diff --git a/sql/auth/sql_authentication.cc b/sql/auth/sql_authentication.cc index 882f0d317f3..40098752ec5 100644 --- a/sql/auth/sql_authentication.cc +++ b/sql/auth/sql_authentication.cc @@ -105,6 +105,9 @@ struct MEM_ROOT; #include #include +#define ALT_CHROOT +//#define ALT_CHROOT_DBG + /** @file sql_authentication.cc @@ -915,6 +918,11 @@ bool opt_auto_generate_certs = true; bool auth_rsa_auto_generate_rsa_keys = true; +#ifdef ALT_CHROOT +const char *auth_rsa_private_key_path_buf[] = {"private_key.pem"}; +const char *auth_rsa_public_key_path_buf[] = {"public_key.pem"}; +#endif /* ALT_CHROOT */ + static bool do_auto_rsa_keys_generation(); char *auth_rsa_private_key_path; @@ -943,6 +951,17 @@ void Rsa_authentication_keys::get_key_file_path(char *key, If a fully qualified path is entered use that, else assume the keys are stored in the data directory. */ +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: get_key_file_path() 1/3:\n"\ + "# key = '%s';\n"\ + "# key_file_path = '%s';\n"\ + "# mysql_real_data_home = '%s';\n"\ + "# auth_rsa_private_key_path = '%s';\n"\ + "##################################\n",\ + key, key_file_path->c_ptr(), + mysql_real_data_home, + auth_rsa_private_key_path); +#endif /* ALT_CHROOT_DBG */ if (strchr(key, FN_LIBCHAR) != nullptr #ifdef _WIN32 || strchr(key, FN_LIBCHAR2) != NULL @@ -950,7 +969,25 @@ void Rsa_authentication_keys::get_key_file_path(char *key, ) key_file_path->set_quick(key, strlen(key), system_charset_info); else { +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: get_key_file_path() 2/3:\n"\ + "# key = '%s';\n"\ + "# key_file_path = '%s';\n"\ + "# mysql_real_data_home = '%s';\n"\ + "##################################\n",\ + key, key_file_path->c_ptr(), + mysql_real_data_home); +#endif /* ALT_CHROOT_DBG */ key_file_path->append(mysql_real_data_home, strlen(mysql_real_data_home)); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: get_key_file_path() 3/3:\n"\ + "# key = '%s';\n"\ + "# key_file_path = '%s';\n"\ + "# mysql_real_data_home = '%s';\n"\ + "##################################\n",\ + key, key_file_path->c_ptr(), + mysql_real_data_home); +#endif /* ALT_CHROOT_DBG */ if ((*key_file_path)[key_file_path->length()] != FN_LIBCHAR) key_file_path->append(FN_LIBCHAR); key_file_path->append(key); @@ -985,6 +1022,15 @@ bool Rsa_authentication_keys::read_key_file(RSA **key_ptr, bool is_priv_key, get_key_file_path(key, &key_file_path); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: read_key_file(%s) 1/1: \n"\ + "# key_file_path:%s;\n"\ + "# mysql_real_data_home %s.\n"\ + "###############################\n",\ + key_type,\ + key_file_path.c_ptr(),\ + mysql_real_data_home); +#endif /* ALT_CHROOT_DBG */ /* Check for existance of private key/public key file. */ @@ -1068,6 +1114,11 @@ bool Rsa_authentication_keys::read_rsa_keys() { RSA *rsa_public_key_ptr = nullptr; char *pub_key_buff = nullptr; +#ifdef ALT_CHROOT + *m_private_key_path = (char *)auth_rsa_private_key_path_buf[0]; + *m_public_key_path = (char *)auth_rsa_public_key_path_buf[0]; +#endif /* ALT_CHROOT */ + if ((strlen(*m_private_key_path) == 0) && (strlen(*m_public_key_path) == 0)) { LogErr(INFORMATION_LEVEL, ER_AUTH_RSA_FILES_NOT_FOUND); return false; @@ -4898,6 +4949,9 @@ bool create_x509_certificate(RSA_generator_func &rsa_gen, const Sql_string_t cn, X509_gen x509_gen; MY_MODE file_creation_mode = get_file_perm(USER_READ | USER_WRITE); +#ifdef ALT_CHROOT_DBG + DBUG_PRINT("info",("x509 generator = %s", key_filename.c_str())); +#endif /* ALT_CHROOT_DBG */ x509_key_file_ostream = filecr(key_filename, file_creation_mode); /* Generate private key for X509 certificate */ @@ -5043,6 +5097,11 @@ bool create_RSA_key_pair(RSA_generator_func &rsa_gen, goto end; } +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: autogen RSA 1/2 priv key = '%s';",\ + priv_key_filename.c_str()); +#endif /* ALT_CHROOT_DBG */ + priv_key_file_ostream = filecr(priv_key_filename, file_creation_mode); (*priv_key_file_ostream) << rsa_priv_key_write(rsa); @@ -5060,6 +5119,11 @@ bool create_RSA_key_pair(RSA_generator_func &rsa_gen, goto end; } +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg autogen RSA 2/2 pub key = '%s'.",\ + pub_key_filename.c_str()); +#endif /* ALT_CHROOT_DBG */ + pub_key_file_ostream = filecr(pub_key_filename); (*pub_key_file_ostream) << rsa_pub_key_write(rsa); DBUG_EXECUTE_IF("cert_pub_key_write_error", @@ -5182,6 +5246,30 @@ bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status, } /* Create and write the certa and keys on disk */ +#ifdef ALT_CHROOT + Sql_string_t alt_srv_key_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_SERVER_KEY; + Sql_string_t alt_clt_key_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_CLIENT_KEY; + Sql_string_t alt_srv_ca_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_SERVER_CERT; + Sql_string_t alt_clt_ca_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_CLIENT_CERT; + Sql_string_t alt_ca_key_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_CA_KEY; + Sql_string_t alt_ca_cert_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_CA_CERT; + + if ((create_x509_certificate(rsa_gen, ca_name, 1, alt_ca_cert_filename, + alt_ca_key_filename, fcr) == false) || + (create_x509_certificate(rsa_gen, server_name, 2, + alt_srv_ca_filename, + alt_srv_key_filename, fcr, + alt_ca_key_filename, + alt_ca_cert_filename) == false) || + (create_x509_certificate(rsa_gen, client_name, 3, + alt_clt_ca_filename, + alt_clt_key_filename, fcr, + alt_ca_key_filename, + alt_ca_cert_filename) == false)) + { + return false; + } +#else if ((create_x509_certificate(rsa_gen, ca_name, 1, DEFAULT_SSL_CA_CERT, DEFAULT_SSL_CA_KEY, fcr) == false) || (create_x509_certificate( @@ -5194,6 +5282,7 @@ bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status, DEFAULT_SSL_CA_CERT) == false)) { return false; } +#endif /* ALT_CHROOT */ *ssl_ca = DEFAULT_SSL_CA_CERT; *ssl_cert = DEFAULT_SSL_SERVER_CERT; *ssl_key = DEFAULT_SSL_SERVER_KEY; @@ -5222,15 +5311,68 @@ bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status, static bool generate_rsa_keys(bool auto_generate, const char *priv_key_path, const char *pub_key_path, const char *message) { DBUG_TRACE; +#ifdef ALT_CHROOT + //--------- force init paths + // It seems to be some issue with initializing auth_rsa_(private/public)_key_path + // with default values(sha256_password_private_key_path, + // sha256_password_public_key_path) + // TODO: sha256_password plugin usage to check if initialization is fixed + // which causes SIGSEG during NULL pointer dereference in strcmp() func + // ALT_CHROOT TODO: need to remove this after problem root cause is solved + auth_rsa_private_key_path = (char *)auth_rsa_private_key_path_buf[0]; + auth_rsa_public_key_path = (char *) auth_rsa_public_key_path_buf[0]; + //---------- end force paths +#endif /* ALT_CHROOT */ if (auto_generate) { MY_STAT priv_stat, pub_stat; +#ifdef ALT_CHROOT + char alt_rsa_private_key_path[FN_REFLEN]; + char alt_rsa_public_key_path[FN_REFLEN]; + // complete the path to working data directory for private key + strcpy(alt_rsa_private_key_path, (char *)mysql_real_data_home); + strcat(alt_rsa_private_key_path, (char *)AUTH_DEFAULT_RSA_PRIVATE_KEY); + + // complete the path to working data directory for public key + strcpy(alt_rsa_public_key_path, (char *)mysql_real_data_home); + strcat(alt_rsa_public_key_path, (char *)AUTH_DEFAULT_RSA_PUBLIC_KEY); + +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: do_auto_rsa_keys_generation(): 1/1\n"\ + "# alt_rsa_private_key_path = '%s';\n"\ + "# alt_rsa_public_key_path= '%s'.\n"\ + "#######################################\n",\ + alt_rsa_private_key_path, alt_rsa_public_key_path); + + // NULL pointer workaround start + //--- ALT_CHROOT TODO: need to remove this after problem root cause is solved + if(auth_rsa_private_key_path==NULL || auth_rsa_public_key_path==NULL) + { + sql_print_error("# ALTDbg RSA keys' pointers NULL detected. Aborting!\n\n"); + unireg_abort(1); + return false; + } + // workaround finish +#endif /* ALT_CHROOT_DBG */ +#endif /* ALT_CHROOT */ + +#ifdef ALT_CHROOT + if ((auth_rsa_private_key_path!=NULL && auth_rsa_public_key_path!=NULL) && + (strcmp(auth_rsa_private_key_path, AUTH_DEFAULT_RSA_PRIVATE_KEY) || + strcmp(auth_rsa_public_key_path, AUTH_DEFAULT_RSA_PUBLIC_KEY))) { +#else if (strcmp(priv_key_path, AUTH_DEFAULT_RSA_PRIVATE_KEY) || strcmp(pub_key_path, AUTH_DEFAULT_RSA_PUBLIC_KEY)) { +#endif /*ALT_CHROOT*/ LogErr(INFORMATION_LEVEL, ER_AUTH_RSA_CONF_PREVENTS_KEY_GENERATION, message); return true; +#ifdef ALT_CHROOT + } else if (my_stat(alt_rsa_private_key_path, &priv_stat, MYF(0)) || + my_stat(alt_rsa_public_key_path, &pub_stat, MYF(0))) { +#else } else if (my_stat(AUTH_DEFAULT_RSA_PRIVATE_KEY, &priv_stat, MYF(0)) || my_stat(AUTH_DEFAULT_RSA_PUBLIC_KEY, &pub_stat, MYF(0))) { +#endif LogErr(INFORMATION_LEVEL, ER_AUTH_KEY_GENERATION_SKIPPED_PAIR_PRESENT, message); return true; @@ -5240,8 +5382,13 @@ static bool generate_rsa_keys(bool auto_generate, const char *priv_key_path, /* Initialize the file creator. */ File_creator fcr; +#ifdef ALT_CHROOT + if (create_RSA_key_pair(rsa_gen, alt_rsa_private_key_path, alt_rsa_public_key_path, + fcr) == false) +#else if (create_RSA_key_pair(rsa_gen, "private_key.pem", "public_key.pem", fcr) == false) +#endif /* ALT_CHROOT */ return false; LogErr(INFORMATION_LEVEL, ER_AUTH_KEYS_SAVED_TO_DATADIR, message); diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 682e8d5ae13..a6277213732 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -1040,6 +1040,13 @@ The documentation is based on the source files such as: #include "sql/server_component/persistent_dynamic_loader_imp.h" #include "sql/srv_session.h" +#define ALT_CHROOT +//#define ALT_CHROOT_DBG + +#ifdef ALT_CHROOT +#include // For tzset(3) +#endif + using std::max; using std::min; using std::vector; @@ -2814,11 +2821,22 @@ static void set_effective_user(const PasswdValue &user_info_arg) { /** Change root user if started with @c --chroot . */ static void set_root(const char *path) { +#ifdef ALT_CHROOT + tzset(); +#endif if (chroot(path) == -1) { LogErr(ERROR_LEVEL, ER_FAIL_CHROOT, strerror(errno)); unireg_abort(MYSQLD_ABORT_EXIT); } +#ifndef ALT_CHROOT my_setwd("/", MYF(0)); +#else + if (chdir("/") == -1) + { + sql_print_error("chdir"); + unireg_abort(1); + } +#endif } #endif // !_WIN32 @@ -6779,6 +6797,46 @@ int mysqld_main(int argc, char **argv) exit(MYSQLD_ABORT_EXIT); } +#ifdef ALT_CHROOT +#if !defined(_WIN32) + + if (opt_initialize && opt_daemonize) { + fprintf(stderr, "Initialize and daemon options are incompatible.\n"); + unireg_abort(MYSQLD_ABORT_EXIT); + } + + if (opt_daemonize && log_error_dest == disabled_my_option && + (isatty(STDOUT_FILENO) || isatty(STDERR_FILENO))) { + // Just use the default in this case. + log_error_dest = ""; + } + + if (opt_daemonize && !opt_validate_config) { + if (chdir("/") < 0) { + LogErr(ERROR_LEVEL, ER_CANNOT_CHANGE_TO_ROOT_DIR, strerror(errno)); + unireg_abort(MYSQLD_ABORT_EXIT); + } + + if ((pipe_write_fd = mysqld::runtime::mysqld_daemonize()) < -1) { + LogErr(ERROR_LEVEL, ER_FAILED_START_MYSQLD_DAEMON); + unireg_abort(MYSQLD_ABORT_EXIT); + } + + if (pipe_write_fd < 0) { + // This is the launching process and the daemon appears to have + // started ok (Need to call unireg_abort with success here to + // clean up resources in the lauching process. + unireg_abort(MYSQLD_SUCCESS_EXIT); + } + + // Need to update the value of current_pid so that it reflects the + // pid of the daemon (the previous value was set by unireg_init() + // while still in the launcher process. + current_pid = static_cast(getpid()); + } +#endif +#endif /* ALT_CHROOT */ + if (init_common_variables()) { setup_error_log(); unireg_abort(MYSQLD_ABORT_EXIT); // Will do exit @@ -6828,6 +6886,12 @@ int mysqld_main(int argc, char **argv) srand(static_cast(time(nullptr))); #endif +#ifdef ALT_CHROOT + if (init_ssl_communication()) unireg_abort(MYSQLD_ABORT_EXIT); + if (network_init()) unireg_abort(MYSQLD_ABORT_EXIT); +#endif + +#ifndef ALT_CHROOT #if !defined(_WIN32) if (opt_initialize && opt_daemonize) { @@ -6865,9 +6929,12 @@ int mysqld_main(int argc, char **argv) current_pid = static_cast(getpid()); } #endif +#endif /* ALT_CHROOT */ #ifndef _WIN32 +#ifndef ALT_CHROOT user_info = check_user(mysqld_user); +#endif if (!user_info.IsVoid()) { #if HAVE_CHOWN if (unlikely(opt_initialize)) { @@ -7098,8 +7165,10 @@ int mysqld_main(int argc, char **argv) (void)RUN_HOOK(server_state, after_engine_recovery, (nullptr)); } +#ifndef ALT_CHROOT if (init_ssl_communication()) unireg_abort(MYSQLD_ABORT_EXIT); if (network_init()) unireg_abort(MYSQLD_ABORT_EXIT); +#endif #ifdef _WIN32 if (opt_require_secure_transport && !opt_enable_shared_memory && @@ -10272,10 +10341,27 @@ static int get_options(int *argc_ptr, char ***argv_ptr) { /* Set global MyISAM variables from delay_key_write_options */ fix_delay_key_write(nullptr, nullptr, OPT_GLOBAL); +#ifdef ALT_CHROOT + if (fix_paths()) + return 1; + user_info = check_user(mysqld_user); +#endif + #ifndef _WIN32 +#ifdef ALT_CHROOT_DBG + if (mysqld_chroot) + { + sql_print_warning("####ALT Debug: Going to chroot with '%s' path",\ + mysqld_chroot); + set_root(mysqld_chroot); + } +#else if (mysqld_chroot) set_root(mysqld_chroot); +#endif /* ALT_CHROOT_DBG */ #endif +#ifndef ALT_CHROOT if (fix_paths()) return 1; +#endif /* Set some global variables from the global_system_variables @@ -10554,9 +10640,20 @@ static bool check_secure_file_priv_path() { static int fix_paths(void) { char buff[FN_REFLEN]; bool secure_file_priv_nonempty = false; +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: fix_path() check