Refs codership/mysql-wsrep#141: this commit

1. Passes wsrep_sst_auth_value to SST scripts via WSREP_SST_OPT_AUTH envronmental variable, so it never appears on the command line 2. In mysqldump and xtrabackup* SST scripts which rely on MySQL authentication, instead of passing password on the command line, SST script sets MYSQL_PWD environment variable, so that password also never appears on the mysqldump/innobackupex command line.
author: Alexey Yurchenko <ayurchen@gmail.com> 2015-06-06 01:08:41 +0300
committer: Nirbhay Choubey <nirbhay@mariadb.com> 2015-09-09 17:02:26 -0400
commit: d78110e7fae1588afcb6bc5ea08be0d84ee18857 (patch)
tree: 470b8791eddc944fd2408de44ccf80546452fba1 /scripts
parent: 4f4f3a5e328524bf1b467a1885b0a21a4e995d9b (diff)
download: mariadb-git-d78110e7fae1588afcb6bc5ea08be0d84ee18857.tar.gz
5 files changed, 59 insertions, 40 deletions
diff --git a/scripts/wsrep_sst_common.sh b/scripts/wsrep_sst_common.sh
index 2546074f7bd..ec582c4840d 100644
--- a/scripts/wsrep_sst_common.sh
+++ b/scripts/wsrep_sst_common.sh
@@ -1,4 +1,4 @@
-# Copyright (C) 2012-2014 Codership Oy
+# Copyright (C) 2012-2015 Codership Oy
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,7 +20,9 @@ set -u
 
 WSREP_SST_OPT_BYPASS=0
 WSREP_SST_OPT_DATA=""
-WSREP_SST_OPT_AUTH=""
+WSREP_SST_OPT_AUTH=${WSREP_SST_OPT_AUTH:-}
+WSREP_SST_OPT_USER=${WSREP_SST_OPT_USER:-}
+WSREP_SST_OPT_PSWD=${WSREP_SST_OPT_PSWD:-}
 
 while [ $# -gt 0 ]; do
 case "$1" in
@@ -28,10 +30,6 @@ case "$1" in
         readonly WSREP_SST_OPT_ADDR="$2"
         shift
         ;;
-    '--auth')
-        WSREP_SST_OPT_AUTH="$2"
-        shift
-        ;;
     '--bypass')
         WSREP_SST_OPT_BYPASS=1
         ;;
@@ -114,12 +112,30 @@ else
     MY_PRINT_DEFAULTS=$(which my_print_defaults)
 fi
 
+wsrep_auth_not_set()
+{
+    [ -z "$WSREP_SST_OPT_AUTH" -o "$WSREP_SST_OPT_AUTH" = "(null)" ]
+}
+
 # For Bug:1200727
-if $MY_PRINT_DEFAULTS -c $WSREP_SST_OPT_CONF sst | grep -q "wsrep_sst_auth";then
-    if [ -z "$WSREP_SST_OPT_AUTH" -o "$WSREP_SST_OPT_AUTH" = "(null)" ];then
-            WSREP_SST_OPT_AUTH=$(my_print_defaults -c $WSREP_SST_OPT_CONF sst | grep -- "--wsrep_sst_auth" | cut -d= -f2)
+if $MY_PRINT_DEFAULTS -c $WSREP_SST_OPT_CONF sst | grep -q "wsrep_sst_auth"
+then
+    if wsrep_auth_not_set
+    then
+        WSREP_SST_OPT_AUTH=$(MY_PRINT_DEFAULTS -c $WSREP_SST_OPT_CONF sst | grep -- "--wsrep_sst_auth" | cut -d= -f2)
     fi
 fi
+readonly WSREP_SST_OPT_AUTH
+
+# Splitting AUTH into potential user:password pair
+if ! wsrep_auth_not_set
+then
+    readonly AUTH_VEC=(${WSREP_SST_OPT_AUTH//:/ })
+    [ -n "${AUTH_VEC[0]}" ] && WSREP_SST_OPT_USER="${AUTH_VEC[0]}"
+    [ -n "${AUTH_VEC[1]}" ] && WSREP_SST_OPT_PSWD="${AUTH_VEC[1]}"
+fi
+readonly WSREP_SST_OPT_USER
+readonly WSREP_SST_OPT_PSWD
 
 if [ -n "${WSREP_SST_OPT_DATA:-}" ]
 then
@@ -128,7 +144,6 @@ else
     SST_PROGRESS_FILE=""
 fi
 
