ALT Linux repos
S: | 8.0.30-alt2 |
5.0: | 5.0.89-alt1 |
4.1: | 5.0.51-alt2.a |
4.0: | 5.0.51-alt2.a.M40.2 |
+updates: | 5.0.51-alt2.a.M40.1 |
3.0: | 4.0.24-alt1 |
Group :: Databases
RPM: MySQL
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: mysql-8.0.21-alt-chroot.patch
Download
Download
diff --git a/sql/auth/sql_authentication.cc b/sql/auth/sql_authentication.cc
index 882f0d317f3..40098752ec5 100644
--- a/sql/auth/sql_authentication.cc
+++ b/sql/auth/sql_authentication.cc
@@ -105,6 +105,9 @@ struct MEM_ROOT;
#include <openssl/rsa.h>
#include <openssl/x509v3.h>
+#define ALT_CHROOT
+//#define ALT_CHROOT_DBG
+
/**
@file sql_authentication.cc
@@ -915,6 +918,11 @@ bool opt_auto_generate_certs = true;
bool auth_rsa_auto_generate_rsa_keys = true;
+#ifdef ALT_CHROOT
+const char *auth_rsa_private_key_path_buf[] = {"private_key.pem"};
+const char *auth_rsa_public_key_path_buf[] = {"public_key.pem"};
+#endif /* ALT_CHROOT */
+
static bool do_auto_rsa_keys_generation();
char *auth_rsa_private_key_path;
@@ -943,6 +951,17 @@ void Rsa_authentication_keys::get_key_file_path(char *key,
If a fully qualified path is entered use that, else assume the keys are
stored in the data directory.
*/
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: get_key_file_path() 1/3:\n"\
+ "# key = '%s';\n"\
+ "# key_file_path = '%s';\n"\
+ "# mysql_real_data_home = '%s';\n"\
+ "# auth_rsa_private_key_path = '%s';\n"\
+ "##################################\n",\
+ key, key_file_path->c_ptr(),
+ mysql_real_data_home,
+ auth_rsa_private_key_path);
+#endif /* ALT_CHROOT_DBG */
if (strchr(key, FN_LIBCHAR) != nullptr
#ifdef _WIN32
|| strchr(key, FN_LIBCHAR2) != NULL
@@ -950,7 +969,25 @@ void Rsa_authentication_keys::get_key_file_path(char *key,
)
key_file_path->set_quick(key, strlen(key), system_charset_info);
else {
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: get_key_file_path() 2/3:\n"\
+ "# key = '%s';\n"\
+ "# key_file_path = '%s';\n"\
+ "# mysql_real_data_home = '%s';\n"\
+ "##################################\n",\
+ key, key_file_path->c_ptr(),
+ mysql_real_data_home);
+#endif /* ALT_CHROOT_DBG */
key_file_path->append(mysql_real_data_home, strlen(mysql_real_data_home));
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: get_key_file_path() 3/3:\n"\
+ "# key = '%s';\n"\
+ "# key_file_path = '%s';\n"\
+ "# mysql_real_data_home = '%s';\n"\
+ "##################################\n",\
+ key, key_file_path->c_ptr(),
+ mysql_real_data_home);
+#endif /* ALT_CHROOT_DBG */
if ((*key_file_path)[key_file_path->length()] != FN_LIBCHAR)
key_file_path->append(FN_LIBCHAR);
key_file_path->append(key);
@@ -985,6 +1022,15 @@ bool Rsa_authentication_keys::read_key_file(RSA **key_ptr, bool is_priv_key,
get_key_file_path(key, &key_file_path);
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: read_key_file(%s) 1/1: \n"\
+ "# key_file_path:%s;\n"\
+ "# mysql_real_data_home %s.\n"\
+ "###############################\n",\
+ key_type,\
+ key_file_path.c_ptr(),\
+ mysql_real_data_home);
+#endif /* ALT_CHROOT_DBG */
/*
Check for existance of private key/public key file.
*/
@@ -1068,6 +1114,11 @@ bool Rsa_authentication_keys::read_rsa_keys() {
RSA *rsa_public_key_ptr = nullptr;
char *pub_key_buff = nullptr;
+#ifdef ALT_CHROOT
+ *m_private_key_path = (char *)auth_rsa_private_key_path_buf[0];
+ *m_public_key_path = (char *)auth_rsa_public_key_path_buf[0];
+#endif /* ALT_CHROOT */
+
if ((strlen(*m_private_key_path) == 0) && (strlen(*m_public_key_path) == 0)) {
LogErr(INFORMATION_LEVEL, ER_AUTH_RSA_FILES_NOT_FOUND);
return false;
@@ -4898,6 +4949,9 @@ bool create_x509_certificate(RSA_generator_func &rsa_gen, const Sql_string_t cn,
X509_gen x509_gen;
MY_MODE file_creation_mode = get_file_perm(USER_READ | USER_WRITE);
+#ifdef ALT_CHROOT_DBG
+ DBUG_PRINT("info",("x509 generator = %s", key_filename.c_str()));
+#endif /* ALT_CHROOT_DBG */
x509_key_file_ostream = filecr(key_filename, file_creation_mode);
/* Generate private key for X509 certificate */
@@ -5043,6 +5097,11 @@ bool create_RSA_key_pair(RSA_generator_func &rsa_gen,
goto end;
}
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: autogen RSA 1/2 priv key = '%s';",\
+ priv_key_filename.c_str());
+#endif /* ALT_CHROOT_DBG */
+
priv_key_file_ostream = filecr(priv_key_filename, file_creation_mode);
(*priv_key_file_ostream) << rsa_priv_key_write(rsa);
@@ -5060,6 +5119,11 @@ bool create_RSA_key_pair(RSA_generator_func &rsa_gen,
goto end;
}
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg autogen RSA 2/2 pub key = '%s'.",\
+ pub_key_filename.c_str());
+#endif /* ALT_CHROOT_DBG */
+
pub_key_file_ostream = filecr(pub_key_filename);
(*pub_key_file_ostream) << rsa_pub_key_write(rsa);
DBUG_EXECUTE_IF("cert_pub_key_write_error",
@@ -5182,6 +5246,30 @@ bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status,
}
/* Create and write the certa and keys on disk */
+#ifdef ALT_CHROOT
+ Sql_string_t alt_srv_key_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_SERVER_KEY;
+ Sql_string_t alt_clt_key_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_CLIENT_KEY;
+ Sql_string_t alt_srv_ca_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_SERVER_CERT;
+ Sql_string_t alt_clt_ca_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_CLIENT_CERT;
+ Sql_string_t alt_ca_key_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_CA_KEY;
+ Sql_string_t alt_ca_cert_filename = (Sql_string_t) mysql_real_data_home + (Sql_string_t) DEFAULT_SSL_CA_CERT;
+
+ if ((create_x509_certificate(rsa_gen, ca_name, 1, alt_ca_cert_filename,
+ alt_ca_key_filename, fcr) == false) ||
+ (create_x509_certificate(rsa_gen, server_name, 2,
+ alt_srv_ca_filename,
+ alt_srv_key_filename, fcr,
+ alt_ca_key_filename,
+ alt_ca_cert_filename) == false) ||
+ (create_x509_certificate(rsa_gen, client_name, 3,
+ alt_clt_ca_filename,
+ alt_clt_key_filename, fcr,
+ alt_ca_key_filename,
+ alt_ca_cert_filename) == false))
+ {
+ return false;
+ }
+#else
if ((create_x509_certificate(rsa_gen, ca_name, 1, DEFAULT_SSL_CA_CERT,
DEFAULT_SSL_CA_KEY, fcr) == false) ||
(create_x509_certificate(
@@ -5194,6 +5282,7 @@ bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status,
DEFAULT_SSL_CA_CERT) == false)) {
return false;
}
+#endif /* ALT_CHROOT */
*ssl_ca = DEFAULT_SSL_CA_CERT;
*ssl_cert = DEFAULT_SSL_SERVER_CERT;
*ssl_key = DEFAULT_SSL_SERVER_KEY;
@@ -5222,15 +5311,68 @@ bool do_auto_cert_generation(ssl_artifacts_status auto_detection_status,
static bool generate_rsa_keys(bool auto_generate, const char *priv_key_path,
const char *pub_key_path, const char *message) {
DBUG_TRACE;
+#ifdef ALT_CHROOT
+ //--------- force init paths
+ // It seems to be some issue with initializing auth_rsa_(private/public)_key_path
+ // with default values(sha256_password_private_key_path,
+ // sha256_password_public_key_path)
+ // TODO: sha256_password plugin usage to check if initialization is fixed
+ // which causes SIGSEG during NULL pointer dereference in strcmp() func
+ // ALT_CHROOT TODO: need to remove this after problem root cause is solved
+ auth_rsa_private_key_path = (char *)auth_rsa_private_key_path_buf[0];
+ auth_rsa_public_key_path = (char *) auth_rsa_public_key_path_buf[0];
+ //---------- end force paths
+#endif /* ALT_CHROOT */
if (auto_generate) {
MY_STAT priv_stat, pub_stat;
+#ifdef ALT_CHROOT
+ char alt_rsa_private_key_path[FN_REFLEN];
+ char alt_rsa_public_key_path[FN_REFLEN];
+ // complete the path to working data directory for private key
+ strcpy(alt_rsa_private_key_path, (char *)mysql_real_data_home);
+ strcat(alt_rsa_private_key_path, (char *)AUTH_DEFAULT_RSA_PRIVATE_KEY);
+
+ // complete the path to working data directory for public key
+ strcpy(alt_rsa_public_key_path, (char *)mysql_real_data_home);
+ strcat(alt_rsa_public_key_path, (char *)AUTH_DEFAULT_RSA_PUBLIC_KEY);
+
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: do_auto_rsa_keys_generation(): 1/1\n"\
+ "# alt_rsa_private_key_path = '%s';\n"\
+ "# alt_rsa_public_key_path= '%s'.\n"\
+ "#######################################\n",\
+ alt_rsa_private_key_path, alt_rsa_public_key_path);
+
+ // NULL pointer workaround start
+ //--- ALT_CHROOT TODO: need to remove this after problem root cause is solved
+ if(auth_rsa_private_key_path==NULL || auth_rsa_public_key_path==NULL)
+ {
+ sql_print_error("# ALTDbg RSA keys' pointers NULL detected. Aborting!\n\n");
+ unireg_abort(1);
+ return false;
+ }
+ // workaround finish
+#endif /* ALT_CHROOT_DBG */
+#endif /* ALT_CHROOT */
+
+#ifdef ALT_CHROOT
+ if ((auth_rsa_private_key_path!=NULL && auth_rsa_public_key_path!=NULL) &&
+ (strcmp(auth_rsa_private_key_path, AUTH_DEFAULT_RSA_PRIVATE_KEY) ||
+ strcmp(auth_rsa_public_key_path, AUTH_DEFAULT_RSA_PUBLIC_KEY))) {
+#else
if (strcmp(priv_key_path, AUTH_DEFAULT_RSA_PRIVATE_KEY) ||
strcmp(pub_key_path, AUTH_DEFAULT_RSA_PUBLIC_KEY)) {
+#endif /*ALT_CHROOT*/
LogErr(INFORMATION_LEVEL, ER_AUTH_RSA_CONF_PREVENTS_KEY_GENERATION,
message);
return true;
+#ifdef ALT_CHROOT
+ } else if (my_stat(alt_rsa_private_key_path, &priv_stat, MYF(0)) ||
+ my_stat(alt_rsa_public_key_path, &pub_stat, MYF(0))) {
+#else
} else if (my_stat(AUTH_DEFAULT_RSA_PRIVATE_KEY, &priv_stat, MYF(0)) ||
my_stat(AUTH_DEFAULT_RSA_PUBLIC_KEY, &pub_stat, MYF(0))) {
+#endif
LogErr(INFORMATION_LEVEL, ER_AUTH_KEY_GENERATION_SKIPPED_PAIR_PRESENT,
message);
return true;
@@ -5240,8 +5382,13 @@ static bool generate_rsa_keys(bool auto_generate, const char *priv_key_path,
/* Initialize the file creator. */
File_creator fcr;
+#ifdef ALT_CHROOT
+ if (create_RSA_key_pair(rsa_gen, alt_rsa_private_key_path, alt_rsa_public_key_path,
+ fcr) == false)
+#else
if (create_RSA_key_pair(rsa_gen, "private_key.pem", "public_key.pem",
fcr) == false)
+#endif /* ALT_CHROOT */
return false;
LogErr(INFORMATION_LEVEL, ER_AUTH_KEYS_SAVED_TO_DATADIR, message);
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index 682e8d5ae13..a6277213732 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -1040,6 +1040,13 @@ The documentation is based on the source files such as:
#include "sql/server_component/persistent_dynamic_loader_imp.h"
#include "sql/srv_session.h"
+#define ALT_CHROOT
+//#define ALT_CHROOT_DBG
+
+#ifdef ALT_CHROOT
+#include <time.h> // For tzset(3)
+#endif
+
using std::max;
using std::min;
using std::vector;
@@ -2814,11 +2821,22 @@ static void set_effective_user(const PasswdValue &user_info_arg) {
/** Change root user if started with @c --chroot . */
static void set_root(const char *path) {
+#ifdef ALT_CHROOT
+ tzset();
+#endif
if (chroot(path) == -1) {
LogErr(ERROR_LEVEL, ER_FAIL_CHROOT, strerror(errno));
unireg_abort(MYSQLD_ABORT_EXIT);
}
+#ifndef ALT_CHROOT
my_setwd("/", MYF(0));
+#else
+ if (chdir("/") == -1)
+ {
+ sql_print_error("chdir");
+ unireg_abort(1);
+ }
+#endif
}
#endif // !_WIN32
@@ -6779,6 +6797,46 @@ int mysqld_main(int argc, char **argv)
exit(MYSQLD_ABORT_EXIT);
}
+#ifdef ALT_CHROOT
+#if !defined(_WIN32)
+
+ if (opt_initialize && opt_daemonize) {
+ fprintf(stderr, "Initialize and daemon options are incompatible.\n");
+ unireg_abort(MYSQLD_ABORT_EXIT);
+ }
+
+ if (opt_daemonize && log_error_dest == disabled_my_option &&
+ (isatty(STDOUT_FILENO) || isatty(STDERR_FILENO))) {
+ // Just use the default in this case.
+ log_error_dest = "";
+ }
+
+ if (opt_daemonize && !opt_validate_config) {
+ if (chdir("/") < 0) {
+ LogErr(ERROR_LEVEL, ER_CANNOT_CHANGE_TO_ROOT_DIR, strerror(errno));
+ unireg_abort(MYSQLD_ABORT_EXIT);
+ }
+
+ if ((pipe_write_fd = mysqld::runtime::mysqld_daemonize()) < -1) {
+ LogErr(ERROR_LEVEL, ER_FAILED_START_MYSQLD_DAEMON);
+ unireg_abort(MYSQLD_ABORT_EXIT);
+ }
+
+ if (pipe_write_fd < 0) {
+ // This is the launching process and the daemon appears to have
+ // started ok (Need to call unireg_abort with success here to
+ // clean up resources in the lauching process.
+ unireg_abort(MYSQLD_SUCCESS_EXIT);
+ }
+
+ // Need to update the value of current_pid so that it reflects the
+ // pid of the daemon (the previous value was set by unireg_init()
+ // while still in the launcher process.
+ current_pid = static_cast<ulong>(getpid());
+ }
+#endif
+#endif /* ALT_CHROOT */
+
if (init_common_variables()) {
setup_error_log();
unireg_abort(MYSQLD_ABORT_EXIT); // Will do exit
@@ -6828,6 +6886,12 @@ int mysqld_main(int argc, char **argv)
srand(static_cast<uint>(time(nullptr)));
#endif
+#ifdef ALT_CHROOT
+ if (init_ssl_communication()) unireg_abort(MYSQLD_ABORT_EXIT);
+ if (network_init()) unireg_abort(MYSQLD_ABORT_EXIT);
+#endif
+
+#ifndef ALT_CHROOT
#if !defined(_WIN32)
if (opt_initialize && opt_daemonize) {
@@ -6865,9 +6929,12 @@ int mysqld_main(int argc, char **argv)
current_pid = static_cast<ulong>(getpid());
}
#endif
+#endif /* ALT_CHROOT */
#ifndef _WIN32
+#ifndef ALT_CHROOT
user_info = check_user(mysqld_user);
+#endif
if (!user_info.IsVoid()) {
#if HAVE_CHOWN
if (unlikely(opt_initialize)) {
@@ -7098,8 +7165,10 @@ int mysqld_main(int argc, char **argv)
(void)RUN_HOOK(server_state, after_engine_recovery, (nullptr));
}
+#ifndef ALT_CHROOT
if (init_ssl_communication()) unireg_abort(MYSQLD_ABORT_EXIT);
if (network_init()) unireg_abort(MYSQLD_ABORT_EXIT);
+#endif
#ifdef _WIN32
if (opt_require_secure_transport && !opt_enable_shared_memory &&
@@ -10272,10 +10341,27 @@ static int get_options(int *argc_ptr, char ***argv_ptr) {
/* Set global MyISAM variables from delay_key_write_options */
fix_delay_key_write(nullptr, nullptr, OPT_GLOBAL);
+#ifdef ALT_CHROOT
+ if (fix_paths())
+ return 1;
+ user_info = check_user(mysqld_user);
+#endif
+
#ifndef _WIN32
+#ifdef ALT_CHROOT_DBG
+ if (mysqld_chroot)
+ {
+ sql_print_warning("####ALT Debug: Going to chroot with '%s' path",\
+ mysqld_chroot);
+ set_root(mysqld_chroot);
+ }
+#else
if (mysqld_chroot) set_root(mysqld_chroot);
+#endif /* ALT_CHROOT_DBG */
#endif
+#ifndef ALT_CHROOT
if (fix_paths()) return 1;
+#endif
/*
Set some global variables from the global_system_variables
@@ -10554,9 +10640,20 @@ static bool check_secure_file_priv_path() {
static int fix_paths(void) {
char buff[FN_REFLEN];
bool secure_file_priv_nonempty = false;
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: fix_path() check transformations:");
+ sql_print_information("# ALTDbg: 1 mysqlhome ='%s';", mysql_home);
+#endif /* ALT_CHROOT_DBG */
convert_dirname(mysql_home, mysql_home, NullS);
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: 2 mysqlhome = '%s'", mysql_home);
+#endif /* ALT_CHROOT_DBG */
/* Resolve symlinks to allow 'mysql_home' to be a relative symlink */
my_realpath(mysql_home, mysql_home, MYF(0));
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: 3 mysqlhome = '%s';", mysql_home);
+#endif /* ALT_CHROOT_DBG */
+
/* Ensure that mysql_home ends in FN_LIBCHAR */
char *pos = strend(mysql_home);
if (pos == mysql_home || pos[-1] != FN_LIBCHAR) {
@@ -10564,19 +10661,53 @@ static int fix_paths(void) {
pos[1] = 0;
}
convert_dirname(lc_messages_dir, lc_messages_dir, NullS);
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: 4 mysql_real_data_home = '%s'",\
+ mysql_real_data_home);
+#endif /* ALT_CHROOT_DBG */
convert_dirname(mysql_real_data_home, mysql_real_data_home, NullS);
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: 5 mysql_real_data_home = '%s';",\
+ mysql_real_data_home);
+#endif /* ALT_CHROOT_DBG */
(void)my_load_path(mysql_home, mysql_home, ""); // Resolve current dir
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: 6 mysqlhome = '%s';", mysql_home);
+#endif /* ALT_CHROOT_DBG */
(void)my_load_path(mysql_real_data_home, mysql_real_data_home, mysql_home);
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: 7 mysql_real_data_home = '%s';",\
+ mysql_real_data_home);
+ sql_print_information("# ALTDbg: 8 pidfile_name='%s';", pidfile_name);
+#endif /* ALT_CHROOT_DBG */
(void)my_load_path(pidfile_name, pidfile_name_ptr, mysql_real_data_home);
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: 9 pidfile_name= '%s';", pidfile_name);
+ sql_print_information("# ALTDbg: A opt_plugin_dir = '%s';", opt_plugin_dir);
+#endif /* ALT_CHROOT_DBG */
convert_dirname(
opt_plugin_dir,
opt_plugin_dir_ptr ? opt_plugin_dir_ptr : get_relative_path(PLUGINDIR),
NullS);
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: B opt_plugin_dir = '%s';", opt_plugin_dir);
+#endif /* ALT_CHROOT_DBG */
(void)my_load_path(opt_plugin_dir, opt_plugin_dir, mysql_home);
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: C opt_plugin_dir =%s", opt_plugin_dir);
+#endif /* ALT_CHROOT_DBG */
opt_plugin_dir_ptr = opt_plugin_dir;
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: D mysql_real_data_home=%s",\
+ mysql_real_data_home);
+#endif /* ALT_CHROOT_DBG */
my_realpath(mysql_unpacked_real_data_home, mysql_real_data_home, MYF(0));
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: E mysql_unpacked_real_data_home=%s",\
+ mysql_unpacked_real_data_home);
+#endif /* ALT_CHROOT_DBG */
mysql_unpacked_real_data_home_len = strlen(mysql_unpacked_real_data_home);
if (mysql_unpacked_real_data_home[mysql_unpacked_real_data_home_len - 1] ==
FN_LIBCHAR)
diff --git a/sql/ssl_acceptor_context_data.cc b/sql/ssl_acceptor_context_data.cc
index d2b1b0c50a9..0169c52ece6 100644
--- a/sql/ssl_acceptor_context_data.cc
+++ b/sql/ssl_acceptor_context_data.cc
@@ -35,6 +35,8 @@
#include "sql/ssl_acceptor_context_data.h"
+//#define ALT_CHROOT_DBG
+
/* Helpers */
static const char *verify_store_cert(SSL_CTX *ctx, SSL *ssl) {
const char *result = nullptr;
@@ -132,6 +134,20 @@ Ssl_acceptor_context_data::Ssl_acceptor_context_data(
¤t_key_, ¤t_crl_, ¤t_crlpath_);
}
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: \
+ current_key_=%s, current_cert_=%s, \
+ current_ca_=%s, current_capath_=%s, \
+ current_cipher_=%s,current_crl_=%s, \
+ current_crlpath_=%s, current_version_=%s, \
+ current_ciphersuites_=%s",
+ current_key_.c_str(), current_cert_.c_str(),
+ current_ca_.c_str(), current_capath_.c_str(),
+ current_cipher_.c_str(), current_crl_.c_str(),
+ current_crlpath_.c_str(), current_version_.c_str(),
+ current_ciphersuites_.c_str());
+#endif /*ALT_CHROOT_DBG */
+
if (use_ssl_arg) {
ssl_acceptor_fd_ = new_VioSSLAcceptorFd(
current_key_.c_str(), current_cert_.c_str(), current_ca_.c_str(),
diff --git a/sql/ssl_init_callback.cc b/sql/ssl_init_callback.cc
index 7acaef78200..86df1af6a22 100644
--- a/sql/ssl_init_callback.cc
+++ b/sql/ssl_init_callback.cc
@@ -30,6 +30,15 @@
#include <sql/sys_vars.h>
#include <sql/sys_vars_shared.h> /* AutoRLock , PolyLock_mutex */
+#define ALT_CHROOT
+//#define ALT_CHROOT_DBG
+
+#ifdef ALT_CHROOT
+char alt_ssl_server_cert[FN_REFLEN];
+char alt_ssl_server_key[FN_REFLEN];
+char alt_ssl_ca_cert[FN_REFLEN];
+#endif
+
/* Internal flag */
std::atomic_bool g_admin_ssl_configured(false);
@@ -322,24 +331,70 @@ ssl_artifacts_status Ssl_init_callback_server_main::auto_detect_ssl() {
(!opt_ssl_capath || !opt_ssl_capath[0]) &&
(!opt_ssl_crl || !opt_ssl_crl[0]) &&
(!opt_ssl_crlpath || !opt_ssl_crlpath[0])) {
+#ifdef ALT_CHROOT
+ strcpy(alt_ssl_server_cert, (char *)mysql_real_data_home);
+ strcat(alt_ssl_server_cert, (char *)DEFAULT_SSL_SERVER_CERT);
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: mysqld.cc:auto_detect_ssl()"\
+ "alt_ssl_server_cert = '%s';",\
+ alt_ssl_server_cert);
+#endif /* ALT_CHROOT_DBG */
+
+ strcpy(alt_ssl_server_key, (char *)mysql_real_data_home);
+ strcat(alt_ssl_server_key, (char *)DEFAULT_SSL_SERVER_KEY);
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: mysqld.cc:auto_detect_ssl()"\
+ "alt_ssl_server_key = '%s';",\
+ alt_ssl_server_key);
+#endif /* ALT_CHROOT_DBG */
+
+ strcpy(alt_ssl_ca_cert, (char *)mysql_real_data_home);
+ strcat(alt_ssl_ca_cert, (char *)DEFAULT_SSL_CA_CERT);
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: mysqld.cc:auto_detect_ssl()"\
+ "alt_ssl_ca_cert = '%s'.",\
+ alt_ssl_ca_cert);
+#endif /* ALT_CHROOT_DBG */
+
+ result =
+ result << (my_stat(alt_ssl_server_cert, &cert_stat, MYF(0)) ? 1 : 0)
+ << (my_stat(alt_ssl_server_key, &cert_key, MYF(0)) ? 1 : 0)
+ << (my_stat(alt_ssl_ca_cert, &ca_stat, MYF(0)) ? 1 : 0);
+#else
result =
result << (my_stat(DEFAULT_SSL_SERVER_CERT, &cert_stat, MYF(0)) ? 1 : 0)
<< (my_stat(DEFAULT_SSL_SERVER_KEY, &cert_key, MYF(0)) ? 1 : 0)
<< (my_stat(DEFAULT_SSL_CA_CERT, &ca_stat, MYF(0)) ? 1 : 0);
+#endif /* ALT_CHROOT */
switch (result) {
case 8:
+#ifdef ALT_CHROOT
+ opt_ssl_ca = alt_ssl_ca_cert;
+ opt_ssl_cert = alt_ssl_server_cert;
+ opt_ssl_key = alt_ssl_server_key;
+#else
opt_ssl_ca = DEFAULT_SSL_CA_CERT;
opt_ssl_cert = DEFAULT_SSL_SERVER_CERT;
opt_ssl_key = DEFAULT_SSL_SERVER_KEY;
+#endif /* ALT_CHROOT */
ret_status = SSL_ARTIFACTS_AUTO_DETECTED;
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: SSL_ARTIFACTS_AUTO_DETECTED!");
+#endif /* ALT_CHROOT_DBG */
break;
case 4:
case 2:
ret_status = SSL_ARTIFACT_TRACES_FOUND;
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: SSL_ARTIFACT_TRACES_FOUND!");
+#endif /* ALT_CHROOT_DBG */
break;
default:
ret_status = SSL_ARTIFACTS_NOT_FOUND;
+#ifdef ALT_CHROOT_DBG
+ sql_print_information("# ALTDbg: SSL_ARTIFACTS_NOT_FOUND!");
+#endif /* ALT_CHROOT_DBG */
break;
};
}