MySQL 8.4.3
Source Code Documentation
mysql_secure_installation.cc File Reference
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include "client/include/client_priv.h"
#include "m_string.h"
#include "my_alloc.h"
#include "my_compiler.h"
#include "my_dbug.h"
#include "my_default.h"
#include "my_inttypes.h"
#include "my_macros.h"
#include "my_shm_defaults.h"
#include "mysql/service_mysql_alloc.h"
#include "mysqld_error.h"
#include "nulls.h"
#include "print_version.h"
#include "typelib.h"
#include "welcome_copyright_notice.h"
#include "client/include/sslopt-vars.h"
#include "client/include/sslopt-longopts.h"
#include "client/include/sslopt-case.h"

Functions

static void usage ()
 
static void free_resources ()
 
static bool my_arguments_get_one_option (int optid, const struct my_option *opt, char *argument)
 
static void init_connection_options (MYSQL *mysql)
 
static int get_response (const char *opt_message, int default_answer=-1)
 Reads the response from stdin and returns the first character. More...
 
static void execute_query_with_message (const char *query, const char *opt_message)
 Takes a mysql query and an optional message as arguments. More...
 
static bool execute_query (const char **query, size_t length)
 Takes a mysql query and the length of the query in bytes as the input. More...
 
static bool validate_password_exists ()
 Checks if the validate_password component is installed and returns true if it is. More...
 
static int install_password_validation_component ()
 Installs validate_password component and sets the password validation policy. More...
 
static void estimate_password_strength (char *password_string)
 Checks the password strength and displays it to the user. More...
 
static bool mysql_set_password (MYSQL *mysql, char *password)
 During rpm deployments the password expires immediately and needs to be renewed before the DBA can set the final password. More...
 
static bool mysql_expire_password (MYSQL *mysql)
 Expires the password for all users if executed with sufficient privileges. More...
 
static void set_opt_user_password (int component_set)
 Sets the user password with the string provided during the flow of the method. More...
 
static int get_opt_user_password ()
 Takes the opt_user's password as an input from the user and checks its validity by trying to connect to the server with it. More...
 
static void drop_users (MYSQL_RES *result)
 Takes the user and the host from result set and drops those users. More...
 
static void remove_anonymous_users ()
 Removes all the anonymous users for better security. More...
 
static void remove_remote_root ()
 Drops all the root users with a remote host. More...
 
static void remove_test_database ()
 Removes test database and deletes the rows corresponding to them from mysql.db table. More...
 
static void reload_privilege_tables ()
 Refreshes the in-memory details through FLUSH PRIVILEGES. More...
 
int main (int argc, char *argv[])
 

Variables

static MEM_ROOT argv_alloc {PSI_NOT_INSTRUMENTED, 512}
 
static char * opt_host = nullptr
 
static char * opt_user = nullptr
 
static uint opt_port = 0
 
static uint opt_protocol = 0
 
static char * opt_socket = nullptr
 
static MYSQL mysql_handle
 
static char * password = nullptr
 
static bool password_provided = false
 
static bool g_expire_password_on_exit = false
 
static bool opt_use_default = false
 
static const char * load_default_groups []
 
static struct my_option my_connection_options []
 

Function Documentation

◆ drop_users()

static void drop_users ( MYSQL_RES result)
static

Takes the user and the host from result set and drops those users.

Parameters
resultThe result set from which rows are to be fetched.

◆ estimate_password_strength()

static void estimate_password_strength ( char *  password_string)
static

Checks the password strength and displays it to the user.

Parameters
password_stringPassword string whose strength is to be estimated

◆ execute_query()

static bool execute_query ( const char **  query,
size_t  length 
)
static

Takes a mysql query and the length of the query in bytes as the input.

If the query fails on running, a message along with the failure details is displayed.

Parameters
queryThe mysql query which is to be executed.
lengthLength of the query in bytes.
Returns
false in case of success true in case of failure

◆ execute_query_with_message()

static void execute_query_with_message ( const char *  query,
const char *  opt_message 
)
static

Takes a mysql query and an optional message as arguments.

