database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-09-02 09:41:40 +03:00
Code Activity

Implemented replication over SSL

Browse Source 
Added proper options to CHANGE MASTER TO, new fields to SHOW SLAVE STATUS,
 Honoring this parameters during connection to master.
 Introduced new format of master.info file


include/mysqld_error.h:
  Added error code for "slave without SSL ignored SSL params warning"
mysql-test/Makefile.am:
  Copy files required for rpl_openssl test during the make process
mysql-test/r/rpl000015.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_empty_master_crash.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_flush_log_loop.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_log.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_log_pos.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_redirect.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_replicate_do.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_rotate_logs.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
sql/lex.h:
  Added MASTER_SSL lexems for CHANGE MASTER
sql/mysqld.cc:
  Added --master-ssl-ca parameter. Fixed description of other master-ssl parameters
sql/repl_failsafe.cc:
  Added SSL support to connect_to_master()
sql/share/czech/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/danish/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/dutch/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/english/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/estonian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/french/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/german/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/greek/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/hungarian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/italian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/japanese/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/korean/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/norwegian-ny/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/norwegian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/polish/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/portuguese/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/romanian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/russian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/serbian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/slovak/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/spanish/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/swedish/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/ukrainian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/slave.cc:
  Introduced new format of master.info file
  Added support of SSL params in master.info and SHOW SLAVE STATUS
  Added support of SSL connections
sql/slave.h:
  Added SSL parameters to MASTER_INFO
sql/sql_lex.h:
  Added SSL parameters for CHANGE MASTER TO
sql/sql_repl.cc:
  Added SSL parameters for CHANGE MASTER TO
sql/sql_yacc.yy:
  Added SSL parameters for CHANGE MASTER TO
This commit is contained in:
unknown
2003-09-01 15:16:20 +04:00
parent 79fea68bd7
commit 8a548ffd9c
43 changed files with 397 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sql/lex.h
View File

@@ -249,6 +249,12 @@ static SYMBOL symbols[] = {
{ "MASTER_PASSWORD", SYM(MASTER_PASSWORD_SYM),0,0},
{ "MASTER_PORT", SYM(MASTER_PORT_SYM),0,0},
{ "MASTER_SERVER_ID", SYM(MASTER_SERVER_ID_SYM),0,0},
{ "MASTER_SSL", SYM(MASTER_SSL_SYM),0,0},
{ "MASTER_SSL_CA", SYM(MASTER_SSL_CA_SYM),0,0},
{ "MASTER_SSL_CAPATH",SYM(MASTER_SSL_CAPATH_SYM),0,0},
{ "MASTER_SSL_CERT", SYM(MASTER_SSL_CERT_SYM),0,0},
{ "MASTER_SSL_CIPHER",SYM(MASTER_SSL_CIPHER_SYM),0,0},
{ "MASTER_SSL_KEY", SYM(MASTER_SSL_KEY_SYM),0,0},
{ "MASTER_USER", SYM(MASTER_USER_SYM),0,0},
{ "MAX_ROWS", SYM(MAX_ROWS),0,0},
{ "MAX_QUERIES_PER_HOUR", SYM(MAX_QUERIES_PER_HOUR), 0,0},

