User Management SSL options discrepancies #2139
Description
Description
Hey everyone,
I encountered some errors while initially testing the user management in HeidiSQL.
Note: This bug report is specific for MySQL/MariaDB.
I've not tested it on any other database models at this time.
The main problem is that HeidiSQL tries to use the query GRANT when i want to create or edit a user that uses or should use custom SSL options. GRANT is not compatible to directly define requirements in connection with the REQUIRE query. Below, I demonstrate the issues that occur and list the situations where they occur.
HeidiSQL version
12.10.0.7033 (64 Bit)
Database server version
not necessary
Reproduction recipe
Situation 1
I want to create a user "test" for host "localhost" without password and with custom SSL options.
SSL Options
CIPHER = "ECDHE-RSA-AES256-GCM-SHA384"
ISSUER = "testCA"
SUBJECT = "testCN"
Problem 1: HeidiSQL creates the user in a single query. In another query it tries to GRANT USAGE... with REQUIRE of the ssl options (not possible due to wrong syntax).
Problem 2: the AND's between the "Requirements" are missing. Therefore, it wouldn't even work if the REQUIRE would be attached to the CREATE statement.
See Attachment 1 to understand better:
Situation 2
I want to edit (alter) a user "test" for host "localhost" without password and with custom SSL options.
SSL Options
CIPHER = "ECDHE-RSA-AES256-GCM-SHA384"
ISSUER = "testCA"
SUBJECT = "testCN"
Problem 1: HeidiSQL runs a query and tries to execute GRANT USAGE... with REQUIRE of the ssl options (not possible due to wrong syntax). It instead should ALTER the user with the REQUIRE attached.
Problem 2: the AND's between the "Requirements" are missing again.
See Attachment 2 to understand better:
Dev Note
When i run the (syntax-right) suggested queries manually for Situation 1 or 2, it works without any problem.
So, for Situation 1: CREATE USER 'test'@'localhost' REQUIRE CIPHER 'ECDHE-RSA-AES256-GCM-SHA384' AND ISSUER 'testCA' AND SUBJECT 'testCN';
And for Situation 2: ALTER USER 'test'@'localhost' REQUIRE CIPHER 'ECDHE-RSA-AES256-GCM-SHA384' AND ISSUER 'testCA' AND SUBJECT 'testCN';
Error/Backtrace
Error on both situations:
/* SQL-Error (1064): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'REQUIRE CIPHER 'ECDHE-RSA-AES256-GCM-SHA384' ISSUER 'testCA' SUBJECT 'testCN'' at line 1 */
This is because of the wrong syntax.