-
 wsrep_log()
 {
     # echo everything to stderr so that it gets into common error log
diff --git a/scripts/wsrep_sst_mysqldump.sh b/scripts/wsrep_sst_mysqldump.sh
index e21e1cd01bc..b470ea6095b 100644
--- a/scripts/wsrep_sst_mysqldump.sh
+++ b/scripts/wsrep_sst_mysqldump.sh
@@ -1,5 +1,5 @@
-#!/bin/bash -e
-# Copyright (C) 2009 Codership Oy
+#!/bin/bash -ue
+# Copyright (C) 2009-2015 Codership Oy
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -38,7 +38,6 @@ local_ip()
     return 1
 }
 
-if test -z "$WSREP_SST_OPT_USER";  then wsrep_log_error "USER cannot be nil";  exit $EINVAL; fi
 if test -z "$WSREP_SST_OPT_HOST";  then wsrep_log_error "HOST cannot be nil";  exit $EINVAL; fi
 if test -z "$WSREP_SST_OPT_PORT";  then wsrep_log_error "PORT cannot be nil";  exit $EINVAL; fi
 if test -z "$WSREP_SST_OPT_LPORT"; then wsrep_log_error "LPORT cannot be nil"; exit $EINVAL; fi
@@ -54,7 +53,7 @@ then
 fi
 
 # Check client version
-CLIENT_MINOR=$(mysql --version | cut -d ' ' -f 6 | cut -d '.' -f 2)
+CLIENT_MINOR=$($MYSQL_CLIENT --version | cut -d ' ' -f 6 | cut -d '.' -f 2)
 if [ $CLIENT_MINOR -lt "5" ]
 then
     $MYSQL_CLIENT --version >&2
@@ -62,13 +61,18 @@ then
     exit $EINVAL
 fi
 
-# For Bug:1293798
-if [ -z "$WSREP_SST_OPT_PSWD" -a -n "$WSREP_SST_OPT_AUTH" ]; then
-    WSREP_SST_OPT_USER=$(echo $WSREP_SST_OPT_AUTH | cut -d: -f1)
-    WSREP_SST_OPT_PSWD=$(echo $WSREP_SST_OPT_AUTH | cut -d: -f2)
-fi
-AUTH="-u$WSREP_SST_OPT_USER"
-if test -n "$WSREP_SST_OPT_PSWD"; then AUTH="$AUTH -p$WSREP_SST_OPT_PSWD"; fi
+[ -n "$WSREP_SST_OPT_USER" ] && AUTH="-u$WSREP_SST_OPT_USER" || AUTH=
+
+# Refs https://github.com/codership/mysql-wsrep/issues/141
+# Passing password in MYSQL_PWD environment variable is considered
+# "extremely insecure" by MySQL Guidelines for Password Security
+# (https://dev.mysql.com/doc/refman/5.6/en/password-security-user.html)
+# that is even less secure than passing it on a command line! It is doubtful:
+# the whole command line is easily observable by any unprivileged user via ps,
+# whereas (at least on Linux) unprivileged user can't see process environment
+# that he does not own. So while it may be not secure in the NSA sense of the
+# word, it is arguably more secure than passing password on the command line.
+[ -n "$WSREP_SST_OPT_PSWD" ] && export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
 
 STOP_WSREP="SET wsrep_on=OFF;"
 
@@ -104,10 +108,10 @@ MYSQL="$MYSQL_CLIENT $AUTH -h$WSREP_SST_OPT_HOST -P$WSREP_SST_OPT_PORT "\
 # need to disable logging when loading the dump
 # reason is that dump contains ALTER TABLE for log tables, and
 # this causes an error if logging is enabled
-GENERAL_LOG_OPT=`$MYSQL --skip-column-names -e"$STOP_WSREP SELECT @@GENERAL_LOG"`
-SLOW_LOG_OPT=`$MYSQL --skip-column-names -e"$STOP_WSREP SELECT @@SLOW_QUERY_LOG"`
-$MYSQL -e"$STOP_WSREP SET GLOBAL GENERAL_LOG=OFF"
-$MYSQL -e"$STOP_WSREP SET GLOBAL SLOW_QUERY_LOG=OFF"
+GENERAL_LOG_OPT=`$MYSQL --skip-column-names -e "$STOP_WSREP SELECT @@GENERAL_LOG"`
+SLOW_LOG_OPT=`$MYSQL --skip-column-names -e "$STOP_WSREP SELECT @@SLOW_QUERY_LOG"`
+$MYSQL -e "$STOP_WSREP SET GLOBAL GENERAL_LOG=OFF"
+$MYSQL -e "$STOP_WSREP SET GLOBAL SLOW_QUERY_LOG=OFF"
 
 # commands to restore log settings
 RESTORE_GENERAL_LOG="SET GLOBAL GENERAL_LOG=$GENERAL_LOG_OPT;"
diff --git a/scripts/wsrep_sst_rsync.sh b/scripts/wsrep_sst_rsync.sh
index 494ed4b5c02..3202087f526 100644
--- a/scripts/wsrep_sst_rsync.sh
+++ b/scripts/wsrep_sst_rsync.sh
@@ -32,8 +32,8 @@ wsrep_check_programs rsync
 
 cleanup_joiner()
 {
-    wsrep_log_info "Joiner cleanup."
     local PID=$(cat "$RSYNC_PID" 2>/dev/null || echo 0)
+    wsrep_log_info "Joiner cleanup. rsync PID: $PID"
     [ "0" != "$PID" ] && kill $PID && sleep 0.5 && kill -9 $PID >/dev/null 2>&1 \
     || :
     rm -rf "$RSYNC_CONF"
diff --git a/scripts/wsrep_sst_xtrabackup-v2.sh b/scripts/wsrep_sst_xtrabackup-v2.sh
index 9af5c758a17..5339fd721da 100644
--- a/scripts/wsrep_sst_xtrabackup-v2.sh
+++ b/scripts/wsrep_sst_xtrabackup-v2.sh
@@ -77,7 +77,6 @@ pcmd="pv $pvopts"
 declare -a RC
 
 INNOBACKUPEX_BIN=innobackupex
-readonly AUTH=(${WSREP_SST_OPT_AUTH//:/ })
 DATA="${WSREP_SST_OPT_DATA}"
 INFO_FILE="xtrabackup_galera_info"
 IST_FILE="xtrabackup_ist"
@@ -576,13 +575,14 @@ then
         itmpdir=$(mktemp -d)
         wsrep_log_info "Using $itmpdir as innobackupex temporary directory"
 
-        if [ "${AUTH[0]}" != "(null)" ]; then
-           INNOEXTRA+=" --user=${AUTH[0]}"
-       fi
+        if [ "$WSREP_SST_OPT_USER" != "(null)" ]; then
+           INNOEXTRA+=" --user=$WSREP_SST_OPT_USER"
+        fi
 
-        if [ ${#AUTH[*]} -eq 2 ]; then
-           INNOEXTRA+=" --password=${AUTH[1]}"
-        elif [ "${AUTH[0]}" != "(null)" ]; then
+        if [ -n "$WSREP_SST_OPT_PSWD" ]; then
+#           INNOEXTRA+=" --password=$WSREP_SST_OPT_PSWD"
+           export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
+        else
            # Empty password, used for testing, debugging etc.
            INNOEXTRA+=" --password="
         fi
diff --git a/scripts/wsrep_sst_xtrabackup.sh b/scripts/wsrep_sst_xtrabackup.sh
index 044f9995580..9c264586149 100644
--- a/scripts/wsrep_sst_xtrabackup.sh
+++ b/scripts/wsrep_sst_xtrabackup.sh
@@ -61,7 +61,6 @@ pcmd="pv $pvopts"
 declare -a RC
 
 INNOBACKUPEX_BIN=innobackupex
-readonly AUTH=(${WSREP_SST_OPT_AUTH//:/ })
 DATA="${WSREP_SST_OPT_DATA}"
 INFO_FILE="xtrabackup_galera_info"
 IST_FILE="xtrabackup_ist"
@@ -435,13 +434,14 @@ then
     then
         TMPDIR="${TMPDIR:-/tmp}"
 
-        if [ "${AUTH[0]}" != "(null)" ]; then
-           INNOEXTRA+=" --user=${AUTH[0]}"
-       fi
+        if [ "$WSREP_SST_OPT_USER" != "(null)" ]; then
+           INNOEXTRA+=" --user=$WSREP_SST_OPT_USER"
+        fi
 
-        if [ ${#AUTH[*]} -eq 2 ]; then
-           INNOEXTRA+=" --password=${AUTH[1]}"
-        elif [ "${AUTH[0]}" != "(null)" ]; then
+        if [ -n "$WSREP_SST_OPT_PSWD"  ]; then
+#           INNOEXTRA+=" --password=$WSREP_SST_OPT_PSWD"
+           export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
+        else
            # Empty password, used for testing, debugging etc.
            INNOEXTRA+=" --password="
         fi
author	Alexey Yurchenko <ayurchen@gmail.com>	2015-06-06 01:08:41 +0300
committer	Nirbhay Choubey <nirbhay@mariadb.com>	2015-09-09 17:02:26 -0400
commit	d78110e7fae1588afcb6bc5ea08be0d84ee18857 (patch)
tree	470b8791eddc944fd2408de44ccf80546452fba1 /scripts
parent	4f4f3a5e328524bf1b467a1885b0a21a4e995d9b (diff)
download	mariadb-git-d78110e7fae1588afcb6bc5ea08be0d84ee18857.tar.gz