Merge work:/home/bk/mysql-4.0 into hundin.mysql.fi:/my/bk/mysql-4.0

sql/sql_parse.cc:
  Auto merged

Docs/manual.texi

@@ -49550,6 +49550,9 @@ GRANT ... WITH MAX_QUERIES_PER_HOUR = N1
                MAX_CONNECTIONS_PER_HOUR = N3;
 @end example
 @xref{User resources}.
+
+@item
+Added @code{mysql_secure_installation} to the @file{scripts/} directory.
 @end itemize
 
 @node News-4.0.1, News-4.0.0, News-4.0.2, News-4.0.x

acinclude.m4

@@ -771,7 +771,7 @@ AC_MSG_CHECKING(for OpenSSL)
 
 AC_DEFUN(MYSQL_CHECK_MYSQLFS, [
   AC_ARG_WITH([mysqlfs],
-              [\
+              [
   --with-mysqlfs          Include the corba-based MySQL file system],
               [mysqlfs="$withval"],
               [mysqlfs=no])
@@ -821,7 +821,7 @@ AC_SUBST(orbit_idl)
 ])
 
 AC_DEFUN([MYSQL_CHECK_ISAM], [
-  AC_ARG_WITH([isam], [\
+  AC_ARG_WITH([isam], [
   --without-isam          Disable the ISAM table type],
     [with_isam="$withval"],
     [with_isam=yes])

configure.in

@@ -367,6 +367,7 @@ AC_PATH_PROG(HOSTNAME, hostname, hostname)
 # Check for a GNU tar named 'gtar', or 'gnutar' (MacOS X) and
 # fall back to 'tar' otherwise and hope that it's a GNU tar as well
 AC_CHECK_PROGS(TAR, gnutar gtar tar)
+
 dnl We use a path for perl so the script startup works
 dnl We make sure to use perl, not perl5, in hopes that the RPMs will
 dnl not depend on the perl5 binary being installed (probably a bug in RPM)
@@ -453,7 +454,11 @@ fi
 NOINST_LDFLAGS=
 
 AC_ARG_WITH(other-libc,
- [ --with-other-libc=/path/to/other/libc/dir Link against libc and other standard libraries installed in the specified non-standard location overriding default. Originally added to be able to link against glibc 2.2 without making the user upgrade the standard libc installation ],
+ [  --with-other-libc=DIR   Link against libc and other standard libraries 
+                          installed in the specified non-standard location 
+                          overriding default. Originally added to be able to
+                          link against glibc 2.2 without making the user 
+                          upgrade the standard libc installation.],
  [
    other_libc_include="$withval/include"
    other_libc_lib="$withval/lib"
@@ -504,7 +509,6 @@ AC_SUBST(NOINST_LDFLAGS)
 
 AC_ARG_WITH(server-suffix,
     [  --with-server-suffix    Append value to the version string.],
-    # I heard that 'cut' isn't portable.  Isn't there a better way?
     [ MYSQL_SERVER_SUFFIX=`echo "$withval" | sed -e  's/^\(...................................\)..*$/\1/'` ],
     [ MYSQL_SERVER_SUFFIX= ]
     )
@@ -629,11 +633,10 @@ AC_ARG_WITH(mysqld-user,
     )
 AC_SUBST(MYSQLD_USER)
 
-# If we should allove LOAD DATA LOCAL
+# If we should allow LOAD DATA LOCAL
 AC_MSG_CHECKING(if we should should enable LOAD DATA LOCAL by default)
 AC_ARG_ENABLE(local-infile,
-    [  --enable-local-infile
-                          Enable LOAD DATA LOCAL INFILE (default: disabled)],
+    [  --enable-local-infile   Enable LOAD DATA LOCAL INFILE (default: disabled)],
     [ ENABLED_LOCAL_INFILE=$enableval ],
     [ ENABLED_LOCAL_INFILE=no ]
     )
@@ -698,7 +701,7 @@ MYSQL_CHECK_ZLIB_WITH_COMPRESS($with_named_zlib)
 #--------------------------------------------------------------------
 
 AC_ARG_WITH(libwrap,
-[  --with-libwrap[=DIR]    Compile in libwrap (tcp_wrappers) support],[
+[  --with-libwrap[=DIR]      Compile in libwrap (tcp_wrappers) support],[
   case "$with_libwrap" in
   no) : ;;
   yes|*)
@@ -1000,9 +1003,9 @@ then
       if test "$IS_LINUX" = "true"
       then
 	AC_MSG_ERROR([This is a linux system and Linuxthreads was not
-found. On linux Linuxthreads should be used. So install Linuxthreads
-(or a new glibc) and try again. See the Installation chapter in the
-Reference Manual.])
+found. On linux Linuxthreads should be used.  Please install Linuxthreads
+(or a new glibc) and try again.  See the Installation chapter in the
+Reference Manual for more information.])
       else
 	AC_MSG_CHECKING("DEC threads")
         if test -f /usr/shlib/libpthread.so -a -f /usr/lib/libmach.a -a -f /usr/ccs/lib/cmplrs/cc/libexc.a
@@ -1360,6 +1363,7 @@ else
   DEBUG_OPTIMIZE_CXX=""
   OPTIMIZE_CXXFLAGS="-O"
 fi
+
 AC_ARG_WITH(debug,
     [  --without-debug         Build a production version without debugging code],
     [with_debug=$withval],
@@ -1743,7 +1747,7 @@ then
   AC_DEFINE(HAVE_READDIR_R)
 fi
 
-# Check definition av posix sigwait()
+# Check definition of posix sigwait()
 AC_CACHE_CHECK("style of sigwait", mysql_cv_sigwait,
 AC_TRY_LINK(
 [#if !defined(SCO) && !defined(__osf__)
@@ -1766,7 +1770,7 @@ fi
 if test "$mysql_cv_sigwait" != "POSIX"
 then
 unset mysql_cv_sigwait
-# Check definition av posix sigwait()
+# Check definition of posix sigwait()
 AC_CACHE_CHECK("style of sigwait", mysql_cv_sigwait,
 AC_TRY_LINK(
 [#if !defined(SCO) && !defined(__osf__)
@@ -1944,8 +1948,11 @@ CHARSETS_DEPRECATED="win1251"
 DEFAULT_CHARSET=latin1
 AC_DIVERT_POP
 
+dnl fix this later..
+dnl  [  --with-charset=CHARSET  Use CHARSET by default (one of: $CHARSETS_AVAILABLE; Default is $DEFAULT_CHARSET)],
+
 AC_ARG_WITH(charset,
-  [  --with-charset=CHARSET  Use CHARSET by default (one of: $CHARSETS_AVAILABLE; Default is $DEFAULT_CHARSET)],
+  [  --with-charset=CHARSET  Use CHARSET by default (Default is latin1)],
   [default_charset="$withval"],
   [default_charset="$DEFAULT_CHARSET"])
 

scripts/Makefile.am

@@ -22,6 +22,7 @@ bin_SCRIPTS =		@server_scripts@ \
 			mysql_fix_privilege_tables \
                         mysql_fix_extensions \
 			mysql_setpermission \
+			mysql_secure_installation \
 			mysql_zap \
 			mysqlaccess \
 			mysqlbug \
@@ -39,6 +40,7 @@ EXTRA_SCRIPTS =		make_binary_distribution.sh \
                         mysql_fix_extensions.sh \
 			mysql_install_db.sh \
 			mysql_setpermission.sh \
+			mysql_secure_installation.sh \
 			mysql_zap.sh \
 			mysqlaccess.sh \
 			mysqlbug.sh \
@@ -65,6 +67,7 @@ CLEANFILES =		@server_scripts@ \
 			mysql_fix_privilege_tables \
                         mysql_fix_extensions \
 			mysql_setpermission \
+			mysql_secure_installation \
 			mysql_zap \
 			mysqlaccess \
 			mysql_convert_table_format \

scripts/mysql_secure_installation.sh

@@ -0,0 +1,308 @@
+#!/bin/sh
+
+# Copyright (C) 2002 MySQL AB and Jeremy Cole
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+config=".my.cnf.$$"
+command=".mysql.$$"
+
+trap "interrupt" 2
+
+rootpass=""
+
+prepare() {
+    touch $config $command
+    chmod 600 $config $command
+}
+
+do_query() {
+    echo $1 >$command
+    mysql --defaults-file=$config <$command
+    return $?
+}
+
+make_config() {
+    echo "# mysql_secure_installation config file" >$config
+    echo "[mysql]" >>$config
+    echo "user=root" >>$config
+    echo "password=$rootpass" >>$config
+}
+
+get_root_password() {
+    status=1
+    while [ $status -eq 1 ]; do
+	stty -echo
+	echo -n "Enter current password for root (enter for none): "
+	read password
+	echo
+	stty echo
+	if [ "x$password" = "x" ]; then
+	    hadpass=0
+	else
+	    hadpass=1
+	fi
+	rootpass=$password
+	make_config
+	do_query ""
+	status=$?
+    done
+    echo "OK, successfully used password, moving on..."
+    echo
+}
+
+set_root_password() {
+    stty -echo
+    echo -n "New password: "
+    read password1
+    echo
+    echo -n "Re-enter new password: "
+    read password2
+    echo
+    stty echo
+
+    if [ "$password1" != "$password2" ]; then
+	echo "Sorry, passwords do not match."
+	echo
+	return 1
+    fi
+
+    if [ "$password1" = "" ]; then
+	echo "Sorry, you can't use an empty password here."
+	echo
+	return 1
+    fi
+
+    do_query "SET PASSWORD FOR root=PASSWORD('$password1');"
+    if [ $? -eq 0 ]; then
+	echo "Password updated successfully!"
+	echo
+	rootpass=$password1
+	make_config
+    else
+	echo "Password update failed!"
+	exit 1
+    fi
+
+    return 0
+}
+
+remove_anonymous_users() {
+    do_query "DELETE FROM mysql.user WHERE User='';"
+    if [ $? -eq 0 ]; then
+	echo " ... Success!"
+    else
+	echo " ... Failed!"
+	exit 1
+    fi
+
+    return 0
+}
+
+remove_remote_root() {
+    do_query "DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';"
+    if [ $? -eq 0 ]; then
+	echo " ... Success!"
+    else
+	echo " ... Failed!"
+    fi
+}
+
+remove_test_database() {
+    echo " - Dropping test database..."
+    do_query "DROP DATABASE test;"
+    if [ $? -eq 0 ]; then
+	echo " ... Success!"
+    else
+	echo " ... Failed!  Not critical, keep moving..."
+    fi
+
+    echo " - Removing privileges on test database..."
+    do_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
+    if [ $? -eq 0 ]; then
+	echo " ... Success!"
+    else
+	echo " ... Failed!  Not critical, keep moving..."
+    fi
+
+    return 0
+}
+
+reload_privilege_tables() {
+    do_query "FLUSH PRIVILEGES;"
+    if [ $? -eq 0 ]; then
+	echo " ... Success!"
+    else
+	echo " ... Failed!"
+    fi
+
+    return 0
+}
+
+interrupt() {
+    echo
+    echo "Aborting!"
+    echo
+    cleanup
+    stty echo
+    exit 1
+}
+
+cleanup() {
+    echo "Cleaning up..."
+    rm -f $config $command
+}
+
+
+# The actual script starts here
+
+prepare
+
+echo
+echo
+echo
+echo
+echo "NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL"
+echo "      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!"
+echo
+echo
+
+echo "In order to log into MySQL to secure it, we'll need the current"
+echo "password for the root user.  If you've just installed MySQL, and"
+echo "you haven't set the root password yet, the password will be blank,"
+echo "so you should just press enter here."
+echo
+
+get_root_password
+
+
+#
+# Set the root password
+#
+
+echo "Setting the root password ensures that nobody can log into the MySQL"
+echo "root user without the proper authorisation."
+echo
+
+if [ $hadpass -eq 0 ]; then
+    echo -n "Set root password? [Y/n] "
+else
+    echo "You already have a root password set, so you can safely answer 'n'."
+    echo
+    echo -n "Change the root password? [Y/n] "
+fi
+
+read reply
+if [ "$reply" = "n" ]; then
+    echo " ... skipping."
+else
+    status=1
+    while [ $status -eq 1 ]; do
+	set_root_password
+	status=$?
+    done
+fi
+echo
+
+
+#
+# Remove anonymous users
+#
+
+echo "By default, a MySQL installation has an anonymous user, allowing anyone"
+echo "to log into MySQL without having to have a user account created for"
+echo "them.  This is intended only for testing, and to make the installation"
+echo "go a bit smoother.  You should remove them before moving into a"
+echo "production environment."
+echo
+
+echo -n "Remove anonymous users? [Y/n] "
+
+read reply
+if [ "$reply" = "n" ]; then
+    echo " ... skipping."
+else
+    remove_anonymous_users
+fi
+echo
+
+
+#
+# Disallow remote root login
+#
+
+echo "Normally, root should only be allowed to connect from 'localhost'.  This"
+echo "ensures that someone cannot guess at the root password from the network."
+echo
+
+echo -n "Disallow root login remotely? [Y/n] "
+read reply
+if [ "$reply" = "n" ]; then
+    echo " ... skipping."
+else
+    remove_remote_root
+fi
+echo
+
+
+#
+# Remove test database
+#
+
+echo "By default, MySQL comes with a database named 'test' that anyone can"
+echo "access.  This is also intended only for testing, and should be removed"
+echo "before moving into a production environment."
+echo
+
+echo -n "Remove test database and access to it? [Y/n] "
+read reply
+if [ "$reply" = "n" ]; then
+    echo " ... skipping."
+else
+    remove_test_database
+fi
+echo
+
+
+#
+# Reload privilege tables
+#
+
+echo "Reloading the privilege tables will ensure that all changes made so far"
+echo "will take effect immediately."
+echo
+
+echo -n "Reload privilege tables now? [Y/n] "
+read reply
+if [ "$reply" = "n" ]; then
+    echo " ... skipping."
+else
+    reload_privilege_tables
+fi
+echo
+
+cleanup
+
+echo
+echo
+echo
+echo "All done!  If you've completed all of the above steps, your MySQL"
+echo "installation should now be secure."
+echo
+echo "Thanks for using MySQL!"
+echo
+echo
+
+

sql/handler.cc

@@ -316,7 +316,10 @@ int ha_commit_trans(THD *thd, THD_TRANS* trans)
       sql_print_error("Error: Got error during commit;  Binlog is not up to date!");
     thd->tx_isolation=thd->session_tx_isolation;
     if (operation_done)
+    {
       statistic_increment(ha_commit_count,&LOCK_status);
+      thd->transaction.cleanup();
+    }
   }
 #endif // using transactions
   DBUG_RETURN(error);
@@ -361,7 +364,10 @@ int ha_rollback_trans(THD *thd, THD_TRANS *trans)
     thd->transaction.trans_log.end_of_file= max_binlog_cache_size;
     thd->tx_isolation=thd->session_tx_isolation;
     if (operation_done)
+    {
       statistic_increment(ha_rollback_count,&LOCK_status);
+      thd->transaction.cleanup();
+    }
   }
 #endif /* USING_TRANSACTIONS */
   DBUG_RETURN(error);

sql/sql_cache.cc

@@ -1073,7 +1073,8 @@ void Query_cache::invalidate(CHANGED_TABLE_LIST *tables_used)
       {
 	invalidate_table((byte*) tables_used->key, tables_used->key_length);
 	DBUG_PRINT("qcache", (" db %s, table %s", tables_used->key,
-			      tables_used->table_name));
+			      tables_used->key+
+			      strlen(tables_used->key)+1));
       }
     }
     STRUCT_UNLOCK(&structure_guard_mutex);
@@ -1994,7 +1995,7 @@ Query_cache_block *
 Query_cache::allocate_block(ulong len, my_bool not_less, ulong min,
 			    my_bool under_guard)
 {
-  DBUG_ENTER("Query_cache::allocate_n_lock_block");
+  DBUG_ENTER("Query_cache::allocate_block");
   DBUG_PRINT("qcache", ("len %lu, not less %d, min %lu, uder_guard %d",
 		      len, not_less,min,under_guard));
 
@@ -3060,7 +3061,8 @@ my_bool Query_cache::check_integrity(bool not_locked)
     DBUG_PRINT("qcache", ("block 0x%lx, type %u...", 
 			  (ulong) block, (uint) block->type));  
     // Check allignment
-    if ((ulonglong)block % ALIGN_SIZE(1))
+    if ((((ulonglong)block) % (ulonglong)ALIGN_SIZE(1)) !=
+	(((ulonglong)first_block) % (ulonglong)ALIGN_SIZE(1)))
     {
       DBUG_PRINT("error",
 		 ("block 0x%lx do not aligned by %d", (ulong) block,

sql/sql_class.cc

@@ -345,11 +345,7 @@ CHANGED_TABLE_LIST* THD::changed_table_dup(TABLE *table)
 			     ALIGN_SIZE(sizeof(CHANGED_TABLE_LIST)));
   new_table->next = 0;
   new_table->key_length = table->key_length;
-  uint32 db_len = ((new_table->table_name =
-		    ::strmake(new_table->key, table->table_cache_key, 
-			      table->key_length) + 1) - new_table->key);
-  ::memcpy(new_table->key + db_len, table->table_cache_key + db_len,
-	   table->key_length - db_len);
+  ::memcpy(new_table->key, table->table_cache_key, table->key_length);
   return new_table;
 }
 

sql/sql_parse.cc

@@ -2432,7 +2432,6 @@ mysql_execute_command(void)
     }
     else
       res= -1;
-    thd->transaction.cleanup();
     break;
   }
   case SQLCOM_ROLLBACK:
@@ -2447,7 +2446,6 @@ mysql_execute_command(void)
     else
       res= -1;
     thd->options&= ~(ulong) (OPTION_BEGIN | OPTION_STATUS_NO_TRANS_UPDATE);
-    thd->transaction.cleanup();
     break;
   default:					/* Impossible */
     send_ok(&thd->net);

sql/table.h

@@ -154,7 +154,7 @@ typedef struct st_table_list {
 
 typedef struct st_changed_table_list {
   struct	st_changed_table_list *next;
-  char		*key, *table_name;
+  char		*key;
   uint32        key_length;
 } CHANGED_TABLE_LIST;