Skip to content

Commit 7014aad

Browse files
author
Nirbhay Choubey
committed
Bug#12688860 - SECURITY RECOMMENDATION: PASSWORDS ON CLI
Added a warning message that will notify the user of security risk involved in entering the password in the command line interface.
1 parent 544b81e commit 7014aad

35 files changed

Lines changed: 402 additions & 17 deletions

client/mysql.cc

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1220,11 +1220,14 @@ int main(int argc,char *argv[])
12201220
my_win_translate_command_line_args(&my_charset_utf8mb4_bin, &argc, &argv);
12211221
#endif
12221222

1223+
my_getopt_use_args_separator= TRUE;
12231224
if (load_defaults("my",load_default_groups,&argc,&argv))
12241225
{
12251226
my_end(0);
12261227
exit(1);
12271228
}
1229+
my_getopt_use_args_separator= FALSE;
1230+
12281231
defaults_argv=argv;
12291232
if (get_options(argc, (char **) argv))
12301233
{
@@ -1591,7 +1594,7 @@ static struct my_option my_long_options[] =
15911594
#endif
15921595
{"password", 'p',
15931596
"Password to use when connecting to server. If password is not given it's asked from the tty.",
1594-
0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
1597+
0, 0, 0, GET_PASSWORD, OPT_ARG, 0, 0, 0, 0, 0, 0},
15951598
#ifdef __WIN__
15961599
{"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG,
15971600
NO_ARG, 0, 0, 0, 0, 0, 0},

client/mysql_upgrade.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ static struct my_option my_long_options[]=
105105
{"password", 'p',
106106
"Password to use when connecting to server. If password is not given,"
107107
" it's solicited on the tty.", &opt_password,&opt_password,
108-
0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
108+
0, GET_PASSWORD, OPT_ARG, 0, 0, 0, 0, 0, 0},
109109
#ifdef __WIN__
110110
{"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0,
111111
GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0},
@@ -220,6 +220,7 @@ static void add_one_option(DYNAMIC_STRING* ds,
220220
eq= "=";
221221
switch (opt->var_type & GET_TYPE_MASK) {
222222
case GET_STR:
223+
case GET_PASSWORD:
223224
arg= argument;
224225
break;
225226
case GET_BOOL:
@@ -859,8 +860,10 @@ int main(int argc, char **argv)
859860
init_dynamic_string(&conn_args, "", 512, 256))
860861
die("Out of memory");
861862

863+
my_getopt_use_args_separator= TRUE;
862864
if (load_defaults("my", load_default_groups, &argc, &argv))
863865
die(NULL);
866+
my_getopt_use_args_separator= FALSE;
864867
defaults_argv= argv; /* Must be freed by 'free_defaults' */
865868

866869
if (handle_options(&argc, &argv, my_long_options, get_one_option))

client/mysqladmin.cc

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,7 @@ static struct my_option my_long_options[] =
158158
&opt_nobeep, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
159159
{"password", 'p',
160160
"Password to use when connecting to server. If password is not given it's asked from the tty.",
161-
0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
161+
0, 0, 0, GET_PASSWORD, OPT_ARG, 0, 0, 0, 0, 0, 0},
162162
#ifdef __WIN__
163163
{"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG,
164164
NO_ARG, 0, 0, 0, 0, 0, 0},
@@ -306,8 +306,11 @@ int main(int argc,char *argv[])
306306

307307
MY_INIT(argv[0]);
308308
mysql_init(&mysql);
309+
my_getopt_use_args_separator= TRUE;
309310
if (load_defaults("my",load_default_groups,&argc,&argv))
310311
exit(1);
312+
my_getopt_use_args_separator= FALSE;
313+
311314
save_argv = argv; /* Save for free_defaults */
312315
if ((ho_error=handle_options(&argc, &argv, my_long_options, get_one_option)))
313316
{

client/mysqlbinlog.cc

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1065,7 +1065,7 @@ static struct my_option my_long_options[] =
10651065
{"offset", 'o', "Skip the first N entries.", &offset, &offset,
10661066
0, GET_ULL, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
10671067
{"password", 'p', "Password to connect to remote server.",
1068-
0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
1068+
0, 0, 0, GET_PASSWORD, OPT_ARG, 0, 0, 0, 0, 0, 0},
10691069
{"plugin_dir", OPT_PLUGIN_DIR, "Directory for client-side plugins.",
10701070
&opt_plugin_dir, &opt_plugin_dir, 0,
10711071
GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
@@ -2185,8 +2185,10 @@ int main(int argc, char** argv)
21852185

21862186
my_init_time(); // for time functions
21872187

2188+
my_getopt_use_args_separator= TRUE;
21882189
if (load_defaults("my", load_default_groups, &argc, &argv))
21892190
exit(1);
2191+
my_getopt_use_args_separator= FALSE;
21902192
defaults_argv= argv;
21912193

21922194
parse_args(&argc, &argv);

client/mysqlcheck.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,7 @@ static struct my_option my_long_options[] =
142142
0, 0},
143143
{"password", 'p',
144144
"Password to use when connecting to server. If password is not given, it's solicited on the tty.",
145-
0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
145+
0, 0, 0, GET_PASSWORD, OPT_ARG, 0, 0, 0, 0, 0, 0},
146146
#ifdef __WIN__
147147
{"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG,
148148
NO_ARG, 0, 0, 0, 0, 0, 0},
@@ -352,9 +352,11 @@ static int get_options(int *argc, char ***argv)
352352
exit(0);
353353
}
354354

355+
my_getopt_use_args_separator= TRUE;
355356
if ((ho_error= load_defaults("my", load_default_groups, argc, argv)) ||
356357
(ho_error=handle_options(argc, argv, my_long_options, get_one_option)))
357358
exit(ho_error);
359+
my_getopt_use_args_separator= FALSE;
358360

359361
if (!what_to_do)
360362
{

client/mysqldump.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -422,7 +422,7 @@ static struct my_option my_long_options[] =
422422
&opt_order_by_primary, &opt_order_by_primary, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
423423
{"password", 'p',
424424
"Password to use when connecting to server. If password is not given it's solicited on the tty.",
425-
0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
425+
0, 0, 0, GET_PASSWORD, OPT_ARG, 0, 0, 0, 0, 0, 0},
426426
#ifdef __WIN__
427427
{"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG,
428428
NO_ARG, 0, 0, 0, 0, 0, 0},
@@ -899,8 +899,11 @@ static int get_options(int *argc, char ***argv)
899899
opt_net_buffer_length= *mysql_params->p_net_buffer_length;
900900

901901
md_result_file= stdout;
902+
my_getopt_use_args_separator= TRUE;
902903
if (load_defaults("my",load_default_groups,argc,argv))
903904
return 1;
905+
my_getopt_use_args_separator= FALSE;
906+
904907
defaults_argv= *argv;
905908

906909
if (my_hash_init(&ignore_table, charset_info, 16, 0, 0,

client/mysqlimport.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ static struct my_option my_long_options[] =
141141
&opt_low_priority, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
142142
{"password", 'p',
143143
"Password to use when connecting to server. If password is not given it's asked from the tty.",
144-
0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
144+
0, 0, 0, GET_PASSWORD, OPT_ARG, 0, 0, 0, 0, 0, 0},
145145
#ifdef __WIN__
146146
{"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG,
147147
NO_ARG, 0, 0, 0, 0, 0, 0},
@@ -609,8 +609,11 @@ int main(int argc, char **argv)
609609
char **argv_to_free;
610610
MY_INIT(argv[0]);
611611

612+
my_getopt_use_args_separator= TRUE;
612613
if (load_defaults("my",load_default_groups,&argc,&argv))
613614
return 1;
615+
my_getopt_use_args_separator= FALSE;
616+
614617
/* argv is changed in the program */
615618
argv_to_free= argv;
616619
if (get_options(&argc, &argv))

client/mysqlshow.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,8 +68,11 @@ int main(int argc, char **argv)
6868
char *wild;
6969
MYSQL mysql;
7070
MY_INIT(argv[0]);
71+
72+
my_getopt_use_args_separator= TRUE;
7173
if (load_defaults("my",load_default_groups,&argc,&argv))
7274
exit(1);
75+
my_getopt_use_args_separator= FALSE;
7376

7477
get_options(&argc,&argv);
7578

@@ -217,7 +220,7 @@ static struct my_option my_long_options[] =
217220
{"password", 'p',
218221
"Password to use when connecting to server. If password is not given, it's "
219222
"solicited on the tty.",
220-
0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
223+
0, 0, 0, GET_PASSWORD, OPT_ARG, 0, 0, 0, 0, 0, 0},
221224
{"plugin_dir", OPT_PLUGIN_DIR, "Directory for client-side plugins.",
222225
&opt_plugin_dir, &opt_plugin_dir, 0,
223226
GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},

client/mysqlslap.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -300,11 +300,13 @@ int main(int argc, char **argv)
300300

301301
MY_INIT(argv[0]);
302302

303+
my_getopt_use_args_separator= TRUE;
303304
if (load_defaults("my",load_default_groups,&argc,&argv))
304305
{
305306
my_end(0);
306307
exit(1);
307308
}
309+
my_getopt_use_args_separator= FALSE;
308310
defaults_argv=argv;
309311
if (get_options(&argc,&argv))
310312
{
@@ -636,7 +638,7 @@ static struct my_option my_long_options[] =
636638
0, 0, 0, 0, 0, 0},
637639
{"password", 'p',
638640
"Password to use when connecting to server. If password is not given it's "
639-
"asked from the tty.", 0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
641+
"asked from the tty.", 0, 0, 0, GET_PASSWORD, OPT_ARG, 0, 0, 0, 0, 0, 0},
640642
#ifdef __WIN__
641643
{"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG,
642644
NO_ARG, 0, 0, 0, 0, 0, 0},

include/my_getopt.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ C_MODE_START
3636
#define GET_SET 13
3737
#define GET_DOUBLE 14
3838
#define GET_FLAGSET 15
39+
#define GET_PASSWORD 16
3940

4041
#define GET_ASK_ADDR 128
4142
#define GET_TYPE_MASK 127

0 commit comments

Comments
 (0)