32
sql/mysqld.cc
View File

@@ -359,15 +359,15 @@ pthread_t signal_thread;
pthread_attr_t connection_attrib;
/* replication parameters, if master_host is not NULL, we are a slave */
my_bool master_ssl;
uint master_port= MYSQL_PORT, master_connect_retry = 60;
uint report_port= MYSQL_PORT;
ulong master_retry_count=0;
char *master_user, *master_password, *master_host, *master_info_file;
char *relay_log_info_file, *master_ssl_key, *master_ssl_cert;
char *master_ssl_capath, *master_ssl_cipher, *report_user;
char *report_password, *report_host;
char *relay_log_info_file, *report_user, *report_password, *report_host;
char *opt_relay_logname = 0, *opt_relaylog_index_name=0;
my_bool master_ssl;
char *master_ssl_key, *master_ssl_cert;
char *master_ssl_ca, *master_ssl_capath, *master_ssl_cipher;
/* Static variables */
@@ -3389,7 +3389,7 @@ enum options
OPT_MASTER_RETRY_COUNT,
OPT_MASTER_SSL, OPT_MASTER_SSL_KEY,
OPT_MASTER_SSL_CERT, OPT_MASTER_SSL_CAPATH,
OPT_MASTER_SSL_CIPHER,
OPT_MASTER_SSL_CIPHER, OPT_MASTER_SSL_CA,
OPT_SQL_BIN_UPDATE_SAME, OPT_REPLICATE_DO_DB,
OPT_REPLICATE_IGNORE_DB, OPT_LOG_SLAVE_UPDATES,
OPT_BINLOG_DO_DB, OPT_BINLOG_IGNORE_DB,
@@ -3723,27 +3723,28 @@ thread is in the master's binlogs.",
(gptr*) &master_info_file, (gptr*) &master_info_file, 0, GET_STR,
REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"master-ssl", OPT_MASTER_SSL,
"Planned to enable the slave to connect to the master using SSL. Does nothing yet.",
"Enable the slave to connect to the master using SSL.",
(gptr*) &master_ssl, (gptr*) &master_ssl, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0,
0, 0},
{"master-ssl-key", OPT_MASTER_SSL_KEY,
"Master SSL keyfile name. Only applies if you have enabled master-ssl. Does \
nothing yet.",
"Master SSL keyfile name. Only applies if you have enabled master-ssl.",
(gptr*) &master_ssl_key, (gptr*) &master_ssl_key, 0, GET_STR, OPT_ARG,
0, 0, 0, 0, 0, 0},
{"master-ssl-cert", OPT_MASTER_SSL_CERT,
"Master SSL certificate file name. Only applies if you have enabled \
master-ssl. Does nothing yet.",
master-ssl",
(gptr*) &master_ssl_cert, (gptr*) &master_ssl_cert, 0, GET_STR, OPT_ARG,
0, 0, 0, 0, 0, 0},
{"master-ssl-ca", OPT_MASTER_SSL_CA,
"Master SSL CA file. Only applies if you have enabled master-ssl.",
(gptr*) &master_ssl_ca, (gptr*) &master_ssl_ca, 0, GET_STR, OPT_ARG,
0, 0, 0, 0, 0, 0},
{"master-ssl-capath", OPT_MASTER_SSL_CAPATH,
"Master SSL CA path. Only applies if you have enabled master-ssl. \
Does nothing yet.",
"Master SSL CA path. Only applies if you have enabled master-ssl.",
(gptr*) &master_ssl_capath, (gptr*) &master_ssl_capath, 0, GET_STR, OPT_ARG,
0, 0, 0, 0, 0, 0},
{"master-ssl-cipher", OPT_MASTER_SSL_CIPHER,
"Master SSL cipher. Only applies if you have enabled master-ssl. \
Does nothing yet.",
"Master SSL cipher. Only applies if you have enabled master-ssl.",
(gptr*) &master_ssl_cipher, (gptr*) &master_ssl_capath, 0, GET_STR, OPT_ARG,
0, 0, 0, 0, 0, 0},
{"myisam-recover", OPT_MYISAM_RECOVER,
@@ -4717,8 +4718,9 @@ static void mysql_init_variables(void)
master_user= (char*) "test";
master_password= master_host= 0;
master_info_file= (char*) "master.info",
relay_log_info_file= (char*) "relay-log.info",
master_ssl_key= master_ssl_cert= master_ssl_capath= master_ssl_cipher= 0;
relay_log_info_file= (char*) "relay-log.info";
master_ssl_key= master_ssl_cert= master_ssl_ca=
master_ssl_capath= master_ssl_cipher= 0;
report_user= report_password = report_host= 0; /* TO BE DELETED */
opt_relay_logname= opt_relaylog_index_name= 0;

11
sql/repl_failsafe.cc
View File

@@ -669,6 +669,17 @@ int connect_to_master(THD *thd, MYSQL* mysql, MASTER_INFO* mi)
}
mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, (char *) &slave_net_timeout);
mysql_options(mysql, MYSQL_OPT_READ_TIMEOUT, (char *) &slave_net_timeout);
#ifdef HAVE_OPENSSL
if (mi->ssl)
mysql_ssl_set(mysql,
mi->ssl_key[0]?mi->ssl_key:0,
mi->ssl_cert[0]?mi->ssl_cert:0,
mi->ssl_ca[0]?mi->ssl_ca:0,
mi->ssl_capath[0]?mi->ssl_capath:0,
mi->ssl_cipher[0]?mi->ssl_cipher:0);
#endif
mysql_options(mysql, MYSQL_SET_CHARSET_NAME, default_charset_info->csname);
mysql_options(mysql, MYSQL_SET_CHARSET_DIR, (char *) charsets_dir);
if (!mysql_real_connect(mysql, mi->host, mi->user, mi->password, 0,

1
sql/share/czech/errmsg.txt
View File

@@ -277,3 +277,4 @@ v/*
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/danish/errmsg.txt
View File

@@ -271,3 +271,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/dutch/errmsg.txt
View File

@@ -279,3 +279,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/english/errmsg.txt
View File

@@ -273,3 +273,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/estonian/errmsg.txt
View File

@@ -273,3 +273,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/french/errmsg.txt
View File

@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/german/errmsg.txt
View File

@@ -277,3 +277,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/greek/errmsg.txt
View File

@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/hungarian/errmsg.txt
View File

@@ -270,3 +270,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/italian/errmsg.txt
View File

@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/japanese/errmsg.txt
View File

@@ -270,3 +270,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/korean/errmsg.txt
View File

@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/norwegian-ny/errmsg.txt
View File

@@ -270,3 +270,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/norwegian/errmsg.txt
View File

@@ -270,3 +270,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/polish/errmsg.txt
View File

@@ -272,3 +272,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/portuguese/errmsg.txt
View File

@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/romanian/errmsg.txt
View File

@@ -272,3 +272,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/russian/errmsg.txt
View File

@@ -270,3 +270,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/serbian/errmsg.txt
View File

@@ -264,3 +264,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/slovak/errmsg.txt
View File

@@ -276,3 +276,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/spanish/errmsg.txt
View File

@@ -269,3 +269,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/swedish/errmsg.txt
View File

@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

1
sql/share/ukrainian/errmsg.txt
View File

@@ -273,3 +273,4 @@
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'",
"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."

146
sql/slave.cc
View File

@@ -1409,6 +1409,7 @@ static int count_relay_log_space(RELAY_LOG_INFO* rli)
DBUG_RETURN(0);
}
#define LINES_IN_MASTER_INFO_WITH_SSL 14
int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
const char* slave_info_fname,
@@ -1462,6 +1463,18 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
strmake(mi->password, master_password, HASH_PASSWORD_LENGTH);
mi->port = master_port;
mi->connect_retry = master_connect_retry;
mi->ssl= master_ssl;
if (master_ssl_ca)
strmake(mi->ssl_ca, master_ssl_ca, sizeof(mi->ssl_ca)-1);
if (master_ssl_capath)
strmake(mi->ssl_capath, master_ssl_capath, sizeof(mi->ssl_capath)-1);
if (master_ssl_cert)
strmake(mi->ssl_cert, master_ssl_cert, sizeof(mi->ssl_cert)-1);
if (master_ssl_cipher)
strmake(mi->ssl_cipher, master_ssl_cipher, sizeof(mi->ssl_cipher)-1);
if (master_ssl_key)
strmake(mi->ssl_key, master_ssl_key, sizeof(mi->ssl_key)-1);
}
else // file exists
{
@@ -1473,12 +1486,50 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
goto err;
mi->fd = fd;
int port, connect_retry, master_log_pos;
int port, connect_retry, master_log_pos, ssl= 0, lines;
char *first_non_digit;
/*
Starting from 4.1.x master.info has new format. Now its
first line contains number of lines in file. By reading this
number we will be always distinguish to which version our
master.info corresponds to. We can't simply count lines in
file since versions before 4.1.x could generate files with more
lines than needed.
If first line doesn't contain a number or contain number less than
14 then such file is treated like file from pre 4.1.1 version.
There is no ambiguity when reading an old master.info, as before
4.1.1, the first line contained the binlog's name, which is either
empty or has an extension (contains a '.'), so can't be confused
with an integer.
So we're just reading first line and trying to figure which version
is this.
*/
/*
The first row is temporarily stored in mi->master_log_name,
if it is line count and not binlog name (new format) it will be
overwritten by the second row later.
*/
if (init_strvar_from_file(mi->master_log_name,
sizeof(mi->master_log_name), &mi->file,
"") ||
init_intvar_from_file(&master_log_pos, &mi->file, 4) ||
""))
goto errwithmsg;
lines= strtoul(mi->master_log_name, &first_non_digit, 10);
if (mi->master_log_name[0]!='\0' &&
*first_non_digit=='\0' && lines >= LINES_IN_MASTER_INFO_WITH_SSL)
{ // Seems to be new format
if (init_strvar_from_file(mi->master_log_name,
sizeof(mi->master_log_name), &mi->file, ""))
goto errwithmsg;
}
else
lines= 7;
if (init_intvar_from_file(&master_log_pos, &mi->file, 4) ||
init_strvar_from_file(mi->host, sizeof(mi->host), &mi->file,
master_host) ||
init_strvar_from_file(mi->user, sizeof(mi->user), &mi->file,
@@ -1488,10 +1539,34 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
init_intvar_from_file(&port, &mi->file, master_port) ||
init_intvar_from_file(&connect_retry, &mi->file,
master_connect_retry))
{
sql_print_error("Error reading master configuration");
goto err;
}
goto errwithmsg;
/*
If file has ssl part use it even if we have server without
SSL support. But these option will be ignored later when
slave will try connect to master, so in this case warning
is printed.
*/
if (lines >= LINES_IN_MASTER_INFO_WITH_SSL &&
(init_intvar_from_file(&ssl, &mi->file, master_ssl) ||
init_strvar_from_file(mi->ssl_ca, sizeof(mi->ssl_ca),
&mi->file, master_ssl_ca) ||
init_strvar_from_file(mi->ssl_capath, sizeof(mi->ssl_capath),
&mi->file, master_ssl_capath) ||
init_strvar_from_file(mi->ssl_cert, sizeof(mi->ssl_cert),
&mi->file, master_ssl_cert) ||
init_strvar_from_file(mi->ssl_cipher, sizeof(mi->ssl_cipher),
&mi->file, master_ssl_cipher) ||
init_strvar_from_file(mi->ssl_key, sizeof(mi->ssl_key),
&mi->file, master_ssl_key)))
goto errwithmsg;
#ifndef HAVE_OPENSSL
if (ssl)
sql_print_error("SSL information in the master info file "
"('%s') are ignored because this MySQL slave was compiled "
"without SSL support.", fname);
#endif /* HAVE_OPENSSL */
/*
This has to be handled here as init_intvar_from_file can't handle
my_off_t types
@@ -1499,6 +1574,7 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
mi->master_log_pos= (my_off_t) master_log_pos;
mi->port= (uint) port;
mi->connect_retry= (uint) connect_retry;
mi->ssl= (my_bool) ssl;
}
DBUG_PRINT("master_info",("log_file_name: %s position: %ld",
mi->master_log_name,
@@ -1514,7 +1590,10 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
error=test(flush_master_info(mi));
pthread_mutex_unlock(&mi->data_lock);
DBUG_RETURN(error);
errwithmsg:
sql_print_error("Error reading master configuration");
err:
if (fd >= 0)
{
@@ -1648,6 +1727,18 @@ int show_master_info(THD* thd, MASTER_INFO* mi)
MYSQL_TYPE_LONGLONG));
field_list.push_back(new Item_return_int("Relay_log_space", 10,
MYSQL_TYPE_LONGLONG));
field_list.push_back(new Item_empty_string("Master_SSL_Allowed", 7));
field_list.push_back(new Item_empty_string("Master_SSL_CA_File",
sizeof(mi->ssl_ca)));
field_list.push_back(new Item_empty_string("Master_SSL_CA_Path",
sizeof(mi->ssl_capath)));
field_list.push_back(new Item_empty_string("Master_SSL_Cert",
sizeof(mi->ssl_cert)));
field_list.push_back(new Item_empty_string("Master_SSL_Cipher",
sizeof(mi->ssl_cipher)));
field_list.push_back(new Item_empty_string("Master_SSL_Key",
sizeof(mi->ssl_key)));
if (protocol->send_fields(&field_list, 1))
DBUG_RETURN(-1);
@@ -1694,6 +1785,17 @@ int show_master_info(THD* thd, MASTER_INFO* mi)
protocol->store((uint32) mi->rli.slave_skip_counter);
protocol->store((ulonglong) mi->rli.group_master_log_pos);
protocol->store((ulonglong) mi->rli.log_space_total);
#ifdef HAVE_OPENSSL
protocol->store(mi->ssl? "Yes":"No", &my_charset_bin);
#else
protocol->store(mi->ssl? "Ignored":"No", &my_charset_bin);
#endif
protocol->store(mi->ssl_ca, &my_charset_bin);
protocol->store(mi->ssl_capath, &my_charset_bin);
protocol->store(mi->ssl_cert, &my_charset_bin);
protocol->store(mi->ssl_cipher, &my_charset_bin);
protocol->store(mi->ssl_key, &my_charset_bin);
pthread_mutex_unlock(&mi->rli.data_lock);
pthread_mutex_unlock(&mi->data_lock);
@@ -1712,11 +1814,22 @@ bool flush_master_info(MASTER_INFO* mi)
DBUG_ENTER("flush_master_info");
DBUG_PRINT("enter",("master_pos: %ld", (long) mi->master_log_pos));
/*
In certain cases this code may create master.info files that seems
corrupted, because of extra lines filled with garbage in the end
file (this happens if new contents take less space than previous
contents of file). But because of number of lines in the first line
of file we don't care about this garbage.
*/
my_b_seek(file, 0L);
my_b_printf(file, "%s\n%s\n%s\n%s\n%s\n%d\n%d\n",
mi->master_log_name, llstr(mi->master_log_pos, lbuf),
my_b_printf(file, "%u\n%s\n%s\n%s\n%s\n%s\n%d\n%d\n%d\n%s\n%s\n%s\n%s\n%s\n",
LINES_IN_MASTER_INFO_WITH_SSL,
mi->master_log_name, llstr(mi->master_log_pos, lbuf),
mi->host, mi->user,
mi->password, mi->port, mi->connect_retry);
mi->password, mi->port, mi->connect_retry,
(int)(mi->ssl), mi->ssl_ca, mi->ssl_capath, mi->ssl_cert,
mi->ssl_cipher, mi->ssl_key);
flush_io_cache(file);
DBUG_RETURN(0);
}
@@ -3061,6 +3174,17 @@ static int connect_to_master(THD* thd, MYSQL* mysql, MASTER_INFO* mi,
mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, (char *) &slave_net_timeout);
mysql_options(mysql, MYSQL_OPT_READ_TIMEOUT, (char *) &slave_net_timeout);
#ifdef HAVE_OPENSSL
if (mi->ssl)
mysql_ssl_set(mysql,
mi->ssl_key[0]?mi->ssl_key:0,
mi->ssl_cert[0]?mi->ssl_cert:0,
mi->ssl_ca[0]?mi->ssl_ca:0,
mi->ssl_capath[0]?mi->ssl_capath:0,
mi->ssl_cipher[0]?mi->ssl_cipher:0);
#endif
mysql_options(mysql, MYSQL_SET_CHARSET_NAME, default_charset_info->csname);
/* This one is not strictly needed but we have it here for completeness */
mysql_options(mysql, MYSQL_SET_CHARSET_DIR, (char *) charsets_dir);

