MDEV-26714 - make credential manager an opt-in parameter for clients

with default = off

Theoretically, there is a security risk in using it (any process that runs
with current user credentials can read the password), therefore
we do not use it by default.

client/cli_utils.cc

@@ -23,6 +23,7 @@
 #include "cli_utils.h"
 #include "credmgr.h"
 
+
 #ifdef CREDMGR_SUPPORTED
 #include <mysqld_error.h>
 #endif
@@ -68,8 +69,8 @@
 */
 extern "C" MYSQL *cli_connect(MYSQL *mysql, const char *host, const char *user,
                    char **ppasswd, const char *db, unsigned int port,
-                   const char *unix_socket, unsigned long client_flag,
-                   my_bool tty_password)
+                   const char *unix_socket, unsigned long client_flag, my_bool tty_password, 
+                   my_bool allow_credmgr)
 {
   MYSQL *ret;
   bool use_tty_prompt= (*ppasswd == nullptr && tty_password);
@@ -80,7 +81,7 @@ extern "C" MYSQL *cli_connect(MYSQL *mysql, const char *host, const char *user,
                       unix_socket);
   bool use_credmgr_password= false;
   bool save_credmgr_password= getenv("MARIADB_CREDMGR_SAVE_PASSWORD") != nullptr;
-  if (!*ppasswd)
+  if (allow_credmgr && !*ppasswd)
   {
     save_credmgr_password = true;
     /* Interactive login or use credential manager if OS supports it.*/

client/cli_utils.h

@@ -6,7 +6,7 @@ extern "C" {
 #endif
 MYSQL *cli_connect(MYSQL *mysql, const char *host, const char *user, char **ppasswd,
                   const char *db, unsigned int port, const char *unix_socket, unsigned long client_flag,
-                  my_bool tty_password);
+                     my_bool tty_password, my_bool allow_credmgr);
 #ifdef __cplusplus
 }
 #endif

client/credmgr-opt.h

+/* This is meant to be included into the my_long_options struct declaration for the client utilities */
+{"credential-manager", 0, "Allow use of credential manager to store/retrieve password", &opt_credential_manager,
+ &opt_credential_manager, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
\ No newline at end of file

client/credmgr-var.h

+/* This is meant to be include by the client utilities */
+static my_bool opt_credential_manager;
\ No newline at end of file

client/mysql.cc

@@ -46,6 +46,7 @@
 #include <locale.h>
 #endif
 #include "cli_utils.h"
+#include "credmgr-var.h"
 
 const char *VER= "15.2";
 
@@ -1522,8 +1523,9 @@ static bool do_connect(MYSQL *mysql, const char *host, const char *user,
   maybe_convert_charset(&user, (const char **)password, &database,default_charset);
 #endif
 
-  return cli_connect(mysql, host, user, password, database,
-                            opt_mysql_port, opt_mysql_unix_port, flags, tty_password);
+  return cli_connect(mysql, host, user, password, database, opt_mysql_port,
+                     opt_mysql_unix_port, flags, tty_password,
+                     opt_credential_manager);
 }
 
 
@@ -1847,6 +1849,7 @@ static struct my_option my_long_options[] =
    "password sandbox mode even if --batch was specified.",
    &opt_connect_expired_password, &opt_connect_expired_password, 0, GET_BOOL,
    NO_ARG, 0, 0, 0, 0, 0, 0},
+#include "credmgr-opt.h"
   { 0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
 };
 

client/mysqladmin.cc

@@ -133,6 +133,7 @@ static const char *command_names[]= {
 
 static TYPELIB command_typelib=
 { array_elements(command_names)-1,"commands", command_names, NULL};
+#include "credmgr-var.h"
 
 static struct my_option my_long_options[] =
 {
@@ -235,6 +236,7 @@ static struct my_option my_long_options[] =
    "Default authentication client-side plugin to use.",
    &opt_default_auth, &opt_default_auth, 0,
    GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
+#include "credmgr-opt.h"
   { 0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
 };
 
@@ -593,7 +595,7 @@ static my_bool sql_connect(MYSQL *mysql, uint wait)
   for (;;)
   {
     if (cli_connect(mysql,host,user,&opt_password,NullS,tcp_port,
-      unix_port, CLIENT_REMEMBER_OPTIONS, tty_password))
+      unix_port, CLIENT_REMEMBER_OPTIONS, tty_password,opt_credential_manager))
     {
       my_bool reconnect= 1;
       mysql_options(mysql, MYSQL_OPT_RECONNECT, &reconnect);

client/mysqlbinlog.cc

@@ -1416,6 +1416,7 @@ Exit_status process_event(PRINT_EVENT_INFO *print_event_info, Log_event *ev,
   DBUG_RETURN(retval);
 }
 
+#include "credmgr-var.h"
 
 static struct my_option my_options[] =
 {
@@ -1695,6 +1696,7 @@ Example: rewrite-db='from->to'.",
    "Print metadata stored in Table_map_log_event",
    &opt_print_table_metadata, &opt_print_table_metadata, 0,
    GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
+#include "credmgr-opt.h"
   {0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
 };
 
@@ -2391,7 +2393,7 @@ static Exit_status safe_connect()
   mysql_options4(mysql, MYSQL_OPT_CONNECT_ATTR_ADD,
                  "program_name", "mysqlbinlog");
   if (!cli_connect(mysql, host, user, &pass, 0, port, sock,
-         0, tty_password))
+         0, tty_password,opt_credential_manager))
   {
     error("Failed on connect: %s", mysql_error(mysql));
     return ERROR_STOP;

client/mysqlcheck.c

@@ -70,6 +70,7 @@ const char *do_views_opts[]= {"NO", "YES", "UPGRADE_FROM_MYSQL", NullS};
 TYPELIB do_views_typelib= { array_elements(do_views_opts) - 1, "",
     do_views_opts, NULL };
 static ulong opt_do_views= DO_VIEWS_NO;
+#include "credmgr-var.h"
 
 static struct my_option my_long_options[] =
 {
@@ -220,6 +221,7 @@ static struct my_option my_long_options[] =
    &do_views_typelib, GET_ENUM, OPT_ARG, 0, 0, 0, 0, 0, 0},
   {"process-tables", 0, "Perform the requested operation on tables.",
    &opt_do_tables, &opt_do_tables, 0, GET_BOOL, NO_ARG, 1, 0, 0, 0, 0, 0},
+#include "credmgr-opt.h"
   {0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
 };
 
@@ -1174,7 +1176,8 @@ static int dbConnect(char *host, char *user, char **passwd)
   mysql_options4(&mysql_connection, MYSQL_OPT_CONNECT_ATTR_ADD,
                  "program_name", "mysqlcheck");
   if (!(sock = cli_connect(&mysql_connection, host, user, passwd,
-         NULL, opt_mysql_port, opt_mysql_unix_port, 0,tty_password)))
+         NULL, opt_mysql_port, opt_mysql_unix_port, 0,tty_password,
+           opt_credential_manager)))
   {
     DBerror(&mysql_connection, "when trying to connect");
     DBUG_RETURN(1);

client/mysqldump.c

@@ -248,7 +248,7 @@ TYPELIB compatible_mode_typelib= {array_elements(compatible_mode_names) - 1,
 static HASH ignore_table, ignore_data;
 
 static HASH ignore_database;
-
+#include "credmgr-var.h"
 static struct my_option my_long_options[] =
 {
   {"all-databases", 'A',
@@ -619,6 +619,7 @@ static struct my_option my_long_options[] =
    "Default authentication client-side plugin to use.",
    &opt_default_auth, &opt_default_auth, 0,
    GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
+#include "credmgr-opt.h"
   {0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
 };
 
@@ -2041,8 +2042,9 @@ static int connect_to_db(char *host, char *user,char **passwd)
   mysql_options4(&mysql_connection, MYSQL_OPT_CONNECT_ATTR_ADD,
                  "program_name", "mysqldump");
   mysql= &mysql_connection;          /* So we can mysql_close() it properly */
-  if (!cli_connect(&mysql_connection,host,user,passwd,
-                          NULL,opt_mysql_port,opt_mysql_unix_port, 0,tty_password))
+  if (!cli_connect(&mysql_connection, host, user, passwd, NULL, opt_mysql_port,
+                   opt_mysql_unix_port, 0, tty_password,
+                   opt_credential_manager))
   {
     DB_error(&mysql_connection, "when trying to connect");
     DBUG_RETURN(1);

client/mysqlimport.c

@@ -69,6 +69,7 @@ static uint protocol_to_force= MYSQL_PROTOCOL_DEFAULT;
 #include <sslopt-vars.h>
 
 static char **argv_to_free;
+#include "credmgr-var.h"
 
 static struct my_option my_long_options[] =
 {
@@ -185,6 +186,7 @@ static struct my_option my_long_options[] =
    &verbose, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
   {"version", 'V', "Output version information and exit.", 0, 0, 0, GET_NO_ARG,
    NO_ARG, 0, 0, 0, 0, 0, 0},
+#include "credmgr-opt.h"
   { 0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
 };
 
@@ -520,7 +522,7 @@ static MYSQL *db_connect(char *host, char *database,
                  "program_name", "mysqlimport");
   if (!(cli_connect(mysql,host,user,passwd,
                            database,opt_mysql_port,opt_mysql_unix_port,
-                           0, tty_password)))
+                           0, tty_password,opt_credential_manager)))
   {
     ignore_errors=0;	  /* NO RETURN FROM db_error */
     db_error(mysql);

client/mysqlshow.c

@@ -30,6 +30,7 @@
 #include <sslopt-vars.h>
 #include <welcome_copyright_notice.h>   /* ORACLE_WELCOME_COPYRIGHT_NOTICE */
 #include "cli_utils.h"
+#include "credmgr-var.h"
 
 static char * host=0, *opt_password=0, *user=0;
 static my_bool opt_show_keys= 0, opt_compress= 0, opt_count=0, opt_status= 0;
@@ -163,7 +164,7 @@ int main(int argc, char **argv)
   if (!(cli_connect(&mysql,host,user, &opt_password,
                 (first_argument_uses_wildcards) ? "" :
                     argv[0], opt_mysql_port,opt_mysql_unix_port,
-                  0, tty_password)))
+                  0, tty_password,opt_credential_manager)))
   {
     fprintf(stderr,"%s: %s\n",my_progname,mysql_error(&mysql));
     error= 1;
@@ -267,6 +268,7 @@ static struct my_option my_long_options[] =
   {"user", 'u', "User for login if not current user.", &user,
    &user, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
 #endif
+#include "credmgr-opt.h"
   {"verbose", 'v',
    "More verbose output; you can use this multiple times to get even more "
    "verbose output.",

client/mysqlslap.c

@@ -86,6 +86,7 @@
 #include <my_dir.h>
 #include <signal.h>
 #include <sslopt-vars.h>
+#include "credmgr-var.h"
 #ifndef _WIN32
 #include <sys/wait.h>
 #endif
@@ -716,6 +717,7 @@ static struct my_option my_long_options[] =
    0, 0, 0, 0, 0, 0},
   {"version", 'V', "Output version information and exit.", 0, 0, 0,
    GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0},
+#include "credmgr-opt.h"
   {0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
 };
 
@@ -2336,7 +2338,7 @@ slap_connect(MYSQL *mysql)
                            create_schema_string,
                            opt_mysql_port,
                            opt_mysql_unix_port,
-                           connect_flags,tty_password))
+                           connect_flags,tty_password, opt_credential_manager))
     {
       /* Connect succeeded */
       connect_error= 0;

client/mysqltest.cc

@@ -57,6 +57,8 @@
 #include <my_stacktrace.h>
 
 #include <welcome_copyright_notice.h> // ORACLE_WELCOME_COPYRIGHT_NOTICE
+#include "credmgr-var.h"
+
 
 #ifdef _WIN32
 #include <crtdbg.h>
@@ -5756,8 +5758,9 @@ void safe_connect(MYSQL* mysql, const char *name, const char *host,
   mysql_options(mysql, MYSQL_OPT_CONNECT_ATTR_RESET, 0);
   mysql_options4(mysql, MYSQL_OPT_CONNECT_ATTR_ADD,
                  "program_name", "mysqltest");
-  while(!cli_connect(mysql, host,user, pass, db, port, sock,
-                            CLIENT_MULTI_STATEMENTS | CLIENT_REMEMBER_OPTIONS,tty_password))
+  while (!cli_connect(mysql, host, user, pass, db, port, sock,
+                      CLIENT_MULTI_STATEMENTS | CLIENT_REMEMBER_OPTIONS,
+                      tty_password, opt_credential_manager))
   {
     /*
       Connect failed
@@ -7188,6 +7191,7 @@ static struct my_option my_long_options[] =
     &opt_overlay_dir, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
   {"suite-dir", 0, "Suite directory.", &opt_suite_dir,
     &opt_suite_dir, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
+#include "credmgr-opt.h"
   { 0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
 };
 

mysql-test/main/credential_manager_windows.test

@@ -9,26 +9,26 @@ exec cmdkey /delete:$target_name > /dev/null 2>&1;
 CREATE USER 'u' IDENTIFIED BY 'pass';
 -- echo # Login with correct password to store it
 let MARIADB_CREDMGR_SAVE_PASSWORD=1;
-exec $EXE_MYSQL --protocol=tcp --port=$MASTER_MYPORT -uu --password=pass -e "do 1";
+exec $EXE_MYSQL --protocol=tcp --credential_manager=1 --port=$MASTER_MYPORT -uu --password=pass -e "do 1";
 let MARIADB_CREDMGR_SAVE_PASSWORD=;
 
 --echo # Check expected key is in the credential manager
 exec cmdkey /list:$target_name > /dev/null;
 
 --echo # Login without passing password (succeeds)
-exec $EXE_MYSQL --port=$MASTER_MYPORT -uu -e "do 1";
+exec $EXE_MYSQL --credential_manager=1 --port=$MASTER_MYPORT -uu -e "do 1";
 
 --echo # Login with -P ("interactively"), does not ask for password
-exec $EXE_MYSQL --port=$MASTER_MYPORT -uu -p -e "do 1";
+exec $EXE_MYSQL --credential_manager=1 --port=$MASTER_MYPORT -uu -p -e "do 1";
 
 --echo # Login with wrong password (fails)
 --error 1
-exec EXE_MYSQL --protocol=tcp --port=$MASTER_MYPORT -uu --password=wrong -e "do 1";
+exec EXE_MYSQL --credential_manager=1 --protocol=tcp --port=$MASTER_MYPORT -uu --password=wrong -e "do 1";
 
 --echo # Remove entry from credential manager
 exec cmdkey /delete:$target_name > /dev/null;
 
 --echo # Login without passing password (fails, credential is no longer in credential manager)
 --error 1
-exec $EXE_MYSQL --port=$MASTER_MYPORT -uu -e "do 1";
+exec $EXE_MYSQL --credential-manager=1 --port=$MASTER_MYPORT -uu -e "do 1";
 DROP USER u;