database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

Implemented replication over SSL

Browse Source 
Added proper options to CHANGE MASTER TO, new fields to SHOW SLAVE STATUS,
 Honoring this parameters during connection to master.
 Introduced new format of master.info file


include/mysqld_error.h:
  Added error code for "slave without SSL ignored SSL params warning"
mysql-test/Makefile.am:
  Copy files required for rpl_openssl test during the make process
mysql-test/r/rpl000015.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_empty_master_crash.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_flush_log_loop.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_log.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_log_pos.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_redirect.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_replicate_do.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
mysql-test/r/rpl_rotate_logs.result:
  Added fields to SHOW SLAVE STATUS for replication over SSL
sql/lex.h:
  Added MASTER_SSL lexems for CHANGE MASTER
sql/mysqld.cc:
  Added --master-ssl-ca parameter. Fixed description of other master-ssl parameters
sql/repl_failsafe.cc:
  Added SSL support to connect_to_master()
sql/share/czech/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/danish/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/dutch/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/english/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/estonian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/french/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/german/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/greek/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/hungarian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/italian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/japanese/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/korean/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/norwegian-ny/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/norwegian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/polish/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/portuguese/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/romanian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/russian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/serbian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/slovak/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/spanish/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/swedish/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/share/ukrainian/errmsg.txt:
  Added "slave without SSL ignored SSL params" warning
sql/slave.cc:
  Introduced new format of master.info file
  Added support of SSL params in master.info and SHOW SLAVE STATUS
  Added support of SSL connections
sql/slave.h:
  Added SSL parameters to MASTER_INFO
sql/sql_lex.h:
  Added SSL parameters for CHANGE MASTER TO
sql/sql_repl.cc:
  Added SSL parameters for CHANGE MASTER TO
sql/sql_yacc.yy:
  Added SSL parameters for CHANGE MASTER TO
This commit is contained in:
unknown
2003-09-01 15:16:20 +04:00
parent 79fea68bd7
commit 8a548ffd9c
43 changed files with 397 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
sql/slave.cc
View File

@ -1409,6 +1409,7 @@ static int count_relay_log_space(RELAY_LOG_INFO* rli)
DBUG_RETURN(0);
}
#define LINES_IN_MASTER_INFO_WITH_SSL 14
int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
const char* slave_info_fname,
@ -1462,6 +1463,18 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
strmake(mi->password, master_password, HASH_PASSWORD_LENGTH);
mi->port = master_port;
mi->connect_retry = master_connect_retry;
mi->ssl= master_ssl;
if (master_ssl_ca)
strmake(mi->ssl_ca, master_ssl_ca, sizeof(mi->ssl_ca)-1);
if (master_ssl_capath)
strmake(mi->ssl_capath, master_ssl_capath, sizeof(mi->ssl_capath)-1);
if (master_ssl_cert)
strmake(mi->ssl_cert, master_ssl_cert, sizeof(mi->ssl_cert)-1);
if (master_ssl_cipher)
strmake(mi->ssl_cipher, master_ssl_cipher, sizeof(mi->ssl_cipher)-1);
if (master_ssl_key)
strmake(mi->ssl_key, master_ssl_key, sizeof(mi->ssl_key)-1);
}
else // file exists
{
@ -1473,12 +1486,50 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
goto err;
mi->fd = fd;
int port, connect_retry, master_log_pos;
int port, connect_retry, master_log_pos, ssl= 0, lines;
char *first_non_digit;
/*
Starting from 4.1.x master.info has new format. Now its
first line contains number of lines in file. By reading this
number we will be always distinguish to which version our
master.info corresponds to. We can't simply count lines in
file since versions before 4.1.x could generate files with more
lines than needed.
If first line doesn't contain a number or contain number less than
14 then such file is treated like file from pre 4.1.1 version.
There is no ambiguity when reading an old master.info, as before
4.1.1, the first line contained the binlog's name, which is either
empty or has an extension (contains a '.'), so can't be confused
with an integer.
So we're just reading first line and trying to figure which version
is this.
*/
/*
The first row is temporarily stored in mi->master_log_name,
if it is line count and not binlog name (new format) it will be
overwritten by the second row later.
*/
if (init_strvar_from_file(mi->master_log_name,
sizeof(mi->master_log_name), &mi->file,
"") ||
init_intvar_from_file(&master_log_pos, &mi->file, 4) ||
""))
goto errwithmsg;
lines= strtoul(mi->master_log_name, &first_non_digit, 10);
if (mi->master_log_name[0]!='\0' &&
*first_non_digit=='\0' && lines >= LINES_IN_MASTER_INFO_WITH_SSL)
{ // Seems to be new format
if (init_strvar_from_file(mi->master_log_name,
sizeof(mi->master_log_name), &mi->file, ""))
goto errwithmsg;
}
else
lines= 7;
if (init_intvar_from_file(&master_log_pos, &mi->file, 4) ||
init_strvar_from_file(mi->host, sizeof(mi->host), &mi->file,
master_host) ||
init_strvar_from_file(mi->user, sizeof(mi->user), &mi->file,
@ -1488,10 +1539,34 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
init_intvar_from_file(&port, &mi->file, master_port) ||
init_intvar_from_file(&connect_retry, &mi->file,
master_connect_retry))
{
sql_print_error("Error reading master configuration");
goto err;
}
goto errwithmsg;
/*
If file has ssl part use it even if we have server without
SSL support. But these option will be ignored later when
slave will try connect to master, so in this case warning
is printed.
*/
if (lines >= LINES_IN_MASTER_INFO_WITH_SSL &&
(init_intvar_from_file(&ssl, &mi->file, master_ssl) ||
init_strvar_from_file(mi->ssl_ca, sizeof(mi->ssl_ca),
&mi->file, master_ssl_ca) ||
init_strvar_from_file(mi->ssl_capath, sizeof(mi->ssl_capath),
&mi->file, master_ssl_capath) ||
init_strvar_from_file(mi->ssl_cert, sizeof(mi->ssl_cert),
&mi->file, master_ssl_cert) ||
init_strvar_from_file(mi->ssl_cipher, sizeof(mi->ssl_cipher),
&mi->file, master_ssl_cipher) ||
init_strvar_from_file(mi->ssl_key, sizeof(mi->ssl_key),
&mi->file, master_ssl_key)))
goto errwithmsg;
#ifndef HAVE_OPENSSL
if (ssl)
sql_print_error("SSL information in the master info file "
"('%s') are ignored because this MySQL slave was compiled "
"without SSL support.", fname);
#endif /* HAVE_OPENSSL */
/*
This has to be handled here as init_intvar_from_file can't handle
my_off_t types
@ -1499,6 +1574,7 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
mi->master_log_pos= (my_off_t) master_log_pos;
mi->port= (uint) port;
mi->connect_retry= (uint) connect_retry;
mi->ssl= (my_bool) ssl;
}
DBUG_PRINT("master_info",("log_file_name: %s position: %ld",
mi->master_log_name,
@ -1514,7 +1590,10 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
error=test(flush_master_info(mi));
pthread_mutex_unlock(&mi->data_lock);
DBUG_RETURN(error);
errwithmsg:
sql_print_error("Error reading master configuration");
err:
if (fd >= 0)
{
@ -1648,6 +1727,18 @@ int show_master_info(THD* thd, MASTER_INFO* mi)
MYSQL_TYPE_LONGLONG));
field_list.push_back(new Item_return_int("Relay_log_space", 10,
MYSQL_TYPE_LONGLONG));
field_list.push_back(new Item_empty_string("Master_SSL_Allowed", 7));
field_list.push_back(new Item_empty_string("Master_SSL_CA_File",
sizeof(mi->ssl_ca)));
field_list.push_back(new Item_empty_string("Master_SSL_CA_Path",
sizeof(mi->ssl_capath)));
field_list.push_back(new Item_empty_string("Master_SSL_Cert",
sizeof(mi->ssl_cert)));
field_list.push_back(new Item_empty_string("Master_SSL_Cipher",
sizeof(mi->ssl_cipher)));
field_list.push_back(new Item_empty_string("Master_SSL_Key",
sizeof(mi->ssl_key)));
if (protocol->send_fields(&field_list, 1))
DBUG_RETURN(-1);
@ -1694,6 +1785,17 @@ int show_master_info(THD* thd, MASTER_INFO* mi)
protocol->store((uint32) mi->rli.slave_skip_counter);
protocol->store((ulonglong) mi->rli.group_master_log_pos);
protocol->store((ulonglong) mi->rli.log_space_total);
#ifdef HAVE_OPENSSL
protocol->store(mi->ssl? "Yes":"No", &my_charset_bin);
#else
protocol->store(mi->ssl? "Ignored":"No", &my_charset_bin);
#endif
protocol->store(mi->ssl_ca, &my_charset_bin);
protocol->store(mi->ssl_capath, &my_charset_bin);
protocol->store(mi->ssl_cert, &my_charset_bin);
protocol->store(mi->ssl_cipher, &my_charset_bin);
protocol->store(mi->ssl_key, &my_charset_bin);
pthread_mutex_unlock(&mi->rli.data_lock);
pthread_mutex_unlock(&mi->data_lock);
@ -1712,11 +1814,22 @@ bool flush_master_info(MASTER_INFO* mi)
DBUG_ENTER("flush_master_info");
DBUG_PRINT("enter",("master_pos: %ld", (long) mi->master_log_pos));
/*
In certain cases this code may create master.info files that seems
corrupted, because of extra lines filled with garbage in the end
file (this happens if new contents take less space than previous
contents of file). But because of number of lines in the first line
of file we don't care about this garbage.
*/
my_b_seek(file, 0L);
my_b_printf(file, "%s\n%s\n%s\n%s\n%s\n%d\n%d\n",
mi->master_log_name, llstr(mi->master_log_pos, lbuf),
my_b_printf(file, "%u\n%s\n%s\n%s\n%s\n%s\n%d\n%d\n%d\n%s\n%s\n%s\n%s\n%s\n",
LINES_IN_MASTER_INFO_WITH_SSL,
mi->master_log_name, llstr(mi->master_log_pos, lbuf),
mi->host, mi->user,
mi->password, mi->port, mi->connect_retry);
mi->password, mi->port, mi->connect_retry,
(int)(mi->ssl), mi->ssl_ca, mi->ssl_capath, mi->ssl_cert,
mi->ssl_cipher, mi->ssl_key);
flush_io_cache(file);
DBUG_RETURN(0);
}
@ -3061,6 +3174,17 @@ static int connect_to_master(THD* thd, MYSQL* mysql, MASTER_INFO* mi,
mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, (char *) &slave_net_timeout);
mysql_options(mysql, MYSQL_OPT_READ_TIMEOUT, (char *) &slave_net_timeout);
#ifdef HAVE_OPENSSL
if (mi->ssl)
mysql_ssl_set(mysql,
mi->ssl_key[0]?mi->ssl_key:0,
mi->ssl_cert[0]?mi->ssl_cert:0,
mi->ssl_ca[0]?mi->ssl_ca:0,
mi->ssl_capath[0]?mi->ssl_capath:0,
mi->ssl_cipher[0]?mi->ssl_cipher:0);
#endif
mysql_options(mysql, MYSQL_SET_CHARSET_NAME, default_charset_info->csname);
/* This one is not strictly needed but we have it here for completeness */
mysql_options(mysql, MYSQL_SET_CHARSET_DIR, (char *) charsets_dir);