Commit 98171959 authored by unknown's avatar unknown

Fix security bug. mysqld server without ssl support was completly

ignorant about ssl_type attribute


sql/sql_acl.cc:
  Now acl_getroot() honors ssl_type attribute even if we compile without openssl
BitKeeper/etc/logging_ok:
  Logging to logging@openlogging.org accepted
parent c6ea7bab
...@@ -20,6 +20,7 @@ bk@admin.bk ...@@ -20,6 +20,7 @@ bk@admin.bk
bk@mysql.r18.ru bk@mysql.r18.ru
carsten@tsort.bitbybit.dk carsten@tsort.bitbybit.dk
davida@isil.mysql.com davida@isil.mysql.com
dlenev@mysql.com
gluh@gluh.(none) gluh@gluh.(none)
gluh@gluh.mysql.r18.ru gluh@gluh.mysql.r18.ru
greg@mysql.com greg@mysql.com
......
...@@ -590,7 +590,6 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, ...@@ -590,7 +590,6 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
/* OK. User found and password checked continue validation */ /* OK. User found and password checked continue validation */
#ifdef HAVE_OPENSSL
{ {
Vio *vio=thd->net.vio; Vio *vio=thd->net.vio;
/* /*
...@@ -604,6 +603,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, ...@@ -604,6 +603,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
case SSL_TYPE_NONE: /* SSL is not required to connect */ case SSL_TYPE_NONE: /* SSL is not required to connect */
user_access=acl_user->access; user_access=acl_user->access;
break; break;
#ifdef HAVE_OPENSSL
case SSL_TYPE_ANY: /* Any kind of SSL is good enough */ case SSL_TYPE_ANY: /* Any kind of SSL is good enough */
if (vio_type(vio) == VIO_TYPE_SSL) if (vio_type(vio) == VIO_TYPE_SSL)
user_access=acl_user->access; user_access=acl_user->access;
...@@ -686,11 +686,17 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, ...@@ -686,11 +686,17 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
free(ptr); free(ptr);
} }
break; break;
}
}
#else /* HAVE_OPENSSL */ #else /* HAVE_OPENSSL */
user_access=acl_user->access; default:
/*
If we don't have SSL but SSL is required for this user the
authentication should fail.
*/
break;
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
}
}
*mqh=acl_user->user_resource; *mqh=acl_user->user_resource;
if (!acl_user->user) if (!acl_user->user)
*priv_user=(char*) ""; // Change to anonymous user /* purecov: inspected */ *priv_user=(char*) ""; // Change to anonymous user /* purecov: inspected */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment