Bug#27568278: CAN'T LOCATE SERVER PUBLIC KEY 'ROOT' WHEN

harinvadodaria · dahlerlend · commit fb9c110804b4 · 2018-03-28T13:42:35.000+02:00
RUNNING MYSQL_UPGRADE

Description: mysql_upgrade does not set
             MYSQL_SERVER_PUBLIC_KEY correctly. This leads
             to libmysqlclient not being able to read key
             from file.

Solution: Update mysql_upgrade to set
          MYSQL_SERVER_PUBLIC_KEY properly when
          --server-public-key-path is specified.
diff --git a/client/base/mysql_connection_options.cc b/client/base/mysql_connection_options.cc
@@ -29,6 +29,7 @@
 #include <sstream>
 #include <vector>
 
+#include "caching_sha2_passwordopt-vars.h"
 #include "client/base/abstract_options_provider.h"
 #include "client/base/abstract_program.h"
 #include "m_ctype.h"
@@ -159,12 +160,13 @@ MYSQL *Mysql_connection_options::create_connection() {
   mysql_options4(connection, MYSQL_OPT_CONNECT_ATTR_ADD, "program_name",
                  this->m_program->get_name().c_str());
 
-  mysql_options(connection, MYSQL_SERVER_PUBLIC_KEY,
-                this->get_null_or_string(this->m_user));
+  if (this->m_server_public_key.has_value())
+    set_server_public_key(connection,
+                          this->m_server_public_key.value().c_str());
 
   if (this->m_get_server_public_key)
-    mysql_options(connection, MYSQL_OPT_GET_SERVER_PUBLIC_KEY,
-                  (void *)&this->m_get_server_public_key);
+    set_get_server_public_key_option(connection,
+                                     &this->m_get_server_public_key);
 
   if (!mysql_real_connect(
           connection, this->get_null_or_string(this->m_host),
diff --git a/include/caching_sha2_passwordopt-vars.h b/include/caching_sha2_passwordopt-vars.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -29,12 +29,17 @@
 static char *opt_server_public_key = 0;
 static bool opt_get_server_public_key = false;
 
-static void set_server_public_key(MYSQL *mysql) {
-  if (opt_server_public_key && *opt_server_public_key)
+static void set_server_public_key(MYSQL *mysql,
+                                  const char *server_public_key = NULL) {
+  if (server_public_key && *server_public_key)
+    mysql_options(mysql, MYSQL_SERVER_PUBLIC_KEY, server_public_key);
+  else if (opt_server_public_key && *opt_server_public_key)
     mysql_options(mysql, MYSQL_SERVER_PUBLIC_KEY, opt_server_public_key);
 }
 
-static void set_get_server_public_key_option(MYSQL *mysql) {
+static void set_get_server_public_key_option(
+    MYSQL *mysql, const bool *get_server_public_key = NULL) {
   mysql_options(mysql, MYSQL_OPT_GET_SERVER_PUBLIC_KEY,
-                &opt_get_server_public_key);
+                get_server_public_key ? get_server_public_key
+                                      : &opt_get_server_public_key);
 }
diff --git a/mysql-test/r/mysql_upgrade.result b/mysql-test/r/mysql_upgrade.result
@@ -155,5 +155,103 @@ mtr.global_suppressions                            OK
 mtr.test_suppressions                              OK
 sys.sys_config                                     OK
 SET GLOBAL autocommit = default;
+#
+# Bug #27568278: CAN'T LOCATE SERVER PUBLIC KEY 'ROOT' WHEN RUNNING MYSQL_UPGRADE
+#
+CREATE USER root_sha256@localhost IDENTIFIED WITH 'sha256_password';
+GRANT ALL ON *.* TO root_sha256@localhost WITH GRANT OPTION;
+Checking server version.
+Running queries to upgrade MySQL server.
+Upgrading system table data.
+Checking system database.
+mysql.columns_priv                                 OK
+mysql.component                                    OK
+mysql.db                                           OK
+mysql.default_roles                                OK
+mysql.engine_cost                                  OK
+mysql.func                                         OK
+mysql.general_log                                  OK
+mysql.global_grants                                OK
+mysql.gtid_executed                                OK
+mysql.help_category                                OK
+mysql.help_keyword                                 OK
+mysql.help_relation                                OK
+mysql.help_topic                                   OK
+mysql.innodb_index_stats                           OK
+mysql.innodb_table_stats                           OK
+mysql.password_history                             OK
+mysql.plugin                                       OK
+mysql.procs_priv                                   OK
+mysql.proxies_priv                                 OK
+mysql.role_edges                                   OK
+mysql.server_cost                                  OK
+mysql.servers                                      OK
+mysql.slave_master_info                            OK
+mysql.slave_relay_log_info                         OK
+mysql.slave_worker_info                            OK
+mysql.slow_log                                     OK
+mysql.tables_priv                                  OK
+mysql.time_zone                                    OK
+mysql.time_zone_leap_second                        OK
+mysql.time_zone_name                               OK
+mysql.time_zone_transition                         OK
+mysql.time_zone_transition_type                    OK
+mysql.user                                         OK
+The sys schema is already up to date (version 1.6.0).
+Checking databases.
+mtr.global_suppressions                            OK
+mtr.test_suppressions                              OK
+sys.sys_config                                     OK
+Upgrade process completed successfully.
+Checking if update is needed.
+DROP USER root_sha256@localhost;
+CREATE USER root_caching_sha2@localhost IDENTIFIED WITH 'caching_sha2_password' BY 'abcd';
+GRANT ALL ON *.* TO root_caching_sha2@localhost WITH GRANT OPTION;
+mysql_upgrade: [Warning] Using a password on the command line interface can be insecure.
+Checking server version.
+Running queries to upgrade MySQL server.
+Upgrading system table data.
+Checking system database.
+mysql.columns_priv                                 OK
+mysql.component                                    OK
+mysql.db                                           OK
+mysql.default_roles                                OK
+mysql.engine_cost                                  OK
+mysql.func                                         OK
+mysql.general_log                                  OK
+mysql.global_grants                                OK
+mysql.gtid_executed                                OK
+mysql.help_category                                OK
+mysql.help_keyword                                 OK
+mysql.help_relation                                OK
+mysql.help_topic                                   OK
+mysql.innodb_index_stats                           OK
+mysql.innodb_table_stats                           OK
+mysql.password_history                             OK
+mysql.plugin                                       OK
+mysql.procs_priv                                   OK
+mysql.proxies_priv                                 OK
+mysql.role_edges                                   OK
+mysql.server_cost                                  OK
+mysql.servers                                      OK
+mysql.slave_master_info                            OK
+mysql.slave_relay_log_info                         OK
+mysql.slave_worker_info                            OK
+mysql.slow_log                                     OK
+mysql.tables_priv                                  OK
+mysql.time_zone                                    OK
+mysql.time_zone_leap_second                        OK
+mysql.time_zone_name                               OK
+mysql.time_zone_transition                         OK
+mysql.time_zone_transition_type                    OK
+mysql.user                                         OK
+The sys schema is already up to date (version 1.6.0).
+Checking databases.
+mtr.global_suppressions                            OK
+mtr.test_suppressions                              OK
+sys.sys_config                                     OK
+Upgrade process completed successfully.
+Checking if update is needed.
+DROP USER root_caching_sha2@localhost;
 
 End of tests
diff --git a/mysql-test/t/mysql_upgrade.test b/mysql-test/t/mysql_upgrade.test
@@ -74,6 +74,21 @@ SET GLOBAL autocommit = 0;
 
 SET GLOBAL autocommit = default;
 
+--echo #
+--echo # Bug #27568278: CAN'T LOCATE SERVER PUBLIC KEY 'ROOT' WHEN RUNNING MYSQL_UPGRADE
+--echo #
+
+CREATE USER root_sha256@localhost IDENTIFIED WITH 'sha256_password';
+GRANT ALL ON *.* TO root_sha256@localhost WITH GRANT OPTION;
+--replace_regex /mysql.ndb_binlog_index.*$//
+--exec $MYSQL_UPGRADE --force -uroot_sha256 --protocol=tcp --ssl-mode=disabled 2>&1
+DROP USER root_sha256@localhost;
+
+CREATE USER root_caching_sha2@localhost IDENTIFIED WITH 'caching_sha2_password' BY 'abcd';
+GRANT ALL ON *.* TO root_caching_sha2@localhost WITH GRANT OPTION;
+--replace_regex /mysql.ndb_binlog_index.*$//
+--exec $MYSQL_UPGRADE --force -uroot_caching_sha2 -pabcd --server-public-key-path=$MYSQL_TEST_DIR/std_data/rsa_public_key.pem --protocol=tcp --ssl-mode=disabled 2>&1
+DROP USER root_caching_sha2@localhost;
 
 --source include/mysql_upgrade_cleanup.inc
 
