Releem
diff --git a/‎config/config.go‎
Lines changed: 1 addition & 1 deletion b/‎config/config.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎current_version_agent‎
Lines changed: 1 addition & 1 deletion b/‎current_version_agent‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎install.sh‎
Lines changed: 2 additions & 2 deletions b/‎install.sh‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎metrics/dbInfo.go‎
Lines changed: 68 additions & 24 deletions b/‎metrics/dbInfo.go‎
Lines changed: 68 additions & 24 deletions
diff --git a/‎mysqlconfigurer.sh‎
Lines changed: 2 additions & 2 deletions b/‎mysqlconfigurer.sh‎
Lines changed: 2 additions & 2 deletions
@@ -9,7 +9,7 @@ import (
 )
 
 const (
-ReleemAgentVersion = "1.21.1"
+ReleemAgentVersion = "1.21.2"
 )
 
 type Config struct {
 
@@ -1 +1 @@
-1.21.1
+1.21.2
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# install.sh - Version 1.21.1
+# install.sh - Version 1.21.2
 # (C) Releem, Inc 2022
 # All rights reserved
 
@@ -9,7 +9,7 @@ export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/
 # using the package manager.
 
 set -e -E
-install_script_version=1.21.1
+install_script_version=1.21.2
 logfile="/var/log/releem-install.log"
 
 WORKDIR="/opt/releem"
 
@@ -1,6 +1,8 @@
 package metrics
 
 import (
+"strings"
+
 "github.com/Releem/mysqlconfigurer/config"
 "github.com/Releem/mysqlconfigurer/models"
 "github.com/Releem/mysqlconfigurer/utils"
@@ -51,59 +53,101 @@ func security_recommendations(DbInfo *DbInfoGatherer) []models.MetricGroupValue
 var output_users []models.MetricGroupValue
 
 var password_column_exists, authstring_column_exists int
-err := models.DB.QueryRow("SELECT 1 FROM information_schema.columns WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME = 'password'").Scan(&password_column_exists)
-if err != nil {
-DbInfo.logger.Error(err)
-}
-err = models.DB.QueryRow("SELECT 1 FROM information_schema.columns WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME = 'authentication_string'").Scan(&authstring_column_exists)
-if err != nil {
-DbInfo.logger.Error(err)
-}
-// DbInfo.logger.Info(password_column_exists, authstring_column_exists)
+
+// New table schema available since mysql-5.7 and mariadb-10.2
+// But need to be checked
+models.DB.QueryRow("SELECT 1 FROM information_schema.columns WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME = 'password'").Scan(&password_column_exists)
+models.DB.QueryRow("SELECT 1 FROM information_schema.columns WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME = 'authentication_string'").Scan(&authstring_column_exists)
 PASS_COLUMN_NAME := "password"
 if password_column_exists == 1 && authstring_column_exists == 1 {
 PASS_COLUMN_NAME = "IF(plugin='mysql_native_password', authentication_string, password)"
 } else if authstring_column_exists == 1 {
 PASS_COLUMN_NAME = "authentication_string"
 } else if password_column_exists != 1 {
+DbInfo.logger.Info("Skipped due to none of known auth columns exists")
 return output_users
 }
-DbInfo.logger.Info(PASS_COLUMN_NAME)
+DbInfo.logger.Info("Password column = ", PASS_COLUMN_NAME)
 
-var Username, User, Host, Blank_Password, Password_As_User string
-rows_users, err := models.DB.Query("SELECT CONCAT(QUOTE(user), '\\@', QUOTE(host)), user, host, (" + PASS_COLUMN_NAME + " = '' OR " + PASS_COLUMN_NAME + " IS NULL) as Blank_Password, (CAST(" + PASS_COLUMN_NAME + " as Binary) = PASSWORD(user) OR CAST(" + PASS_COLUMN_NAME + " as Binary) = PASSWORD(UPPER(user)) ) as Password_As_User FROM mysql.user")
-if err != nil || rows_users.Next() == false {
-DbInfo.logger.Error(err)
-rows_users, err = models.DB.Query("SELECT CONCAT(QUOTE(user), '\\@', QUOTE(host)), user, host, (" + PASS_COLUMN_NAME + " = '' OR " + PASS_COLUMN_NAME + " IS NULL) as Blank_Password, (CAST(" + PASS_COLUMN_NAME + " as Binary) = CONCAT('*',UPPER(SHA1(UNHEX(SHA1(user))))) OR CAST(" + PASS_COLUMN_NAME + " as Binary) = CONCAT('*',UPPER(SHA1(UNHEX(SHA1(UPPER(user)))))) ) as Password_As_User FROM mysql.user")
+var Username, User, Host, Password_As_User string
+rows_users, err := models.DB.Query("SELECT CONCAT(QUOTE(user), '@', QUOTE(host)), user, host, (CAST(" + PASS_COLUMN_NAME + " as Binary) = PASSWORD(user) OR CAST(" + PASS_COLUMN_NAME + " as Binary) = PASSWORD(UPPER(user)) ) as Password_As_User FROM mysql.user")
+if err != nil || !rows_users.Next() {
+if strings.Contains(err.Error(), "Error 1064 (42000): You have an error in your SQL syntax") {
+DbInfo.logger.Info("PASSWORD() function is not supported. Try another query...")
+} else {
+DbInfo.logger.Error(err)
+}
+rows_users, err = models.DB.Query("SELECT CONCAT(QUOTE(user), '@', QUOTE(host)), user, host, (CAST(" + PASS_COLUMN_NAME + " as Binary) = CONCAT('*',UPPER(SHA1(UNHEX(SHA1(user))))) OR CAST(" + PASS_COLUMN_NAME + " as Binary) = CONCAT('*',UPPER(SHA1(UNHEX(SHA1(UPPER(user)))))) ) as Password_As_User FROM mysql.user")
 if err != nil {
 DbInfo.logger.Error(err)
-return output_users
 }
 defer rows_users.Close()
 for rows_users.Next() {
-err := rows_users.Scan(&Username, &User, &Host, &Blank_Password, &Password_As_User)
+err := rows_users.Scan(&Username, &User, &Host, &Password_As_User)
 if err != nil {
 DbInfo.logger.Error(err)
-continue
+} else {
+output_users = append(output_users, models.MetricGroupValue{"Username": Username, "User": User, "Host": Host, "Password_As_User": Password_As_User})
 }
-output_users = append(output_users, models.MetricGroupValue{"Username": Username, "User": User, "Host": Host, "Blank_Password": Blank_Password, "Password_As_User": Password_As_User})
 }
 } else {
 defer rows_users.Close()
-err := rows_users.Scan(&Username, &User, &Host, &Blank_Password, &Password_As_User)
+err := rows_users.Scan(&Username, &User, &Host, &Password_As_User)
 if err != nil {
 DbInfo.logger.Error(err)
 } else {
-output_users = append(output_users, models.MetricGroupValue{"Username": Username, "User": User, "Host": Host, "Blank_Password": Blank_Password, "Password_As_User": Password_As_User})
+output_users = append(output_users, models.MetricGroupValue{"Username": Username, "User": User, "Host": Host, "Password_As_User": Password_As_User})
 }
 for rows_users.Next() {
-err := rows_users.Scan(&Username, &User, &Host, &Blank_Password, &Password_As_User)
+err := rows_users.Scan(&Username, &User, &Host, &Password_As_User)
 if err != nil {
 DbInfo.logger.Error(err)
-continue
+} else {
+output_users = append(output_users, models.MetricGroupValue{"Username": Username, "User": User, "Host": Host, "Password_As_User": Password_As_User})
 }
-output_users = append(output_users, models.MetricGroupValue{"Username": Username, "User": User, "Host": Host, "Blank_Password": Blank_Password, "Password_As_User": Password_As_User})
 }
 }
+
+output_user_blank_password := make(models.MetricGroupValue)
+rows_users, err = models.DB.Query("SELECT CONCAT(QUOTE(user), '@', QUOTE(host)) FROM mysql.global_priv WHERE ( user != '' AND JSON_CONTAINS(Priv, '\"mysql_native_password\"', '$.plugin') AND JSON_CONTAINS(Priv, '\"\"', '$.authentication_string') AND NOT JSON_CONTAINS(Priv, 'true', '$.account_locked'))")
+if err != nil {
+if strings.Contains(err.Error(), "Error 1146 (42S02): Table 'mysql.global_priv' doesn't exist") {
+DbInfo.logger.Info("Not MariaDB, try another query...")
+} else {
+DbInfo.logger.Error(err)
+}
+rows_users, err = models.DB.Query("SELECT CONCAT(QUOTE(user), '@', QUOTE(host)) FROM mysql.user WHERE (" + PASS_COLUMN_NAME + " = '' OR " + PASS_COLUMN_NAME + " IS NULL) AND user != '' /*!50501 AND plugin NOT IN ('auth_socket', 'unix_socket', 'win_socket', 'auth_pam_compat') */ /*!80000 AND account_locked = 'N' AND password_expired = 'N' */")
+if err != nil {
+DbInfo.logger.Error(err)
+}
+defer rows_users.Close()
+for rows_users.Next() {
+err := rows_users.Scan(&Username)
+if err != nil {
+DbInfo.logger.Error(err)
+} else {
+output_user_blank_password[Username] = 1
+}
+}
+} else {
+defer rows_users.Close()
+for rows_users.Next() {
+err := rows_users.Scan(&Username)
+if err != nil {
+DbInfo.logger.Error(err)
+} else {
+output_user_blank_password[Username] = 1
+}
+}
+}
+
+for i, user := range output_users {
+if _, ok := output_user_blank_password[user["Username"].(string)]; ok {
+output_users[i]["Blank_Password"] = 1
+} else {
+output_users[i]["Blank_Password"] = 0
+}
+}
+
 return output_users
 }
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# mysqlconfigurer.sh - Version 1.21.1
+# mysqlconfigurer.sh - Version 1.21.2
 # (C) Releem, Inc 2022
 # All rights reserved
 
@@ -15,7 +15,7 @@ MYSQLTUNER_REPORT=$MYSQLCONFIGURER_PATH"mysqltunerreport.json"
 RELEEM_MYSQL_VERSION=$MYSQLCONFIGURER_PATH"mysql_version"
 MYSQLCONFIGURER_CONFIGFILE="${MYSQLCONFIGURER_PATH}${MYSQLCONFIGURER_FILE_NAME}"
 MYSQL_MEMORY_LIMIT=0
-VERSION="1.21.1"
+VERSION="1.21.2"
 RELEEM_INSTALL_PATH=$MYSQLCONFIGURER_PATH"install.sh"
 logfile="/var/log/releem-mysqlconfigurer.log"
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ import (`
`9`	`9`	`)`
`10`	`10`
`11`	`11`	`const (`
`12`		`-ReleemAgentVersion = "1.21.1"`
	`12`	`+ReleemAgentVersion = "1.21.2"`
`13`	`13`	`)`
`14`	`14`
`15`	`15`	`type Config struct {`