Refs codership/mysql-wsrep#141: this commit

1. Passes wsrep_sst_auth_value to SST scripts via WSREP_SST_OPT_AUTH envronmental variable, so it never appears on the command line
  2. In mysqldump and xtrabackup* SST scripts which rely on MySQL authentication, instead of passing password on the command line, SST script sets MYSQL_PWD environment variable, so that password also never appears on the mysqldump/innobackupex command line.

scripts/wsrep_sst_common.sh

@@ -1,4 +1,4 @@
-# Copyright (C) 2012-2014 Codership Oy
+# Copyright (C) 2012-2015 Codership Oy
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,7 +20,9 @@ set -u
 
 WSREP_SST_OPT_BYPASS=0
 WSREP_SST_OPT_DATA=""
-WSREP_SST_OPT_AUTH=""
+WSREP_SST_OPT_AUTH=${WSREP_SST_OPT_AUTH:-}
+WSREP_SST_OPT_USER=${WSREP_SST_OPT_USER:-}
+WSREP_SST_OPT_PSWD=${WSREP_SST_OPT_PSWD:-}
 
 while [ $# -gt 0 ]; do
 case "$1" in
@@ -28,10 +30,6 @@ case "$1" in
         readonly WSREP_SST_OPT_ADDR="$2"
         shift
         ;;
-    '--auth')
-        WSREP_SST_OPT_AUTH="$2"
-        shift
-        ;;
     '--bypass')
         WSREP_SST_OPT_BYPASS=1
         ;;
@@ -114,12 +112,30 @@ else
     MY_PRINT_DEFAULTS=$(which my_print_defaults)
 fi
 
+wsrep_auth_not_set()
+{
+    [ -z "$WSREP_SST_OPT_AUTH" -o "$WSREP_SST_OPT_AUTH" = "(null)" ]
+}
+
 # For Bug:1200727
-if $MY_PRINT_DEFAULTS -c $WSREP_SST_OPT_CONF sst | grep -q "wsrep_sst_auth";then
-    if [ -z "$WSREP_SST_OPT_AUTH" -o "$WSREP_SST_OPT_AUTH" = "(null)" ];then
-            WSREP_SST_OPT_AUTH=$(my_print_defaults -c $WSREP_SST_OPT_CONF sst | grep -- "--wsrep_sst_auth" | cut -d= -f2)
+if $MY_PRINT_DEFAULTS -c $WSREP_SST_OPT_CONF sst | grep -q "wsrep_sst_auth"
+then
+    if wsrep_auth_not_set
+    then
+        WSREP_SST_OPT_AUTH=$(MY_PRINT_DEFAULTS -c $WSREP_SST_OPT_CONF sst | grep -- "--wsrep_sst_auth" | cut -d= -f2)
     fi
 fi
+readonly WSREP_SST_OPT_AUTH
+
+# Splitting AUTH into potential user:password pair
+if ! wsrep_auth_not_set
+then
+    readonly AUTH_VEC=(${WSREP_SST_OPT_AUTH//:/ })
+    [ -n "${AUTH_VEC[0]}" ] && WSREP_SST_OPT_USER="${AUTH_VEC[0]}"
+    [ -n "${AUTH_VEC[1]}" ] && WSREP_SST_OPT_PSWD="${AUTH_VEC[1]}"
+fi
+readonly WSREP_SST_OPT_USER
+readonly WSREP_SST_OPT_PSWD
 
 if [ -n "${WSREP_SST_OPT_DATA:-}" ]
 then
@@ -128,7 +144,6 @@ else
     SST_PROGRESS_FILE=""
 fi
 
-
 wsrep_log()
 {
     # echo everything to stderr so that it gets into common error log

scripts/wsrep_sst_mysqldump.sh

@@ -1,5 +1,5 @@
-#!/bin/bash -e
-# Copyright (C) 2009 Codership Oy
+#!/bin/bash -ue
+# Copyright (C) 2009-2015 Codership Oy
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -38,7 +38,6 @@ local_ip()
     return 1
 }
 
