OpenSSL work

readline/callback.c: warning removed sql/mysqld.cc: Warning removed abut freeing zero pointer

OpenSSL work
readline/callback.c: warning removed sql/mysqld.cc: Warning removed abut freeing zero pointer
8fb4d6bb · unknown · d63159b0 · 8fb4d6bb · 8fb4d6bb · 8fb4d6bb
Commit 8fb4d6bb authored Aug 30, 2001 by unknown
7 changed files
--- a/Docs/manual.texi
+++ b/Docs/manual.texi
@@ -23299,6 +23299,7 @@ GRANT priv_type [(column_list)] [, priv_type [(column_list)] ...]
    ON @{tbl_name | * | *.* | db_name.*@}
    TO user_name [IDENTIFIED BY 'password']
        [, user_name [IDENTIFIED BY 'password'] ...]
+    [REQUIRE @{SSL|X509@} [ISSUER issuer] [SUBJECT subject]]
    [WITH GRANT OPTION]
 REVOKE priv_type [(column_list)] [, priv_type [(column_list)] ...]
@@ -29454,6 +29455,15 @@ The number of seconds the slave thread will sleep before retrying to
 connect to the master in case the master goes down or the connection is
 lost.  Default is 60.  (Example: @code{master-connect-retry=60})
+@item @code{master-ssl} @tab
+Turn SSL on (Example: @code{master-ssl})
+@item @code{master-ssl-key} @tab
+Master SSL keyfile name (Example: @code{master-ssl-key=SSL/master-key.pem})
+@item @code{master-ssl-cert} @tab
+Master SSL certificate file name (Example: @code{master-ssl-key=SSL/master-cert.pem})
 @item @code{master-info-file=filename} @tab
 The location of the file that remembers where we left off on the master
 during the replication process. The default is master.info in the data
--- a/SSL/run-client
+++ b/SSL/run-client
@@ -5,5 +5,6 @@ cmd () {
 	$*
 }
-client/mysql --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/client-cert.pem --ssl-key=SSL/client-key.pem --debug='d:t:O,/tmp/client.trace' -h 127.0.0.1 --execute="select version()"
+client/mysql --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/client-cert.pem --ssl-key=SSL/client-key.pem --debug='d:t:O,/tmp/client.trace' -h 127.0.0.1 -u root
+#--execute="select version();show status"
--- a/SSL/run-server
+++ b/SSL/run-server
@@ -5,5 +5,5 @@ cmd () {
 	$*
 }
-cmd sql/mysqld --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --skip-grant --debug='d:t:O,/tmp/mysqld.trace' >& /tmp/mysqld.output
+cmd sql/mysqld --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --debug='d:t:O,/tmp/mysqld.trace' -uroot >& /tmp/mysqld.output
--- a/readline/callback.c
+++ b/readline/callback.c
@@ -29,6 +29,7 @@
 #if defined (READLINE_CALLBACKS)
+#include <stdlib.h>
 #include <sys/types.h>
 #include <stdio.h>

--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -704,10 +704,10 @@ void clean_up(bool print_message)
  end_raid();
 #endif
 #ifdef HAVE_OPENSSL
-  my_free(opt_ssl_key,MYF(0));
+  my_free(opt_ssl_key,MYF(MY_ALLOW_ZERO_PTR));
-  my_free(opt_ssl_cert,MYF(0));
+  my_free(opt_ssl_cert,MYF(MY_ALLOW_ZERO_PTR));
-  my_free(opt_ssl_ca,MYF(0));
+  my_free(opt_ssl_ca,MYF(MY_ALLOW_ZERO_PTR));
-  my_free(opt_ssl_capath,MYF(0));
+  my_free(opt_ssl_capath,MYF(MY_ALLOW_ZERO_PTR));
  opt_ssl_key=opt_ssl_cert=opt_ssl_ca=opt_ssl_capath=0;
 #endif /* HAVE_OPENSSL */
  free_defaults(defaults_argv);

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -61,6 +61,7 @@ class ACL_USER :public ACL_ACCESS
  uint hostname_length;
  char *user,*password;
  ulong salt[2];
+  char *ssl_type, *ssl_cipher, *ssl_issuer, *ssl_subject;
 };
 class ACL_DB :public ACL_ACCESS
@@ -199,6 +200,10 @@ int  acl_init(bool dont_read_acl_tables)
    update_hostname(&user.host,get_field(&mem, table,0));
    user.user=get_field(&mem, table,1);
    user.password=get_field(&mem, table,2);
+    user.ssl_type=get_field(&mem, table,17);
+    user.ssl_cipher=get_field(&mem, table,18);
+    user.ssl_issuer=get_field(&mem, table,19);
+    user.ssl_subject=get_field(&mem, table,20);
    if (user.password && (length=(uint) strlen(user.password)) == 8 &&
 	protocol_version == PROTOCOL_VERSION)
    {
@@ -2312,7 +2317,7 @@ uint get_column_grant(THD *thd, TABLE_LIST *table, Field *field)
 static const char *command_array[]=
 {"SELECT", "INSERT","UPDATE","DELETE","CREATE", "DROP","RELOAD","SHUTDOWN",
 "PROCESS","FILE","GRANT","REFERENCES","INDEX","ALTER"};
-static int command_lengths[]={6,6,6,6,6,4,6,8,7,4,5,9,5,5};
+static int command_lengths[]={6,6,6,6,6,4,6,8,7,4,5,10,5,5};
 int mysql_show_grants(THD *thd,LEX_USER *lex_user) 
 {
@@ -2320,7 +2325,7 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
  int  error = 0;
  ACL_USER *acl_user; ACL_DB *acl_db;
  char buff[1024];
-  DBUG_ENTER("mysql_grant");
+  DBUG_ENTER("mysql_show_grants");
  LINT_INIT(acl_user);
  if (!initialized)
@@ -2411,6 +2416,30 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
      global.append(passd_buff);
      global.append('\'');
    }
+/* SSL grant stuff */
+    DBUG_PRINT("info",("acl_user->ssl_type=%s",acl_user->ssl_type));
+    DBUG_PRINT("info",("acl_user->ssl_cipher=%s",acl_user->ssl_cipher));
+    DBUG_PRINT("info",("acl_user->ssl_subject=%s",acl_user->ssl_subject));
+    DBUG_PRINT("info",("acl_user->ssl_issuer=%s",acl_user->ssl_issuer));
+    if(acl_user->ssl_type) {
+      if(!strcmp(acl_user->ssl_type,"ssl"))
+        global.append(" REQUIRE SSL",12);
+      else if(!strcmp(acl_user->ssl_type,"x509"))       
+      {
+        global.append(" REQUIRE X509 ",14);
+	if(acl_user->ssl_issuer) {
+          global.append("SUBJECT \"",9);
+          global.append(acl_user->ssl_issuer,strlen(acl_user->ssl_issuer));
+          global.append("\"",1);
+	}
+	if(acl_user->ssl_subject) {
+          global.append("ISSUER \"",8);
+          global.append(acl_user->ssl_subject,strlen(acl_user->ssl_subject));
+          global.append("\"",1);
+	}
+      }
+    }
    if (want_access & GRANT_ACL)
      global.append(" WITH GRANT OPTION",18); 
    thd->packet.length(0);

--- a/vio/viosocket.c
+++ b/vio/viosocket.c
@@ -143,6 +143,7 @@ int vio_blocking(Vio * vio, my_bool set_blocking_mode)
  DBUG_ENTER("vio_blocking");
  DBUG_PRINT("enter", ("set_blocking_mode: %d", (int) set_blocking_mode));
+#if !defined(HAVE_OPENSSL)
 #if !defined(___WIN__) && !defined(__EMX__)
 #if !defined(NO_FCNTL_NONBLOCK)
@@ -178,6 +179,8 @@ int vio_blocking(Vio * vio, my_bool set_blocking_mode)
      r = ioctlsocket(vio->sd,FIONBIO,(void*) &arg, sizeof(arg));
  }
 #endif /* !defined(__WIN__) && !defined(__EMX__) */
+#endif /* !defined (HAVE_OPENSSL) */ 
+  DBUG_PRINT("exit", ("return %d", r));
  DBUG_RETURN(r);
 }