database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

make encrypt-binlog and encrypt-tmp-files to fail if no encryption

Browse Source 
--encrypt-binlog and --encrypt-tmp-files used to mean
"encrypt XXX if encryption is available, otherwise don't encrypt",
now they mean "encrypt or fail with an error".
This commit is contained in:
Sergei Golubchik
2015-09-08 17:07:34 +02:00
parent 39b46ae934
commit 7bd2f20e88
5 changed files with 39 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
sql/encryption.cc
View File

@@ -19,8 +19,6 @@
#include "sql_plugin.h" #include "sql_plugin.h"
#include <my_crypt.h> #include <my_crypt.h>
void init_io_cache_encryption();
/* there can be only one encryption plugin enabled */ /* there can be only one encryption plugin enabled */
static plugin_ref encryption_manager= 0; static plugin_ref encryption_manager= 0;
struct encryption_service_st encryption_handler; struct encryption_service_st encryption_handler;
@@ -81,8 +79,6 @@ int initialize_encryption_plugin(st_plugin_int *plugin)
encryption_handler.encryption_key_get_latest_version_func= encryption_handler.encryption_key_get_latest_version_func=
handle->get_latest_key_version; // must be the last handle->get_latest_key_version; // must be the last
init_io_cache_encryption();
return 0; return 0;
} }
@@ -100,7 +96,6 @@ int finalize_encryption_plugin(st_plugin_int *plugin)
if (encryption_manager) if (encryption_manager)
plugin_unlock(NULL, encryption_manager); plugin_unlock(NULL, encryption_manager);
encryption_manager= 0; encryption_manager= 0;
init_io_cache_encryption();
return 0; return 0;
} }

9
sql/log.cc
View File

@@ -3469,8 +3469,13 @@ bool MYSQL_BIN_LOG::open(const char *log_name,
if (encrypt_binlog) if (encrypt_binlog)
{ {
uint key_version= encryption_key_get_latest_version(ENCRYPTION_KEY_SYSTEM_DATA); uint key_version= encryption_key_get_latest_version(ENCRYPTION_KEY_SYSTEM_DATA);
if (key_version != ENCRYPTION_KEY_VERSION_INVALID && if (key_version == ENCRYPTION_KEY_VERSION_INVALID)
key_version != ENCRYPTION_KEY_NOT_ENCRYPTED) {
sql_print_error("Failed to enable encryption of binary logs");
goto err;
}
if (key_version != ENCRYPTION_KEY_NOT_ENCRYPTED)
{ {
if (my_random_bytes(crypto.nonce, sizeof(crypto.nonce))) if (my_random_bytes(crypto.nonce, sizeof(crypto.nonce)))
goto err; goto err;

31
sql/mf_iocache_encr.cc
View File

@@ -230,7 +230,7 @@ static int my_b_encr_write(IO_CACHE *info, const uchar *Buffer, size_t Count)
Note that encrypt_tmp_files variable is read-only. Note that encrypt_tmp_files variable is read-only.
*/ */
void init_io_cache_encryption() int init_io_cache_encryption()
{ {
if (encrypt_tmp_files) if (encrypt_tmp_files)
{ {
@@ -241,20 +241,23 @@ void init_io_cache_encryption()
keyid= ENCRYPTION_KEY_SYSTEM_DATA; keyid= ENCRYPTION_KEY_SYSTEM_DATA;
keyver= encryption_key_get_latest_version(keyid); keyver= encryption_key_get_latest_version(keyid);
} }
} if (keyver == ENCRYPTION_KEY_VERSION_INVALID)
else {
keyver= ENCRYPTION_KEY_VERSION_INVALID; sql_print_error("Failed to enable encryption of temporary files");
return 1;
}
if (keyver != ENCRYPTION_KEY_VERSION_INVALID) if (keyver != ENCRYPTION_KEY_NOT_ENCRYPTED)
{ {
sql_print_information("Using encryption key id %d for temporary files", keyid); sql_print_information("Using encryption key id %d for temporary files", keyid);
_my_b_encr_read= my_b_encr_read; _my_b_encr_read= my_b_encr_read;
_my_b_encr_write= my_b_encr_write; _my_b_encr_write= my_b_encr_write;
} return 0;
else }
{
_my_b_encr_read= 0;
_my_b_encr_write= 0;
} }
_my_b_encr_read= 0;
_my_b_encr_write= 0;
return 0;
} }

12
sql/mysqld.cc
View File

@@ -278,6 +278,8 @@ extern "C" sig_handler handle_fatal_signal(int sig);
#define ENABLE_TEMP_POOL 0 #define ENABLE_TEMP_POOL 0
#endif #endif
int init_io_cache_encryption();
/* Constants */ /* Constants */
#include <welcome_copyright_notice.h> // ORACLE_WELCOME_COPYRIGHT_NOTICE #include <welcome_copyright_notice.h> // ORACLE_WELCOME_COPYRIGHT_NOTICE
@@ -5231,6 +5233,9 @@ static int init_server_components()
} }
} }
if (init_io_cache_encryption())
unireg_abort(1);
if (opt_abort) if (opt_abort)
unireg_abort(0); unireg_abort(0);
@@ -5329,10 +5334,11 @@ static int init_server_components()
* but to be able to have mysql_mutex_assert_owner() in code, * but to be able to have mysql_mutex_assert_owner() in code,
* we do it anyway */ * we do it anyway */
mysql_mutex_lock(mysql_bin_log.get_log_lock()); mysql_mutex_lock(mysql_bin_log.get_log_lock());
if (mysql_bin_log.open(opt_bin_logname, LOG_BIN, 0, 0, int r= mysql_bin_log.open(opt_bin_logname, LOG_BIN, 0, 0,
WRITE_CACHE, max_binlog_size, 0, TRUE)) WRITE_CACHE, max_binlog_size, 0, TRUE);
unireg_abort(1);
mysql_mutex_unlock(mysql_bin_log.get_log_lock()); mysql_mutex_unlock(mysql_bin_log.get_log_lock());
if (r)
unireg_abort(1);
} }
#ifdef HAVE_REPLICATION #ifdef HAVE_REPLICATION

8
unittest/sql/mf_iocache-t.cc
View File

@@ -21,7 +21,7 @@
#define KEY_SIZE (128/8) #define KEY_SIZE (128/8)
my_bool encrypt_tmp_files; my_bool encrypt_tmp_files;
void init_io_cache_encryption(); int init_io_cache_encryption();
uint encryption_key_get_latest_version_func(uint) uint encryption_key_get_latest_version_func(uint)
{ {
@@ -79,7 +79,11 @@ struct encryption_service_st encryption_handler=
encryption_encrypted_length_func encryption_encrypted_length_func
}; };
void sql_print_information(const char *format, ...) void sql_print_information(const char *format, ...)
{
}
void sql_print_error(const char *format, ...)
{ {
} }