Merging from mysql-5.5 to Mysql-5.6

Arun Kuruvila · Arun Kuruvila · commit fb8b3500e242 · 2014-05-16T09:24:08.000+05:30
Fix: The new password also masked in the similar manner
that of the --password argument. Warning message is also
shown while giving new password via command line.
diff --git a/client/mysqladmin.cc b/client/mysqladmin.cc
@@ -75,6 +75,7 @@ extern "C" my_bool get_one_option(int optid, const struct my_option *opt,
                                   char *argument);
 static my_bool sql_connect(MYSQL *mysql, uint wait);
 static int execute_commands(MYSQL *mysql,int argc, char **argv);
+static char **mask_password(int argc, char ***argv);
 static int drop_db(MYSQL *mysql,const char *db);
 extern "C" sig_handler endprog(int signal_number);
 static void nice_time(ulong sec,char *buff);
@@ -314,11 +315,11 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
 
 int main(int argc,char *argv[])
 {
-  int error= 0, ho_error;
+  int error= 0, ho_error, temp_argc;
   int first_command;
   my_bool can_handle_passwords;
   MYSQL mysql;
-  char **commands, **save_argv;
+  char **commands, **save_argv, **temp_argv;
 
   MY_INIT(argv[0]);
   mysql_init(&mysql);
@@ -333,6 +334,9 @@ int main(int argc,char *argv[])
     free_defaults(save_argv);
     exit(ho_error);
   }
+  temp_argv= mask_password(argc, &argv);
+  temp_argc= argc;
+
   if (debug_info_flag)
     my_end_arg= MY_CHECK_ERROR | MY_GIVE_INFO;
   if (debug_check_flag)
@@ -343,7 +347,7 @@ int main(int argc,char *argv[])
     usage();
     exit(1);
   }
-  commands = argv;
+  commands = temp_argv;
   if (tty_password)
     opt_password = get_tty_password(NullS);
 
@@ -509,6 +513,13 @@ int main(int argc,char *argv[])
   my_free(shared_memory_base_name);
 #endif
   free_defaults(save_argv);
+  temp_argc--;
+  while(temp_argc >= 0)
+  {
+    my_free(temp_argv[temp_argc]);
+    temp_argc--;
+  }
+  my_free(temp_argv);
   my_end(my_end_arg);
   exit(error ? 1 : 0);
   return 0;
@@ -982,7 +993,10 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
         }
       }
       else
+      {
+        print_cmdline_password_warning();
         typed_password= argv[1];
+      }
 
       if (typed_password[0])
       {
@@ -1166,6 +1180,47 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
   return 0;
 }
 
+/**
+   @brief Masking the password if it is passed as command line argument.
+
+   @details It works in Linux and changes cmdline in ps and /proc/pid/cmdline,
+            but it won't work for history file of shell.
+            The command line arguments are copied to another array and the
+            password in the argv is masked. This function is called just after
+            "handle_options" because in "handle_options", the agrv pointers
+            are altered which makes freeing of dynamically allocated memory
+            difficult. The password masking is done before all other operations
+            in order to minimise the time frame of password visibility via cmdline.
+
+   @param argc            command line options (count)
+   @param argv            command line options (values)
+
+   @return temp_argv      copy of argv
+*/
+
+static char **mask_password(int argc, char ***argv)
+{
+  char **temp_argv;
+  temp_argv= (char **)(my_malloc(sizeof(char *) * argc, MYF(MY_WME)));
+  argc--;
+  while (argc > 0)
+  {
+    temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
+    if (find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_PASSWORD ||
+        find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_OLD_PASSWORD)
+    {
+      char *start= (*argv)[argc];
+      while (*start)
+        *start++= 'x';
+      start= (*argv)[argc];
+      if (*start)
+        start[1]= 0;                         /* Cut length of argument */
+     }
+    argc--;
+  }
+  temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
+  return(temp_argv);
+}
 
 static void print_version(void)
 {
diff --git a/include/my_getopt.h b/include/my_getopt.h
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -113,6 +113,7 @@ extern int my_handle_options (int *argc, char ***argv,
                               const struct my_option *longopts,
                               my_get_one_option,
                               const char **command_list);
+extern void print_cmdline_password_warning();
 extern void my_cleanup_options(const struct my_option *options);
 extern void my_cleanup_options(const struct my_option *options);
 extern void my_print_help(const struct my_option *options);
diff --git a/mysys_ssl/my_getopt.cc b/mysys_ssl/my_getopt.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -38,7 +38,6 @@ static void init_one_value(const struct my_option *, void *, longlong);
 static void fini_one_value(const struct my_option *, void *, longlong);
 static int setval(const struct my_option *, void *, char *, my_bool);
 static char *check_struct_option(char *cur_arg, char *key_name);
-static void print_cmdline_password_warning();
 static my_bool get_bool_argument(const struct my_option *opts,
                                  const char *argument,
                                  bool *error);
@@ -656,7 +655,7 @@ int my_handle_options(int *argc, char ***argv,
  * if password string is specified on the command line.
  */
 
-static void print_cmdline_password_warning()
+void print_cmdline_password_warning()
 {
   static my_bool password_warning_announced= FALSE;
 