It displays the message if provided one and then runs the query. If the query is run successfully, the success message is displayed. Else, the failure message along with the actual failure is displayed. If the server is not found running, the program is exited.

Parameters
queryThe mysql query which is to be executed.
opt_messageThe optional message to be displayed.

◆ free_resources()

static void free_resources ( )
static

◆ get_opt_user_password()

static int get_opt_user_password ( )
static

Takes the opt_user's password as an input from the user and checks its validity by trying to connect to the server with it.

The connection to the server is opened in this function.

Returns
Returns 1 if a password already exists and 0 if it doesn't.

◆ get_response()

static int get_response ( const char *  opt_message,
int  default_answer = -1 
)
static

Reads the response from stdin and returns the first character.

If global variable opt_use_default is true then the default_answer is returned instead.

Parameters
opt_messageOptional message do be displayed.
default_answerAnswer to be given if no interactivity is allowed.
Returns
First character of input string

◆ init_connection_options()

static void init_connection_options ( MYSQL mysql)
static

◆ install_password_validation_component()

static int install_password_validation_component ( )
static

Installs validate_password component and sets the password validation policy.

Returns
Returns 1 on successfully setting the component and 0 in case of of any error.

◆ main()

int main ( int  argc,
char *  argv[] 
)

◆ my_arguments_get_one_option()

static bool my_arguments_get_one_option ( int  optid,
const struct my_option opt,
char *  argument 
)
static

◆ mysql_expire_password()

static bool mysql_expire_password ( MYSQL mysql)
static

Expires the password for all users if executed with sufficient privileges.

This is primarily used as a helper function during rpm deployments.

Parameters
mysqlThe MYSQL handle

Function might fail with an error message which can be retrieved using mysql_error(mysql)

Returns
Success or failure
Return values
truesuccess
falsefailure

◆ mysql_set_password()

static bool mysql_set_password ( MYSQL mysql,
char *  password 
)
static

During rpm deployments the password expires immediately and needs to be renewed before the DBA can set the final password.

This helper subroutine will use an active connection to set a password.

Parameters
mysqlThe MYSQL handle
passwordA password character string

Function might fail with an error message which can be retrieved using mysql_error(mysql)

Returns
Success or failure
Return values
truesuccess
falsefailure

◆ reload_privilege_tables()

static void reload_privilege_tables ( )
static

Refreshes the in-memory details through FLUSH PRIVILEGES.

◆ remove_anonymous_users()

static void remove_anonymous_users ( )
static

Removes all the anonymous users for better security.

◆ remove_remote_root()

static void remove_remote_root ( )
static

Drops all the root users with a remote host.

◆ remove_test_database()

static void remove_test_database ( )
static

Removes test database and deletes the rows corresponding to them from mysql.db table.

◆ set_opt_user_password()

static void set_opt_user_password ( int  component_set)
static

Sets the user password with the string provided during the flow of the method.

It checks for the strength of the password before changing it and displays the same to the user. The user can decide if he wants to continue with the password, or provide a new one, depending on the strength displayed.

Parameters
component_set1 if validate_password component is set and 0 if it is not.

◆ usage()

static void usage ( void  )
static

◆ validate_password_exists()

static bool validate_password_exists ( )
static

Checks if the validate_password component is installed and returns true if it is.

Variable Documentation

◆ argv_alloc

MEM_ROOT argv_alloc {PSI_NOT_INSTRUMENTED, 512}
static

◆ g_expire_password_on_exit

bool g_expire_password_on_exit = false
static

◆ load_default_groups

const char* load_default_groups[]
static
Initial value:
= {"mysql_secure_installation",
"mysql", "client", nullptr}

◆ my_connection_options

struct my_option my_connection_options[]
static

◆ mysql_handle

MYSQL mysql_handle
static

◆ opt_host

char* opt_host = nullptr
static

◆ opt_port

uint opt_port = 0
static

◆ opt_protocol

uint opt_protocol = 0
static

◆ opt_socket

char* opt_socket = nullptr
static

◆ opt_use_default

bool opt_use_default = false
static

◆ opt_user

char* opt_user = nullptr
static

◆ password

char* password = nullptr
static

◆ password_provided

bool password_provided = false
static