transformations:"); + sql_print_information("# ALTDbg: 1 mysqlhome ='%s';", mysql_home); +#endif /* ALT_CHROOT_DBG */ convert_dirname(mysql_home, mysql_home, NullS); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: 2 mysqlhome = '%s'", mysql_home); +#endif /* ALT_CHROOT_DBG */ /* Resolve symlinks to allow 'mysql_home' to be a relative symlink */ my_realpath(mysql_home, mysql_home, MYF(0)); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: 3 mysqlhome = '%s';", mysql_home); +#endif /* ALT_CHROOT_DBG */ + /* Ensure that mysql_home ends in FN_LIBCHAR */ char *pos = strend(mysql_home); if (pos == mysql_home || pos[-1] != FN_LIBCHAR) { @@ -10564,19 +10661,53 @@ static int fix_paths(void) { pos[1] = 0; } convert_dirname(lc_messages_dir, lc_messages_dir, NullS); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: 4 mysql_real_data_home = '%s'",\ + mysql_real_data_home); +#endif /* ALT_CHROOT_DBG */ convert_dirname(mysql_real_data_home, mysql_real_data_home, NullS); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: 5 mysql_real_data_home = '%s';",\ + mysql_real_data_home); +#endif /* ALT_CHROOT_DBG */ (void)my_load_path(mysql_home, mysql_home, ""); // Resolve current dir +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: 6 mysqlhome = '%s';", mysql_home); +#endif /* ALT_CHROOT_DBG */ (void)my_load_path(mysql_real_data_home, mysql_real_data_home, mysql_home); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: 7 mysql_real_data_home = '%s';",\ + mysql_real_data_home); + sql_print_information("# ALTDbg: 8 pidfile_name='%s';", pidfile_name); +#endif /* ALT_CHROOT_DBG */ (void)my_load_path(pidfile_name, pidfile_name_ptr, mysql_real_data_home); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: 9 pidfile_name= '%s';", pidfile_name); + sql_print_information("# ALTDbg: A opt_plugin_dir = '%s';", opt_plugin_dir); +#endif /* ALT_CHROOT_DBG */ convert_dirname( opt_plugin_dir, opt_plugin_dir_ptr ? opt_plugin_dir_ptr : get_relative_path(PLUGINDIR), NullS); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: B opt_plugin_dir = '%s';", opt_plugin_dir); +#endif /* ALT_CHROOT_DBG */ (void)my_load_path(opt_plugin_dir, opt_plugin_dir, mysql_home); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: C opt_plugin_dir =%s", opt_plugin_dir); +#endif /* ALT_CHROOT_DBG */ opt_plugin_dir_ptr = opt_plugin_dir; +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: D mysql_real_data_home=%s",\ + mysql_real_data_home); +#endif /* ALT_CHROOT_DBG */ my_realpath(mysql_unpacked_real_data_home, mysql_real_data_home, MYF(0)); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: E mysql_unpacked_real_data_home=%s",\ + mysql_unpacked_real_data_home); +#endif /* ALT_CHROOT_DBG */ mysql_unpacked_real_data_home_len = strlen(mysql_unpacked_real_data_home); if (mysql_unpacked_real_data_home[mysql_unpacked_real_data_home_len - 1] == FN_LIBCHAR) diff --git a/sql/ssl_acceptor_context_data.cc b/sql/ssl_acceptor_context_data.cc index d2b1b0c50a9..0169c52ece6 100644 --- a/sql/ssl_acceptor_context_data.cc +++ b/sql/ssl_acceptor_context_data.cc @@ -35,6 +35,8 @@ #include "sql/ssl_acceptor_context_data.h" +//#define ALT_CHROOT_DBG + /* Helpers */ static const char *verify_store_cert(SSL_CTX *ctx, SSL *ssl) { const char *result = nullptr; @@ -132,6 +134,20 @@ Ssl_acceptor_context_data::Ssl_acceptor_context_data( ¤t_key_, ¤t_crl_, ¤t_crlpath_); } +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: \ + current_key_=%s, current_cert_=%s, \ + current_ca_=%s, current_capath_=%s, \ + current_cipher_=%s,current_crl_=%s, \ + current_crlpath_=%s, current_version_=%s, \ + current_ciphersuites_=%s", + current_key_.c_str(), current_cert_.c_str(), + current_ca_.c_str(), current_capath_.c_str(), + current_cipher_.c_str(), current_crl_.c_str(), + current_crlpath_.c_str(), current_version_.c_str(), + current_ciphersuites_.c_str()); +#endif /*ALT_CHROOT_DBG */ + if (use_ssl_arg) { ssl_acceptor_fd_ = new_VioSSLAcceptorFd( current_key_.c_str(), current_cert_.c_str(), current_ca_.c_str(), diff --git a/sql/ssl_init_callback.cc b/sql/ssl_init_callback.cc index 7acaef78200..86df1af6a22 100644 --- a/sql/ssl_init_callback.cc +++ b/sql/ssl_init_callback.cc @@ -30,6 +30,15 @@ #include #include /* AutoRLock , PolyLock_mutex */ +#define ALT_CHROOT +//#define ALT_CHROOT_DBG + +#ifdef ALT_CHROOT +char alt_ssl_server_cert[FN_REFLEN]; +char alt_ssl_server_key[FN_REFLEN]; +char alt_ssl_ca_cert[FN_REFLEN]; +#endif + /* Internal flag */ std::atomic_bool g_admin_ssl_configured(false); @@ -322,24 +331,70 @@ ssl_artifacts_status Ssl_init_callback_server_main::auto_detect_ssl() { (!opt_ssl_capath || !opt_ssl_capath[0]) && (!opt_ssl_crl || !opt_ssl_crl[0]) && (!opt_ssl_crlpath || !opt_ssl_crlpath[0])) { +#ifdef ALT_CHROOT + strcpy(alt_ssl_server_cert, (char *)mysql_real_data_home); + strcat(alt_ssl_server_cert, (char *)DEFAULT_SSL_SERVER_CERT); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: mysqld.cc:auto_detect_ssl()"\ + "alt_ssl_server_cert = '%s';",\ + alt_ssl_server_cert); +#endif /* ALT_CHROOT_DBG */ + + strcpy(alt_ssl_server_key, (char *)mysql_real_data_home); + strcat(alt_ssl_server_key, (char *)DEFAULT_SSL_SERVER_KEY); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: mysqld.cc:auto_detect_ssl()"\ + "alt_ssl_server_key = '%s';",\ + alt_ssl_server_key); +#endif /* ALT_CHROOT_DBG */ + + strcpy(alt_ssl_ca_cert, (char *)mysql_real_data_home); + strcat(alt_ssl_ca_cert, (char *)DEFAULT_SSL_CA_CERT); +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: mysqld.cc:auto_detect_ssl()"\ + "alt_ssl_ca_cert = '%s'.",\ + alt_ssl_ca_cert); +#endif /* ALT_CHROOT_DBG */ + + result = + result << (my_stat(alt_ssl_server_cert, &cert_stat, MYF(0)) ? 1 : 0) + << (my_stat(alt_ssl_server_key, &cert_key, MYF(0)) ? 1 : 0) + << (my_stat(alt_ssl_ca_cert, &ca_stat, MYF(0)) ? 1 : 0); +#else result = result << (my_stat(DEFAULT_SSL_SERVER_CERT, &cert_stat, MYF(0)) ? 1 : 0) << (my_stat(DEFAULT_SSL_SERVER_KEY, &cert_key, MYF(0)) ? 1 : 0) << (my_stat(DEFAULT_SSL_CA_CERT, &ca_stat, MYF(0)) ? 1 : 0); +#endif /* ALT_CHROOT */ switch (result) { case 8: +#ifdef ALT_CHROOT + opt_ssl_ca = alt_ssl_ca_cert; + opt_ssl_cert = alt_ssl_server_cert; + opt_ssl_key = alt_ssl_server_key; +#else opt_ssl_ca = DEFAULT_SSL_CA_CERT; opt_ssl_cert = DEFAULT_SSL_SERVER_CERT; opt_ssl_key = DEFAULT_SSL_SERVER_KEY; +#endif /* ALT_CHROOT */ ret_status = SSL_ARTIFACTS_AUTO_DETECTED; +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: SSL_ARTIFACTS_AUTO_DETECTED!"); +#endif /* ALT_CHROOT_DBG */ break; case 4: case 2: ret_status = SSL_ARTIFACT_TRACES_FOUND; +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: SSL_ARTIFACT_TRACES_FOUND!"); +#endif /* ALT_CHROOT_DBG */ break; default: ret_status = SSL_ARTIFACTS_NOT_FOUND; +#ifdef ALT_CHROOT_DBG + sql_print_information("# ALTDbg: SSL_ARTIFACTS_NOT_FOUND!"); +#endif /* ALT_CHROOT_DBG */ break; }; }