MySQL new features-mysql_config_editor source code analysis
Mysql has launched the encryption tool mysql_config_editor since mysql5.6. Previously, we put the account and password in plain text into my. cnf, so that you can log on to the database without specifying the account and password when using the mysql client. With the mysql_config_editor tool, we put the encrypted account and password into the binary file. When you log on, the client decrypts the file to log on to the database. Since encryption and decryption are performed in the memory, the file content cannot be displayed in plaintext. As long as we keep the file permissions, we can prevent malicious people from decrypting our database password.
The usage of mysql_config_editor is as follows:
Mysql_config_editor set -- login-path = client -- host = localhost -- user = localuser -- password
In this way, we configure a local Data source:
Login-path: Specifies the identity when logging on through the mysql client
Host: database to be connected
User: The account used to connect to the database locally
Password: Specifies the Database password used for local connection (assume that the entered password is password1)
Of course, if we use a remote connection, we may add specific port information. In this way, when we log on to the database, we only need the following command to connect to the database:
Mysql-login-path = client
Then we connect to the local database.
Next let's take a look at the details of mysql_config_editor:
Because the tool contains set/remove/print/reset/help, we only analyze the implementation of the set function:
The set function is implemented through the set_command function. This function is mainly used to configure data source information such as account and password, and store the information to a binary file:
Click (here) to fold or open
Static int set_command (void)
{
DBUG_ENTER ("set_command ");
DYNAMIC_STRING file_buf, path_buf;
Init_dynamic_string (& path_buf, "", MY_LINE_MAX, MY_LINE_MAX );
Init_dynamic_string (& file_buf, "", file_size, 3 * MY_LINE_MAX );
If (tty_password)
Opt_password = get_tty_password (NullS );
If (file_size)
{
If (read_and_decrypt_file (& file_buf) =-1) // if the file exists, read the file, decrypt the ciphertext, and store it in file_buf.
Goto error;
}
Dynstr_append (& path_buf, "[");/* -- login = path */
If (opt_login_path)
Dynstr_append (& path_buf, opt_login_path );
Else
Dynstr_append (& path_buf, "client ");
Dynstr_append (& path_buf, "]");
If (opt_user)/* -- user */
{
Dynstr_append (& path_buf, "\ nuser = ");
Dynstr_append (& path_buf, opt_user );
}
If (opt_password)/* -- password */
{
Dynstr_append (& path_buf, "\ npassword = ");
Dynstr_append (& path_buf, opt_password );
}
If (opt_host)/* -- host */
{
Dynstr_append (& path_buf, "\ nhost = ");
Dynstr_append (& path_buf, opt_host );
}
If (opt_socket)
{
Dynstr_append (& path_buf, "\ nsocket = ");
Dynstr_append (& path_buf, opt_socket );
}
If (opt_port)
{
Dynstr_append (& path_buf, "\ nport = ");
Dynstr_append (& path_buf, opt_port );
}
Dynstr_append (& path_buf, "\ n ");
/* Warn if login path already exists */
If (opt_warn & (locate_login_path (& file_buf, opt_login_path) // you can check whether the login-path already exists.
! = NULL ))
{
Int choice;
Printf ("WARNING: \ '% s \' path already exists and will be"
"Overwritten. \ n Continue? (Press y | Y for Yes, any"
"Other key for No ):",
Opt_login_path );
Choice = getchar ();
If (choice! = (Int) 'y' & choice! = (Int) 'y') // If the login-path already exists, do you want to overwrite it?
Goto done;/* skip */
}
/* Remove the login path .*/
Remove_login_path (& file_buf, opt_login_path); // Delete the login-path information from the content read from the original file.
/* Append the new login path to the file buffer .*/
Dynstr_append (& file_buf, path_buf.str); // Add the information of this login-path to the end of file_buf
If (encrypt_and_write_file (& file_buf) =-1) // write all information containing the new log-path and the original information into the file encrypted
Goto error;
Done:
Dynstr_free (& file_buf );
Dynstr_free (& path_buf );
DBUG_RETURN (0 );
Error:
Dynstr_free (& file_buf );
Dynstr_free (& path_buf );
DBUG_RETURN (-1 );
}
The specific logic of the Code is as follows:
Here we will focus on several important functions involved:
Read_and_decrypt_file (reads and decrypts the file and stores it in the dynamic character buffer)
Locate_login_path (determines whether the login-path already exists)
Remove_login_path (if login-path exists, delete this login-path)
Dynstr_append (& file_buf, path_buf.str); Add the new login-path to the end of file_buf
Encrypt_and_write_file (& file_buf) decodes the information in file_buf and writes it to the file.
First, let's take a look at the encrypted file format as follows:
Here we assume that an encrypted file already exists.
For more details, please continue to read the highlights on the next page: