[MDEV-27789] mysql_upgrade / mariadb-upgrade in 10.6.6 is putting password in host argument Created: 2022-02-09  Updated: 2022-06-27  Resolved: 2022-02-10

Status: Closed
Project: MariaDB Server
Component/s: Scripts & Clients
Affects Version/s: 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2
Fix Version/s: 10.5.14, 10.2.43, 10.3.34, 10.4.24, 10.5.15, 10.6.7, 10.7.3

Type: Bug Priority: Blocker
Reporter: Jonathan Ocab Assignee: Michael Widenius
Resolution: Fixed Votes: 0
Labels: regression
Environment:

CentOS Linux release 7.9.2009 (Core)

Issue Links:
Blocks
is blocked by MDEV-27459 SST works as expected on joiner node ... Closed
Problem/Incident
is caused by MDEV-27068 running mariadb-upgrade on mariadb se... Closed

 Description   

I upgraded from 10.6.5 (?) to 10.6.6 via package manager and whenever I run the mysql_upgrade command, it appears the password is being put into the host argument/field.

# ./mariadb-upgrade -h localhost -u root -p
 
Enter password:
 
Reading datadir from the MariaDB server failed. Got the following error when executing the 'mysql' command line client
 
ERROR 2005 (HY000): Unknown server host 'thisisapassword' (-2)
 
FATAL ERROR: Upgrade failed
 
# ./mysql_upgrade -h localhost -u root -p
 
Enter password:
 
Reading datadir from the MariaDB server failed. Got the following error when executing the 'mysql' command line client
 
ERROR 2005 (HY000): Unknown server host 'thisisapassword' (-2)
 
FATAL ERROR: Upgrade failed



 Comments   
Comment by Daniel Black [ 2022-02-09 ]

Basic form of a fix:

diff --git a/client/mysql_upgrade.c b/client/mysql_upgrade.c
 
index 8c186b521c1..9ca5ffecdd7 100644
 
--- a/client/mysql_upgrade.c
 
+++ b/client/mysql_upgrade.c
 
@@ -121,7 +121,7 @@ static struct my_option my_long_options[]=
 
    &opt_not_used, &opt_not_used, 0 , GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
 
   {"host", 'h', "Connect to host.", 0,
 
    0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
 
-#define PASSWORD_OPT 12
 
+#define PASSWORD_OPT 13
 
   {"password", 'p',
 
    "Password to use when connecting to server. If password is not given,"
 
    " it's solicited on the tty.", &opt_password,&opt_password,

Comment by Michael Widenius [ 2022-02-10 ]

The above suggested patch shows where the problem is, but still has the original problem that the code is very fragile if anyone adds more command line arguments.

I have now created a patch that removes the above defined and also the USER_OPT defined which has the same problem

Comment by Michael Widenius [ 2022-02-10 ]

Fixed by removing the dependency of options positions in my_long_options

Comment by Peter Debik [ 2022-02-13 ]

Now as we are already on 10.3.33 and 10.5.14 and the issue affects the upgrade process, can we safely upgrade to 10.3.34 / 10.5.15 from the two revoked, faulty versions?

Comment by Elena Stepanova [ 2022-02-13 ]

bitpalast,
Yes, you should be able to upgrade smoothly. The problem was only affecting (manual) invocation of mysql_upgrade utility, it didn't cause any changes in user configuration.
On a separate but related note, please take into account that mysql_upgrade now needs to be run by an OS user which has writing permissions for the MariaDB datadir (usually it means running under sudo). So, if your existing upgrade process runs mysql_upgrade without such permissions, it can start throwing permission errors. This part was an intentional change.

Generated at Thu Feb 08 09:55:35 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.