Merge work:/home/bk/mysql-4.0 into hundin.mysql.fi:/my/bk/mysql-4.0

sql/sql_parse.cc:
  Auto merged

10 files changed, 348 insertions, 25 deletions

diff --git a/Docs/manual.texi b/Docs/manual.texi
index 179e4d79924..cb15cdb5c6c 100644
--- a/Docs/manual.texi
+++ b/Docs/manual.texi
@@ -49550,6 +49550,9 @@ GRANT ... WITH MAX_QUERIES_PER_HOUR = N1
                MAX_CONNECTIONS_PER_HOUR = N3;
 @end example
 @xref{User resources}.
+
+@item
+Added @code{mysql_secure_installation} to the @file{scripts/} directory.
 @end itemize
 
 @node News-4.0.1, News-4.0.0, News-4.0.2, News-4.0.x
diff --git a/acinclude.m4 b/acinclude.m4
index 9c5fbfbbb78..3230a4b5788 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -771,7 +771,7 @@ AC_MSG_CHECKING(for OpenSSL)
 
 AC_DEFUN(MYSQL_CHECK_MYSQLFS, [
   AC_ARG_WITH([mysqlfs],
-              [\
+              [
   --with-mysqlfs          Include the corba-based MySQL file system],
               [mysqlfs="$withval"],
               [mysqlfs=no])
@@ -821,7 +821,7 @@ AC_SUBST(orbit_idl)
 ])
 
 AC_DEFUN([MYSQL_CHECK_ISAM], [
-  AC_ARG_WITH([isam], [\
+  AC_ARG_WITH([isam], [
   --without-isam          Disable the ISAM table type],
     [with_isam="$withval"],
     [with_isam=yes])
diff --git a/configure.in b/configure.in
index 90d534e9e18..970336af518 100644
--- a/configure.in
+++ b/configure.in
@@ -367,6 +367,7 @@ AC_PATH_PROG(HOSTNAME, hostname, hostname)
 # Check for a GNU tar named 'gtar', or 'gnutar' (MacOS X) and
 # fall back to 'tar' otherwise and hope that it's a GNU tar as well
 AC_CHECK_PROGS(TAR, gnutar gtar tar)
+
 dnl We use a path for perl so the script startup works
 dnl We make sure to use perl, not perl5, in hopes that the RPMs will
 dnl not depend on the perl5 binary being installed (probably a bug in RPM)
@@ -453,7 +454,11 @@ fi
 NOINST_LDFLAGS=
 
 AC_ARG_WITH(other-libc,
- [ --with-other-libc=/path/to/other/libc/dir Link against libc and other standard libraries installed in the specified non-standard location overriding default. Originally added to be able to link against glibc 2.2 without making the user upgrade the standard libc installation ],
+ [  --with-other-libc=DIR   Link against libc and other standard libraries 
+                          installed in the specified non-standard location 
+                          overriding default. Originally added to be able to
+                          link against glibc 2.2 without making the user 
+                          upgrade the standard libc installation.],
  [
    other_libc_include="$withval/include"
    other_libc_lib="$withval/lib"
@@ -504,7 +509,6 @@ AC_SUBST(NOINST_LDFLAGS)
 
 AC_ARG_WITH(server-suffix,
     [  --with-server-suffix    Append value to the version string.],
-    # I heard that 'cut' isn't portable.  Isn't there a better way?
     [ MYSQL_SERVER_SUFFIX=`echo "$withval" | sed -e  's/^\(...................................\)..*$/\1/'` ],
     [ MYSQL_SERVER_SUFFIX= ]
     )
@@ -629,11 +633,10 @@ AC_ARG_WITH(mysqld-user,
     )
 AC_SUBST(MYSQLD_USER)
 
-# If we should allove LOAD DATA LOCAL
+# If we should allow LOAD DATA LOCAL
 AC_MSG_CHECKING(if we should should enable LOAD DATA LOCAL by default)
 AC_ARG_ENABLE(local-infile,
-    [  --enable-local-infile
-                          Enable LOAD DATA LOCAL INFILE (default: disabled)],
+    [  --enable-local-infile   Enable LOAD DATA LOCAL INFILE (default: disabled)],
     [ ENABLED_LOCAL_INFILE=$enableval ],
     [ ENABLED_LOCAL_INFILE=no ]
     )
@@ -698,7 +701,7 @@ MYSQL_CHECK_ZLIB_WITH_COMPRESS($with_named_zlib)
 #--------------------------------------------------------------------
 
 AC_ARG_WITH(libwrap,
-[  --with-libwrap[=DIR]    Compile in libwrap (tcp_wrappers) support],[
+[  --with-libwrap[=DIR]      Compile in libwrap (tcp_wrappers) support],[
   case "$with_libwrap" in
   no) : ;;
   yes|*)
@@ -1000,9 +1003,9 @@ then
       if test "$IS_LINUX" = "true"
       then
 	AC_MSG_ERROR([This is a linux system and Linuxthreads was not
-found. On linux Linuxthreads should be used. So install Linuxthreads
-(or a new glibc) and try again. See the Installation chapter in the
-Reference Manual.])
+found. On linux Linuxthreads should be used.  Please install Linuxthreads
+(or a new glibc) and try again.  See the Installation chapter in the
+Reference Manual for more information.])
       else
 	AC_MSG_CHECKING("DEC threads")
         if test -f /usr/shlib/libpthread.so -a -f /usr/lib/libmach.a -a -f /usr/ccs/lib/cmplrs/cc/libexc.a
@@ -1360,6 +1363,7 @@ else
   DEBUG_OPTIMIZE_CXX=""
   OPTIMIZE_CXXFLAGS="-O"
 fi
+
 AC_ARG_WITH(debug,
     [  --without-debug         Build a production version without debugging code],
     [with_debug=$withval],
@@ -1743,7 +1747,7 @@ then
   AC_DEFINE(HAVE_READDIR_R)
 fi
 
-# Check definition av posix sigwait()
+# Check definition of posix sigwait()
 AC_CACHE_CHECK("style of sigwait", mysql_cv_sigwait,
 AC_TRY_LINK(
 [#if !defined(SCO) && !defined(__osf__)
@@ -1766,7 +1770,7 @@ fi
 if test "$mysql_cv_sigwait" != "POSIX"
 then
 unset mysql_cv_sigwait
-# Check definition av posix sigwait()
+# Check definition of posix sigwait()
 AC_CACHE_CHECK("style of sigwait", mysql_cv_sigwait,
 AC_TRY_LINK(
 [#if !defined(SCO) && !defined(__osf__)
@@ -1944,8 +1948,11 @@ CHARSETS_DEPRECATED="win1251"
 DEFAULT_CHARSET=latin1
 AC_DIVERT_POP
 
+dnl fix this later..
+dnl  [  --with-charset=CHARSET  Use CHARSET by default (one of: $CHARSETS_AVAILABLE; Default is $DEFAULT_CHARSET)],
+
 AC_ARG_WITH(charset,
-  [  --with-charset=CHARSET  Use CHARSET by default (one of: $CHARSETS_AVAILABLE; Default is $DEFAULT_CHARSET)],
+  [  --with-charset=CHARSET  Use CHARSET by default (Default is latin1)],
   [default_charset="$withval"],
   [default_charset="$DEFAULT_CHARSET"])
 
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 1c3b8083347..913e62050fa 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -22,6 +22,7 @@ bin_SCRIPTS =		@server_scripts@ \
 			mysql_fix_privilege_tables \
                         mysql_fix_extensions \
 			mysql_setpermission \
+			mysql_secure_installation \
 			mysql_zap \
 			mysqlaccess \
 			mysqlbug \
@@ -39,6 +40,7 @@ EXTRA_SCRIPTS =		make_binary_distribution.sh \
                         mysql_fix_extensions.sh \
 			mysql_install_db.sh \
 			mysql_setpermission.sh \
+			mysql_secure_installation.sh \
 			mysql_zap.sh \
 			mysqlaccess.sh \
 			mysqlbug.sh \
@@ -65,6 +67,7 @@ CLEANFILES =		@server_scripts@ \
 			mysql_fix_privilege_tables \
                         mysql_fix_extensions \
 			mysql_setpermission \
+			mysql_secure_installation \
 			mysql_zap \
 			mysqlaccess \
 			mysql_convert_table_format \
diff --git a/scripts/mysql_secure_installation.sh b/scripts/mysql_secure_installation.sh
new file mode 100644
index 00000000000..d6392c57731
--- /dev/null
+++ b/scripts/mysql_secure_installation.sh
@@ -0,0 +1,308 @@
+#!/bin/sh
+
+# Copyright (C) 2002 MySQL AB and Jeremy Cole
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+config=".my.cnf.$$"
+command=".mysql.$$"
+
+trap "interrupt" 2
+
+rootpass=""
+
+prepare() {
+    touch $config $command
+    chmod 600 $config $command
+}
+
+do_query() {
+    echo $1 >$command
+    mysql --defaults-file=$config <$command
+    return $?
+}
+
+make_config() {
+    echo "# mysql_secure_installation config file" >$config
+    echo "[mysql]" >>$config
+    echo "user=root" >>$config
+    echo "password=$rootpass" >>$config
+}
+
+get_root_password() {
+    status=1
+    while [ $status -eq 1 ]; do
+	stty -echo
+	echo -n "Enter current password for root (enter for none): "
+	read password
+	echo
+	stty echo
+	if [ "x$password" = "x" ]; then
+	    hadpass=0
+	else
+	    hadpass=1
+	fi
+	rootpass=$password
+	make_config
+	do_query ""
+	status=$?
+    done
+    echo "OK, successfully used password, moving on..."
+    echo
+}
+
+set_root_password() {
+    stty -echo
+    echo -n "New password: "
+    read password1
+    echo
+    echo -n "Re-enter new password: "
+    read password2
+    echo
+    stty echo
+
+    if [ "$password1" != "$password2" ]; then
+	echo "Sorry, passwords do not match."
+	echo
+	return 1
+    fi
+
+    if [ "$password1" = "" ]; then
+	echo "Sorry, you can't use an empty password here."
+	echo
+	return 1
+    fi
+
+    do_query "SET PASSWORD FOR root=PASSWORD('$password1');"
+    if [ $? -eq 0 ]; then
+	echo "Password updated successfully!"
+	echo
+	rootpass=$password1
+	make_config
+    else
+	echo "Password update failed!"
+	exit 1
+    fi
+
+    return 0
+}
+
+remove_anonymous_users() {
+    do_query "DELETE FROM mysql.user WHERE User='';"
+    if [ $? -eq 0 ]; then
+	echo " ... Success!"
+    else
+	echo " ... Failed!"
+	exit 1
+    fi
+
+    return 0
+}
+
+remove_remote_root() {
+    do_query "DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';"
+    if [ $? -eq 0 ]; then
+	echo " ... Success!"
+    else
+	echo " ... Failed!"
+    fi
+}
+
+remove_test_database() {
+    echo " - Dropping test database..."
+    do_query "DROP DATABASE test;"
+    if [ $? -eq 0 ]; then
+	echo " ... Success!"
+    else
+	echo " ... Failed!  Not critical, keep moving..."
+    fi
+
+    echo " - Removing privileges on test database..."
+    do_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
+    if [ $? -eq 0 ]; then
+	echo " ... Success!"
+    else
+	echo " ... Failed!  Not critical, keep moving..."
+    fi
+
+    return 0
+}
+
+reload_privilege_tables() {
+    do_query "FLUSH PRIVILEGES;"
+    if [ $? -eq 0 ]; then
+	echo " ... Success!"
+    else
+	echo " ... Failed!"
+    fi
+
+    return 0
+}
+
+interrupt() {
+    echo
+    echo "Aborting!"
+    echo
+    cleanup
+    stty echo
+    exit 1
+}
+
+cleanup() {
+    echo "Cleaning up..."
+    rm -f $config $command
+}
+
+
+# The actual script starts here
+
+prepare
+
+echo
+echo
+echo
+echo
+echo "NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL"
+echo "      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!"
+echo
+echo
+
+echo "In order to log into MySQL to secure it, we'll need the current"
+echo "password for the root user.  If you've just installed MySQL, and"
+echo "you haven't set the root password yet, the password will be blank,"
+echo "so you should just press enter here."
+echo
+
+get_root_password
+
+
+#
+# Set the root password
+#
+
+echo "Setting the root password ensures that nobody can log into the MySQL"
+echo "root user without the proper authorisation."
+echo
+
+if [ $hadpass -eq 0 ]; then
+    echo -n "Set root password? [Y/n] "
+else
+    echo "You already have a root password set, so you can safely answer 'n'."
+    echo
+    echo -n "Change the root password? [Y/n] "
+fi
+
+read reply
+if [ "$reply" = "n" ]; then
+    echo " ... skipping."
+else
+    status=1
+    while [ $status -eq 1 ]; do
+	set_root_password
+	status=$?
+    done
+fi
+echo
+
+
+#
+# Remove anonymous users
+#
+
+echo "By default, a MySQL installation has an anonymous user, allowing anyone"
+echo "to log into MySQL without having to have a user account created for"
+echo "them.  This is intended only for testing, and to make the installation"
+echo "go a bit smoother.  You should remove them before moving into a"
+echo "production environment."
+echo
+
+echo -n "Remove anonymous users? [Y/n] "
+
+read reply
+if [ "$reply" = "n" ]; then
+    echo " ... skipping."
+else
+    remove_anonymous_users
+fi
+echo
+
+
+#
+# Disallow remote root login
+#
+
+echo "Normally, root should only be allowed to connect from 'localhost'.  This"
+echo "ensures that someone cannot guess at the root password from the network."
+echo
+
+echo -n "Disallow root login remotely? [Y/n] "
+read reply
+if [ "$reply" = "n" ]; then
+    echo " ... skipping."
+else
+    remove_remote_root
+fi
+echo
+
+
+#
+# Remove test database
+#
+
+echo "By default, MySQL comes with a database named 'test' that anyone can"
+echo "access.  This is also intended only for testing, and should be removed"
+echo "before moving into a production environment."
+echo
+
+echo -n "Remove test database and access to it? [Y/n] "
+read reply
+if [ "$reply" = "n" ]; then
+    echo " ... skipping."
+else
+    remove_test_database
+fi
+echo
+
+
+#
+# Reload privilege tables
+#
+
+echo "Reloading the privilege tables will ensure that all changes made so far"
+echo "will take effect immediately."
+echo
+
+echo -n "Reload privilege tables now? [Y/n] "
+read reply
+if [ "$reply" = "n" ]; then
+    echo " ... skipping."
+else
+    reload_privilege_tables
+fi
+echo
+
+cleanup
+
+echo
+echo
+echo
+echo "All done!  If you've completed all of the above steps, your MySQL"
+echo "installation should now be secure."
+echo
+echo "Thanks for using MySQL!"
+echo
+echo
+
+
diff --git a/sql/handler.cc b/sql/handler.cc
index 7947ae5a9f0..25617d95075 100644
--- a/sql/handler.cc
+++ b/sql/handler.cc
@@ -316,7 +316,10 @@ int ha_commit_trans(THD *thd, THD_TRANS* trans)
       sql_print_error("Error: Got error during commit;  Binlog is not up to date!");
     thd->tx_isolation=thd->session_tx_isolation;
     if (operation_done)
+    {
       statistic_increment(ha_commit_count,&LOCK_status);
+      thd->transaction.cleanup();
+    }
   }
 #endif // using transactions
   DBUG_RETURN(error);
@@ -361,7 +364,10 @@ int ha_rollback_trans(THD *thd, THD_TRANS *trans)
     thd->transaction.trans_log.end_of_file= max_binlog_cache_size;
     thd->tx_isolation=thd->session_tx_isolation;
     if (operation_done)
+    {
       statistic_increment(ha_rollback_count,&LOCK_status);
+      thd->transaction.cleanup();
+    }
   }
 #endif /* USING_TRANSACTIONS */
   DBUG_RETURN(error);
diff --git a/sql/sql_cache.cc b/sql/sql_cache.cc
index b8dfda076c5..ec6f4cf2736 100644
--- a/sql/sql_cache.cc
+++ b/sql/sql_cache.cc
@@ -1073,7 +1073,8 @@ void Query_cache::invalidate(CHANGED_TABLE_LIST *tables_used)
       {
 	invalidate_table((byte*) tables_used->key, tables_used->key_length);
 	DBUG_PRINT("qcache", (" db %s, table %s", tables_used->key,
-			      tables_used->table_name));
+			      tables_used->key+
+			      strlen(tables_used->key)+1));
       }
     }
     STRUCT_UNLOCK(&structure_guard_mutex);
@@ -1994,7 +1995,7 @@ Query_cache_block *
 Query_cache::allocate_block(ulong len, my_bool not_less, ulong min,
 			    my_bool under_guard)
 {
-  DBUG_ENTER("Query_cache::allocate_n_lock_block");
+  DBUG_ENTER("Query_cache::allocate_block");
   DBUG_PRINT("qcache", ("len %lu, not less %d, min %lu, uder_guard %d",
 		      len, not_less,min,under_guard));
 
@@ -3060,7 +3061,8 @@ my_bool Query_cache::check_integrity(bool not_locked)
     DBUG_PRINT("qcache", ("block 0x%lx, type %u...", 
 			  (ulong) block, (uint) block->type));  
     // Check allignment
-    if ((ulonglong)block % ALIGN_SIZE(1))
+    if ((((ulonglong)block) % (ulonglong)ALIGN_SIZE(1)) !=
+	(((ulonglong)first_block) % (ulonglong)ALIGN_SIZE(1)))
     {
       DBUG_PRINT("error",
 		 ("block 0x%lx do not aligned by %d", (ulong) block,
diff --git a/sql/sql_class.cc b/sql/sql_class.cc
index c332181b410..84de7e6ad4a 100644
--- a/sql/sql_class.cc
+++ b/sql/sql_class.cc
@@ -345,11 +345,7 @@ CHANGED_TABLE_LIST* THD::changed_table_dup(TABLE *table)
 			     ALIGN_SIZE(sizeof(CHANGED_TABLE_LIST)));
   new_table->next = 0;
   new_table->key_length = table->key_length;
-  uint32 db_len = ((new_table->table_name =
-		    ::strmake(new_table->key, table->table_cache_key, 
-			      table->key_length) + 1) - new_table->key);
-  ::memcpy(new_table->key + db_len, table->table_cache_key + db_len,
-	   table->key_length - db_len);
+  ::memcpy(new_table->key, table->table_cache_key, table->key_length);
   return new_table;
 }
 
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index c5cfd3f1c85..f9ea184a159 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -2432,7 +2432,6 @@ mysql_execute_command(void)
     }
     else
       res= -1;
-    thd->transaction.cleanup();
     break;
   }
   case SQLCOM_ROLLBACK:
@@ -2447,7 +2446,6 @@ mysql_execute_command(void)
     else
       res= -1;
     thd->options&= ~(ulong) (OPTION_BEGIN | OPTION_STATUS_NO_TRANS_UPDATE);
-    thd->transaction.cleanup();
     break;
   default:					/* Impossible */
     send_ok(&thd->net);
diff --git a/sql/table.h b/sql/table.h
index 209333c24b7..78f80045b21 100644
--- a/sql/table.h
+++ b/sql/table.h
@@ -154,7 +154,7 @@ typedef struct st_table_list {
 
 typedef struct st_changed_table_list {
   struct	st_changed_table_list *next;
-  char		*key, *table_name;
+  char		*key;
   uint32        key_length;
 } CHANGED_TABLE_LIST;