12
sql/slave.h
View File

@@ -293,6 +293,9 @@ typedef struct st_master_info
char host[HOSTNAME_LENGTH+1];
char user[USERNAME_LENGTH+1];
char password[HASH_PASSWORD_LENGTH+1];
my_bool ssl; // enables use of SSL connection if true
char ssl_ca[FN_REFLEN], ssl_capath[FN_REFLEN], ssl_cert[FN_REFLEN];
char ssl_cipher[FN_REFLEN], ssl_key[FN_REFLEN];
pthread_mutex_t data_lock,run_lock;
pthread_cond_t data_cond,start_cond,stop_cond;
THD *io_thd;
@@ -310,10 +313,13 @@ typedef struct st_master_info
volatile ulong slave_run_id;
st_master_info()
:fd(-1), io_thd(0), inited(0), old_format(0),abort_slave(0),
:fd(-1), ssl(0), io_thd(0), inited(0), old_format(0),abort_slave(0),
slave_running(0), slave_run_id(0)
{
host[0] = 0; user[0] = 0; password[0] = 0;
ssl_ca[0]= 0; ssl_capath[0]= 0; ssl_cert[0]= 0;
ssl_cipher[0]= 0; ssl_key[0]= 0;
bzero(&file, sizeof(file));
pthread_mutex_init(&run_lock, MY_MUTEX_INIT_FAST);
pthread_mutex_init(&data_lock, MY_MUTEX_INIT_FAST);
@@ -459,6 +465,10 @@ extern my_string master_user, master_password, master_host,
master_info_file, relay_log_info_file, report_user, report_host,
report_password;
extern my_bool master_ssl;
extern my_string master_ssl_ca, master_ssl_capath, master_ssl_cert,
master_ssl_cipher, master_ssl_key;
extern I_List<i_string> replicate_do_db, replicate_ignore_db;
extern I_List<i_string_pair> replicate_rewrite_db;
extern I_List<THD> threads;

7
sql/sql_lex.h
View File

@@ -85,6 +85,13 @@ typedef struct st_lex_master_info
uint port, connect_retry;
ulonglong pos;
ulong server_id;
/*
Variable for MASTER_SSL option.
MASTER_SSL=0 in CHANGE MASTER TO corresponds to SSL_DISABLE
MASTER_SSL=1 corresponds to SSL_ENABLE
*/
enum {SSL_UNCHANGED=0, SSL_DISABLE, SSL_ENABLE} ssl;
char *ssl_key, *ssl_cert, *ssl_ca, *ssl_capath, *ssl_cipher;
char *relay_log_name;
ulong relay_log_pos;
} LEX_MASTER_INFO;

19
sql/sql_repl.cc
View File

@@ -888,6 +888,25 @@ int change_master(THD* thd, MASTER_INFO* mi)
mi->port = lex_mi->port;
if (lex_mi->connect_retry)
mi->connect_retry = lex_mi->connect_retry;
if (lex_mi->ssl != LEX_MASTER_INFO::SSL_UNCHANGED)
mi->ssl= (lex_mi->ssl == LEX_MASTER_INFO::SSL_ENABLE);
if (lex_mi->ssl_ca)
strmake(mi->ssl_ca, lex_mi->ssl_ca, sizeof(mi->ssl_ca)-1);
if (lex_mi->ssl_capath)
strmake(mi->ssl_capath, lex_mi->ssl_capath, sizeof(mi->ssl_capath)-1);
if (lex_mi->ssl_cert)
strmake(mi->ssl_cert, lex_mi->ssl_cert, sizeof(mi->ssl_cert)-1);
if (lex_mi->ssl_cipher)
strmake(mi->ssl_cipher, lex_mi->ssl_cipher, sizeof(mi->ssl_cipher)-1);
if (lex_mi->ssl_key)
strmake(mi->ssl_key, lex_mi->ssl_key, sizeof(mi->ssl_key)-1);
#ifndef HAVE_OPENSSL
if (lex_mi->ssl || lex_mi->ssl_ca || lex_mi->ssl_capath ||
lex_mi->ssl_cert || lex_mi->ssl_cipher || lex_mi->ssl_key )
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_NOTE,
ER_SLAVE_IGNORED_SSL_PARAMS, ER(ER_SLAVE_IGNORED_SSL_PARAMS));
#endif
if (lex_mi->relay_log_name)
{

37
sql/sql_yacc.yy
View File

@@ -276,6 +276,12 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
%token MASTER_PORT_SYM
%token MASTER_CONNECT_RETRY_SYM
%token MASTER_SERVER_ID_SYM
%token MASTER_SSL_SYM
%token MASTER_SSL_CA_SYM
%token MASTER_SSL_CAPATH_SYM
%token MASTER_SSL_CERT_SYM
%token MASTER_SSL_CIPHER_SYM
%token MASTER_SSL_KEY_SYM
%token RELAY_LOG_FILE_SYM
%token RELAY_LOG_POS_SYM
%token MATCH
@@ -844,6 +850,31 @@ master_def:
/* Adjust if < BIN_LOG_HEADER_SIZE (same comment as Lex->mi.pos) */
Lex->mi.relay_log_pos = max(BIN_LOG_HEADER_SIZE, Lex->mi.relay_log_pos);
}
| MASTER_SSL_SYM EQ ULONG_NUM
{
Lex->mi.ssl= $3 ?
LEX_MASTER_INFO::SSL_ENABLE : LEX_MASTER_INFO::SSL_DISABLE;
}
| MASTER_SSL_CA_SYM EQ TEXT_STRING_sys
{
Lex->mi.ssl_ca= $3.str;
}
| MASTER_SSL_CAPATH_SYM EQ TEXT_STRING_sys
{
Lex->mi.ssl_capath= $3.str;
}
| MASTER_SSL_CERT_SYM EQ TEXT_STRING_sys
{
Lex->mi.ssl_cert= $3.str;
}
| MASTER_SSL_CIPHER_SYM EQ TEXT_STRING_sys
{
Lex->mi.ssl_cipher= $3.str;
}
| MASTER_SSL_KEY_SYM EQ TEXT_STRING_sys
{
Lex->mi.ssl_key= $3.str;
}
;
@@ -4430,6 +4461,12 @@ keyword:
| MASTER_USER_SYM {}
| MASTER_PASSWORD_SYM {}
| MASTER_CONNECT_RETRY_SYM {}
| MASTER_SSL_SYM {}
| MASTER_SSL_CA_SYM {}
| MASTER_SSL_CAPATH_SYM {}
| MASTER_SSL_CERT_SYM {}
| MASTER_SSL_CIPHER_SYM {}
| MASTER_SSL_KEY_SYM {}
| MAX_CONNECTIONS_PER_HOUR {}
| MAX_QUERIES_PER_HOUR {}
| MAX_UPDATES_PER_HOUR {}