-if test -z "$WSREP_SST_OPT_USER";  then wsrep_log_error "USER cannot be nil";  exit $EINVAL; fi
 if test -z "$WSREP_SST_OPT_HOST";  then wsrep_log_error "HOST cannot be nil";  exit $EINVAL; fi
 if test -z "$WSREP_SST_OPT_PORT";  then wsrep_log_error "PORT cannot be nil";  exit $EINVAL; fi
 if test -z "$WSREP_SST_OPT_LPORT"; then wsrep_log_error "LPORT cannot be nil"; exit $EINVAL; fi
@@ -54,7 +53,7 @@ then
 fi
 
 # Check client version
-CLIENT_MINOR=$(mysql --version | cut -d ' ' -f 6 | cut -d '.' -f 2)
+CLIENT_MINOR=$($MYSQL_CLIENT --version | cut -d ' ' -f 6 | cut -d '.' -f 2)
 if [ $CLIENT_MINOR -lt "5" ]
 then
     $MYSQL_CLIENT --version >&2
@@ -62,13 +61,18 @@ then
     exit $EINVAL
 fi
 
-# For Bug:1293798
-if [ -z "$WSREP_SST_OPT_PSWD" -a -n "$WSREP_SST_OPT_AUTH" ]; then
-    WSREP_SST_OPT_USER=$(echo $WSREP_SST_OPT_AUTH | cut -d: -f1)
-    WSREP_SST_OPT_PSWD=$(echo $WSREP_SST_OPT_AUTH | cut -d: -f2)
-fi
-AUTH="-u$WSREP_SST_OPT_USER"
-if test -n "$WSREP_SST_OPT_PSWD"; then AUTH="$AUTH -p$WSREP_SST_OPT_PSWD"; fi
+[ -n "$WSREP_SST_OPT_USER" ] && AUTH="-u$WSREP_SST_OPT_USER" || AUTH=
+
+# Refs https://github.com/codership/mysql-wsrep/issues/141
+# Passing password in MYSQL_PWD environment variable is considered
+# "extremely insecure" by MySQL Guidelines for Password Security
+# (https://dev.mysql.com/doc/refman/5.6/en/password-security-user.html)
+# that is even less secure than passing it on a command line! It is doubtful:
+# the whole command line is easily observable by any unprivileged user via ps,
+# whereas (at least on Linux) unprivileged user can't see process environment
+# that he does not own. So while it may be not secure in the NSA sense of the
+# word, it is arguably more secure than passing password on the command line.
+[ -n "$WSREP_SST_OPT_PSWD" ] && export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
 
 STOP_WSREP="SET wsrep_on=OFF;"
 
@@ -104,10 +108,10 @@ MYSQL="$MYSQL_CLIENT $AUTH -h$WSREP_SST_OPT_HOST -P$WSREP_SST_OPT_PORT "\
 # need to disable logging when loading the dump
 # reason is that dump contains ALTER TABLE for log tables, and
 # this causes an error if logging is enabled
-GENERAL_LOG_OPT=`$MYSQL --skip-column-names -e"$STOP_WSREP SELECT @@GENERAL_LOG"`
-SLOW_LOG_OPT=`$MYSQL --skip-column-names -e"$STOP_WSREP SELECT @@SLOW_QUERY_LOG"`
-$MYSQL -e"$STOP_WSREP SET GLOBAL GENERAL_LOG=OFF"
-$MYSQL -e"$STOP_WSREP SET GLOBAL SLOW_QUERY_LOG=OFF"
+GENERAL_LOG_OPT=`$MYSQL --skip-column-names -e "$STOP_WSREP SELECT @@GENERAL_LOG"`
+SLOW_LOG_OPT=`$MYSQL --skip-column-names -e "$STOP_WSREP SELECT @@SLOW_QUERY_LOG"`
+$MYSQL -e "$STOP_WSREP SET GLOBAL GENERAL_LOG=OFF"
+$MYSQL -e "$STOP_WSREP SET GLOBAL SLOW_QUERY_LOG=OFF"
 
 # commands to restore log settings
 RESTORE_GENERAL_LOG="SET GLOBAL GENERAL_LOG=$GENERAL_LOG_OPT;"

scripts/wsrep_sst_rsync.sh

@@ -32,8 +32,8 @@ wsrep_check_programs rsync
 
 cleanup_joiner()
 {
-    wsrep_log_info "Joiner cleanup."
     local PID=$(cat "$RSYNC_PID" 2>/dev/null || echo 0)
+    wsrep_log_info "Joiner cleanup. rsync PID: $PID"
     [ "0" != "$PID" ] && kill $PID && sleep 0.5 && kill -9 $PID >/dev/null 2>&1 \
     || :
     rm -rf "$RSYNC_CONF"

scripts/wsrep_sst_xtrabackup-v2.sh

@@ -77,7 +77,6 @@ pcmd="pv $pvopts"
 declare -a RC
 
 INNOBACKUPEX_BIN=innobackupex
-readonly AUTH=(${WSREP_SST_OPT_AUTH//:/ })
 DATA="${WSREP_SST_OPT_DATA}"
 INFO_FILE="xtrabackup_galera_info"
 IST_FILE="xtrabackup_ist"
@@ -576,13 +575,14 @@ then
         itmpdir=$(mktemp -d)
         wsrep_log_info "Using $itmpdir as innobackupex temporary directory"
 
-        if [ "${AUTH[0]}" != "(null)" ]; then
-           INNOEXTRA+=" --user=${AUTH[0]}"
-       fi
+        if [ "$WSREP_SST_OPT_USER" != "(null)" ]; then
+           INNOEXTRA+=" --user=$WSREP_SST_OPT_USER"
+        fi
 
-        if [ ${#AUTH[*]} -eq 2 ]; then
-           INNOEXTRA+=" --password=${AUTH[1]}"
-        elif [ "${AUTH[0]}" != "(null)" ]; then
+        if [ -n "$WSREP_SST_OPT_PSWD" ]; then
+#           INNOEXTRA+=" --password=$WSREP_SST_OPT_PSWD"
+           export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
+        else
            # Empty password, used for testing, debugging etc.
            INNOEXTRA+=" --password="
         fi

scripts/wsrep_sst_xtrabackup.sh

@@ -61,7 +61,6 @@ pcmd="pv $pvopts"
 declare -a RC
 
 INNOBACKUPEX_BIN=innobackupex
-readonly AUTH=(${WSREP_SST_OPT_AUTH//:/ })
 DATA="${WSREP_SST_OPT_DATA}"
 INFO_FILE="xtrabackup_galera_info"
 IST_FILE="xtrabackup_ist"
@@ -435,13 +434,14 @@ then
     then
         TMPDIR="${TMPDIR:-/tmp}"
 
-        if [ "${AUTH[0]}" != "(null)" ]; then
-           INNOEXTRA+=" --user=${AUTH[0]}"
-       fi
+        if [ "$WSREP_SST_OPT_USER" != "(null)" ]; then
+           INNOEXTRA+=" --user=$WSREP_SST_OPT_USER"
+        fi
 
-        if [ ${#AUTH[*]} -eq 2 ]; then
-           INNOEXTRA+=" --password=${AUTH[1]}"
-        elif [ "${AUTH[0]}" != "(null)" ]; then
+        if [ -n "$WSREP_SST_OPT_PSWD"  ]; then
+#           INNOEXTRA+=" --password=$WSREP_SST_OPT_PSWD"
+           export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
+        else
            # Empty password, used for testing, debugging etc.
            INNOEXTRA+=" --password="
         fi

sql/wsrep_notify.cc

@@ -97,7 +97,7 @@ void wsrep_notify_status (wsrep_member_status_t    status,
     return;
   }
 
-  wsp::process p(cmd_ptr, "r");
+  wsp::process p(cmd_ptr, "r", NULL);
 
   p.wait();
   int err = p.error();

sql/wsrep_sst.cc

@@ -270,12 +270,14 @@ void wsrep_sst_continue ()
 struct sst_thread_arg
 {
   const char*     cmd;
-  int             err;
+  char**          env;
   char*           ret_str;
+  int             err;
   mysql_mutex_t   lock;
   mysql_cond_t    cond;
 
-  sst_thread_arg (const char* c) : cmd(c), err(-1), ret_str(0)
+  sst_thread_arg (const char* c, char** e)
+    : cmd(c), env(e), ret_str(0), err(-1)
   {
     mysql_mutex_init(key_LOCK_wsrep_sst_thread, &lock, MY_MUTEX_INIT_FAST);
     mysql_cond_init(key_COND_wsrep_sst_thread, &cond, NULL);
@@ -333,7 +335,7 @@ static void* sst_joiner_thread (void* a)
 
     WSREP_INFO("Running: '%s'", arg->cmd);
 
-    wsp::process proc (arg->cmd, "r");
+    wsp::process proc (arg->cmd, "r", arg->env);
 
     if (proc.pipe() && !proc.error())
     {
@@ -407,23 +409,54 @@ static void* sst_joiner_thread (void* a)
   return NULL;
 }
 
+#define WSREP_SST_AUTH_ENV "WSREP_SST_OPT_AUTH"
+
+static int sst_append_auth_env(wsp::env& env, const char* sst_auth)
+{
+  int const sst_auth_size= strlen(WSREP_SST_AUTH_ENV) + 1 /* = */
+    + (sst_auth ? strlen(sst_auth) : 0) + 1 /* \0 */;
+
+  wsp::string sst_auth_str(sst_auth_size); // for automatic cleanup on return
+  if (!sst_auth_str()) return -ENOMEM;
+
+  int ret= snprintf(sst_auth_str(), sst_auth_size, "%s=%s",
+                    WSREP_SST_AUTH_ENV, sst_auth ? sst_auth : "");
+
+  if (ret < 0 || ret >= sst_auth_size)
+  {
+    WSREP_ERROR("sst_append_auth_env(): snprintf() failed: %d", ret);
+    return (ret < 0 ? ret : -EMSGSIZE);
+  }
+
+  env.append(sst_auth_str());
+  return -env.error();
+}
+
 static ssize_t sst_prepare_other (const char*  method,
+                                  const char*  sst_auth,
                                   const char*  addr_in,
                                   const char** addr_out)
 {
-  char  cmd_str[1024];
-  const char* sst_dir= mysql_real_data_home;
+  int const cmd_len= 4096;
+  wsp::string cmd_str(cmd_len);
 
-  int ret= snprintf (cmd_str, sizeof(cmd_str),
+  if (!cmd_str())
+  {
+    WSREP_ERROR("sst_prepare_other(): could not allocate cmd buffer of %d bytes",
+                cmd_len);
+    return -ENOMEM;
+  }
+
+  int ret= snprintf (cmd_str(), cmd_len,
                      "wsrep_sst_%s "
                      WSREP_SST_OPT_ROLE" 'joiner' "
                      WSREP_SST_OPT_ADDR" '%s' "
-                     WSREP_SST_OPT_AUTH" '%s' "
                      WSREP_SST_OPT_DATA" '%s' "
                      WSREP_SST_OPT_CONF" '%s' "
                      WSREP_SST_OPT_PARENT" '%d'",
-                     method, addr_in, (sst_auth_real) ? sst_auth_real : "",
-                     sst_dir, wsrep_defaults_file, (int)getpid());
+                     method, addr_in,
+                     mysql_real_data_home,
+                     wsrep_defaults_file, (int)getpid());
 
   if (ret < 0 || ret >= (int)sizeof(cmd_str))
   {
@@ -431,8 +464,21 @@ static ssize_t sst_prepare_other (const char*  method,
     return (ret < 0 ? ret : -EMSGSIZE);
   }
 
+  wsp::env env(NULL);
+  if (env.error())
+  {
+    WSREP_ERROR("sst_prepare_other(): env. var ctor failed: %d", -env.error());
+    return -env.error();
+  }
+
+  if ((ret= sst_append_auth_env(env, sst_auth)))
+  {
+    WSREP_ERROR("sst_prepare_other(): appending auth failed: %d", ret);
+    return ret;
+  }
+
   pthread_t tmp;
-  sst_thread_arg arg(cmd_str);
+  sst_thread_arg arg(cmd_str(), env());
   mysql_mutex_lock (&arg.lock);
   ret = pthread_create (&tmp, NULL, sst_joiner_thread, &arg);
   if (ret)
@@ -582,7 +628,8 @@ ssize_t wsrep_sst_prepare (void** msg)
       return 0;
     }
 
-    addr_len = sst_prepare_other (wsrep_sst_method, addr_in, &addr_out);
+    addr_len = sst_prepare_other (wsrep_sst_method, sst_auth_real,
+                                  addr_in, &addr_out);
     if (addr_len < 0)
     {
       WSREP_ERROR("Failed to prepare for '%s' SST. Unrecoverable.",
@@ -615,13 +662,13 @@ ssize_t wsrep_sst_prepare (void** msg)
 }
 
 // helper method for donors
-static int sst_run_shell (const char* cmd_str, int max_tries)
+static int sst_run_shell (const char* cmd_str, char** env, int max_tries)
 {
   int ret = 0;
 
   for (int tries=1; tries <= max_tries; tries++)
   {
-    wsp::process proc (cmd_str, "r");
+    wsp::process proc (cmd_str, "r", env);
 
     if (NULL != proc.pipe())
     {
@@ -651,17 +698,12 @@ static void sst_reject_queries(my_bool close_conn)
     if (TRUE == close_conn) wsrep_close_client_connections(FALSE);
 }
 
-static int sst_mysqldump_check_addr (const char* user, const char* pswd,
-                                     const char* host, const char* port)
-{
-  return 0;
-}
-
 static int sst_donate_mysqldump (const char*         addr,
                                  const wsrep_uuid_t* uuid,
                                  const char*         uuid_str,
                                  wsrep_seqno_t       seqno,
-                                 bool                bypass)
+                                 bool                bypass,
+                                 char**              env) // carries auth info
 {
   size_t host_len;
   const char* port = strchr (addr, ':');
@@ -682,54 +724,42 @@ static int sst_donate_mysqldump (const char*         addr,
   strncpy (host, addr, host_len - 1);
   host[host_len - 1] = '\0';
 
-  const char* auth = sst_auth_real;
-  const char* pswd = (auth) ? strchr (auth, ':') : NULL;
-  size_t user_len;
+  int const cmd_len= 4096;
+  wsp::string  cmd_str(cmd_len);
 
-  if (pswd)
+  if (!cmd_str())
   {
-    pswd += 1;
-    user_len = pswd - auth;
-  }
-  else
-  {
-    pswd = "";
-    user_len = (auth) ? strlen (auth) + 1 : 1;
+    WSREP_ERROR("sst_donate_mysqldump(): "
+                "could not allocate cmd buffer of %d bytes", cmd_len);
+    return -ENOMEM;
   }
 
-  char *user= (char *) alloca(user_len);
+  if (!bypass && wsrep_sst_donor_rejects_queries) sst_reject_queries(TRUE);
 
-  strncpy (user, (auth) ? auth : "", user_len - 1);
-  user[user_len - 1] = '\0';
+  int ret= snprintf (cmd_str(), cmd_len,
+                     "wsrep_sst_mysqldump "
+                     WSREP_SST_OPT_HOST" '%s' "
+                     WSREP_SST_OPT_PORT" '%s' "
+                     WSREP_SST_OPT_LPORT" '%u' "
+                     WSREP_SST_OPT_SOCKET" '%s' "
+                     WSREP_SST_OPT_DATA" '%s' "
+                     WSREP_SST_OPT_CONF" '%s' "
+                     WSREP_SST_OPT_GTID" '%s:%lld'"
+                     "%s",
+                     host, port, mysqld_port, mysqld_unix_port,
+                     mysql_real_data_home, wsrep_defaults_file, uuid_str,
+                     (long long)seqno, bypass ? " "WSREP_SST_OPT_BYPASS : "");
 
-  int ret = sst_mysqldump_check_addr (user, pswd, host, port);
-  if (!ret)
+  if (ret < 0 || ret >= cmd_len)
   {
-    char cmd_str[1024];
-
-    if (!bypass && wsrep_sst_donor_rejects_queries) sst_reject_queries(TRUE);
-
-    snprintf (cmd_str, sizeof(cmd_str),
-              "wsrep_sst_mysqldump "
-              WSREP_SST_OPT_USER" '%s' "
-              WSREP_SST_OPT_PSWD" '%s' "
-              WSREP_SST_OPT_HOST" '%s' "
-              WSREP_SST_OPT_PORT" '%s' "
-              WSREP_SST_OPT_LPORT" '%u' "
-              WSREP_SST_OPT_SOCKET" '%s' "
-              WSREP_SST_OPT_DATA" '%s' "
-              WSREP_SST_OPT_CONF" '%s' "
-              WSREP_SST_OPT_GTID" '%s:%lld'"
-              "%s",
-              user, pswd, host, port, mysqld_port, mysqld_unix_port,
-              mysql_real_data_home, wsrep_defaults_file, uuid_str,
-              (long long)seqno, bypass ? " "WSREP_SST_OPT_BYPASS : "");
-
-    WSREP_DEBUG("Running: '%s'", cmd_str);
-
-    ret= sst_run_shell (cmd_str, 3);
+    WSREP_ERROR("sst_donate_mysqldump(): snprintf() failed: %d", ret);
+    return (ret < 0 ? ret : -EMSGSIZE);
   }
 
+  WSREP_DEBUG("Running: '%s'", cmd_str());
+
+  ret= sst_run_shell (cmd_str(), env, 3);
+
   wsrep_gtid_t const state_id = { *uuid, (ret ? WSREP_SEQNO_UNDEFINED : seqno)};
 
   wsrep->sst_sent (wsrep, &state_id, ret);
@@ -883,7 +913,7 @@ static void* sst_donor_thread (void* a)
 
   wsp::thd thd(FALSE); // we turn off wsrep_on for this THD so that it can
                        // operate with wsrep_ready == OFF
-  wsp::process proc(arg->cmd, "r");
+  wsp::process proc(arg->cmd, "r", arg->env);
 
   err= proc.error();
 
@@ -968,21 +998,29 @@ static int sst_donate_other (const char*   method,
                              const char*   addr,
                              const char*   uuid,
                              wsrep_seqno_t seqno,
-                             bool          bypass)
+                             bool          bypass,
+                             char**        env) // carries auth info
 {
-  char cmd_str[4096];
+  int const cmd_len= 4096;
+  wsp::string  cmd_str(cmd_len);
 
-  int ret= snprintf (cmd_str, sizeof(cmd_str),
+  if (!cmd_str())
+  {
+    WSREP_ERROR("sst_donate_other(): "
+                "could not allocate cmd buffer of %d bytes", cmd_len);
+    return -ENOMEM;
+  }
+
+  int ret= snprintf (cmd_str(), cmd_len,
                      "wsrep_sst_%s "
                      WSREP_SST_OPT_ROLE" 'donor' "
                      WSREP_SST_OPT_ADDR" '%s' "
-                     WSREP_SST_OPT_AUTH" '%s' "
                      WSREP_SST_OPT_SOCKET" '%s' "
                      WSREP_SST_OPT_DATA" '%s' "
                      WSREP_SST_OPT_CONF" '%s' "
                      WSREP_SST_OPT_GTID" '%s:%lld'"
                      "%s",
-                     method, addr, sst_auth_real, mysqld_unix_port,
+                     method, addr, mysqld_unix_port,
                      mysql_real_data_home, wsrep_defaults_file,
                      uuid, (long long) seqno,
                      bypass ? " "WSREP_SST_OPT_BYPASS : "");
@@ -996,7 +1034,7 @@ static int sst_donate_other (const char*   method,
   if (!bypass && wsrep_sst_donor_rejects_queries) sst_reject_queries(FALSE);
 
   pthread_t tmp;
-  sst_thread_arg arg(cmd_str);
+  sst_thread_arg arg(cmd_str(), env);
   mysql_mutex_lock (&arg.lock);
   ret = pthread_create (&tmp, NULL, sst_donor_thread, &arg);
   if (ret)
@@ -1029,15 +1067,29 @@ wsrep_cb_status_t wsrep_sst_donate_cb (void* app_ctx, void* recv_ctx,
   char uuid_str[37];
   wsrep_uuid_print (&current_gtid->uuid, uuid_str, sizeof(uuid_str));
 
+  wsp::env env(NULL);
+  if (env.error())
+  {
+    WSREP_ERROR("sst_donate_other(): env var ctor failed: %d", -env.error());
+    return WSREP_CB_FAILURE;
+  }
+
   int ret;
+  if ((ret= sst_append_auth_env(env, sst_auth_real)))
+  {
+    WSREP_ERROR("sst_donate_other(): appending auth env failed: %d", ret);
+    return WSREP_CB_FAILURE;
+  }
+
   if (!strcmp (WSREP_SST_MYSQLDUMP, method))
   {
     ret = sst_donate_mysqldump(data, &current_gtid->uuid, uuid_str,
-                               current_gtid->seqno, bypass);
+                               current_gtid->seqno, bypass, env());
   }
   else
   {
-    ret = sst_donate_other(method, data, uuid_str, current_gtid->seqno,bypass);
+    ret = sst_donate_other(method, data, uuid_str,
+                           current_gtid->seqno, bypass, env());
   }
 
   return (ret > 0 ? WSREP_CB_SUCCESS : WSREP_CB_FAILURE);

sql/wsrep_utils.cc

@@ -63,7 +63,7 @@ wsrep_prepend_PATH (const char* path)
         size_t const new_path_len(strlen(old_path) + strlen(":") +
                                   strlen(path) + 1);
 
-        char* const new_path (reinterpret_cast<char*>(malloc(new_path_len)));
+        char* const new_path (static_cast<char*>(malloc(new_path_len)));
 
         if (new_path)
         {
@@ -89,6 +89,91 @@ wsrep_prepend_PATH (const char* path)
 namespace wsp
 {
 
+bool
+env::ctor_common(char** e)
+{
+    env_ = static_cast<char**>(malloc((len_ + 1) * sizeof(char*)));
+
+    if (env_)
+    {
+        for (size_t i(0); i < len_; ++i)
+        {
+            assert(e[i]); // caller should make sure about len_
+            env_[i] = strdup(e[i]);
+            if (!env_[i])
+            {
+                errno_ = errno;
+                WSREP_ERROR("Failed to allocate env. var: %s", e[i]);
+                return true;
+            }
+        }
+
+        env_[len_] = NULL;
+        return false;
+    }
+    else
+    {
+        errno_ = errno;
+        WSREP_ERROR("Failed to allocate env. var vector of length: %zu", len_);
+        return true;
+    }
+}
+
+void
+env::dtor()
+{
+    if (env_)
+    {
+        /* don't need to go beyond the first NULL */
+        for (size_t i(0); env_[i] != NULL; ++i) { free(env_[i]); }
+        free(env_);
+        env_ = NULL;
+    }
+    len_ = 0;
+}
+
+env::env(char** e)
+    : len_(0), env_(NULL), errno_(0)
+{
+    if (!e) { e = environ; }
+    /* count the size of the vector */
+    while (e[len_]) { ++len_; }
+
+    if (ctor_common(e)) dtor();
+}
+
+env::env(const env& e)
+    : len_(e.len_), env_(0), errno_(0)
+{
+    if (ctor_common(e.env_)) dtor();
+}
+
+env::~env() { dtor(); }
+
+int
+env::append(const char* val)
+{
+    char** tmp = static_cast<char**>(realloc(env_, (len_ + 2)*sizeof(char*)));
+
+    if (tmp)
+    {
+        env_ = tmp;
+        env_[len_] = strdup(val);
+
+        if (env_[len_])
+        {
+            ++len_;
+            env_[len_] = NULL;
+        }
+    }
+
+    /* if either realloc() or strdup() failed, errno had been set */
+    errno_ = errno;
+
+    return errno_;
+}
+
+
 #define PIPE_READ  0
 #define PIPE_WRITE 1
 #define STDIN_FD   0
@@ -98,7 +183,7 @@ namespace wsp
 # define POSIX_SPAWN_USEVFORK 0
 #endif
 
-process::process (const char* cmd, const char* type)
+process::process (const char* cmd, const char* type, char** env)
     : str_(cmd ? strdup(cmd) : strdup("")), io_(NULL), err_(EINVAL), pid_(0)
 {
     if (0 == str_)
@@ -120,6 +205,8 @@ process::process (const char* cmd, const char* type)
         return;
     }
 
+    if (NULL == env) { env = environ; } // default to global environment
+
     int pipe_fds[2] = { -1, };
     if (::pipe(pipe_fds))
     {
@@ -215,7 +302,7 @@ process::process (const char* cmd, const char* type)
         goto cleanup_fact;
     }
 
-    err_ = posix_spawnp (&pid_, pargv[0], &fact, &attr, pargv, environ);
+    err_ = posix_spawnp (&pid_, pargv[0], &fact, &attr, pargv, env);
     if (err_)
     {
         WSREP_ERROR ("posix_spawnp(%s) failed: %d (%s)",
@@ -309,6 +396,7 @@ process::wait ()
               {
               case 126: err_ = EACCES; break; /* Permission denied */
               case 127: err_ = ENOENT; break; /* No such file or directory */
+              case 143: err_ = EINTR;  break; /* Subprocess killed */
               }
               WSREP_ERROR("Process completed with error: %s: %d (%s)",
                           str_, err_, strerror(err_));

sql/wsrep_utils.h

@@ -44,6 +44,25 @@ private:
 extern wsp::node_status local_status;
 
 namespace wsp {
+/* a class to manage env vars array */
+class env
+{
+private:
+    size_t len_;
+    char** env_;
+    int    errno_;
+    bool ctor_common(char** e);
+    void dtor();
+    env& operator =(env);
+public:
+    explicit env(char** env);
+    explicit env(const env&);
+    ~env();
+    int append(const char* var); /* add a new env. var */
+    int error() const { return errno_; }
+    char** operator()() { return env_; }
+};
+
 /* A small class to run external programs. */
 class process
 {
@@ -56,8 +75,9 @@ private:
 public:
 /*! @arg type is a pointer to a null-terminated string which  must  contain
          either  the  letter  'r'  for  reading  or the letter 'w' for writing.
+    @arg env optional null-terminated vector of environment variables
  */
-    process  (const char* cmd, const char* type);
+    process  (const char* cmd, const char* type, char** env);
     ~process ();
 
     FILE* pipe () { return io_;  }
@@ -90,6 +110,8 @@ class string
 {
 public:
     string() : string_(0) {}
+    explicit string(size_t s) : string_(static_cast<char*>(malloc(s))) {}
+    char* operator()() { return string_; }
     void set(char* str) { if (string_) free (string_); string_ = str; }
     ~string() { set (0); }
 private: