Also increase user name up to 128.
The work was started by Rucha Deodhar <rucha.deodhar@mariadb.com>,
contains audit plugin fixes by Alexey Botchkov <holyfoot@askmonty.org>.
1. Pass joiner's authentication information to donor together with address
in State Transfer Request. This allows joiner to authenticate donor on
connection. Previously joiner would accept data from anywhere.
2. Deprecate custom SSL configuration variables tca, tcert and tkey in favor
of more familiar ssl-ca, ssl-cert and ssl-key. For backward compatibility
tca, tcert and tkey are still supported.
3. Allow falling back to server-wide SSL configuration in [mysqld] if no SSL
configuration is found in [sst] section of the config file.
4. Introduce ssl-mode variable in [sst] section that takes standard values
and has following effects:
- old-style SSL configuration present in [sst]: no effect
otherwise:
- ssl-mode=DISABLED or absent: retains old, backward compatible behavior
and ignores any other SSL configuration
- ssl-mode=VERIFY*: verify joiner's certificate and CN on donor,
verify donor's secret on joiner
(passed to donor via State Transfer Request)
BACKWARD INCOMPATIBLE BEHAVIOR
- anything else enables new SSL configuration convetions but does not
require verification
ssl-mode should be set to VERIFY only in a fully upgraded cluster.
Examples:
[mysqld]
ssl-cert=/path/to/cert
ssl-key=/path/to/key
ssl-ca=/path/to/ca
[sst]
-- server-wide SSL configuration is ignored, SST does not use SSL
[mysqld]
ssl-cert=/path/to/cert
ssl-key=/path/to/key
ssl-ca=/path/to/ca
[sst]
ssl-mode=REQUIRED
-- use server-wide SSL configuration for SST but don't attempt to
verify the peer identity
[sst]
ssl-cert=/path/to/cert
ssl-key=/path/to/key
ssl-ca=/path/to/ca
ssl-mode=VERIFY_CA
-- use SST-specific SSL configuration for SST and require verification
on both sides
Reviewed-by: Jan Lindström <jan.lindstrom@mariadb.com>
When CMAKE_CROSSCOMPILING_EMULATOR is defined, a cross-compile
can be made, however with native (emulated) execution possible.
This commit takes those points in the build system that
execute built targets natively and allow these to be executed
in a crosscompile if CMAKE_CROSSCOMPILING_EMULATOR is defined.
Closes#1805
- Commit 5cc2096f93 introduced in `10.5` changed DBI:DBD to DBD:MariaDB in this case with redudant `mysql` option.
- According to database handle (dbh) and `connect` method one should follow
https://metacpan.org/pod/DBD::MariaDB#Class-Methods with proper created data source name (dsn).
- Adding socket precedance over port.
- Adding skipping the comments when reading the `my.cnf` file.
- MDEV-23016: mariadb-setpermission included
SST scripts for Galera should use the new mariabackup interface
instead of the innobackupex interface, which is currently only
supported for compatibility reasons.
This commit converts the SST script for mariabackup to use the
new interface. It does not need separate tests, as any problems
will be seen as failures when running multiple tests for the
mariabackup-based SST.
This script is unused and unmaintained.
The logic is implemented in scripts/mysql_system_tables_fix.sql that forms part of mysql_upgrade
Its components:
alter table mysql.user drop column `password_last_changed`, drop column `password_lifetime`, drop column `account_locked`;
has a friendlier migration path coming MDEV-24122
alter table mysql.user change column `authentication_string` `auth_string` text COLLATE utf8_bin NOT NULL;
Already part of scripts/mysql_system_tables_fix.sql
alter table mysql.user add column `Password` char(41) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL DEFAULT '' after `user`, add column `is_role` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N' after `auth_string`;
alter table mysql.user add column `default_role` char(80) COLLATE utf8_bin NOT NULL DEFAULT '', add column `max_statement_time` decimal(12,6) NOT NULL DEFAULT '0.000000';
corrected in MDEV-23201 to be in the right order.
update mysql.user set `password`=`auth_string`, plugin='' where plugin="mysql_native_password";
Is handled in server in the function acl_load.
cleanups from PR 900:
- Use mariadb names instead of mysql and add secure-installation and
additionally organize man pages.
- Remove obsolete script `/make_binary_distribution`
- Don't build binary `mariadb-install-db` in case of without-server
In the case of a crash directly after a creation of an Aria table,
Aria recovery would think that the table was from another system and
require a repair of the table and inform that the table is 'zerofilled".
This would cause no harm, but was confusing to see when testing atomic
alter table.
Fixed by logging the create transaction id to the log.
Other things:
- Added "show table status from sys" to maria_empy_logs. This ensures one
does not get any zerofill warnings when sys/sys_config is used by other
tests.
- aria_chk --describe now prints a warning if the table was moved from
another system.
- Logging of truncate (maria_delete_all_rows) is changed to use the
current trid for the create table.
This is to ensure that we do not run into the same problem with truncate.
- Changed back sys_config table to Aria as this patch should fix the
"zerofill" problem in buildbot.
- Added scripts/mysql_sys_schema.sql to .gitignore
Mariabackup SST fails if "--log-bin" option is added with no value
to command line parameters at server startup. This is because the SST
scripts do not correctly interpret the "--- log-bin" option without a
value. This patch adds correct handling of the "--log-bin" parameter
without value to the general part of the parameter parsing (for SST
scripts) and fixes the problem. Also added a test that checks the
correct operation of the server after the fix.
- increase MAX_BOOTSTRAP_QUERY_SIZE (sys.schema has SP over 50K large)
don't allocate bootstrap query on heap anymore.
- support DELIMITER in bootstrap
- Innodb is not always available, which means t is not always
possible to use innodb system variables, or innodb information schema
tables.
Thus creation of objects that use Innodb information_schema is enclosed
into BEGIN NOT ATOMIC blocks with dummy SQLEXCEPTION handler.
- sys_config table uses Aria, just like other system tables.
- several tables that exist in MySQL, do not exist in MariaDB
performance_schema.replication_applier_status, mysql.slave_master_info,
mysql.slave_relay_log_info
Adding any unknown option to the "[mysqld_safe]" section makes
mysqld impossible to start with mysqld_multi. For example, after
adding the unknown option "numa_interleave" to the "[mysqld_safe]"
section, mysqld_multi exits with the following diagnostics:
[ERROR] /usr/local/mysql/bin/mysqld: unknown option '--numa_interleave'
To get rid of this behavior, this patch adds the passing of the default
group suffix from mysqld_multi to the mysqld_safe side.
not be dropped if the DEFINER is custom. Revert changes
to MDEV-23102 tests as they were designed to catch
this corner case.
The explanation for this corner case is that users
historically used to tweak the mysql.user table and
probably still do even though mysql.user is now a view.
Thus, if the DEFINER of the view is not default, i.e.
root@localhost or mariadb.sys@localhost, we should avoid
dropping the view during upgrade process to not discard
potential custom changes.
The mysql.user view password_expired column should display the right
result, in sync with whether an account has its password expired or not
For mariadb 10.4+ upgrades before this commit, the mysql.user view needs
to be dropped and recreated to actually make the view display the
correct value for the password_expired column.
