Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
f194e401
Commit
f194e401
authored
Aug 30, 2001
by
tonu@x153.internalnet
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
OpenSSL work
parent
4194c075
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
52 additions
and
8 deletions
+52
-8
Docs/manual.texi
Docs/manual.texi
+10
-0
SSL/run-client
SSL/run-client
+2
-1
SSL/run-server
SSL/run-server
+1
-1
readline/callback.c
readline/callback.c
+1
-0
sql/mysqld.cc
sql/mysqld.cc
+4
-4
sql/sql_acl.cc
sql/sql_acl.cc
+31
-2
vio/viosocket.c
vio/viosocket.c
+3
-0
No files found.
Docs/manual.texi
View file @
f194e401
...
...
@@ -23299,6 +23299,7 @@ GRANT priv_type [(column_list)] [, priv_type [(column_list)] ...]
ON @{tbl_name | * | *.* | db_name.*@}
TO user_name [IDENTIFIED BY 'password']
[, user_name [IDENTIFIED BY 'password'] ...]
[REQUIRE @{SSL|X509@} [ISSUER issuer] [SUBJECT subject]]
[WITH GRANT OPTION]
REVOKE priv_type [(column_list)] [, priv_type [(column_list)] ...]
...
...
@@ -29454,6 +29455,15 @@ The number of seconds the slave thread will sleep before retrying to
connect to the master in case the master goes down or the connection is
lost. Default is 60. (Example: @code{master-connect-retry=60})
@item @code{master-ssl} @tab
Turn SSL on (Example: @code{master-ssl})
@item @code{master-ssl-key} @tab
Master SSL keyfile name (Example: @code{master-ssl-key=SSL/master-key.pem})
@item @code{master-ssl-cert} @tab
Master SSL certificate file name (Example: @code{master-ssl-key=SSL/master-cert.pem})
@item @code{master-info-file=filename} @tab
The location of the file that remembers where we left off on the master
during the replication process. The default is master.info in the data
SSL/run-client
View file @
f194e401
...
...
@@ -5,5 +5,6 @@ cmd () {
$*
}
client/mysql
--port
=
4407
--socket
=
/tmp/test.mysql.sock
--ssl-ca
=
SSL/cacert.pem
--ssl-cert
=
SSL/client-cert.pem
--ssl-key
=
SSL/client-key.pem
--debug
=
'd:t:O,/tmp/client.trace'
-h
127.0.0.1
--execute
=
"select version()"
client/mysql
--port
=
4407
--socket
=
/tmp/test.mysql.sock
--ssl-ca
=
SSL/cacert.pem
--ssl-cert
=
SSL/client-cert.pem
--ssl-key
=
SSL/client-key.pem
--debug
=
'd:t:O,/tmp/client.trace'
-h
127.0.0.1
-u
root
#--execute="select version();show status"
SSL/run-server
View file @
f194e401
...
...
@@ -5,5 +5,5 @@ cmd () {
$*
}
cmd sql/mysqld
--port
=
4407
--socket
=
/tmp/test.mysql.sock
--ssl-ca
=
SSL/cacert.pem
--ssl-cert
=
SSL/server-cert.pem
--ssl-key
=
SSL/server-key.pem
--
skip-grant
--debug
=
'd:t:O,/tmp/mysqld.trace'
>
& /tmp/mysqld.output
cmd sql/mysqld
--port
=
4407
--socket
=
/tmp/test.mysql.sock
--ssl-ca
=
SSL/cacert.pem
--ssl-cert
=
SSL/server-cert.pem
--ssl-key
=
SSL/server-key.pem
--
debug
=
'd:t:O,/tmp/mysqld.trace'
-uroot
>
& /tmp/mysqld.output
readline/callback.c
View file @
f194e401
...
...
@@ -29,6 +29,7 @@
#if defined (READLINE_CALLBACKS)
#include <stdlib.h>
#include <sys/types.h>
#include <stdio.h>
...
...
sql/mysqld.cc
View file @
f194e401
...
...
@@ -704,10 +704,10 @@ void clean_up(bool print_message)
end_raid
();
#endif
#ifdef HAVE_OPENSSL
my_free
(
opt_ssl_key
,
MYF
(
0
));
my_free
(
opt_ssl_cert
,
MYF
(
0
));
my_free
(
opt_ssl_ca
,
MYF
(
0
));
my_free
(
opt_ssl_capath
,
MYF
(
0
));
my_free
(
opt_ssl_key
,
MYF
(
MY_ALLOW_ZERO_PTR
));
my_free
(
opt_ssl_cert
,
MYF
(
MY_ALLOW_ZERO_PTR
));
my_free
(
opt_ssl_ca
,
MYF
(
MY_ALLOW_ZERO_PTR
));
my_free
(
opt_ssl_capath
,
MYF
(
MY_ALLOW_ZERO_PTR
));
opt_ssl_key
=
opt_ssl_cert
=
opt_ssl_ca
=
opt_ssl_capath
=
0
;
#endif
/* HAVE_OPENSSL */
free_defaults
(
defaults_argv
);
...
...
sql/sql_acl.cc
View file @
f194e401
...
...
@@ -61,6 +61,7 @@ public:
uint
hostname_length
;
char
*
user
,
*
password
;
ulong
salt
[
2
];
char
*
ssl_type
,
*
ssl_cipher
,
*
ssl_issuer
,
*
ssl_subject
;
};
class
ACL_DB
:
public
ACL_ACCESS
...
...
@@ -199,6 +200,10 @@ int acl_init(bool dont_read_acl_tables)
update_hostname
(
&
user
.
host
,
get_field
(
&
mem
,
table
,
0
));
user
.
user
=
get_field
(
&
mem
,
table
,
1
);
user
.
password
=
get_field
(
&
mem
,
table
,
2
);
user
.
ssl_type
=
get_field
(
&
mem
,
table
,
17
);
user
.
ssl_cipher
=
get_field
(
&
mem
,
table
,
18
);
user
.
ssl_issuer
=
get_field
(
&
mem
,
table
,
19
);
user
.
ssl_subject
=
get_field
(
&
mem
,
table
,
20
);
if
(
user
.
password
&&
(
length
=
(
uint
)
strlen
(
user
.
password
))
==
8
&&
protocol_version
==
PROTOCOL_VERSION
)
{
...
...
@@ -2312,7 +2317,7 @@ uint get_column_grant(THD *thd, TABLE_LIST *table, Field *field)
static
const
char
*
command_array
[]
=
{
"SELECT"
,
"INSERT"
,
"UPDATE"
,
"DELETE"
,
"CREATE"
,
"DROP"
,
"RELOAD"
,
"SHUTDOWN"
,
"PROCESS"
,
"FILE"
,
"GRANT"
,
"REFERENCES"
,
"INDEX"
,
"ALTER"
};
static
int
command_lengths
[]
=
{
6
,
6
,
6
,
6
,
6
,
4
,
6
,
8
,
7
,
4
,
5
,
9
,
5
,
5
};
static
int
command_lengths
[]
=
{
6
,
6
,
6
,
6
,
6
,
4
,
6
,
8
,
7
,
4
,
5
,
10
,
5
,
5
};
int
mysql_show_grants
(
THD
*
thd
,
LEX_USER
*
lex_user
)
{
...
...
@@ -2320,7 +2325,7 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
int
error
=
0
;
ACL_USER
*
acl_user
;
ACL_DB
*
acl_db
;
char
buff
[
1024
];
DBUG_ENTER
(
"mysql_
grant
"
);
DBUG_ENTER
(
"mysql_
show_grants
"
);
LINT_INIT
(
acl_user
);
if
(
!
initialized
)
...
...
@@ -2411,6 +2416,30 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
global
.
append
(
passd_buff
);
global
.
append
(
'\''
);
}
/* SSL grant stuff */
DBUG_PRINT
(
"info"
,(
"acl_user->ssl_type=%s"
,
acl_user
->
ssl_type
));
DBUG_PRINT
(
"info"
,(
"acl_user->ssl_cipher=%s"
,
acl_user
->
ssl_cipher
));
DBUG_PRINT
(
"info"
,(
"acl_user->ssl_subject=%s"
,
acl_user
->
ssl_subject
));
DBUG_PRINT
(
"info"
,(
"acl_user->ssl_issuer=%s"
,
acl_user
->
ssl_issuer
));
if
(
acl_user
->
ssl_type
)
{
if
(
!
strcmp
(
acl_user
->
ssl_type
,
"ssl"
))
global
.
append
(
" REQUIRE SSL"
,
12
);
else
if
(
!
strcmp
(
acl_user
->
ssl_type
,
"x509"
))
{
global
.
append
(
" REQUIRE X509 "
,
14
);
if
(
acl_user
->
ssl_issuer
)
{
global
.
append
(
"SUBJECT
\"
"
,
9
);
global
.
append
(
acl_user
->
ssl_issuer
,
strlen
(
acl_user
->
ssl_issuer
));
global
.
append
(
"
\"
"
,
1
);
}
if
(
acl_user
->
ssl_subject
)
{
global
.
append
(
"ISSUER
\"
"
,
8
);
global
.
append
(
acl_user
->
ssl_subject
,
strlen
(
acl_user
->
ssl_subject
));
global
.
append
(
"
\"
"
,
1
);
}
}
}
if
(
want_access
&
GRANT_ACL
)
global
.
append
(
" WITH GRANT OPTION"
,
18
);
thd
->
packet
.
length
(
0
);
...
...
vio/viosocket.c
View file @
f194e401
...
...
@@ -143,6 +143,7 @@ int vio_blocking(Vio * vio, my_bool set_blocking_mode)
DBUG_ENTER
(
"vio_blocking"
);
DBUG_PRINT
(
"enter"
,
(
"set_blocking_mode: %d"
,
(
int
)
set_blocking_mode
));
#if !defined(HAVE_OPENSSL)
#if !defined(___WIN__) && !defined(__EMX__)
#if !defined(NO_FCNTL_NONBLOCK)
...
...
@@ -178,6 +179,8 @@ int vio_blocking(Vio * vio, my_bool set_blocking_mode)
r
=
ioctlsocket
(
vio
->
sd
,
FIONBIO
,(
void
*
)
&
arg
,
sizeof
(
arg
));
}
#endif
/* !defined(__WIN__) && !defined(__EMX__) */
#endif
/* !defined (HAVE_OPENSSL) */
DBUG_PRINT
(
"exit"
,
(
"return %d"
,
r
));
DBUG_RETURN
(
r
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment