Commit 01094b13 authored by monty@hundin.mysql.fi's avatar monty@hundin.mysql.fi

Merge work:/home/bk/mysql-4.0 into hundin.mysql.fi:/my/bk/mysql-4.0

parents 1815e2de e5e6d0b1
......@@ -49550,6 +49550,9 @@ GRANT ... WITH MAX_QUERIES_PER_HOUR = N1
MAX_CONNECTIONS_PER_HOUR = N3;
@end example
@xref{User resources}.
@item
Added @code{mysql_secure_installation} to the @file{scripts/} directory.
@end itemize
@node News-4.0.1, News-4.0.0, News-4.0.2, News-4.0.x
......@@ -771,7 +771,7 @@ AC_MSG_CHECKING(for OpenSSL)
AC_DEFUN(MYSQL_CHECK_MYSQLFS, [
AC_ARG_WITH([mysqlfs],
[\
[
--with-mysqlfs Include the corba-based MySQL file system],
[mysqlfs="$withval"],
[mysqlfs=no])
......@@ -821,7 +821,7 @@ AC_SUBST(orbit_idl)
])
AC_DEFUN([MYSQL_CHECK_ISAM], [
AC_ARG_WITH([isam], [\
AC_ARG_WITH([isam], [
--without-isam Disable the ISAM table type],
[with_isam="$withval"],
[with_isam=yes])
......
......@@ -367,6 +367,7 @@ AC_PATH_PROG(HOSTNAME, hostname, hostname)
# Check for a GNU tar named 'gtar', or 'gnutar' (MacOS X) and
# fall back to 'tar' otherwise and hope that it's a GNU tar as well
AC_CHECK_PROGS(TAR, gnutar gtar tar)
dnl We use a path for perl so the script startup works
dnl We make sure to use perl, not perl5, in hopes that the RPMs will
dnl not depend on the perl5 binary being installed (probably a bug in RPM)
......@@ -453,7 +454,11 @@ fi
NOINST_LDFLAGS=
AC_ARG_WITH(other-libc,
[ --with-other-libc=/path/to/other/libc/dir Link against libc and other standard libraries installed in the specified non-standard location overriding default. Originally added to be able to link against glibc 2.2 without making the user upgrade the standard libc installation ],
[ --with-other-libc=DIR Link against libc and other standard libraries
installed in the specified non-standard location
overriding default. Originally added to be able to
link against glibc 2.2 without making the user
upgrade the standard libc installation.],
[
other_libc_include="$withval/include"
other_libc_lib="$withval/lib"
......@@ -504,7 +509,6 @@ AC_SUBST(NOINST_LDFLAGS)
AC_ARG_WITH(server-suffix,
[ --with-server-suffix Append value to the version string.],
# I heard that 'cut' isn't portable. Isn't there a better way?
[ MYSQL_SERVER_SUFFIX=`echo "$withval" | sed -e 's/^\(...................................\)..*$/\1/'` ],
[ MYSQL_SERVER_SUFFIX= ]
)
......@@ -629,11 +633,10 @@ AC_ARG_WITH(mysqld-user,
)
AC_SUBST(MYSQLD_USER)
# If we should allove LOAD DATA LOCAL
# If we should allow LOAD DATA LOCAL
AC_MSG_CHECKING(if we should should enable LOAD DATA LOCAL by default)
AC_ARG_ENABLE(local-infile,
[ --enable-local-infile
Enable LOAD DATA LOCAL INFILE (default: disabled)],
[ --enable-local-infile Enable LOAD DATA LOCAL INFILE (default: disabled)],
[ ENABLED_LOCAL_INFILE=$enableval ],
[ ENABLED_LOCAL_INFILE=no ]
)
......@@ -1000,9 +1003,9 @@ then
if test "$IS_LINUX" = "true"
then
AC_MSG_ERROR([This is a linux system and Linuxthreads was not
found. On linux Linuxthreads should be used. So install Linuxthreads
found. On linux Linuxthreads should be used. Please install Linuxthreads
(or a new glibc) and try again. See the Installation chapter in the
Reference Manual.])
Reference Manual for more information.])
else
AC_MSG_CHECKING("DEC threads")
if test -f /usr/shlib/libpthread.so -a -f /usr/lib/libmach.a -a -f /usr/ccs/lib/cmplrs/cc/libexc.a
......@@ -1360,6 +1363,7 @@ else
DEBUG_OPTIMIZE_CXX=""
OPTIMIZE_CXXFLAGS="-O"
fi
AC_ARG_WITH(debug,
[ --without-debug Build a production version without debugging code],
[with_debug=$withval],
......@@ -1743,7 +1747,7 @@ then
AC_DEFINE(HAVE_READDIR_R)
fi
# Check definition av posix sigwait()
# Check definition of posix sigwait()
AC_CACHE_CHECK("style of sigwait", mysql_cv_sigwait,
AC_TRY_LINK(
[#if !defined(SCO) && !defined(__osf__)
......@@ -1766,7 +1770,7 @@ fi
if test "$mysql_cv_sigwait" != "POSIX"
then
unset mysql_cv_sigwait
# Check definition av posix sigwait()
# Check definition of posix sigwait()
AC_CACHE_CHECK("style of sigwait", mysql_cv_sigwait,
AC_TRY_LINK(
[#if !defined(SCO) && !defined(__osf__)
......@@ -1944,8 +1948,11 @@ CHARSETS_DEPRECATED="win1251"
DEFAULT_CHARSET=latin1
AC_DIVERT_POP
dnl fix this later..
dnl [ --with-charset=CHARSET Use CHARSET by default (one of: $CHARSETS_AVAILABLE; Default is $DEFAULT_CHARSET)],
AC_ARG_WITH(charset,
[ --with-charset=CHARSET Use CHARSET by default (one of: $CHARSETS_AVAILABLE; Default is $DEFAULT_CHARSET)],
[ --with-charset=CHARSET Use CHARSET by default (Default is latin1)],
[default_charset="$withval"],
[default_charset="$DEFAULT_CHARSET"])
......
......@@ -22,6 +22,7 @@ bin_SCRIPTS = @server_scripts@ \
mysql_fix_privilege_tables \
mysql_fix_extensions \
mysql_setpermission \
mysql_secure_installation \
mysql_zap \
mysqlaccess \
mysqlbug \
......@@ -39,6 +40,7 @@ EXTRA_SCRIPTS = make_binary_distribution.sh \
mysql_fix_extensions.sh \
mysql_install_db.sh \
mysql_setpermission.sh \
mysql_secure_installation.sh \
mysql_zap.sh \
mysqlaccess.sh \
mysqlbug.sh \
......@@ -65,6 +67,7 @@ CLEANFILES = @server_scripts@ \
mysql_fix_privilege_tables \
mysql_fix_extensions \
mysql_setpermission \
mysql_secure_installation \
mysql_zap \
mysqlaccess \
mysql_convert_table_format \
......
#!/bin/sh
# Copyright (C) 2002 MySQL AB and Jeremy Cole
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
config=".my.cnf.$$"
command=".mysql.$$"
trap "interrupt" 2
rootpass=""
prepare() {
touch $config $command
chmod 600 $config $command
}
do_query() {
echo $1 >$command
mysql --defaults-file=$config <$command
return $?
}
make_config() {
echo "# mysql_secure_installation config file" >$config
echo "[mysql]" >>$config
echo "user=root" >>$config
echo "password=$rootpass" >>$config
}
get_root_password() {
status=1
while [ $status -eq 1 ]; do
stty -echo
echo -n "Enter current password for root (enter for none): "
read password
echo
stty echo
if [ "x$password" = "x" ]; then
hadpass=0
else
hadpass=1
fi
rootpass=$password
make_config
do_query ""
status=$?
done
echo "OK, successfully used password, moving on..."
echo
}
set_root_password() {
stty -echo
echo -n "New password: "
read password1
echo
echo -n "Re-enter new password: "
read password2
echo
stty echo
if [ "$password1" != "$password2" ]; then
echo "Sorry, passwords do not match."
echo
return 1
fi
if [ "$password1" = "" ]; then
echo "Sorry, you can't use an empty password here."
echo
return 1
fi
do_query "SET PASSWORD FOR root=PASSWORD('$password1');"
if [ $? -eq 0 ]; then
echo "Password updated successfully!"
echo
rootpass=$password1
make_config
else
echo "Password update failed!"
exit 1
fi
return 0
}
remove_anonymous_users() {
do_query "DELETE FROM mysql.user WHERE User='';"
if [ $? -eq 0 ]; then
echo " ... Success!"
else
echo " ... Failed!"
exit 1
fi
return 0
}
remove_remote_root() {
do_query "DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';"
if [ $? -eq 0 ]; then
echo " ... Success!"
else
echo " ... Failed!"
fi
}
remove_test_database() {
echo " - Dropping test database..."
do_query "DROP DATABASE test;"
if [ $? -eq 0 ]; then
echo " ... Success!"
else
echo " ... Failed! Not critical, keep moving..."
fi
echo " - Removing privileges on test database..."
do_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
if [ $? -eq 0 ]; then
echo " ... Success!"
else
echo " ... Failed! Not critical, keep moving..."
fi
return 0
}
reload_privilege_tables() {
do_query "FLUSH PRIVILEGES;"
if [ $? -eq 0 ]; then
echo " ... Success!"
else
echo " ... Failed!"
fi
return 0
}
interrupt() {
echo
echo "Aborting!"
echo
cleanup
stty echo
exit 1
}
cleanup() {
echo "Cleaning up..."
rm -f $config $command
}
# The actual script starts here
prepare
echo
echo
echo
echo
echo "NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL"
echo " SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!"
echo
echo
echo "In order to log into MySQL to secure it, we'll need the current"
echo "password for the root user. If you've just installed MySQL, and"
echo "you haven't set the root password yet, the password will be blank,"
echo "so you should just press enter here."
echo
get_root_password
#
# Set the root password
#
echo "Setting the root password ensures that nobody can log into the MySQL"
echo "root user without the proper authorisation."
echo
if [ $hadpass -eq 0 ]; then
echo -n "Set root password? [Y/n] "
else
echo "You already have a root password set, so you can safely answer 'n'."
echo
echo -n "Change the root password? [Y/n] "
fi
read reply
if [ "$reply" = "n" ]; then
echo " ... skipping."
else
status=1
while [ $status -eq 1 ]; do
set_root_password
status=$?
done
fi
echo
#
# Remove anonymous users
#
echo "By default, a MySQL installation has an anonymous user, allowing anyone"
echo "to log into MySQL without having to have a user account created for"
echo "them. This is intended only for testing, and to make the installation"
echo "go a bit smoother. You should remove them before moving into a"
echo "production environment."
echo
echo -n "Remove anonymous users? [Y/n] "
read reply
if [ "$reply" = "n" ]; then
echo " ... skipping."
else
remove_anonymous_users
fi
echo
#
# Disallow remote root login
#
echo "Normally, root should only be allowed to connect from 'localhost'. This"
echo "ensures that someone cannot guess at the root password from the network."
echo
echo -n "Disallow root login remotely? [Y/n] "
read reply
if [ "$reply" = "n" ]; then
echo " ... skipping."
else
remove_remote_root
fi
echo
#
# Remove test database
#
echo "By default, MySQL comes with a database named 'test' that anyone can"
echo "access. This is also intended only for testing, and should be removed"
echo "before moving into a production environment."
echo
echo -n "Remove test database and access to it? [Y/n] "
read reply
if [ "$reply" = "n" ]; then
echo " ... skipping."
else
remove_test_database
fi
echo
#
# Reload privilege tables
#
echo "Reloading the privilege tables will ensure that all changes made so far"
echo "will take effect immediately."
echo
echo -n "Reload privilege tables now? [Y/n] "
read reply
if [ "$reply" = "n" ]; then
echo " ... skipping."
else
reload_privilege_tables
fi
echo
cleanup
echo
echo
echo
echo "All done! If you've completed all of the above steps, your MySQL"
echo "installation should now be secure."
echo
echo "Thanks for using MySQL!"
echo
echo
......@@ -316,7 +316,10 @@ int ha_commit_trans(THD *thd, THD_TRANS* trans)
sql_print_error("Error: Got error during commit; Binlog is not up to date!");
thd->tx_isolation=thd->session_tx_isolation;
if (operation_done)
{
statistic_increment(ha_commit_count,&LOCK_status);
thd->transaction.cleanup();
}
}
#endif // using transactions
DBUG_RETURN(error);
......@@ -361,7 +364,10 @@ int ha_rollback_trans(THD *thd, THD_TRANS *trans)
thd->transaction.trans_log.end_of_file= max_binlog_cache_size;
thd->tx_isolation=thd->session_tx_isolation;
if (operation_done)
{
statistic_increment(ha_rollback_count,&LOCK_status);
thd->transaction.cleanup();
}
}
#endif /* USING_TRANSACTIONS */
DBUG_RETURN(error);
......
......@@ -1073,7 +1073,8 @@ void Query_cache::invalidate(CHANGED_TABLE_LIST *tables_used)
{
invalidate_table((byte*) tables_used->key, tables_used->key_length);
DBUG_PRINT("qcache", (" db %s, table %s", tables_used->key,
tables_used->table_name));
tables_used->key+
strlen(tables_used->key)+1));
}
}
STRUCT_UNLOCK(&structure_guard_mutex);
......@@ -1994,7 +1995,7 @@ Query_cache_block *
Query_cache::allocate_block(ulong len, my_bool not_less, ulong min,
my_bool under_guard)
{
DBUG_ENTER("Query_cache::allocate_n_lock_block");
DBUG_ENTER("Query_cache::allocate_block");
DBUG_PRINT("qcache", ("len %lu, not less %d, min %lu, uder_guard %d",
len, not_less,min,under_guard));
......@@ -3060,7 +3061,8 @@ my_bool Query_cache::check_integrity(bool not_locked)
DBUG_PRINT("qcache", ("block 0x%lx, type %u...",
(ulong) block, (uint) block->type));
// Check allignment
if ((ulonglong)block % ALIGN_SIZE(1))
if ((((ulonglong)block) % (ulonglong)ALIGN_SIZE(1)) !=
(((ulonglong)first_block) % (ulonglong)ALIGN_SIZE(1)))
{
DBUG_PRINT("error",
("block 0x%lx do not aligned by %d", (ulong) block,
......
......@@ -345,11 +345,7 @@ CHANGED_TABLE_LIST* THD::changed_table_dup(TABLE *table)
ALIGN_SIZE(sizeof(CHANGED_TABLE_LIST)));
new_table->next = 0;
new_table->key_length = table->key_length;
uint32 db_len = ((new_table->table_name =
::strmake(new_table->key, table->table_cache_key,
table->key_length) + 1) - new_table->key);
::memcpy(new_table->key + db_len, table->table_cache_key + db_len,
table->key_length - db_len);
::memcpy(new_table->key, table->table_cache_key, table->key_length);
return new_table;
}
......
......@@ -2432,7 +2432,6 @@ mysql_execute_command(void)
}
else
res= -1;
thd->transaction.cleanup();
break;
}
case SQLCOM_ROLLBACK:
......@@ -2447,7 +2446,6 @@ mysql_execute_command(void)
else
res= -1;
thd->options&= ~(ulong) (OPTION_BEGIN | OPTION_STATUS_NO_TRANS_UPDATE);
thd->transaction.cleanup();
break;
default: /* Impossible */
send_ok(&thd->net);
......
......@@ -154,7 +154,7 @@ typedef struct st_table_list {
typedef struct st_changed_table_list {
struct st_changed_table_list *next;
char *key, *table_name;
char *key;
uint32 key_length;
} CHANGED_TABLE_LIST;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment