MDEV-40027 : Galera Cluster-peer > Donor command execution

mysql-test/suite/galera/r/galera_sst_cn_injection.result

@@ -0,0 +1,24 @@
+connection node_2;
+connection node_1;
+SELECT 1;
+1
+1
+#
+# MDEV-39413 wsrep unsafe handling of parameters
+#
+call mtr.add_suppression("WSREP: Illegal character in state transfer request:");
+call mtr.add_suppression("WSREP: Bad remote auth string. SST canceled.");
+call mtr.add_suppression("WSREP: SST preparation failed");
+call mtr.add_suppression("WSREP: SST failed:");
+call mtr.add_suppression(".*State transfer to:*");
+call mtr.add_suppression("WSREP: Illegal character in variable:");
+connection node_2;
+# force SST again
+# using a cert with shell-unsafe CN
+# start the server
+# the server failed to start
+FOUND 1 /Bad remote auth string. SST canceled./ in mysqld.1.err
+# cleanup
+# restart
+call mtr.add_suppression(".*WSREP.*Will never receive state. Need to abort.");
+call mtr.add_suppression("WSREP_SST:");

mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key_server.cnf → mysql-test/suite/galera/t/galera_sst_cn_injection.cnf

@@ -1,7 +1,6 @@
 !include ../galera_2nodes.cnf
 
 [mysqld]
-wsrep_sst_method=rsync
 wsrep_sst_auth="root:"
 wsrep_debug=1
 

mysql-test/suite/galera/t/galera_sst_cn_injection.combinations

@@ -0,0 +1,6 @@
+[rsync]
+wsrep-sst-method=rsync
+
+[mariabackup]
+wsrep-sst-method=mariabackup
+

mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test → mysql-test/suite/galera/t/galera_sst_cn_injection.test

@@ -15,24 +15,16 @@ SELECT 1;
 --let $wait_condition = SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size';
 --source include/wait_condition.inc
 
-# Confirm that transfer was SSL-encrypted
---let SEARCH_FILE = $MYSQLTEST_VARDIR/log/mysqld.1.err
---let SEARCH_PATTERN = Using openssl based encryption with socat: with key and crt
---source include/search_pattern_in_file.inc
-
 --echo #
 --echo # MDEV-39413 wsrep unsafe handling of parameters
 --echo #
 
-call mtr.add_suppression('Invalid value for WSREP_SST_OPT_REMOTE_USER');
-call mtr.add_suppression('Failed to read from: wsrep_sst_mariabackup');
-call mtr.add_suppression('Process completed with error: wsrep_sst_mariabackup');
-call mtr.add_suppression('Command did not run: wsrep_sst_mariabackup');
-call mtr.add_suppression('State transfer to .* failed');
-call mtr.add_suppression('Will never receive state. Need to abort');
-call mtr.add_suppression('Error while getting data from donor node');
-call mtr.add_suppression('Cleanup after exit with status');
-call mtr.add_suppression('Removing .*/xtrabackup_galera_info file due to signal');
+call mtr.add_suppression("WSREP: Illegal character in state transfer request:");
+call mtr.add_suppression("WSREP: Bad remote auth string. SST canceled.");
+call mtr.add_suppression("WSREP: SST preparation failed");
+call mtr.add_suppression("WSREP: SST failed:");
+call mtr.add_suppression(".*State transfer to:*");
+call mtr.add_suppression("WSREP: Illegal character in variable:");
 
 --connection node_2
 --source include/shutdown_mysqld.inc
@@ -51,7 +43,8 @@ call mtr.add_suppression('Removing .*/xtrabackup_galera_info file due to signal'
 --exec $MYSQLD_LAST_CMD
 --echo # the server failed to start
 
---let SEARCH_PATTERN = Invalid value for WSREP_SST_OPT_REMOTE_USER
+--let SEARCH_FILE = $MYSQLTEST_VARDIR/log/mysqld.1.err
+--let SEARCH_PATTERN = Bad remote auth string. SST canceled.
 --source include/search_pattern_in_file.inc
 
 --echo # cleanup
@@ -60,6 +53,10 @@ call mtr.add_suppression('Removing .*/xtrabackup_galera_info file due to signal'
 # pkill exit code varies by platform 0 or 1
 --error 0,1
 --exec pkill -f 'socat.*server-new-cert'
+
 --exec echo ssl-cert=$MYSQL_TEST_DIR/std_data/server-cert.pem >> $MYSQLTEST_VARDIR/my.cnf
 --exec echo ssl-key=$MYSQL_TEST_DIR/std_data/server-key.pem >> $MYSQLTEST_VARDIR/my.cnf
 --source $MYSQL_TEST_DIR/include/start_mysqld.inc
+
+call mtr.add_suppression(".*WSREP.*Will never receive state. Need to abort.");
+call mtr.add_suppression("WSREP_SST:");

mysql-test/suite/sys_vars/r/wsrep_node_address_basic.result

@@ -31,6 +31,26 @@ ERROR 42000: Variable 'wsrep_node_address' can't be set to the value of 'NULL'
 SELECT @@global.wsrep_node_address;
 @@global.wsrep_node_address
 
+SET @@global.wsrep_node_address="127.0.0.1'ps";
+ERROR 42000: Variable 'wsrep_node_address' can't be set to the value of '127.0.0.1'ps'
+SELECT @@global.wsrep_node_address;
+@@global.wsrep_node_address
+
+SET @@global.wsrep_node_address="127.0.0.1 ps";
+ERROR 42000: Variable 'wsrep_node_address' can't be set to the value of '127.0.0.1 ps'
+SELECT @@global.wsrep_node_address;
+@@global.wsrep_node_address
+
+SET @@global.wsrep_node_address="127.0.0.1`ps";
+ERROR 42000: Variable 'wsrep_node_address' can't be set to the value of '127.0.0.1`ps'
+SELECT @@global.wsrep_node_address;
+@@global.wsrep_node_address
+
+SET @@global.wsrep_node_address="127.0.0.1$ps";
+ERROR 42000: Variable 'wsrep_node_address' can't be set to the value of '127.0.0.1$ps'
+SELECT @@global.wsrep_node_address;
+@@global.wsrep_node_address
+
 SET @@global.wsrep_node_address=ON;
 SELECT @@global.wsrep_node_address;
 @@global.wsrep_node_address

mysql-test/suite/sys_vars/r/wsrep_sst_auth_basic.result

@@ -46,7 +46,29 @@ SELECT @@global.wsrep_sst_auth;
 NULL
 SET @@global.wsrep_sst_auth=user:pass;
 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':pass' at line 1
+SET @@global.wsrep_sst_auth='user new:pass';
+ERROR 42000: Variable 'wsrep_sst_auth' can't be set to the value of 'user new:pass'
+SET @@global.wsrep_sst_auth='user$new:pass';
+ERROR 42000: Variable 'wsrep_sst_auth' can't be set to the value of 'user$new:pass'
+SET @@global.wsrep_sst_auth="user'new:pass";
+ERROR 42000: Variable 'wsrep_sst_auth' can't be set to the value of 'user'new:pass'
+SET @@global.wsrep_sst_auth="user;new:pass";
+ERROR 42000: Variable 'wsrep_sst_auth' can't be set to the value of 'user;new:pass'
+SET @@global.wsrep_sst_auth="user|new:pass";
+ERROR 42000: Variable 'wsrep_sst_auth' can't be set to the value of 'user|new:pass'
+SET @@global.wsrep_sst_auth="user&new:pass";
+ERROR 42000: Variable 'wsrep_sst_auth' can't be set to the value of 'user&new:pass'
+SET @@global.wsrep_sst_auth="user\\new:pass";
+ERROR 42000: Variable 'wsrep_sst_auth' can't be set to the value of 'user\new:pass'
+SET @@global.wsrep_sst_auth="user\"new:pass";
+ERROR 42000: Variable 'wsrep_sst_auth' can't be set to the value of 'user"new:pass'
+SET @@global.wsrep_sst_auth="user\nnew:pass";
+ERROR 42000: Variable 'wsrep_sst_auth' can't be set to the value of 'user
+new:pass'
+SET @@global.wsrep_sst_auth="user\tnew:pass";
+ERROR 42000: Variable 'wsrep_sst_auth' can't be set to the value of 'user	new:pass'
 
 # restore the initial value
 SET @@global.wsrep_sst_auth = @wsrep_sst_auth_global_saved;
+call mtr.add_suppression("WSREP: Illegal character in variable:");
 # End of test

mysql-test/suite/sys_vars/t/wsrep_node_address_basic.test

@@ -29,6 +29,19 @@ SELECT @@global.wsrep_node_address;
 --error ER_WRONG_VALUE_FOR_VAR
 SET @@global.wsrep_node_address=NULL;
 SELECT @@global.wsrep_node_address;
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_node_address="127.0.0.1'ps";
+SELECT @@global.wsrep_node_address;
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_node_address="127.0.0.1 ps";
+SELECT @@global.wsrep_node_address;
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_node_address="127.0.0.1`ps";
+SELECT @@global.wsrep_node_address;
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_node_address="127.0.0.1$ps";
+SELECT @@global.wsrep_node_address;
+
 # The values being assigned to wsrep_node_address are not verified so the
 # following alues are currently valid too.
 SET @@global.wsrep_node_address=ON;

mysql-test/suite/sys_vars/t/wsrep_sst_auth_basic.test

@@ -37,9 +37,31 @@ SET @@global.wsrep_sst_auth=1;
 SELECT @@global.wsrep_sst_auth;
 --error ER_PARSE_ERROR
 SET @@global.wsrep_sst_auth=user:pass;
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_sst_auth='user new:pass';
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_sst_auth='user$new:pass';
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_sst_auth="user'new:pass";
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_sst_auth="user;new:pass";
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_sst_auth="user|new:pass";
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_sst_auth="user&new:pass";
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_sst_auth="user\\new:pass";
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_sst_auth="user\"new:pass";
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_sst_auth="user\nnew:pass";
+--error ER_WRONG_VALUE_FOR_VAR
+SET @@global.wsrep_sst_auth="user\tnew:pass";
 
 --echo
 --echo # restore the initial value
 SET @@global.wsrep_sst_auth = @wsrep_sst_auth_global_saved;
 
+call mtr.add_suppression("WSREP: Illegal character in variable:");
+
 --echo # End of test

scripts/wsrep_sst_mariabackup.sh

@@ -1117,7 +1117,8 @@ if [ "$WSREP_SST_OPT_ROLE" = 'donor' ]; then
         wsrep_log_info "Using '$itmpdir' as mariadb-backup working directory"
 
         if [ -n "$WSREP_SST_OPT_USER" ]; then
-           INNOEXTRA="$INNOEXTRA --user='$WSREP_SST_OPT_USER'"
+           WSREP_SST_OPT_USER_SAFE="$(safe WSREP_SST_OPT_USER)"
+           INNOEXTRA="$INNOEXTRA --user='$WSREP_SST_OPT_USER_SAFE'"
         fi
 
         if [ -n "$WSREP_SST_OPT_PSWD" ]; then