diff options
author | Oliver Mueller <oliver@teqneers.de> | 2018-03-22 11:07:48 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2018-03-22 11:07:48 +0300 |
commit | 7e0b300e27d6427ce85606d448aceafb107540ed (patch) | |
tree | f91d041b3d93853288036e1864c86e8c1f4e3297 /include/tests_databases | |
parent | 9bd0a92980a96ee120b470b9d890dfeebb832725 (diff) |
Issue/288 (#530)
* enhanced check "DBS-1816: mysql root user with empty password" to avoid false positived when authentication plugins are used
* fixed indent to spaces
Diffstat (limited to 'include/tests_databases')
-rw-r--r-- | include/tests_databases | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/include/tests_databases b/include/tests_databases index 74e25f19..b223cd8b 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -75,12 +75,15 @@ Register --test-no DBS-1816 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Checking MySQL root password" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Trying to login to local MySQL server without password" - FIND=$(${MYSQLCLIENTBINARY} -u root --password= --silent --batch --execute="" 2> /dev/null; echo $?) - if [ "${FIND}" = "0" ]; then - LogText "Result: Login succeeded, no MySQL root password set!" - ReportWarning ${TEST_NO} "No MySQL root password set" - Display --indent 4 --text "- Checking empty MySQL root password" --result "${STATUS_WARNING}" --color RED - AddHP 0 5 + + # "-u root --password=" avoids ~/.my.cnf authentication settings + # "plugin = 'mysql_native_password' AND authentication_string = ''" avoids false positives when secure plugins are used + FIND=$(${MYSQLCLIENTBINARY} --no-defaults -u root --password= --silent --batch --execute="SELECT count(*) FROM mysql.user WHERE user = 'root' AND plugin = 'mysql_native_password' AND authentication_string = ''" mysql 2>/dev/null) + if [ "${FIND}" > "0" ]; then + LogText "Result: Login succeeded, no MySQL root password set!" + ReportWarning ${TEST_NO} "No MySQL root password set" + Display --indent 4 --text "- Checking empty MySQL root password" --result "${STATUS_WARNING}" --color RED + AddHP 0 5 else LogText "Result: Login did not succeed, so a MySQL root password is set" if IsVerbose; then Display --indent 4 --text "- Checking MySQL root password" --result "${STATUS_OK}" --color GREEN; fi |