mirror of
				https://github.com/MariaDB/server.git
				synced 2025-10-25 18:38:00 +03:00 
			
		
		
		
	WL #3670: Compile-time option to remove GRANT-related startup options
- configure --disable-grant-options defines DISABLE_GRANT_OPTIONS - configure.js/cmake also updated - if DISABLE_GRANT_OPTIONS is defined, mysqld no longer recognizes: --bootstrap --init-file --skip-grant-tables Scripts which rely on those three options are modified to check the environment for MYSQLD_BOOTSTRAP; it should be set to the full path of a mysqld which does handle those options. For example: $ export MYSQLD_BOOTSTRAP $ MYSQLD_BOOTSTRAP=/path/to/full/MySQL/bin/mysqld $ mysql_install_db $ make test
This commit is contained in:
		
							
								
								
									
										16
									
								
								configure.in
									
									
									
									
									
								
							
							
						
						
									
										16
									
								
								configure.in
									
									
									
									
									
								
							| @@ -713,6 +713,22 @@ else | |||||||
|   AC_MSG_RESULT([no]) |   AC_MSG_RESULT([no]) | ||||||
| fi | fi | ||||||
|  |  | ||||||
|  | # If we should allow init-file and skip-grant-table options | ||||||
|  | AC_MSG_CHECKING(If we should should enable init-file and skip-grant-table options) | ||||||
|  | AC_ARG_ENABLE(grant-options, | ||||||
|  |     [  --disable-grant-options Disables the use of --init-file and --skip-grant-tables options], | ||||||
|  |     [ mysql_grant_options_enabled=$enableval ], | ||||||
|  |     [ mysql_grant_options_enabled=no ] | ||||||
|  |     ) | ||||||
|  | if test "$mysql_grant_options_enabled" = "yes" | ||||||
|  | then | ||||||
|  |   AC_MSG_RESULT([yes]) | ||||||
|  | else | ||||||
|  |   AC_DEFINE([DISABLE_GRANT_OPTIONS], [1], | ||||||
|  |             [Disables the use of --init-file and --skip-grant-tables options]) | ||||||
|  |   AC_MSG_RESULT([no]) | ||||||
|  | fi | ||||||
|  |  | ||||||
| MYSQL_SYS_LARGEFILE | MYSQL_SYS_LARGEFILE | ||||||
|  |  | ||||||
| # Types that must be checked AFTER large file support is checked | # Types that must be checked AFTER large file support is checked | ||||||
|   | |||||||
| @@ -55,14 +55,17 @@ fi | |||||||
| mdata=$data/mysql | mdata=$data/mysql | ||||||
| EXTRA_ARG="" | EXTRA_ARG="" | ||||||
|  |  | ||||||
| if test ! -x $execdir/mysqld | mysqld= | ||||||
|  | if test -x $execdir/mysqld | ||||||
| then | then | ||||||
|  |   mysqld=$execdir/mysqld | ||||||
|  | else | ||||||
|   if test ! -x $libexecdir/mysqld |   if test ! -x $libexecdir/mysqld | ||||||
|   then |   then | ||||||
|     echo "mysqld is missing - looked in $execdir and in $libexecdir" |     echo "mysqld is missing - looked in $execdir and in $libexecdir" | ||||||
|     exit 1 |     exit 1 | ||||||
|   else |   else | ||||||
|     execdir=$libexecdir |     mysqld=$libexecdir/mysqld | ||||||
|   fi |   fi | ||||||
| fi | fi | ||||||
|  |  | ||||||
| @@ -88,8 +91,11 @@ basedir=. | |||||||
| EXTRA_ARG="--language=../sql/share/english/ --character-sets-dir=../sql/share/charsets/" | EXTRA_ARG="--language=../sql/share/english/ --character-sets-dir=../sql/share/charsets/" | ||||||
| fi | fi | ||||||
|  |  | ||||||
| mysqld_boot=" $execdir/mysqld --no-defaults --bootstrap --skip-grant-tables \ | mysqld_boot="${MYSQLD_BOOTSTRAP-$mysqld}" | ||||||
|     --basedir=$basedir --datadir=$ldata --skip-innodb --skip-ndbcluster --skip-bdb \ |  | ||||||
|  | mysqld_boot="$mysqld_boot --no-defaults --bootstrap --skip-grant-tables \ | ||||||
|  |     --basedir=$basedir --datadir=$ldata \ | ||||||
|  |     --skip-innodb --skip-ndbcluster --skip-bdb \ | ||||||
|     $EXTRA_ARG" |     $EXTRA_ARG" | ||||||
| echo "running $mysqld_boot" | echo "running $mysqld_boot" | ||||||
|  |  | ||||||
|   | |||||||
| @@ -2873,12 +2873,19 @@ sub install_db ($$) { | |||||||
|     mtr_add_arg($args, "--character-sets-dir=%s", $path_charsetsdir); |     mtr_add_arg($args, "--character-sets-dir=%s", $path_charsetsdir); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   # If DISABLE_GRANT_OPTIONS is defined when the server is compiled (e.g., | ||||||
|  |   # configure --disable-grant-options), mysqld will not recognize the | ||||||
|  |   # --bootstrap or --skip-grant-tables options.  The user can set | ||||||
|  |   # MYSQLD_BOOTSTRAP to the full path to a mysqld which does accept | ||||||
|  |   # --bootstrap, to accommodate this. | ||||||
|  |   my $exe_mysqld_bootstrap = $ENV{'MYSQLD_BOOTSTRAP'} || $exe_mysqld; | ||||||
|  |  | ||||||
|   # Log bootstrap command |   # Log bootstrap command | ||||||
|   my $path_bootstrap_log= "$opt_vardir/log/bootstrap.log"; |   my $path_bootstrap_log= "$opt_vardir/log/bootstrap.log"; | ||||||
|   mtr_tofile($path_bootstrap_log, |   mtr_tofile($path_bootstrap_log, | ||||||
| 	     "$exe_mysqld " . join(" ", @$args) . "\n"); | 	     "$exe_mysqld_bootstrap " . join(" ", @$args) . "\n"); | ||||||
|  |  | ||||||
|   if ( mtr_run($exe_mysqld, $args, $init_db_sql_tmp, |   if ( mtr_run($exe_mysqld_bootstrap, $args, $init_db_sql_tmp, | ||||||
|                $path_bootstrap_log, $path_bootstrap_log, |                $path_bootstrap_log, $path_bootstrap_log, | ||||||
| 	       "", { append_log_file => 1 }) != 0 ) | 	       "", { append_log_file => 1 }) != 0 ) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -292,6 +292,14 @@ void install_db(char *datadir) | |||||||
|     die("Unable to create init_db.sql."); |     die("Unable to create init_db.sql."); | ||||||
|   /* args */ |   /* args */ | ||||||
|   init_args(&al); |   init_args(&al); | ||||||
|  |   /* | ||||||
|  |     XXX: If mysqld is compiled with DISABLE_GRANT_OPTIONS defined, it | ||||||
|  |     will not recognize the --bootstrap, --init-file or --skip-grant- | ||||||
|  |     tables options.  If this is needed here, please check | ||||||
|  |     MYSQLD_BOOTSTRAP in the environment, and use its value instead of | ||||||
|  |     mysqld_file if it is set.  See mysql-test-run.pl and | ||||||
|  |     mysql_install_db. | ||||||
|  |   */ | ||||||
|   add_arg(&al, mysqld_file); |   add_arg(&al, mysqld_file); | ||||||
|   add_arg(&al, "--no-defaults"); |   add_arg(&al, "--no-defaults"); | ||||||
|   add_arg(&al, "--bootstrap"); |   add_arg(&al, "--bootstrap"); | ||||||
|   | |||||||
| @@ -224,7 +224,8 @@ if test "$in_rpm" -eq 0 -a "$windows" -eq 0 | |||||||
| then | then | ||||||
|   echo "Installing all prepared tables" |   echo "Installing all prepared tables" | ||||||
| fi | fi | ||||||
| mysqld_install_cmd_line="$mysqld $defaults $mysqld_opt --bootstrap \ | mysqld_bootstrap="${MYSQLD_BOOTSTRAP-$mysqld}" | ||||||
|  | mysqld_install_cmd_line="$mysqld_bootstrap $defaults $mysqld_opt --bootstrap \ | ||||||
| --skip-grant-tables --basedir=$basedir --datadir=$ldata --skip-innodb \ | --skip-grant-tables --basedir=$basedir --datadir=$ldata --skip-innodb \ | ||||||
| --skip-bdb --skip-ndbcluster $args --max_allowed_packet=8M --net_buffer_length=16K" | --skip-bdb --skip-ndbcluster $args --max_allowed_packet=8M --net_buffer_length=16K" | ||||||
| if $scriptdir/mysql_create_system_tables $create_option $mdata $hostname $windows \ | if $scriptdir/mysql_create_system_tables $create_option $mdata $hostname $windows \ | ||||||
|   | |||||||
| @@ -26,6 +26,10 @@ SET_SOURCE_FILES_PROPERTIES(${CMAKE_SOURCE_DIR}/sql/message.rc | |||||||
| ADD_DEFINITIONS(-DHAVE_INNOBASE -DMYSQL_SERVER  | ADD_DEFINITIONS(-DHAVE_INNOBASE -DMYSQL_SERVER  | ||||||
|                 -D_CONSOLE -DHAVE_DLOPEN) |                 -D_CONSOLE -DHAVE_DLOPEN) | ||||||
|                  |                  | ||||||
|  | IF(DISABLE_GRANT_OPTIONS)                 | ||||||
|  |   ADD_DEFINITIONS(-DDISABLE_GRANT_OPTIONS) | ||||||
|  | ENDIF(DISABLE_GRANT_OPTIONS) | ||||||
|  |  | ||||||
| ADD_EXECUTABLE(mysqld ../sql-common/client.c derror.cc des_key_file.cc | ADD_EXECUTABLE(mysqld ../sql-common/client.c derror.cc des_key_file.cc | ||||||
|                discover.cc ../libmysql/errmsg.c field.cc field_conv.cc  |                discover.cc ../libmysql/errmsg.c field.cc field_conv.cc  | ||||||
|                filesort.cc gstream.cc ha_blackhole.cc  |                filesort.cc gstream.cc ha_blackhole.cc  | ||||||
|   | |||||||
| @@ -4775,8 +4775,10 @@ Disable with --skip-bdb (will save memory).", | |||||||
|   {"binlog-ignore-db", OPT_BINLOG_IGNORE_DB, |   {"binlog-ignore-db", OPT_BINLOG_IGNORE_DB, | ||||||
|    "Tells the master that updates to the given database should not be logged tothe binary log.", |    "Tells the master that updates to the given database should not be logged tothe binary log.", | ||||||
|    0, 0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, |    0, 0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, | ||||||
|  | #ifndef DISABLE_GRANT_OPTIONS | ||||||
|   {"bootstrap", OPT_BOOTSTRAP, "Used by mysql installation scripts.", 0, 0, 0, |   {"bootstrap", OPT_BOOTSTRAP, "Used by mysql installation scripts.", 0, 0, 0, | ||||||
|    GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}, |    GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}, | ||||||
|  | #endif | ||||||
|   {"character-set-client-handshake", OPT_CHARACTER_SET_CLIENT_HANDSHAKE, |   {"character-set-client-handshake", OPT_CHARACTER_SET_CLIENT_HANDSHAKE, | ||||||
|    "Don't ignore client side character set value sent during handshake.", |    "Don't ignore client side character set value sent during handshake.", | ||||||
|    (gptr*) &opt_character_set_client_handshake, |    (gptr*) &opt_character_set_client_handshake, | ||||||
| @@ -4892,9 +4894,11 @@ Disable with --skip-large-pages.", | |||||||
|   {"init-connect", OPT_INIT_CONNECT, "Command(s) that are executed for each new connection", |   {"init-connect", OPT_INIT_CONNECT, "Command(s) that are executed for each new connection", | ||||||
|    (gptr*) &opt_init_connect, (gptr*) &opt_init_connect, 0, GET_STR_ALLOC, |    (gptr*) &opt_init_connect, (gptr*) &opt_init_connect, 0, GET_STR_ALLOC, | ||||||
|    REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, |    REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, | ||||||
|  | #ifndef DISABLE_GRANT_OPTIONS | ||||||
|   {"init-file", OPT_INIT_FILE, "Read SQL commands from this file at startup.", |   {"init-file", OPT_INIT_FILE, "Read SQL commands from this file at startup.", | ||||||
|    (gptr*) &opt_init_file, (gptr*) &opt_init_file, 0, GET_STR, REQUIRED_ARG, |    (gptr*) &opt_init_file, (gptr*) &opt_init_file, 0, GET_STR, REQUIRED_ARG, | ||||||
|    0, 0, 0, 0, 0, 0}, |    0, 0, 0, 0, 0, 0}, | ||||||
|  | #endif | ||||||
|   {"init-rpl-role", OPT_INIT_RPL_ROLE, "Set the replication role.", 0, 0, 0, |   {"init-rpl-role", OPT_INIT_RPL_ROLE, "Set the replication role.", 0, 0, 0, | ||||||
|    GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, |    GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, | ||||||
|   {"init-slave", OPT_INIT_SLAVE, "Command(s) that are executed when a slave connects to this master", |   {"init-slave", OPT_INIT_SLAVE, "Command(s) that are executed when a slave connects to this master", | ||||||
| @@ -5349,10 +5353,12 @@ Can't be set to 1 if --log-slave-updates is used.", | |||||||
|    "Show user and password in SHOW SLAVE HOSTS on this master", |    "Show user and password in SHOW SLAVE HOSTS on this master", | ||||||
|    (gptr*) &opt_show_slave_auth_info, (gptr*) &opt_show_slave_auth_info, 0, |    (gptr*) &opt_show_slave_auth_info, (gptr*) &opt_show_slave_auth_info, 0, | ||||||
|    GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, |    GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, | ||||||
|  | #ifndef DISABLE_GRANT_OPTIONS | ||||||
|   {"skip-grant-tables", OPT_SKIP_GRANT, |   {"skip-grant-tables", OPT_SKIP_GRANT, | ||||||
|    "Start without grant tables. This gives all users FULL ACCESS to all tables!", |    "Start without grant tables. This gives all users FULL ACCESS to all tables!", | ||||||
|    (gptr*) &opt_noacl, (gptr*) &opt_noacl, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, |    (gptr*) &opt_noacl, (gptr*) &opt_noacl, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, | ||||||
|    0}, |    0}, | ||||||
|  | #endif | ||||||
|   {"skip-host-cache", OPT_SKIP_HOST_CACHE, "Don't cache host names.", 0, 0, 0, |   {"skip-host-cache", OPT_SKIP_HOST_CACHE, "Don't cache host names.", 0, 0, 0, | ||||||
|    GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}, |    GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}, | ||||||
|   {"skip-locking", OPT_SKIP_LOCK, |   {"skip-locking", OPT_SKIP_LOCK, | ||||||
|   | |||||||
| @@ -49,6 +49,9 @@ The options right now are | |||||||
|     COMPILATION_COMMENT=<comment>        Server comment, default "Source distribution" |     COMPILATION_COMMENT=<comment>        Server comment, default "Source distribution" | ||||||
|     MYSQL_TCP_PORT=<port>                Server port, default 3306 |     MYSQL_TCP_PORT=<port>                Server port, default 3306 | ||||||
|     CYBOZU |     CYBOZU | ||||||
|  |     DISABLE_GRANT_OPTIONS                Disables the use of --init-file and --skip-grant-tables | ||||||
|  |                                          options of mysqld.exe | ||||||
|  |                                  | ||||||
|  |  | ||||||
| So the command line could look like: | So the command line could look like: | ||||||
|  |  | ||||||
|   | |||||||
| @@ -32,6 +32,7 @@ try | |||||||
|             case "WITH_PARTITION_STORAGE_ENGINE": |             case "WITH_PARTITION_STORAGE_ENGINE": | ||||||
|             case "__NT__": |             case "__NT__": | ||||||
|             case "CYBOZU": |             case "CYBOZU": | ||||||
|  |             case "DISABLE_GRANT_OPTIONS": | ||||||
|                     configfile.WriteLine("SET (" + args.Item(i) + " TRUE)"); |                     configfile.WriteLine("SET (" + args.Item(i) + " TRUE)"); | ||||||
|                     break; |                     break; | ||||||
|             case "MYSQL_SERVER_SUFFIX": |             case "MYSQL_SERVER_SUFFIX": | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 tsmith@siva.hindu.god
					tsmith@siva.hindu.god