLE';
TRUNCATE mysql.slow_log;
--exec $MYSQL -e "SET SESSION long_query_time=0; GRANT ALL PRIVILEGES ON *.* TO u16467055 IDENTIFIED BY 'meow';" test
let $wait_condition= SELECT "slow -->", sql_text FROM mysql.slow_log WHERE sql_text LIKE "%TO 'u16467055'%";
--source include/wait_condition.inc
DROP USER u16467055;
--echo End of 5.7 tests!
# clean-up
SET SESSION long_query_time= @old_long_query_time;
SET GLOBAL slow_query_log_file=@old_slow_query_log_file;
SET GLOBAL slow_query_log= @old_slow_query_log;
SET GLOBAL log_output= @old_log_output;