Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
34c3484f
Commit
34c3484f
authored
Sep 30, 2001
by
monty@hundin.mysql.fi
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixes to get openssl code to compile
parent
d22bf7e3
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
166 additions
and
181 deletions
+166
-181
include/violite.h
include/violite.h
+1
-1
libmysqld/lib_sql.cc
libmysqld/lib_sql.cc
+24
-38
sql/mysqld.cc
sql/mysqld.cc
+1
-3
sql/sql_acl.cc
sql/sql_acl.cc
+140
-139
No files found.
include/violite.h
View file @
34c3484f
...
...
@@ -108,7 +108,6 @@ my_bool vio_poll_read(Vio *vio,uint timeout);
#ifdef __cplusplus
}
#endif
#endif
/* vio_violite_h_ */
#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
#define vio_delete(vio) (vio)->viodelete(vio)
...
...
@@ -237,3 +236,4 @@ struct st_vio
#endif
/* HAVE_VIO */
};
#endif
/* EMBEDDED_LIBRARY */
#endif
/* vio_violite_h_ */
libmysqld/lib_sql.cc
View file @
34c3484f
...
...
@@ -19,13 +19,16 @@
#include "../regex/regex.h"
#include "my_sys.h"
/*
The following is needed to not cause conflicts when we include mysqld.cc
*/
#define main main1
#define mysql_unix_port mysql_inix_port1
#define mysql_port mysql_port1
#define net_read_timeout net_read_timeout1
#define net_write_timeout net_write_timeout1
#define changeable_vars changeable_vars1
//#define mysql_tmpdir mysql_tmpdir1
extern
"C"
{
...
...
@@ -36,38 +39,23 @@ extern "C"
class
THD
;
static
int
check_connections1
(
THD
*
thd
);
static
bool
check_user
(
THD
*
thd
,
enum_server_command
command
,
const
char
*
user
,
const
char
*
passwd
,
const
char
*
db
,
bool
check_count
);
static
int
check_connections2
(
THD
*
thd
);
extern
void
free_defaults
(
char
**
argv
);
void
free_defaults_internal
(
char
**
argv
){
if
(
argv
)
free_defaults
(
argv
);}
static
int
check_connections1
(
THD
*
thd
);
static
int
check_connections2
(
THD
*
thd
);
static
bool
check_user
(
THD
*
thd
,
enum_server_command
command
,
const
char
*
user
,
const
char
*
passwd
,
const
char
*
db
,
bool
check_count
);
void
free_defaults_internal
(
char
**
argv
)
{
if
(
argv
)
free_defaults
(
argv
);}
#define free_defaults free_defaults_internal
char
mysql_data_home
[
FN_REFLEN
];
char
*
get_mysql_data_home
()
{
return
mysql_data_home
;};
char
*
get_mysql_data_home
()
{
return
mysql_data_home
;
}
#define mysql_data_home mysql_data_home_internal
#include "../sql/mysqld.cc"
#define SCRAMBLE_LENGTH 8
extern
"C"
{
/*
void
free_defaults(char ** argv) {};
void
load_defaults(const char *, const char **, int *, char ***) {};
*/
char
*
get_mysql_home
(){
return
mysql_home
;};
char
*
get_mysql_real_data_home
(){
return
mysql_real_data_home
;};
char
*
get_mysql_home
(){
return
mysql_home
;};
char
*
get_mysql_real_data_home
(){
return
mysql_real_data_home
;};
bool
lib_dispatch_command
(
enum
enum_server_command
command
,
NET
*
net
,
...
...
@@ -83,9 +71,7 @@ bool lib_dispatch_command(enum enum_server_command command, NET *net,
}
void
lib_connection_phase
(
NET
*
net
,
int
phase
)
void
lib_connection_phase
(
NET
*
net
,
int
phase
)
{
THD
*
thd
;
thd
=
(
THD
*
)(
net
->
vio
->
dest_thd
);
...
...
@@ -99,7 +85,9 @@ lib_connection_phase(NET * net, int phase)
}
}
}
}
}
/* extern "C" */
void
start_embedded_conn1
(
NET
*
net
)
{
THD
*
thd
=
new
THD
;
...
...
@@ -660,16 +648,14 @@ void mysql_thread_end()
void
start_embedded_connection
(
NET
*
net
)
{
start_embedded_conn1
(
net
);
}
//====================================================================
start_embedded_conn1
(
net
);
}
}
/* extern "C" */
int
embedded_do_command
(
NET
*
net
)
{
THD
*
thd
=
(
THD
*
)
net
->
vio
;
do_command
(
thd
);
return
0
;
THD
*
thd
=
(
THD
*
)
net
->
vio
;
do_command
(
thd
);
return
0
;
}
sql/mysqld.cc
View file @
34c3484f
...
...
@@ -677,9 +677,7 @@ static sig_handler print_signal_warning(int sig)
void
unireg_end
(
int
signal_number
__attribute__
((
unused
)))
{
clean_up
();
#if defined(EMBEDDED_LIBRARY)
exit
(
0
);
// XXX QQ: this is a temporary hack (I hope)
#else
#ifndef EMBEDDED_LIBRARY
pthread_exit
(
0
);
// Exit is in main thread
#endif
}
...
...
sql/sql_acl.cc
View file @
34c3484f
...
...
@@ -205,17 +205,20 @@ int acl_init(bool dont_read_acl_tables)
user
.
password
=
get_field
(
&
mem
,
table
,
2
);
#ifdef HAVE_OPENSSL
DBUG_PRINT
(
"info"
,(
"table->fields=%d"
,
table
->
fields
));
if
(
table
->
fields
>=
21
)
{
/* From 4.0.0 we have more fields */
if
(
!
strcmp
(
get_field
(
&
mem
,
table
,
17
),
"ANY"
))
if
(
table
->
fields
>=
21
)
/* From 4.0.0 we have more fields */
{
char
*
ssl_type
=
get_field
(
&
mem
,
table
,
17
);
if
(
!
strcmp
(
ssl_type
,
"ANY"
))
user
.
ssl_type
=
SSL_TYPE_ANY
;
else
if
(
!
strcmp
(
get_field
(
&
mem
,
table
,
17
),
"X509"
))
else
if
(
!
strcmp
(
ssl_type
,
"X509"
))
user
.
ssl_type
=
SSL_TYPE_X509
;
else
if
(
!
strcmp
(
get_field
(
&
mem
,
table
,
17
),
"SPECIFIED"
))
else
if
(
!
strcmp
(
ssl_type
,
"SPECIFIED"
))
user
.
ssl_type
=
SSL_TYPE_SPECIFIED
;
else
user
.
ssl_type
=
SSL_TYPE_NONE
;
user
.
ssl_cipher
=
get_field
(
&
mem
,
table
,
18
);
user
.
x509_issuer
=
get_field
(
&
mem
,
table
,
19
);
user
.
x509_subject
=
get_field
(
&
mem
,
table
,
20
);
else
user
.
ssl_type
=
SSL_TYPE_NONE
;
user
.
ssl_cipher
=
get_field
(
&
mem
,
table
,
18
);
user
.
x509_issuer
=
get_field
(
&
mem
,
table
,
19
);
user
.
x509_subject
=
get_field
(
&
mem
,
table
,
20
);
}
#endif
/* HAVE_OPENSSL */
if
(
user
.
password
&&
(
length
=
(
uint
)
strlen
(
user
.
password
))
==
8
&&
...
...
@@ -447,82 +450,87 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
(
my_bool
)
old_ver
)))
{
#ifdef HAVE_OPENSSL
#define vio (thd->net.vio)
/* In this point we know that user is allowed to connect
* from given host by given username/password pair. Now
* we check if SSL is required, if user is using SSL and
* if X509 certificate attributes are OK
*/
Vio
*
vio
=
thd
->
net
.
vio
;
/*
In this point we know that user is allowed to connect
from given host by given username/password pair. Now
we check if SSL is required, if user is using SSL and
if X509 certificate attributes are OK
*/
switch
(
acl_user
->
ssl_type
)
{
case
SSL_TYPE_NONE
:
/* SSL is not required to connect */
user_access
=
acl_user
->
access
;
break
;
user_access
=
acl_user
->
access
;
break
;
case
SSL_TYPE_ANY
:
/* Any kind of SSL is good enough */
if
(
vio_type
(
vio
)
==
VIO_TYPE_SSL
)
user_access
=
acl_user
->
access
;
break
;
if
(
vio_type
(
vio
)
==
VIO_TYPE_SSL
)
user_access
=
acl_user
->
access
;
break
;
case
SSL_TYPE_X509
:
/* Client should have any valid certificate. */
/* Connections with non-valid certificates are dropped already
* in sslaccept() anyway, so we do not check validity here.
*/
if
(
SSL_get_peer_certificate
(
vio
->
ssl_
))
user_access
=
acl_user
->
access
;
break
;
case
SSL_TYPE_SPECIFIED
:
/* Client should have attributes as specified */
/* We do not check for absence of SSL because without SSL it does not
* pass all checks here anyway.
*/
/* If cipher name is specified, we compare it to actual cipher in use */
if
(
acl_user
->
ssl_cipher
)
DBUG_PRINT
(
"info"
,(
"comparing ciphers: '%s' and '%s'"
,
acl_user
->
ssl_cipher
,
SSL_get_cipher
(
vio
->
ssl_
)));
if
(
!
strcmp
(
acl_user
->
ssl_cipher
,
SSL_get_cipher
(
vio
->
ssl_
)))
user_access
=
acl_user
->
access
;
else
{
user_access
=
NO_ACCESS
;
break
;
}
/* Prepare certificate (if exists) */
DBUG_PRINT
(
"info"
,(
"checkpoint 1"
));
X509
*
cert
=
SSL_get_peer_certificate
(
vio
->
ssl_
);
DBUG_PRINT
(
"info"
,(
"checkpoint 2"
));
/* If X509 issuer is speified, we check it... */
if
(
acl_user
->
x509_issuer
)
{
DBUG_PRINT
(
"info"
,(
"checkpoint 3"
));
ptr
=
X509_NAME_oneline
(
X509_get_issuer_name
(
cert
),
0
,
0
);
DBUG_PRINT
(
"info"
,(
"comparing issuers: '%s' and '%s'"
,
acl_user
->
x509_issuer
,
ptr
));
if
(
!
strcmp
(
acl_user
->
x509_issuer
,
ptr
))
user_access
=
acl_user
->
access
;
else
{
user_access
=
NO_ACCESS
;
free
(
ptr
);
break
;
}
free
(
ptr
);
}
DBUG_PRINT
(
"info"
,(
"checkpoint 4"
));
/* X509 subject is specified, we check it .. */
if
(
acl_user
->
x509_subject
)
{
ptr
=
X509_NAME_oneline
(
X509_get_subject_name
(
cert
),
0
,
0
);
DBUG_PRINT
(
"info"
,(
"comparing subjects: '%s' and '%s'"
,
acl_user
->
x509_subject
,
ptr
));
if
(
!
strcmp
(
acl_user
->
x509_subject
,
ptr
))
user_access
=
acl_user
->
access
;
else
{
user_access
=
NO_ACCESS
;
free
(
ptr
);
break
;
}
free
(
ptr
);
}
DBUG_PRINT
(
"info"
,(
"checkpoint 5"
));
break
;
/*
Connections with non-valid certificates are dropped already
in sslaccept() anyway, so we do not check validity here.
*/
if
(
SSL_get_peer_certificate
(
vio
->
ssl_
))
user_access
=
acl_user
->
access
;
break
;
case
SSL_TYPE_SPECIFIED
:
/* Client should have specified attrib */
/*
We do not check for absence of SSL because without SSL it does
not pass all checks here anyway.
If cipher name is specified, we compare it to actual cipher in
use.
*/
if
(
acl_user
->
ssl_cipher
)
DBUG_PRINT
(
"info"
,(
"comparing ciphers: '%s' and '%s'"
,
acl_user
->
ssl_cipher
,
SSL_get_cipher
(
vio
->
ssl_
)));
if
(
!
strcmp
(
acl_user
->
ssl_cipher
,
SSL_get_cipher
(
vio
->
ssl_
)))
user_access
=
acl_user
->
access
;
else
{
user_access
=
NO_ACCESS
;
break
;
}
/* Prepare certificate (if exists) */
DBUG_PRINT
(
"info"
,(
"checkpoint 1"
));
X509
*
cert
=
SSL_get_peer_certificate
(
vio
->
ssl_
);
DBUG_PRINT
(
"info"
,(
"checkpoint 2"
));
/* If X509 issuer is speified, we check it... */
if
(
acl_user
->
x509_issuer
)
{
DBUG_PRINT
(
"info"
,(
"checkpoint 3"
));
ptr
=
X509_NAME_oneline
(
X509_get_issuer_name
(
cert
),
0
,
0
);
DBUG_PRINT
(
"info"
,(
"comparing issuers: '%s' and '%s'"
,
acl_user
->
x509_issuer
,
ptr
));
if
(
!
strcmp
(
acl_user
->
x509_issuer
,
ptr
))
user_access
=
acl_user
->
access
;
else
{
user_access
=
NO_ACCESS
;
free
(
ptr
);
break
;
}
free
(
ptr
);
}
DBUG_PRINT
(
"info"
,(
"checkpoint 4"
));
/* X509 subject is specified, we check it .. */
if
(
acl_user
->
x509_subject
)
{
ptr
=
X509_NAME_oneline
(
X509_get_subject_name
(
cert
),
0
,
0
);
DBUG_PRINT
(
"info"
,(
"comparing subjects: '%s' and '%s'"
,
acl_user
->
x509_subject
,
ptr
));
if
(
!
strcmp
(
acl_user
->
x509_subject
,
ptr
))
user_access
=
acl_user
->
access
;
else
{
user_access
=
NO_ACCESS
;
free
(
ptr
);
break
;
}
free
(
ptr
);
}
DBUG_PRINT
(
"info"
,(
"checkpoint 5"
));
break
;
}
DBUG_PRINT
(
"info"
,(
"checkpoint 6"
));
#else
/* HAVE_OPENSSL */
...
...
@@ -557,12 +565,10 @@ static byte* check_get_key(ACL_USER *buff,uint *length,
static
void
acl_update_user
(
const
char
*
user
,
const
char
*
host
,
const
char
*
password
,
#ifdef HAVE_OPENSSL
enum
SSL_type
ssl_type
,
const
char
*
ssl_cipher
,
const
char
*
x509_issuer
,
const
char
*
x509_subject
,
#endif
/* HAVE_OPENSSL */
uint
privileges
)
{
for
(
uint
i
=
0
;
i
<
acl_users
.
elements
;
i
++
)
...
...
@@ -601,12 +607,10 @@ static void acl_update_user(const char *user, const char *host,
static
void
acl_insert_user
(
const
char
*
user
,
const
char
*
host
,
const
char
*
password
,
#ifdef HAVE_OPENSSL
enum
SSL_type
ssl_type
,
const
char
*
ssl_cipher
,
const
char
*
x509_issuer
,
const
char
*
x509_subject
,
#endif
/* HAVE_OPENSSL */
uint
privileges
)
{
ACL_USER
acl_user
;
...
...
@@ -1158,37 +1162,35 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
rights
=
get_access
(
table
,
3
);
#ifdef HAVE_OPENSSL
/* We write down SSL related ACL stuff */
DBUG_PRINT
(
"info"
,(
"table->fields=%d"
,
table
->
fields
));
if
(
table
->
fields
>=
21
)
{
/* From 4.0.0 we have more fields */
switch
(
thd
->
lex
.
ssl_type
)
{
case
SSL_TYPE_ANY
:
table
->
field
[
17
]
->
store
(
"ANY"
,
3
);
table
->
field
[
18
]
->
store
(
""
,
0
);
table
->
field
[
19
]
->
store
(
""
,
0
);
table
->
field
[
20
]
->
store
(
""
,
0
);
break
;
case
SSL_TYPE_X509
:
table
->
field
[
17
]
->
store
(
"X509"
,
4
);
table
->
field
[
18
]
->
store
(
""
,
0
);
table
->
field
[
19
]
->
store
(
""
,
0
);
table
->
field
[
20
]
->
store
(
""
,
0
);
break
;
case
SSL_TYPE_SPECIFIED
:
table
->
field
[
17
]
->
store
(
"SPECIFIED"
,
9
);
if
(
thd
->
lex
.
ssl_cipher
)
table
->
field
[
18
]
->
store
(
thd
->
lex
.
ssl_cipher
,
strlen
(
thd
->
lex
.
ssl_cipher
));
if
(
thd
->
lex
.
x509_issuer
)
table
->
field
[
19
]
->
store
(
thd
->
lex
.
x509_issuer
,
strlen
(
thd
->
lex
.
x509_issuer
));
if
(
thd
->
lex
.
x509_subject
)
table
->
field
[
20
]
->
store
(
thd
->
lex
.
x509_subject
,
strlen
(
thd
->
lex
.
x509_subject
));
break
;
default:
table
->
field
[
17
]
->
store
(
"NONE"
,
4
);
table
->
field
[
18
]
->
store
(
""
,
0
);
table
->
field
[
19
]
->
store
(
""
,
0
);
table
->
field
[
20
]
->
store
(
""
,
0
);
}
DBUG_PRINT
(
"info"
,(
"table->fields=%d"
,
table
->
fields
));
if
(
table
->
fields
>=
21
)
/* From 4.0.0 we have more fields */
{
table
->
field
[
18
]
->
store
(
""
,
0
);
table
->
field
[
19
]
->
store
(
""
,
0
);
table
->
field
[
20
]
->
store
(
""
,
0
);
switch
(
thd
->
lex
.
ssl_type
)
{
case
SSL_TYPE_ANY
:
table
->
field
[
17
]
->
store
(
"ANY"
,
3
);
break
;
case
SSL_TYPE_X509
:
table
->
field
[
17
]
->
store
(
"X509"
,
4
);
break
;
case
SSL_TYPE_SPECIFIED
:
table
->
field
[
17
]
->
store
(
"SPECIFIED"
,
9
);
if
(
thd
->
lex
.
ssl_cipher
)
table
->
field
[
18
]
->
store
(
thd
->
lex
.
ssl_cipher
,
strlen
(
thd
->
lex
.
ssl_cipher
));
if
(
thd
->
lex
.
x509_issuer
)
table
->
field
[
19
]
->
store
(
thd
->
lex
.
x509_issuer
,
strlen
(
thd
->
lex
.
x509_issuer
));
if
(
thd
->
lex
.
x509_subject
)
table
->
field
[
20
]
->
store
(
thd
->
lex
.
x509_subject
,
strlen
(
thd
->
lex
.
x509_subject
));
break
;
default:
table
->
field
[
17
]
->
store
(
"NONE"
,
4
);
}
}
#endif
/* HAVE_OPENSSL */
if
(
old_row_exists
)
{
...
...
@@ -1216,7 +1218,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
}
error
=
0
;
// Privileges granted / revoked
end:
end:
if
(
!
error
)
{
acl_cache
->
clear
(
1
);
// Clear privilege cache
...
...
@@ -1224,22 +1226,18 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
password
=
0
;
// No password given on command
if
(
old_row_exists
)
acl_update_user
(
combo
.
user
.
str
,
combo
.
host
.
str
,
password
,
#ifdef HAVE_OPENSSL
thd
->
lex
.
ssl_type
,
thd
->
lex
.
ssl_cipher
,
thd
->
lex
.
x509_issuer
,
thd
->
lex
.
x509_subject
,
#endif
/* HAVE_OPENSSL */
rights
);
thd
->
lex
.
ssl_type
,
thd
->
lex
.
ssl_cipher
,
thd
->
lex
.
x509_issuer
,
thd
->
lex
.
x509_subject
,
rights
);
else
acl_insert_user
(
combo
.
user
.
str
,
combo
.
host
.
str
,
password
,
#ifdef HAVE_OPENSSL
thd
->
lex
.
ssl_type
,
thd
->
lex
.
ssl_cipher
,
thd
->
lex
.
x509_issuer
,
thd
->
lex
.
x509_subject
,
#endif
/* HAVE_OPENSSL */
rights
);
thd
->
lex
.
ssl_type
,
thd
->
lex
.
ssl_cipher
,
thd
->
lex
.
x509_issuer
,
thd
->
lex
.
x509_subject
,
rights
);
}
table
->
file
->
index_end
();
DBUG_RETURN
(
error
);
...
...
@@ -2591,30 +2589,33 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
global
.
append
(
'\''
);
}
#ifdef HAVE_OPENSSL
/* "show grants" SSL related stuff */
if
(
acl_user
->
ssl_type
==
SSL_TYPE_ANY
)
/* "show grants" SSL related stuff */
if
(
acl_user
->
ssl_type
==
SSL_TYPE_ANY
)
global
.
append
(
" REQUIRE SSL"
,
12
);
else
if
(
acl_user
->
ssl_type
==
SSL_TYPE_X509
)
else
if
(
acl_user
->
ssl_type
==
SSL_TYPE_X509
)
global
.
append
(
" REQUIRE X509"
,
13
);
else
if
(
acl_user
->
ssl_type
==
SSL_TYPE_SPECIFIED
)
else
if
(
acl_user
->
ssl_type
==
SSL_TYPE_SPECIFIED
)
{
global
.
append
(
" REQUIRE "
,
9
);
if
(
acl_user
->
x509_issuer
)
{
if
(
ssl_options
++
)
if
(
acl_user
->
x509_issuer
)
{
if
(
ssl_options
++
)
global
.
append
(
" AND "
,
5
);
global
.
append
(
"ISSUER
\"
"
,
8
);
global
.
append
(
acl_user
->
x509_issuer
,
strlen
(
acl_user
->
x509_issuer
));
global
.
append
(
"
\"
"
,
1
);
}
if
(
acl_user
->
x509_subject
)
{
if
(
ssl_options
++
)
if
(
acl_user
->
x509_subject
)
{
if
(
ssl_options
++
)
global
.
append
(
" AND "
,
5
);
global
.
append
(
"SUBJECT
\"
"
,
9
);
global
.
append
(
acl_user
->
x509_subject
,
strlen
(
acl_user
->
x509_subject
));
global
.
append
(
"
\"
"
,
1
);
}
if
(
acl_user
->
ssl_cipher
)
{
if
(
ssl_options
++
)
if
(
acl_user
->
ssl_cipher
)
{
if
(
ssl_options
++
)
global
.
append
(
" AND "
,
5
);
global
.
append
(
"CIPHER
\"
"
,
8
);
global
.
append
(
acl_user
->
ssl_cipher
,
strlen
(
acl_user
->
ssl_cipher
));
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
