Commit f194e401 authored by tonu@x153.internalnet's avatar tonu@x153.internalnet

OpenSSL work

parent 4194c075
......@@ -23299,6 +23299,7 @@ GRANT priv_type [(column_list)] [, priv_type [(column_list)] ...]
ON @{tbl_name | * | *.* | db_name.*@}
TO user_name [IDENTIFIED BY 'password']
[, user_name [IDENTIFIED BY 'password'] ...]
[REQUIRE @{SSL|X509@} [ISSUER issuer] [SUBJECT subject]]
[WITH GRANT OPTION]
REVOKE priv_type [(column_list)] [, priv_type [(column_list)] ...]
......@@ -29454,6 +29455,15 @@ The number of seconds the slave thread will sleep before retrying to
connect to the master in case the master goes down or the connection is
lost. Default is 60. (Example: @code{master-connect-retry=60})
@item @code{master-ssl} @tab
Turn SSL on (Example: @code{master-ssl})
@item @code{master-ssl-key} @tab
Master SSL keyfile name (Example: @code{master-ssl-key=SSL/master-key.pem})
@item @code{master-ssl-cert} @tab
Master SSL certificate file name (Example: @code{master-ssl-key=SSL/master-cert.pem})
@item @code{master-info-file=filename} @tab
The location of the file that remembers where we left off on the master
during the replication process. The default is master.info in the data
......@@ -5,5 +5,6 @@ cmd () {
$*
}
client/mysql --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/client-cert.pem --ssl-key=SSL/client-key.pem --debug='d:t:O,/tmp/client.trace' -h 127.0.0.1 --execute="select version()"
client/mysql --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/client-cert.pem --ssl-key=SSL/client-key.pem --debug='d:t:O,/tmp/client.trace' -h 127.0.0.1 -u root
#--execute="select version();show status"
......@@ -5,5 +5,5 @@ cmd () {
$*
}
cmd sql/mysqld --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --skip-grant --debug='d:t:O,/tmp/mysqld.trace' >& /tmp/mysqld.output
cmd sql/mysqld --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --debug='d:t:O,/tmp/mysqld.trace' -uroot >& /tmp/mysqld.output
......@@ -29,6 +29,7 @@
#if defined (READLINE_CALLBACKS)
#include <stdlib.h>
#include <sys/types.h>
#include <stdio.h>
......
......@@ -704,10 +704,10 @@ void clean_up(bool print_message)
end_raid();
#endif
#ifdef HAVE_OPENSSL
my_free(opt_ssl_key,MYF(0));
my_free(opt_ssl_cert,MYF(0));
my_free(opt_ssl_ca,MYF(0));
my_free(opt_ssl_capath,MYF(0));
my_free(opt_ssl_key,MYF(MY_ALLOW_ZERO_PTR));
my_free(opt_ssl_cert,MYF(MY_ALLOW_ZERO_PTR));
my_free(opt_ssl_ca,MYF(MY_ALLOW_ZERO_PTR));
my_free(opt_ssl_capath,MYF(MY_ALLOW_ZERO_PTR));
opt_ssl_key=opt_ssl_cert=opt_ssl_ca=opt_ssl_capath=0;
#endif /* HAVE_OPENSSL */
free_defaults(defaults_argv);
......
......@@ -61,6 +61,7 @@ class ACL_USER :public ACL_ACCESS
uint hostname_length;
char *user,*password;
ulong salt[2];
char *ssl_type, *ssl_cipher, *ssl_issuer, *ssl_subject;
};
class ACL_DB :public ACL_ACCESS
......@@ -199,6 +200,10 @@ int acl_init(bool dont_read_acl_tables)
update_hostname(&user.host,get_field(&mem, table,0));
user.user=get_field(&mem, table,1);
user.password=get_field(&mem, table,2);
user.ssl_type=get_field(&mem, table,17);
user.ssl_cipher=get_field(&mem, table,18);
user.ssl_issuer=get_field(&mem, table,19);
user.ssl_subject=get_field(&mem, table,20);
if (user.password && (length=(uint) strlen(user.password)) == 8 &&
protocol_version == PROTOCOL_VERSION)
{
......@@ -2312,7 +2317,7 @@ uint get_column_grant(THD *thd, TABLE_LIST *table, Field *field)
static const char *command_array[]=
{"SELECT", "INSERT","UPDATE","DELETE","CREATE", "DROP","RELOAD","SHUTDOWN",
"PROCESS","FILE","GRANT","REFERENCES","INDEX","ALTER"};
static int command_lengths[]={6,6,6,6,6,4,6,8,7,4,5,9,5,5};
static int command_lengths[]={6,6,6,6,6,4,6,8,7,4,5,10,5,5};
int mysql_show_grants(THD *thd,LEX_USER *lex_user)
{
......@@ -2320,7 +2325,7 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
int error = 0;
ACL_USER *acl_user; ACL_DB *acl_db;
char buff[1024];
DBUG_ENTER("mysql_grant");
DBUG_ENTER("mysql_show_grants");
LINT_INIT(acl_user);
if (!initialized)
......@@ -2411,6 +2416,30 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
global.append(passd_buff);
global.append('\'');
}
/* SSL grant stuff */
DBUG_PRINT("info",("acl_user->ssl_type=%s",acl_user->ssl_type));
DBUG_PRINT("info",("acl_user->ssl_cipher=%s",acl_user->ssl_cipher));
DBUG_PRINT("info",("acl_user->ssl_subject=%s",acl_user->ssl_subject));
DBUG_PRINT("info",("acl_user->ssl_issuer=%s",acl_user->ssl_issuer));
if(acl_user->ssl_type) {
if(!strcmp(acl_user->ssl_type,"ssl"))
global.append(" REQUIRE SSL",12);
else if(!strcmp(acl_user->ssl_type,"x509"))
{
global.append(" REQUIRE X509 ",14);
if(acl_user->ssl_issuer) {
global.append("SUBJECT \"",9);
global.append(acl_user->ssl_issuer,strlen(acl_user->ssl_issuer));
global.append("\"",1);
}
if(acl_user->ssl_subject) {
global.append("ISSUER \"",8);
global.append(acl_user->ssl_subject,strlen(acl_user->ssl_subject));
global.append("\"",1);
}
}
}
if (want_access & GRANT_ACL)
global.append(" WITH GRANT OPTION",18);
thd->packet.length(0);
......
......@@ -143,6 +143,7 @@ int vio_blocking(Vio * vio, my_bool set_blocking_mode)
DBUG_ENTER("vio_blocking");
DBUG_PRINT("enter", ("set_blocking_mode: %d", (int) set_blocking_mode));
#if !defined(HAVE_OPENSSL)
#if !defined(___WIN__) && !defined(__EMX__)
#if !defined(NO_FCNTL_NONBLOCK)
......@@ -178,6 +179,8 @@ int vio_blocking(Vio * vio, my_bool set_blocking_mode)
r = ioctlsocket(vio->sd,FIONBIO,(void*) &arg, sizeof(arg));
}
#endif /* !defined(__WIN__) && !defined(__EMX__) */
#endif /* !defined (HAVE_OPENSSL) */
DBUG_PRINT("exit", ("return %d", r));
DBUG_RETURN(r);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment