Commit 98171959 authored by unknown's avatar unknown

Fix security bug. mysqld server without ssl support was completly

ignorant about ssl_type attribute


sql/sql_acl.cc:
  Now acl_getroot() honors ssl_type attribute even if we compile without openssl
BitKeeper/etc/logging_ok:
  Logging to logging@openlogging.org accepted
parent c6ea7bab
......@@ -20,6 +20,7 @@ bk@admin.bk
bk@mysql.r18.ru
carsten@tsort.bitbybit.dk
davida@isil.mysql.com
dlenev@mysql.com
gluh@gluh.(none)
gluh@gluh.mysql.r18.ru
greg@mysql.com
......
......@@ -590,7 +590,6 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
/* OK. User found and password checked continue validation */
#ifdef HAVE_OPENSSL
{
Vio *vio=thd->net.vio;
/*
......@@ -604,6 +603,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
case SSL_TYPE_NONE: /* SSL is not required to connect */
user_access=acl_user->access;
break;
#ifdef HAVE_OPENSSL
case SSL_TYPE_ANY: /* Any kind of SSL is good enough */
if (vio_type(vio) == VIO_TYPE_SSL)
user_access=acl_user->access;
......@@ -686,11 +686,17 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
free(ptr);
}
break;
}
}
#else /* HAVE_OPENSSL */
user_access=acl_user->access;
default:
/*
If we don't have SSL but SSL is required for this user the
authentication should fail.
*/
break;
#endif /* HAVE_OPENSSL */
}
}
*mqh=acl_user->user_resource;
if (!acl_user->user)
*priv_user=(char*) ""; // Change to anonymous user /* purecov: inspected */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment