From 5b770e3a984cfa03702dfb3e62876d4834bd9ded Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 27 Sep 2007 08:56:06 +0200 Subject: [PATCH 1/3] avoid using GetTempFileName in a way it's documented to not work on windows mysys/mf_tempfile.c: Try to avoid passing null as first parameter to GetTempFileName, since it's documented that it won't work. --- mysys/mf_tempfile.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/mysys/mf_tempfile.c b/mysys/mf_tempfile.c index c1108f85054..9460f27b104 100644 --- a/mysys/mf_tempfile.c +++ b/mysys/mf_tempfile.c @@ -59,11 +59,25 @@ File create_temp_file(char *to, const char *dir, const char *prefix, myf MyFlags __attribute__((unused))) { File file= -1; +#ifdef __WIN__ + TCHAR path_buf[MAX_PATH-14]; +#endif DBUG_ENTER("create_temp_file"); DBUG_PRINT("enter", ("dir: %s, prefix: %s", dir, prefix)); #if defined (__WIN__) + /* + Use GetTempPath to determine path for temporary files. + This is because the documentation for GetTempFileName + has the following to say about this parameter: + "If this parameter is NULL, the function fails." + */ + if (!dir) + { + if(GetTempPath(sizeof(path_buf), path_buf) > 0) + dir = path_buf; + } /* Use GetTempFileName to generate a unique filename, create the file and release it's handle From 019c20bf93ee8a16e5c379322f81e08d0f10718c Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 2 Oct 2007 21:21:45 +0200 Subject: [PATCH 2/3] testScanFilter.cpp: Updated variable size arrays to use vector like Jonas did for 5.1 so that my build would not break ndb/test/ndbapi/testScanFilter.cpp: Updated variable size arrays to use vector like Jonas did for 5.1 so that my build would not break --- ndb/test/ndbapi/testScanFilter.cpp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/ndb/test/ndbapi/testScanFilter.cpp b/ndb/test/ndbapi/testScanFilter.cpp index 81aa6b82fa0..48a7027eb66 100644 --- a/ndb/test/ndbapi/testScanFilter.cpp +++ b/ndb/test/ndbapi/testScanFilter.cpp @@ -772,18 +772,20 @@ void ndbapi_tuples(Ndb *ndb, char *str, bool *res) * str: a random string of scan opearation and condition * return: true stands for ndbapi ok, false stands for ndbapi failed */ +template class Vector; bool compare_cal_ndb(char *str, Ndb *ndb) { - bool res_cal[TUPLE_NUM], res_ndb[TUPLE_NUM]; + Vector res_cal; + Vector res_ndb; for(int i = 0; i < TUPLE_NUM; i++) { - res_cal[i] = false; - res_ndb[i] = false; + res_cal.push_back(false); + res_ndb.push_back(false); } - check_all_tuples(str, res_cal); - ndbapi_tuples(ndb, str, res_ndb); + check_all_tuples(str, res_cal.getBase()); + ndbapi_tuples(ndb, str, res_ndb.getBase()); for(int i = 0; i < TUPLE_NUM; i++) { From 549cbcd54731985b0085d542e7b7dd515fbd77ca Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 4 Oct 2007 11:30:30 +0200 Subject: [PATCH 3/3] Restore creation of test databases and the anonymous user which were accidentally removed during a previous rototill of this code. Fixes bug#27692. While it can be argued we should strive to provide a 'secure by default' installation, this happens to be the setup currently documented in the manual as the default, so defer changes that improve security out of the box to a co-ordinated effort later on. For now, make a note about the test databases and anonymous user in mysql_install_db and recommend that mysql_secure_installation be ran for users wishing to remove these defaults. [..re-commit of previously lost change..] scripts/mysql_system_tables_data.sql: Add anonymous accounts. scripts/mysql_install_db.sh: Point users at the mysql_secure_installation script. mysql-test/mysql-test-run.pl: Add a comment where removing anonymous users. --- mysql-test/mysql-test-run.pl | 1 + scripts/mysql_install_db.sh | 9 +++++++++ scripts/mysql_system_tables_data.sql | 2 ++ 3 files changed, 12 insertions(+) diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl index 06447b9e69d..ba2056e2818 100755 --- a/mysql-test/mysql-test-run.pl +++ b/mysql-test/mysql-test-run.pl @@ -3059,6 +3059,7 @@ sub install_db ($$) { mtr_appendfile_to_file("$path_sql_dir/fill_help_tables.sql", $bootstrap_sql_file); + # Remove anonymous users mtr_tofile($bootstrap_sql_file, "DELETE FROM mysql.user where user= '';"); diff --git a/scripts/mysql_install_db.sh b/scripts/mysql_install_db.sh index a66129af1d3..5716d4f51c0 100644 --- a/scripts/mysql_install_db.sh +++ b/scripts/mysql_install_db.sh @@ -371,7 +371,16 @@ then echo "To do so, start the server, then issue the following commands:" echo "$bindir/mysqladmin -u root password 'new-password'" echo "$bindir/mysqladmin -u root -h $hostname password 'new-password'" + echo + echo "Alternatively you can run:" + echo "$bindir/mysql_secure_installation" + echo + echo "which will also give you the option of removing the test" + echo "databases and anonymous user created by default. This is" + echo "strongly recommended for production servers." + echo echo "See the manual for more instructions." + echo if test "$in_rpm" -eq 0 then diff --git a/scripts/mysql_system_tables_data.sql b/scripts/mysql_system_tables_data.sql index 5f0289ab197..c0e3af1c9c8 100644 --- a/scripts/mysql_system_tables_data.sql +++ b/scripts/mysql_system_tables_data.sql @@ -17,5 +17,7 @@ CREATE TEMPORARY TABLE tmp_user LIKE user; INSERT INTO tmp_user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0); REPLACE INTO tmp_user VALUES (@@hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0); REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0); +INSERT INTO tmp_user (host,user) VALUES ('localhost',''); +INSERT INTO tmp_user (host,user) VALUES (@@hostname,''); INSERT INTO user SELECT * FROM tmp_user WHERE @had_user_table=0; DROP TABLE tmp_user;