惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
A
Arctic Wolf
S
Security Affairs
O
OpenAI News
SecWiki News
SecWiki News
TaoSecurity Blog
TaoSecurity Blog
H
Heimdal Security Blog
T
Threat Research - Cisco Blogs
Hacker News: Ask HN
Hacker News: Ask HN
N
News | PayPal Newsroom
Google Online Security Blog
Google Online Security Blog
C
Cisco Blogs
The Hacker News
The Hacker News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Privacy International News Feed
V
Vulnerabilities – Threatpost
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
T
Tenable Blog
T
The Exploit Database - CXSecurity.com
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Spread Privacy
Spread Privacy
人人都是产品经理
人人都是产品经理
www.infosecurity-magazine.com
www.infosecurity-magazine.com
V2EX - 技术
V2EX - 技术
L
LINUX DO - 最新话题
The GitHub Blog
The GitHub Blog
博客园 - 三生石上(FineUI控件)
T
The Blog of Author Tim Ferriss
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
The Cloudflare Blog
N
News and Events Feed by Topic
量子位
Google DeepMind News
Google DeepMind News
Application and Cybersecurity Blog
Application and Cybersecurity Blog
L
LINUX DO - 热门话题
P
Palo Alto Networks Blog
Stack Overflow Blog
Stack Overflow Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Attack and Defense Labs
Attack and Defense Labs
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Hacker News - Newest:
Hacker News - Newest: "LLM"
Apple Machine Learning Research
Apple Machine Learning Research
The Register - Security
The Register - Security
Microsoft Security Blog
Microsoft Security Blog
Know Your Adversary
Know Your Adversary
Webroot Blog
Webroot Blog

祈雨的笔记

安全多方计算MPC spark原理解析 kueue执行源码分析 spark on k8s执行源码分析 spark-operator源码解析 系统压测遇到的缓存击穿问题 我的世界PC与安卓联机 蚂蚁金服流量投放平台的AIG改造 G1大对象致Old区占用率高 日志打印导致接口响应率下跌分析 Groovy加载类导致OOM分析 ERROR日志打印导致CPU满载 记OceanBase死锁超时 应用发版期间服务响应超时 Ark Serverless初探 系统优化复盘一二三 Kong网关初探 API网关选型调研 CPU火焰图常用工具 配置中心选型调研 root操作Nginx导致用户组错误 基于Proxifier使用代理 FastJSON字段智能匹配踩坑 Nacos初探 记一次Nginx服务器CPU满荷载故障 基于券系统分库分表的思考 limit不参与SQL成本计算致索引失效 Linux常用性能监控命令 golang低版本http2偶现400 hostname in certificate didn't match 常见对称加密原理以及应用 tcp_tw_recycle引起的TCP握手失败 记一次mysql执行DDL导致锁表 mysql磁盘占用查看 mysql对text字段update致磁盘增长 elasticsearch报错index read-only TIME_WAIT与Http的Keep-Alive 记一次TIME_WAIT导致连接数报警 记一次生产事故OOM问题排查 redis分布式锁RedissonLock的实现细节 webservice复杂加密签名(2)java调用 webservice复杂加密签名(1)SoapUI mysql延时关联 利用中间人拦截实现APP内H5窜改 MySQL表字符集不同导致关联查询索引失效 通过SSH隧道远程办公 数据落盘方案 BeanDefinitionRegistryPostProcessor扩展 mysql空间索引 HTTPS攻击 spring循环依赖过程解析 elasticsearch性能优化 mysql IS NULL 使用索引 mysql字符集utf8mb4失效踩坑 常用加密算法 xml与javaBean转换 初探InnoDB MVCC源码实现 mysql索引原理 redis之list源码分析 redis之key过期源码分析 redis之string源码分析 redis之hash源码分析 线程池之ThreadPoolExecutor mysql数据页结构 Using temporary与Using filesort mysql回表致索引失效 springboot(28)HTTP连接池 定时任务之ScheduledThreadPoolExecutor elasticsearch常用script聚合 elasticsearch实现like查询 elasticsearch实现乐观锁 elasticsearch准实时原理 springboot(27)自定义缓存读写机制CachingConfigurerSupport optimizer tracing arthas常用命令 HTTP和HTTPS详解 redis集群选举机制 kafka消息重试 一点压力测试的经验 kafka架构概念 explain分析sql语句字段的解释 JVM问题分析处理手册 logstash过滤器(2)date logstash过滤器(3)dissect logstash编码器(1)json logstash编码器(2)multiline logstash表达式 logstash输入(1)通用选项 logstash输入(3)file logstash过滤器(1)通用选项 logstash输入(2)stdin logstash安装 记一次前端vConsole导致JSON序列化错误排查 解决多个异步操作嵌套问题 fastjson反序列化失败autoType is not support RTMP串流服务 POI自动调整列宽错误 Nginx+Lua实现动态黑名单 使用curl命令模拟POST和GET请求 ResponseEntity下载文件
The user specified as a definer does not exist
祈雨的笔记 · 2021-03-20 · via 祈雨的笔记

描述

mysql管理员给调用方创建了一个名为test的用户,并授权了指定host,效果如下:

1
2
3
4
5
6
7
8
mysql> select user,host from mysql.user where user = 'test';
+------+------------+
| user | host |
+------+------------+
| test | 172.17.0.2 |
| test | 172.17.0.3 |
+------+------------+
2 rows in set (0.01 sec)

随后管理员创建了名为test_proc的存储过程,但调用方使用test用户调用存储过程时报如下错误:

1
2
mysql> call test_proc;
ERROR 1449 (HY000): The user specified as a definer ('test'@'%') does not exist

复现

先创建名为test的用户,并授权指定host(不要授权%的host权限),再给予限定的SQL执行权限。

1
2
3
4
5
-- drop user test@'%';
CREATE USER 'test'@'172.17.0.2' IDENTIFIED BY '123456';
CREATE USER 'test'@'172.17.0.3' IDENTIFIED BY '123456';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, EXECUTE ON *.* TO 'test'@'172.17.0.2';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, EXECUTE ON *.* TO 'test'@'172.17.0.3';

创建名为test_proc的存储过程,并通过definer指明该存储过程的调用者权限为test用户。

1
2
3
4
5
6
delimiter ;;
CREATE definer='test' PROCEDURE test_proc()
BEGIN
select 1;
END ;;
delimiter ;

查看名为test_proc的存储过程,发现当definerhost值缺省时默认使用的%host值。

1
2
3
4
5
6
7
mysql> select routine_name,definer from information_schema.routines where routine_name='test_proc';
+--------------+---------+
| ROUTINE_NAME | DEFINER |
+--------------+---------+
| test_proc | test@% |
+--------------+---------+
1 row in set (0.00 sec)

definer='test'等效于'test'@'%'

1
2
3
4
5
6
delimiter ;;
CREATE definer='test'@'%' PROCEDURE test_proc()
BEGIN
select 1;
END ;;
delimiter ;
1
2
3
4
5
6
7
mysql> select routine_name,definer from information_schema.routines where routine_name='test_proc';
+--------------+---------+
| ROUTINE_NAME | DEFINER |
+--------------+---------+
| test_proc | test@% |
+--------------+---------+
1 row in set (0.00 sec)

最后调用名为test_proc的存储过程,mysql返回异常The user specified as a definer ('test'@'%') does not exist

1
2
mysql> call test_proc;
ERROR 1449 (HY000): The user specified as a definer ('test'@'%') does not exist

解决

create-procedure.html

1
2
3
4
5
> CREATE DEFINER = 'admin'@'localhost' PROCEDURE account_count()
> BEGIN
> SELECT 'Number of accounts:', COUNT(*) FROM mysql.user;
> END;
>

The procedure is assigned a DEFINER account of ‘admin’@’localhost’ no matter which user defines it. It executes with the privileges of that account no matter which user invokes it (because the default security characteristic is DEFINER). The procedure succeeds or fails depending on whether invoker has the EXECUTE privilege for it and ‘admin’@’localhost’ has the SELECT privilege for the mysql.user table.

无论哪个用户执行存储过程,都将以该存储过程的definer定义的用户来执行。由于存储过程创建时definer错误,导致该存储过程指定了一个不存在的用户,因此只需要将该不存在的用户创建出来或者修改存储过程,使其重新指定到一个已存在且有权限的用户即可。

创建缺失用户

1
2
3
4
5
6
7
mysql> select routine_name,definer from information_schema.routines where routine_name='test_proc';
+--------------+---------+
| ROUTINE_NAME | DEFINER |
+--------------+---------+
| test_proc | test@% |
+--------------+---------+
1 row in set (0.00 sec)
1
2
CREATE USER 'test'@'%' IDENTIFIED BY '123456';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, EXECUTE ON *.* TO 'test'@'%';
1
2
3
4
5
6
7
mysql> call test_proc;
+---+
| 1 |
+---+
| 1 |
+---+
1 row in set (0.00 sec)

修改DEFINER

为了修改definer,删除原先错误的存储过程,重新创建,并指定definer为当前用户。

1
2
3
4
5
6
7
mysql> select current_user();
+-----------------+
| current_user() |
+-----------------+
| test@172.17.0.2 |
+-----------------+
1 row in set (0.00 sec)
1
drop procedure test_proc;
1
2
3
4
5
6
delimiter ;;
CREATE definer='test'@'172.17.0.2' PROCEDURE test_proc()
BEGIN
select 1;
END ;;
delimiter ;
1
2
3
4
5
6
7
mysql> select routine_name,definer from information_schema.routines where routine_name='test_proc';
+--------------+-----------------+
| ROUTINE_NAME | DEFINER |
+--------------+-----------------+
| test_proc | test@172.17.0.2 |
+--------------+-----------------+
1 row in set (0.01 sec)
1
2
3
4
5
6
7
mysql> call test_proc;
+---+
| 1 |
+---+
| 1 |
+---+
1 row in set (0.00 sec)