WL#12138 -- Add Admin Port

This worklog adds capability to specify a separate IP address and TCP port
that are ready to accept TCP connection and speak MySQL protocol.
The following features are added within the worklog:

  * The new command-line options --admin-address and --admin-port
    to specify admin interface for listening incoming connection requests.

  * The new privilege SERVICE_CONNECTION_ADMIN to restrict
    access to admin socket.

  * Ignore restrictions imposed by parameters max_user_connections
    and max_connections in case a connection is made to admin interface.

  * The new option --create-admin-listener-thread to listen on admin interface
    in a separate thread.

cmake/mysql_version.cmake

@@ -146,6 +146,9 @@ ELSEIF(MYSQL_TCP_PORT EQUAL MYSQL_TCP_PORT_DEFAULT)
   SET(MYSQL_TCP_PORT_DEFAULT "0")
 ENDIF()
 
+IF(NOT MYSQL_ADMIN_TCP_PORT)
+  SET(MYSQL_ADMIN_TCP_PORT 33062)
+ENDIF(NOT MYSQL_ADMIN_TCP_PORT)
 
 IF(NOT MYSQL_UNIX_ADDR)
   SET(MYSQL_UNIX_ADDR "/tmp/mysql.sock")

include/mysql_version.h.in

@@ -14,6 +14,7 @@
 #define MYSQL_SERVER_SUFFIX_DEF    "@MYSQL_SERVER_SUFFIX@"
 #define MYSQL_VERSION_ID            @MYSQL_VERSION_ID@
 #define MYSQL_PORT                  @MYSQL_TCP_PORT@
+#define MYSQL_ADMIN_PORT            @MYSQL_ADMIN_TCP_PORT@
 #define MYSQL_PORT_DEFAULT          @MYSQL_TCP_PORT_DEFAULT@
 #define MYSQL_UNIX_ADDR            "@MYSQL_UNIX_ADDR@"
 #define MYSQL_CONFIG_NAME          "my"

mysql-test/r/admin_interface.result

@@ -0,0 +1,197 @@
+#
+# WL#12138 -- Add Admin Port
+#
+# Create the user u1
+CREATE USER u1;
+# Grant the user u1 the privilege SERVICE_CONNECTION_ADMIN
+GRANT SERVICE_CONNECTION_ADMIN ON *.* TO u1;
+# Create the user u2
+CREATE USER u2;
+# Create the user u3
+CREATE USER u3;
+# Grant the user u3 the privilege SERVICE_CONNECTION_ADMIN
+GRANT SUPER ON *.* TO u3;
+Warnings:
+Warning	1287	The SUPER privilege identifier is deprecated
+# Stop DB server which was created by MTR default
+# Test case 1
+# Check that specially treated value :: is not allowed as part of
+# option admin-address.
+Pattern "Invalid value for command line option admin-address: '::'" found
+# Test case 2
+# Check that specially treated value * is not allowed as part of
+# option admin-address.
+Pattern "Invalid value for command line option admin-address: '*'" found
+# Test case 3
+# Check that specially treated value 0.0.0.0 is not allowed as part of
+# option admin-address.
+Pattern "Invalid value for command line option admin-address: '0.0.0.0'" found
+# Test case 4
+# Check that non-existent host name specified as a value of the option admin-address results in error on server starting up.
+# option admin-address.
+Pattern "Can't start server: cannot resolve hostname" found
+# Starting up server with --admin-address=127.0.0.1 --max-connections=2
+# restart: --admin-address=127.0.0.1 --admin-port=ADMIN_PORT --max-connections=2
+# Test case 5
+# Check that ordinary connection using tcp protocol can be established
+connect ordinary_tcp_con,localhost,root,,,,,TCP;
+SELECT CURRENT_USER();
+CURRENT_USER()
+root@localhost
+disconnect ordinary_tcp_con;
+# Check error when starting a server having admin port which is busy
+Pattern "Can't start server: Bind on TCP/IP port: (Address already in use|Only one usage of each socket address .* normally permitted)" found
+# Test case 6
+# Check that ordinary connection using default connection method can be established
+connect ordinary_con,localhost,root,,,,,;
+SELECT CURRENT_USER();
+CURRENT_USER()
+root@localhost
+disconnect ordinary_con;
+# Test case 7
+# Check that admin connection using tcp protocol can be established
+connect admin_tcp_con,127.0.0.1,root,,,$ADMIN_PORT,,TCP;
+SELECT CURRENT_USER();
+CURRENT_USER()
+root@localhost
+# Check that a system message about the admin interface is written
+# to the error log
+Pattern "\[System\] \[MY\-[0-9]+\] \[Server\] Admin interface ready for connections, address: \'127.0.0.1\'  port: ADMIN_PORT" found
+disconnect admin_tcp_con;
+# Test case 8
+# Check that the user u1 can establish connection to admin interface since
+# this user has the privilege SERVICE_CONNECTION_ADMIN
+connect admin_tcp_con_u1,127.0.0.1,u1,,,$ADMIN_PORT,,TCP;
+SELECT CURRENT_USER();
+CURRENT_USER()
+u1@%
+disconnect admin_tcp_con_u1;
+# Test case 9
+# Check that the user u2 can't establish connection to admin interface since
+# this user doesn't have the privilege SERVICE_CONNECTION_ADMIN
+connect(127.0.0.1,u2,,test,ADMIN_PORT,MASTER_SOCKET);
+connect admin_tcp_con_u2,127.0.0.1,u2,,,$ADMIN_PORT,,TCP;
+ERROR 42000: Access denied; you need (at least one of) the SERVICE_CONNECTION_ADMIN privilege(s) for this operation
+# Check that the user u3 can't establish connection to admin interface since
+# this user doesn't have the privilege SERVICE_CONNECTION_ADMIN
+connect(127.0.0.1,u3,,test,ADMIN_PORT,MASTER_SOCKET);
+connect admin_tcp_con_u3,127.0.0.1,u3,,,$ADMIN_PORT,,TCP;
+ERROR 42000: Access denied; you need (at least one of) the SERVICE_CONNECTION_ADMIN privilege(s) for this operation
+connection default;
+# Show how many active connections currently exist
+SHOW STATUS LIKE 'Threads_connected';
+Variable_name	Value
+Threads_connected	1
+# Test case 10
+# Check that the parameter max_connections does affect to an ordinary
+# connection and doesn't affect to a connection made to admin interface
+connect ordinary_con_1,localhost,u1,,,,,;
+# Show how many active connections exist after the connection
+# ordinary_con_1 established
+SHOW STATUS LIKE 'Threads_connected';
+Variable_name	Value
+Threads_connected	2
+# Since server was started with the option --max-connections=2 and
+# there are already two active connections (the first one is for
+# the default connection and the second one is for the connection
+# ordinary_con_1) an attempt to connect to the server results in
+# error ER_CON_COUNT_ERROR
+connect(localhost,u2,,test,MASTER_PORT,MASTER_SOCKET);
+connect ordinary_con_2,localhost,u2,,,,,;
+ERROR 08004: Too many connections
+# Check that attempt to establish the third connection to admin interface
+# doesn't result in error
+connect admin_con_3,localhost,u1,,,$ADMIN_PORT,,TCP;
+# Check that total number of concurrent connection made to admin interface
+# is not limited by the value max-connections + 1
+connect admin_con_4,localhost,u1,,,$ADMIN_PORT,,TCP;
+connection ordinary_con_1;
+disconnect ordinary_con_1;
+connection admin_con_3;
+disconnect admin_con_3;
+connection admin_con_4;
+disconnect admin_con_4;
+connection default;
+# Test case 11
+# Check that a dedicated thread for handling connection requests
+# on admin interface is not running in case a server started without
+# the option --create-admin-listener-thread=true
+SELECT name, type FROM performance_schema.threads WHERE name = 'thread/sql/admin_interface';
+name	type
+# Stop DB server
+# Starting up server with --admin-address=127.0.0.1,
+# handle connections on admin interface by a dedicated thread
+# restart: --admin-address=127.0.0.1 --admin-port=ADMIN_PORT --create-admin-listener-thread=true
+# Test case 12
+# Check that a dedicated thread for handling connection requests on
+# admin interface is running in case a server started with the option
+# --create-admin-listener-thread=true
+SELECT name, type FROM performance_schema.threads WHERE name = 'thread/sql/admin_interface';
+name	type
+thread/sql/admin_interface	BACKGROUND
+# Test case 13
+# Check that admin connection using tcp protocol can be established
+# when a server is started with option --create-admin-listener-thread=true
+connect admin_tcp_con,127.0.0.1,root,,,$ADMIN_PORT,,TCP;
+SELECT CURRENT_USER();
+CURRENT_USER()
+root@localhost
+disconnect admin_tcp_con;
+# Test case 14
+# Check that admin interface is turned off
+# in case a server started with the --skip-networking option
+connection default;
+# Stop DB server
+# Starting up server with --admin-address=127.0.0.1 --skip-networking
+# restart: --admin-address=127.0.0.1 --admin-port=ADMIN_PORT --skip-networking
+connect(127.0.0.1,root,,test,ADMIN_PORT,MASTER_SOCKET);
+connect admin_tcp_con,127.0.0.1,root,,,$ADMIN_PORT,,TCP;
+# Test case 15
+# Check that admin interface is turned off in case a server started
+# with the --skip-grant-tables option. If the server is started with
+# the --skip-grant-tables option to disable authentication checks,
+# the server enables --skip-networking automatically to prevent remote
+# connections. Therefore, listening on admin interface must be disabled too.
+connection default;
+# Stop DB server
+# Starting up server with --admin-address=127.0.0.1 --skip-grant-tables
+# restart: --admin-address=127.0.0.1 --admin-port=ADMIN_PORT --skip-grant-tables
+connect(127.0.0.1,root,,test,ADMIN_PORT,MASTER_SOCKET);
+connect admin_tcp_con,127.0.0.1,root,,,$ADMIN_PORT,,TCP;
+connection default;
+# Stop DB server
+# Test case 16
+# Check that admin interface is not setup when the option
+# --admin-port is specified without --admin-address
+# restart: --admin-port=ADMIN_PORT
+connect ordinary_tcp_con,localhost,root,,,,,TCP;
+SELECT CURRENT_USER();
+CURRENT_USER()
+root@localhost
+SELECT @@admin_address, @@admin_port;
+@@admin_address	@@admin_port
+NULL	ADMIN_PORT
+disconnect ordinary_tcp_con;
+connect(127.0.0.1,root,,test,ADMIN_PORT,MASTER_SOCKET);
+connect admin_tcp_con,127.0.0.1,root,,,$ADMIN_PORT,,TCP;
+# Test case 17
+# Check that we can connect to the server if admin
+# interface is set up on loopback IPV6 address
+connection default;
+# restart: --skip-name-resolve --admin-address=::1 --admin-port=ADMIN_PORT
+connect admin_tcp_con_ipv6,::1,u1,,,$ADMIN_PORT,,TCP;
+SELECT @@admin_address, @@admin_port;
+@@admin_address	@@admin_port
+::1	ADMIN_PORT
+disconnect admin_tcp_con_ipv6;
+connection default;
+# Stop DB server
+#
+# Starting mysqld in the regular mode...
+#
+connection default;
+# restart
+# Cleaning up
+DROP USER u1;
+DROP USER u2;
+DROP USER u3;

mysql-test/r/admin_interface_ipv4_mapped.result

@@ -0,0 +1,9 @@
+# restart: --skip-name-resolve --admin-address=::ffff:127.0.0.1 --admin_port=ADMIN_PORT
+# Checking ::ffff:127.0.0.1 ...
+mysqld is alive
+# Checking 127.0.0.1 ...
+mysqld is alive
+#
+# Starting mysqld in the regular mode...
+#
+# restart

mysql-test/r/events_bugs.result

@@ -570,7 +570,7 @@ USE test;
 SHOW GRANTS FOR CURRENT_USER;
 Grants for root@localhost
 GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION
-GRANT BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION
+GRANT BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION
 GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
 SET GLOBAL event_scheduler = ON;
 CREATE TABLE events_test.event_log