Commit 34c3484f authored by monty@hundin.mysql.fi's avatar monty@hundin.mysql.fi

Fixes to get openssl code to compile

parent d22bf7e3
...@@ -108,7 +108,6 @@ my_bool vio_poll_read(Vio *vio,uint timeout); ...@@ -108,7 +108,6 @@ my_bool vio_poll_read(Vio *vio,uint timeout);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* vio_violite_h_ */
#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO) #if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
#define vio_delete(vio) (vio)->viodelete(vio) #define vio_delete(vio) (vio)->viodelete(vio)
...@@ -237,3 +236,4 @@ struct st_vio ...@@ -237,3 +236,4 @@ struct st_vio
#endif /* HAVE_VIO */ #endif /* HAVE_VIO */
}; };
#endif /* EMBEDDED_LIBRARY */ #endif /* EMBEDDED_LIBRARY */
#endif /* vio_violite_h_ */
...@@ -19,13 +19,16 @@ ...@@ -19,13 +19,16 @@
#include "../regex/regex.h" #include "../regex/regex.h"
#include "my_sys.h" #include "my_sys.h"
/*
The following is needed to not cause conflicts when we include mysqld.cc
*/
#define main main1 #define main main1
#define mysql_unix_port mysql_inix_port1 #define mysql_unix_port mysql_inix_port1
#define mysql_port mysql_port1 #define mysql_port mysql_port1
#define net_read_timeout net_read_timeout1 #define net_read_timeout net_read_timeout1
#define net_write_timeout net_write_timeout1 #define net_write_timeout net_write_timeout1
#define changeable_vars changeable_vars1 #define changeable_vars changeable_vars1
//#define mysql_tmpdir mysql_tmpdir1
extern "C" extern "C"
{ {
...@@ -36,38 +39,23 @@ extern "C" ...@@ -36,38 +39,23 @@ extern "C"
class THD; class THD;
static int static int check_connections1(THD * thd);
check_connections1(THD * thd); static int check_connections2(THD * thd);
static bool check_user(THD *thd, enum_server_command command,
static bool const char *user, const char *passwd, const char *db,
check_user(THD *thd, enum_server_command command,const char *user, const char *passwd, const char *db, bool check_count); bool check_count);
void free_defaults_internal(char ** argv) {if (argv) free_defaults(argv);}
static int
check_connections2(THD * thd);
extern void free_defaults(char ** argv);
void free_defaults_internal(char ** argv){if (argv) free_defaults(argv);}
#define free_defaults free_defaults_internal #define free_defaults free_defaults_internal
char mysql_data_home[FN_REFLEN]; char mysql_data_home[FN_REFLEN];
char * get_mysql_data_home(){return mysql_data_home;}; char * get_mysql_data_home() { return mysql_data_home; }
#define mysql_data_home mysql_data_home_internal #define mysql_data_home mysql_data_home_internal
#include "../sql/mysqld.cc" #include "../sql/mysqld.cc"
#define SCRAMBLE_LENGTH 8 #define SCRAMBLE_LENGTH 8
extern "C" { extern "C" {
char * get_mysql_home(){ return mysql_home;};
/* char * get_mysql_real_data_home(){ return mysql_real_data_home;};
void
free_defaults(char ** argv) {};
void
load_defaults(const char *, const char **, int *, char ***) {};
*/
char *
get_mysql_home(){ return mysql_home;};
char *
get_mysql_real_data_home(){ return mysql_real_data_home;};
bool lib_dispatch_command(enum enum_server_command command, NET *net, bool lib_dispatch_command(enum enum_server_command command, NET *net,
...@@ -83,9 +71,7 @@ bool lib_dispatch_command(enum enum_server_command command, NET *net, ...@@ -83,9 +71,7 @@ bool lib_dispatch_command(enum enum_server_command command, NET *net,
} }
void lib_connection_phase(NET * net, int phase)
void
lib_connection_phase(NET * net, int phase)
{ {
THD * thd; THD * thd;
thd = (THD *)(net->vio->dest_thd); thd = (THD *)(net->vio->dest_thd);
...@@ -99,7 +85,9 @@ lib_connection_phase(NET * net, int phase) ...@@ -99,7 +85,9 @@ lib_connection_phase(NET * net, int phase)
} }
} }
} }
} } /* extern "C" */
void start_embedded_conn1(NET * net) void start_embedded_conn1(NET * net)
{ {
THD * thd = new THD; THD * thd = new THD;
...@@ -660,16 +648,14 @@ void mysql_thread_end() ...@@ -660,16 +648,14 @@ void mysql_thread_end()
void start_embedded_connection(NET * net) void start_embedded_connection(NET * net)
{ {
start_embedded_conn1(net); start_embedded_conn1(net);
}
//====================================================================
} }
} /* extern "C" */
int embedded_do_command(NET * net) int embedded_do_command(NET * net)
{ {
THD * thd = (THD *) net ->vio; THD * thd = (THD *) net ->vio;
do_command(thd); do_command(thd);
return 0; return 0;
} }
...@@ -677,9 +677,7 @@ static sig_handler print_signal_warning(int sig) ...@@ -677,9 +677,7 @@ static sig_handler print_signal_warning(int sig)
void unireg_end(int signal_number __attribute__((unused))) void unireg_end(int signal_number __attribute__((unused)))
{ {
clean_up(); clean_up();
#if defined(EMBEDDED_LIBRARY) #ifndef EMBEDDED_LIBRARY
exit(0); // XXX QQ: this is a temporary hack (I hope)
#else
pthread_exit(0); // Exit is in main thread pthread_exit(0); // Exit is in main thread
#endif #endif
} }
......
...@@ -205,17 +205,20 @@ int acl_init(bool dont_read_acl_tables) ...@@ -205,17 +205,20 @@ int acl_init(bool dont_read_acl_tables)
user.password=get_field(&mem, table,2); user.password=get_field(&mem, table,2);
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
DBUG_PRINT("info",("table->fields=%d",table->fields)); DBUG_PRINT("info",("table->fields=%d",table->fields));
if (table->fields >= 21) { /* From 4.0.0 we have more fields */ if (table->fields >= 21) /* From 4.0.0 we have more fields */
if(!strcmp(get_field(&mem, table,17),"ANY")) {
char *ssl_type=get_field(&mem, table,17);
if (!strcmp(ssl_type, "ANY"))
user.ssl_type=SSL_TYPE_ANY; user.ssl_type=SSL_TYPE_ANY;
else if(!strcmp(get_field(&mem, table,17),"X509")) else if (!strcmp(ssl_type, "X509"))
user.ssl_type=SSL_TYPE_X509; user.ssl_type=SSL_TYPE_X509;
else if(!strcmp(get_field(&mem, table,17),"SPECIFIED")) else if (!strcmp(ssl_type, "SPECIFIED"))
user.ssl_type=SSL_TYPE_SPECIFIED; user.ssl_type=SSL_TYPE_SPECIFIED;
else user.ssl_type=SSL_TYPE_NONE; else
user.ssl_cipher=get_field(&mem, table,18); user.ssl_type=SSL_TYPE_NONE;
user.x509_issuer=get_field(&mem, table,19); user.ssl_cipher=get_field(&mem, table, 18);
user.x509_subject=get_field(&mem, table,20); user.x509_issuer=get_field(&mem, table, 19);
user.x509_subject=get_field(&mem, table, 20);
} }
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
if (user.password && (length=(uint) strlen(user.password)) == 8 && if (user.password && (length=(uint) strlen(user.password)) == 8 &&
...@@ -447,82 +450,87 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user, ...@@ -447,82 +450,87 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
(my_bool) old_ver))) (my_bool) old_ver)))
{ {
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#define vio (thd->net.vio) Vio *vio=thd->net.vio;
/* In this point we know that user is allowed to connect /*
* from given host by given username/password pair. Now In this point we know that user is allowed to connect
* we check if SSL is required, if user is using SSL and from given host by given username/password pair. Now
* if X509 certificate attributes are OK we check if SSL is required, if user is using SSL and
*/ if X509 certificate attributes are OK
*/
switch(acl_user->ssl_type) { switch(acl_user->ssl_type) {
case SSL_TYPE_NONE: /* SSL is not required to connect */ case SSL_TYPE_NONE: /* SSL is not required to connect */
user_access=acl_user->access; user_access=acl_user->access;
break; break;
case SSL_TYPE_ANY: /* Any kind of SSL is good enough */ case SSL_TYPE_ANY: /* Any kind of SSL is good enough */
if(vio_type(vio) == VIO_TYPE_SSL) if (vio_type(vio) == VIO_TYPE_SSL)
user_access=acl_user->access; user_access=acl_user->access;
break; break;
case SSL_TYPE_X509: /* Client should have any valid certificate. */ case SSL_TYPE_X509: /* Client should have any valid certificate. */
/* Connections with non-valid certificates are dropped already /*
* in sslaccept() anyway, so we do not check validity here. Connections with non-valid certificates are dropped already
*/ in sslaccept() anyway, so we do not check validity here.
if(SSL_get_peer_certificate(vio->ssl_)) */
user_access=acl_user->access; if (SSL_get_peer_certificate(vio->ssl_))
break; user_access=acl_user->access;
case SSL_TYPE_SPECIFIED: /* Client should have attributes as specified */ break;
/* We do not check for absence of SSL because without SSL it does not case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
* pass all checks here anyway. /*
*/ We do not check for absence of SSL because without SSL it does
/* If cipher name is specified, we compare it to actual cipher in use */ not pass all checks here anyway.
if(acl_user->ssl_cipher) If cipher name is specified, we compare it to actual cipher in
DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'", use.
acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_))); */
if(!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_))) if (acl_user->ssl_cipher)
user_access=acl_user->access; DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
else acl_user->ssl_cipher,
{ SSL_get_cipher(vio->ssl_)));
user_access=NO_ACCESS; if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)))
break; user_access=acl_user->access;
} else
/* Prepare certificate (if exists) */ {
DBUG_PRINT("info",("checkpoint 1")); user_access=NO_ACCESS;
X509* cert=SSL_get_peer_certificate(vio->ssl_); break;
DBUG_PRINT("info",("checkpoint 2")); }
/* If X509 issuer is speified, we check it... */ /* Prepare certificate (if exists) */
if(acl_user->x509_issuer) DBUG_PRINT("info",("checkpoint 1"));
{ X509* cert=SSL_get_peer_certificate(vio->ssl_);
DBUG_PRINT("info",("checkpoint 3")); DBUG_PRINT("info",("checkpoint 2"));
ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); /* If X509 issuer is speified, we check it... */
DBUG_PRINT("info",("comparing issuers: '%s' and '%s'", if (acl_user->x509_issuer)
acl_user->x509_issuer, ptr)); {
if(!strcmp(acl_user->x509_issuer,ptr)) DBUG_PRINT("info",("checkpoint 3"));
user_access=acl_user->access; ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
else DBUG_PRINT("info",("comparing issuers: '%s' and '%s'",
{ acl_user->x509_issuer, ptr));
user_access=NO_ACCESS; if (!strcmp(acl_user->x509_issuer,ptr))
free(ptr); user_access=acl_user->access;
break; else
} {
free(ptr); user_access=NO_ACCESS;
} free(ptr);
DBUG_PRINT("info",("checkpoint 4")); break;
/* X509 subject is specified, we check it .. */ }
if(acl_user->x509_subject) free(ptr);
{ }
ptr = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); DBUG_PRINT("info",("checkpoint 4"));
DBUG_PRINT("info",("comparing subjects: '%s' and '%s'", /* X509 subject is specified, we check it .. */
acl_user->x509_subject, ptr)); if (acl_user->x509_subject)
if(!strcmp(acl_user->x509_subject,ptr)) {
user_access=acl_user->access; ptr = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
else DBUG_PRINT("info",("comparing subjects: '%s' and '%s'",
{ acl_user->x509_subject, ptr));
user_access=NO_ACCESS; if (!strcmp(acl_user->x509_subject,ptr))
free(ptr); user_access=acl_user->access;
break; else
} {
free(ptr); user_access=NO_ACCESS;
} free(ptr);
DBUG_PRINT("info",("checkpoint 5")); break;
break; }
free(ptr);
}
DBUG_PRINT("info",("checkpoint 5"));
break;
} }
DBUG_PRINT("info",("checkpoint 6")); DBUG_PRINT("info",("checkpoint 6"));
#else /* HAVE_OPENSSL */ #else /* HAVE_OPENSSL */
...@@ -557,12 +565,10 @@ static byte* check_get_key(ACL_USER *buff,uint *length, ...@@ -557,12 +565,10 @@ static byte* check_get_key(ACL_USER *buff,uint *length,
static void acl_update_user(const char *user, const char *host, static void acl_update_user(const char *user, const char *host,
const char *password, const char *password,
#ifdef HAVE_OPENSSL
enum SSL_type ssl_type, enum SSL_type ssl_type,
const char *ssl_cipher, const char *ssl_cipher,
const char *x509_issuer, const char *x509_issuer,
const char *x509_subject, const char *x509_subject,
#endif /* HAVE_OPENSSL */
uint privileges) uint privileges)
{ {
for (uint i=0 ; i < acl_users.elements ; i++) for (uint i=0 ; i < acl_users.elements ; i++)
...@@ -601,12 +607,10 @@ static void acl_update_user(const char *user, const char *host, ...@@ -601,12 +607,10 @@ static void acl_update_user(const char *user, const char *host,
static void acl_insert_user(const char *user, const char *host, static void acl_insert_user(const char *user, const char *host,
const char *password, const char *password,
#ifdef HAVE_OPENSSL
enum SSL_type ssl_type, enum SSL_type ssl_type,
const char *ssl_cipher, const char *ssl_cipher,
const char *x509_issuer, const char *x509_issuer,
const char *x509_subject, const char *x509_subject,
#endif /* HAVE_OPENSSL */
uint privileges) uint privileges)
{ {
ACL_USER acl_user; ACL_USER acl_user;
...@@ -1158,37 +1162,35 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, ...@@ -1158,37 +1162,35 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
rights=get_access(table,3); rights=get_access(table,3);
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
/* We write down SSL related ACL stuff */ /* We write down SSL related ACL stuff */
DBUG_PRINT("info",("table->fields=%d",table->fields)); DBUG_PRINT("info",("table->fields=%d",table->fields));
if (table->fields >= 21) { /* From 4.0.0 we have more fields */ if (table->fields >= 21) /* From 4.0.0 we have more fields */
switch (thd->lex.ssl_type) { {
case SSL_TYPE_ANY: table->field[18]->store("",0);
table->field[17]->store("ANY",3); table->field[19]->store("",0);
table->field[18]->store("",0); table->field[20]->store("",0);
table->field[19]->store("",0); switch (thd->lex.ssl_type) {
table->field[20]->store("",0); case SSL_TYPE_ANY:
break; table->field[17]->store("ANY",3);
case SSL_TYPE_X509: break;
table->field[17]->store("X509",4); case SSL_TYPE_X509:
table->field[18]->store("",0); table->field[17]->store("X509",4);
table->field[19]->store("",0); break;
table->field[20]->store("",0); case SSL_TYPE_SPECIFIED:
break; table->field[17]->store("SPECIFIED",9);
case SSL_TYPE_SPECIFIED: if (thd->lex.ssl_cipher)
table->field[17]->store("SPECIFIED",9); table->field[18]->store(thd->lex.ssl_cipher,
if(thd->lex.ssl_cipher) strlen(thd->lex.ssl_cipher));
table->field[18]->store(thd->lex.ssl_cipher,strlen(thd->lex.ssl_cipher)); if (thd->lex.x509_issuer)
if(thd->lex.x509_issuer) table->field[19]->store(thd->lex.x509_issuer,
table->field[19]->store(thd->lex.x509_issuer,strlen(thd->lex.x509_issuer)); strlen(thd->lex.x509_issuer));
if(thd->lex.x509_subject) if (thd->lex.x509_subject)
table->field[20]->store(thd->lex.x509_subject,strlen(thd->lex.x509_subject)); table->field[20]->store(thd->lex.x509_subject,
break; strlen(thd->lex.x509_subject));
default: break;
table->field[17]->store("NONE",4); default:
table->field[18]->store("",0); table->field[17]->store("NONE",4);
table->field[19]->store("",0);
table->field[20]->store("",0);
}
} }
}
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
if (old_row_exists) if (old_row_exists)
{ {
...@@ -1216,7 +1218,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, ...@@ -1216,7 +1218,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
} }
error=0; // Privileges granted / revoked error=0; // Privileges granted / revoked
end: end:
if (!error) if (!error)
{ {
acl_cache->clear(1); // Clear privilege cache acl_cache->clear(1); // Clear privilege cache
...@@ -1224,22 +1226,18 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, ...@@ -1224,22 +1226,18 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
password=0; // No password given on command password=0; // No password given on command
if (old_row_exists) if (old_row_exists)
acl_update_user(combo.user.str,combo.host.str,password, acl_update_user(combo.user.str,combo.host.str,password,
#ifdef HAVE_OPENSSL thd->lex.ssl_type,
thd->lex.ssl_type, thd->lex.ssl_cipher,
thd->lex.ssl_cipher, thd->lex.x509_issuer,
thd->lex.x509_issuer, thd->lex.x509_subject,
thd->lex.x509_subject, rights);
#endif /* HAVE_OPENSSL */
rights);
else else
acl_insert_user(combo.user.str,combo.host.str,password, acl_insert_user(combo.user.str,combo.host.str,password,
#ifdef HAVE_OPENSSL thd->lex.ssl_type,
thd->lex.ssl_type, thd->lex.ssl_cipher,
thd->lex.ssl_cipher, thd->lex.x509_issuer,
thd->lex.x509_issuer, thd->lex.x509_subject,
thd->lex.x509_subject, rights);
#endif /* HAVE_OPENSSL */
rights);
} }
table->file->index_end(); table->file->index_end();
DBUG_RETURN(error); DBUG_RETURN(error);
...@@ -2591,30 +2589,33 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user) ...@@ -2591,30 +2589,33 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
global.append('\''); global.append('\'');
} }
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
/* "show grants" SSL related stuff */ /* "show grants" SSL related stuff */
if(acl_user->ssl_type==SSL_TYPE_ANY) if (acl_user->ssl_type == SSL_TYPE_ANY)
global.append(" REQUIRE SSL",12); global.append(" REQUIRE SSL",12);
else if(acl_user->ssl_type==SSL_TYPE_X509) else if (acl_user->ssl_type==SSL_TYPE_X509)
global.append(" REQUIRE X509",13); global.append(" REQUIRE X509",13);
else if(acl_user->ssl_type==SSL_TYPE_SPECIFIED) else if (acl_user->ssl_type==SSL_TYPE_SPECIFIED)
{ {
global.append(" REQUIRE ",9); global.append(" REQUIRE ",9);
if(acl_user->x509_issuer) { if (acl_user->x509_issuer)
if(ssl_options++) {
if (ssl_options++)
global.append(" AND ",5); global.append(" AND ",5);
global.append("ISSUER \"",8); global.append("ISSUER \"",8);
global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer)); global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer));
global.append("\"",1); global.append("\"",1);
} }
if(acl_user->x509_subject) { if (acl_user->x509_subject)
if(ssl_options++) {
if (ssl_options++)
global.append(" AND ",5); global.append(" AND ",5);
global.append("SUBJECT \"",9); global.append("SUBJECT \"",9);
global.append(acl_user->x509_subject,strlen(acl_user->x509_subject)); global.append(acl_user->x509_subject,strlen(acl_user->x509_subject));
global.append("\"",1); global.append("\"",1);
} }
if(acl_user->ssl_cipher) { if (acl_user->ssl_cipher)
if(ssl_options++) {
if (ssl_options++)
global.append(" AND ",5); global.append(" AND ",5);
global.append("CIPHER \"",8); global.append("CIPHER \"",8);
global.append(acl_user->ssl_cipher,strlen(acl_user->ssl_cipher)); global.append(acl_user->ssl_cipher,strlen(acl_user->ssl_cipher));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment