Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
34c3484f
Commit
34c3484f
authored
Sep 30, 2001
by
monty@hundin.mysql.fi
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixes to get openssl code to compile
parent
d22bf7e3
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
166 additions
and
181 deletions
+166
-181
include/violite.h
include/violite.h
+1
-1
libmysqld/lib_sql.cc
libmysqld/lib_sql.cc
+24
-38
sql/mysqld.cc
sql/mysqld.cc
+1
-3
sql/sql_acl.cc
sql/sql_acl.cc
+140
-139
No files found.
include/violite.h
View file @
34c3484f
...
@@ -108,7 +108,6 @@ my_bool vio_poll_read(Vio *vio,uint timeout);
...
@@ -108,7 +108,6 @@ my_bool vio_poll_read(Vio *vio,uint timeout);
#ifdef __cplusplus
#ifdef __cplusplus
}
}
#endif
#endif
#endif
/* vio_violite_h_ */
#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
#define vio_delete(vio) (vio)->viodelete(vio)
#define vio_delete(vio) (vio)->viodelete(vio)
...
@@ -237,3 +236,4 @@ struct st_vio
...
@@ -237,3 +236,4 @@ struct st_vio
#endif
/* HAVE_VIO */
#endif
/* HAVE_VIO */
};
};
#endif
/* EMBEDDED_LIBRARY */
#endif
/* EMBEDDED_LIBRARY */
#endif
/* vio_violite_h_ */
libmysqld/lib_sql.cc
View file @
34c3484f
...
@@ -19,13 +19,16 @@
...
@@ -19,13 +19,16 @@
#include "../regex/regex.h"
#include "../regex/regex.h"
#include "my_sys.h"
#include "my_sys.h"
/*
The following is needed to not cause conflicts when we include mysqld.cc
*/
#define main main1
#define main main1
#define mysql_unix_port mysql_inix_port1
#define mysql_unix_port mysql_inix_port1
#define mysql_port mysql_port1
#define mysql_port mysql_port1
#define net_read_timeout net_read_timeout1
#define net_read_timeout net_read_timeout1
#define net_write_timeout net_write_timeout1
#define net_write_timeout net_write_timeout1
#define changeable_vars changeable_vars1
#define changeable_vars changeable_vars1
//#define mysql_tmpdir mysql_tmpdir1
extern
"C"
extern
"C"
{
{
...
@@ -36,38 +39,23 @@ extern "C"
...
@@ -36,38 +39,23 @@ extern "C"
class
THD
;
class
THD
;
static
int
static
int
check_connections1
(
THD
*
thd
);
check_connections1
(
THD
*
thd
);
static
int
check_connections2
(
THD
*
thd
);
static
bool
check_user
(
THD
*
thd
,
enum_server_command
command
,
static
bool
const
char
*
user
,
const
char
*
passwd
,
const
char
*
db
,
check_user
(
THD
*
thd
,
enum_server_command
command
,
const
char
*
user
,
const
char
*
passwd
,
const
char
*
db
,
bool
check_count
);
bool
check_count
);
void
free_defaults_internal
(
char
**
argv
)
{
if
(
argv
)
free_defaults
(
argv
);}
static
int
check_connections2
(
THD
*
thd
);
extern
void
free_defaults
(
char
**
argv
);
void
free_defaults_internal
(
char
**
argv
){
if
(
argv
)
free_defaults
(
argv
);}
#define free_defaults free_defaults_internal
#define free_defaults free_defaults_internal
char
mysql_data_home
[
FN_REFLEN
];
char
mysql_data_home
[
FN_REFLEN
];
char
*
get_mysql_data_home
()
{
return
mysql_data_home
;};
char
*
get_mysql_data_home
()
{
return
mysql_data_home
;
}
#define mysql_data_home mysql_data_home_internal
#define mysql_data_home mysql_data_home_internal
#include "../sql/mysqld.cc"
#include "../sql/mysqld.cc"
#define SCRAMBLE_LENGTH 8
#define SCRAMBLE_LENGTH 8
extern
"C"
{
extern
"C"
{
char
*
get_mysql_home
(){
return
mysql_home
;};
/*
char
*
get_mysql_real_data_home
(){
return
mysql_real_data_home
;};
void
free_defaults(char ** argv) {};
void
load_defaults(const char *, const char **, int *, char ***) {};
*/
char
*
get_mysql_home
(){
return
mysql_home
;};
char
*
get_mysql_real_data_home
(){
return
mysql_real_data_home
;};
bool
lib_dispatch_command
(
enum
enum_server_command
command
,
NET
*
net
,
bool
lib_dispatch_command
(
enum
enum_server_command
command
,
NET
*
net
,
...
@@ -83,9 +71,7 @@ bool lib_dispatch_command(enum enum_server_command command, NET *net,
...
@@ -83,9 +71,7 @@ bool lib_dispatch_command(enum enum_server_command command, NET *net,
}
}
void
lib_connection_phase
(
NET
*
net
,
int
phase
)
void
lib_connection_phase
(
NET
*
net
,
int
phase
)
{
{
THD
*
thd
;
THD
*
thd
;
thd
=
(
THD
*
)(
net
->
vio
->
dest_thd
);
thd
=
(
THD
*
)(
net
->
vio
->
dest_thd
);
...
@@ -99,7 +85,9 @@ lib_connection_phase(NET * net, int phase)
...
@@ -99,7 +85,9 @@ lib_connection_phase(NET * net, int phase)
}
}
}
}
}
}
}
}
/* extern "C" */
void
start_embedded_conn1
(
NET
*
net
)
void
start_embedded_conn1
(
NET
*
net
)
{
{
THD
*
thd
=
new
THD
;
THD
*
thd
=
new
THD
;
...
@@ -662,14 +650,12 @@ void start_embedded_connection(NET * net)
...
@@ -662,14 +650,12 @@ void start_embedded_connection(NET * net)
{
{
start_embedded_conn1
(
net
);
start_embedded_conn1
(
net
);
}
}
//====================================================================
}
}
/* extern "C" */
int
embedded_do_command
(
NET
*
net
)
int
embedded_do_command
(
NET
*
net
)
{
{
THD
*
thd
=
(
THD
*
)
net
->
vio
;
THD
*
thd
=
(
THD
*
)
net
->
vio
;
do_command
(
thd
);
do_command
(
thd
);
return
0
;
return
0
;
}
}
sql/mysqld.cc
View file @
34c3484f
...
@@ -677,9 +677,7 @@ static sig_handler print_signal_warning(int sig)
...
@@ -677,9 +677,7 @@ static sig_handler print_signal_warning(int sig)
void
unireg_end
(
int
signal_number
__attribute__
((
unused
)))
void
unireg_end
(
int
signal_number
__attribute__
((
unused
)))
{
{
clean_up
();
clean_up
();
#if defined(EMBEDDED_LIBRARY)
#ifndef EMBEDDED_LIBRARY
exit
(
0
);
// XXX QQ: this is a temporary hack (I hope)
#else
pthread_exit
(
0
);
// Exit is in main thread
pthread_exit
(
0
);
// Exit is in main thread
#endif
#endif
}
}
...
...
sql/sql_acl.cc
View file @
34c3484f
...
@@ -205,17 +205,20 @@ int acl_init(bool dont_read_acl_tables)
...
@@ -205,17 +205,20 @@ int acl_init(bool dont_read_acl_tables)
user
.
password
=
get_field
(
&
mem
,
table
,
2
);
user
.
password
=
get_field
(
&
mem
,
table
,
2
);
#ifdef HAVE_OPENSSL
#ifdef HAVE_OPENSSL
DBUG_PRINT
(
"info"
,(
"table->fields=%d"
,
table
->
fields
));
DBUG_PRINT
(
"info"
,(
"table->fields=%d"
,
table
->
fields
));
if
(
table
->
fields
>=
21
)
{
/* From 4.0.0 we have more fields */
if
(
table
->
fields
>=
21
)
/* From 4.0.0 we have more fields */
if
(
!
strcmp
(
get_field
(
&
mem
,
table
,
17
),
"ANY"
))
{
char
*
ssl_type
=
get_field
(
&
mem
,
table
,
17
);
if
(
!
strcmp
(
ssl_type
,
"ANY"
))
user
.
ssl_type
=
SSL_TYPE_ANY
;
user
.
ssl_type
=
SSL_TYPE_ANY
;
else
if
(
!
strcmp
(
get_field
(
&
mem
,
table
,
17
),
"X509"
))
else
if
(
!
strcmp
(
ssl_type
,
"X509"
))
user
.
ssl_type
=
SSL_TYPE_X509
;
user
.
ssl_type
=
SSL_TYPE_X509
;
else
if
(
!
strcmp
(
get_field
(
&
mem
,
table
,
17
),
"SPECIFIED"
))
else
if
(
!
strcmp
(
ssl_type
,
"SPECIFIED"
))
user
.
ssl_type
=
SSL_TYPE_SPECIFIED
;
user
.
ssl_type
=
SSL_TYPE_SPECIFIED
;
else
user
.
ssl_type
=
SSL_TYPE_NONE
;
else
user
.
ssl_cipher
=
get_field
(
&
mem
,
table
,
18
);
user
.
ssl_type
=
SSL_TYPE_NONE
;
user
.
x509_issuer
=
get_field
(
&
mem
,
table
,
19
);
user
.
ssl_cipher
=
get_field
(
&
mem
,
table
,
18
);
user
.
x509_subject
=
get_field
(
&
mem
,
table
,
20
);
user
.
x509_issuer
=
get_field
(
&
mem
,
table
,
19
);
user
.
x509_subject
=
get_field
(
&
mem
,
table
,
20
);
}
}
#endif
/* HAVE_OPENSSL */
#endif
/* HAVE_OPENSSL */
if
(
user
.
password
&&
(
length
=
(
uint
)
strlen
(
user
.
password
))
==
8
&&
if
(
user
.
password
&&
(
length
=
(
uint
)
strlen
(
user
.
password
))
==
8
&&
...
@@ -447,36 +450,41 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
...
@@ -447,36 +450,41 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
(
my_bool
)
old_ver
)))
(
my_bool
)
old_ver
)))
{
{
#ifdef HAVE_OPENSSL
#ifdef HAVE_OPENSSL
#define vio (thd->net.vio)
Vio
*
vio
=
thd
->
net
.
vio
;
/* In this point we know that user is allowed to connect
/*
* from given host by given username/password pair. Now
In this point we know that user is allowed to connect
* we check if SSL is required, if user is using SSL and
from given host by given username/password pair. Now
* if X509 certificate attributes are OK
we check if SSL is required, if user is using SSL and
if X509 certificate attributes are OK
*/
*/
switch
(
acl_user
->
ssl_type
)
{
switch
(
acl_user
->
ssl_type
)
{
case
SSL_TYPE_NONE
:
/* SSL is not required to connect */
case
SSL_TYPE_NONE
:
/* SSL is not required to connect */
user_access
=
acl_user
->
access
;
user_access
=
acl_user
->
access
;
break
;
break
;
case
SSL_TYPE_ANY
:
/* Any kind of SSL is good enough */
case
SSL_TYPE_ANY
:
/* Any kind of SSL is good enough */
if
(
vio_type
(
vio
)
==
VIO_TYPE_SSL
)
if
(
vio_type
(
vio
)
==
VIO_TYPE_SSL
)
user_access
=
acl_user
->
access
;
user_access
=
acl_user
->
access
;
break
;
break
;
case
SSL_TYPE_X509
:
/* Client should have any valid certificate. */
case
SSL_TYPE_X509
:
/* Client should have any valid certificate. */
/* Connections with non-valid certificates are dropped already
/*
* in sslaccept() anyway, so we do not check validity here.
Connections with non-valid certificates are dropped already
in sslaccept() anyway, so we do not check validity here.
*/
*/
if
(
SSL_get_peer_certificate
(
vio
->
ssl_
))
if
(
SSL_get_peer_certificate
(
vio
->
ssl_
))
user_access
=
acl_user
->
access
;
user_access
=
acl_user
->
access
;
break
;
break
;
case
SSL_TYPE_SPECIFIED
:
/* Client should have attributes as specified */
case
SSL_TYPE_SPECIFIED
:
/* Client should have specified attrib */
/* We do not check for absence of SSL because without SSL it does not
/*
* pass all checks here anyway.
We do not check for absence of SSL because without SSL it does
not pass all checks here anyway.
If cipher name is specified, we compare it to actual cipher in
use.
*/
*/
/* If cipher name is specified, we compare it to actual cipher in use */
if
(
acl_user
->
ssl_cipher
)
if
(
acl_user
->
ssl_cipher
)
DBUG_PRINT
(
"info"
,(
"comparing ciphers: '%s' and '%s'"
,
DBUG_PRINT
(
"info"
,(
"comparing ciphers: '%s' and '%s'"
,
acl_user
->
ssl_cipher
,
SSL_get_cipher
(
vio
->
ssl_
)));
acl_user
->
ssl_cipher
,
if
(
!
strcmp
(
acl_user
->
ssl_cipher
,
SSL_get_cipher
(
vio
->
ssl_
)))
SSL_get_cipher
(
vio
->
ssl_
)));
if
(
!
strcmp
(
acl_user
->
ssl_cipher
,
SSL_get_cipher
(
vio
->
ssl_
)))
user_access
=
acl_user
->
access
;
user_access
=
acl_user
->
access
;
else
else
{
{
...
@@ -488,13 +496,13 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
...
@@ -488,13 +496,13 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
X509
*
cert
=
SSL_get_peer_certificate
(
vio
->
ssl_
);
X509
*
cert
=
SSL_get_peer_certificate
(
vio
->
ssl_
);
DBUG_PRINT
(
"info"
,(
"checkpoint 2"
));
DBUG_PRINT
(
"info"
,(
"checkpoint 2"
));
/* If X509 issuer is speified, we check it... */
/* If X509 issuer is speified, we check it... */
if
(
acl_user
->
x509_issuer
)
if
(
acl_user
->
x509_issuer
)
{
{
DBUG_PRINT
(
"info"
,(
"checkpoint 3"
));
DBUG_PRINT
(
"info"
,(
"checkpoint 3"
));
ptr
=
X509_NAME_oneline
(
X509_get_issuer_name
(
cert
),
0
,
0
);
ptr
=
X509_NAME_oneline
(
X509_get_issuer_name
(
cert
),
0
,
0
);
DBUG_PRINT
(
"info"
,(
"comparing issuers: '%s' and '%s'"
,
DBUG_PRINT
(
"info"
,(
"comparing issuers: '%s' and '%s'"
,
acl_user
->
x509_issuer
,
ptr
));
acl_user
->
x509_issuer
,
ptr
));
if
(
!
strcmp
(
acl_user
->
x509_issuer
,
ptr
))
if
(
!
strcmp
(
acl_user
->
x509_issuer
,
ptr
))
user_access
=
acl_user
->
access
;
user_access
=
acl_user
->
access
;
else
else
{
{
...
@@ -506,12 +514,12 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
...
@@ -506,12 +514,12 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
}
}
DBUG_PRINT
(
"info"
,(
"checkpoint 4"
));
DBUG_PRINT
(
"info"
,(
"checkpoint 4"
));
/* X509 subject is specified, we check it .. */
/* X509 subject is specified, we check it .. */
if
(
acl_user
->
x509_subject
)
if
(
acl_user
->
x509_subject
)
{
{
ptr
=
X509_NAME_oneline
(
X509_get_subject_name
(
cert
),
0
,
0
);
ptr
=
X509_NAME_oneline
(
X509_get_subject_name
(
cert
),
0
,
0
);
DBUG_PRINT
(
"info"
,(
"comparing subjects: '%s' and '%s'"
,
DBUG_PRINT
(
"info"
,(
"comparing subjects: '%s' and '%s'"
,
acl_user
->
x509_subject
,
ptr
));
acl_user
->
x509_subject
,
ptr
));
if
(
!
strcmp
(
acl_user
->
x509_subject
,
ptr
))
if
(
!
strcmp
(
acl_user
->
x509_subject
,
ptr
))
user_access
=
acl_user
->
access
;
user_access
=
acl_user
->
access
;
else
else
{
{
...
@@ -557,12 +565,10 @@ static byte* check_get_key(ACL_USER *buff,uint *length,
...
@@ -557,12 +565,10 @@ static byte* check_get_key(ACL_USER *buff,uint *length,
static
void
acl_update_user
(
const
char
*
user
,
const
char
*
host
,
static
void
acl_update_user
(
const
char
*
user
,
const
char
*
host
,
const
char
*
password
,
const
char
*
password
,
#ifdef HAVE_OPENSSL
enum
SSL_type
ssl_type
,
enum
SSL_type
ssl_type
,
const
char
*
ssl_cipher
,
const
char
*
ssl_cipher
,
const
char
*
x509_issuer
,
const
char
*
x509_issuer
,
const
char
*
x509_subject
,
const
char
*
x509_subject
,
#endif
/* HAVE_OPENSSL */
uint
privileges
)
uint
privileges
)
{
{
for
(
uint
i
=
0
;
i
<
acl_users
.
elements
;
i
++
)
for
(
uint
i
=
0
;
i
<
acl_users
.
elements
;
i
++
)
...
@@ -601,12 +607,10 @@ static void acl_update_user(const char *user, const char *host,
...
@@ -601,12 +607,10 @@ static void acl_update_user(const char *user, const char *host,
static
void
acl_insert_user
(
const
char
*
user
,
const
char
*
host
,
static
void
acl_insert_user
(
const
char
*
user
,
const
char
*
host
,
const
char
*
password
,
const
char
*
password
,
#ifdef HAVE_OPENSSL
enum
SSL_type
ssl_type
,
enum
SSL_type
ssl_type
,
const
char
*
ssl_cipher
,
const
char
*
ssl_cipher
,
const
char
*
x509_issuer
,
const
char
*
x509_issuer
,
const
char
*
x509_subject
,
const
char
*
x509_subject
,
#endif
/* HAVE_OPENSSL */
uint
privileges
)
uint
privileges
)
{
{
ACL_USER
acl_user
;
ACL_USER
acl_user
;
...
@@ -1159,34 +1163,32 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
...
@@ -1159,34 +1163,32 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
#ifdef HAVE_OPENSSL
#ifdef HAVE_OPENSSL
/* We write down SSL related ACL stuff */
/* We write down SSL related ACL stuff */
DBUG_PRINT
(
"info"
,(
"table->fields=%d"
,
table
->
fields
));
DBUG_PRINT
(
"info"
,(
"table->fields=%d"
,
table
->
fields
));
if
(
table
->
fields
>=
21
)
{
/* From 4.0.0 we have more fields */
if
(
table
->
fields
>=
21
)
/* From 4.0.0 we have more fields */
switch
(
thd
->
lex
.
ssl_type
)
{
{
case
SSL_TYPE_ANY
:
table
->
field
[
17
]
->
store
(
"ANY"
,
3
);
table
->
field
[
18
]
->
store
(
""
,
0
);
table
->
field
[
18
]
->
store
(
""
,
0
);
table
->
field
[
19
]
->
store
(
""
,
0
);
table
->
field
[
19
]
->
store
(
""
,
0
);
table
->
field
[
20
]
->
store
(
""
,
0
);
table
->
field
[
20
]
->
store
(
""
,
0
);
switch
(
thd
->
lex
.
ssl_type
)
{
case
SSL_TYPE_ANY
:
table
->
field
[
17
]
->
store
(
"ANY"
,
3
);
break
;
break
;
case
SSL_TYPE_X509
:
case
SSL_TYPE_X509
:
table
->
field
[
17
]
->
store
(
"X509"
,
4
);
table
->
field
[
17
]
->
store
(
"X509"
,
4
);
table
->
field
[
18
]
->
store
(
""
,
0
);
table
->
field
[
19
]
->
store
(
""
,
0
);
table
->
field
[
20
]
->
store
(
""
,
0
);
break
;
break
;
case
SSL_TYPE_SPECIFIED
:
case
SSL_TYPE_SPECIFIED
:
table
->
field
[
17
]
->
store
(
"SPECIFIED"
,
9
);
table
->
field
[
17
]
->
store
(
"SPECIFIED"
,
9
);
if
(
thd
->
lex
.
ssl_cipher
)
if
(
thd
->
lex
.
ssl_cipher
)
table
->
field
[
18
]
->
store
(
thd
->
lex
.
ssl_cipher
,
strlen
(
thd
->
lex
.
ssl_cipher
));
table
->
field
[
18
]
->
store
(
thd
->
lex
.
ssl_cipher
,
if
(
thd
->
lex
.
x509_issuer
)
strlen
(
thd
->
lex
.
ssl_cipher
));
table
->
field
[
19
]
->
store
(
thd
->
lex
.
x509_issuer
,
strlen
(
thd
->
lex
.
x509_issuer
));
if
(
thd
->
lex
.
x509_issuer
)
if
(
thd
->
lex
.
x509_subject
)
table
->
field
[
19
]
->
store
(
thd
->
lex
.
x509_issuer
,
table
->
field
[
20
]
->
store
(
thd
->
lex
.
x509_subject
,
strlen
(
thd
->
lex
.
x509_subject
));
strlen
(
thd
->
lex
.
x509_issuer
));
if
(
thd
->
lex
.
x509_subject
)
table
->
field
[
20
]
->
store
(
thd
->
lex
.
x509_subject
,
strlen
(
thd
->
lex
.
x509_subject
));
break
;
break
;
default:
default:
table
->
field
[
17
]
->
store
(
"NONE"
,
4
);
table
->
field
[
17
]
->
store
(
"NONE"
,
4
);
table
->
field
[
18
]
->
store
(
""
,
0
);
table
->
field
[
19
]
->
store
(
""
,
0
);
table
->
field
[
20
]
->
store
(
""
,
0
);
}
}
}
}
#endif
/* HAVE_OPENSSL */
#endif
/* HAVE_OPENSSL */
...
@@ -1216,7 +1218,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
...
@@ -1216,7 +1218,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
}
}
error
=
0
;
// Privileges granted / revoked
error
=
0
;
// Privileges granted / revoked
end:
end:
if
(
!
error
)
if
(
!
error
)
{
{
acl_cache
->
clear
(
1
);
// Clear privilege cache
acl_cache
->
clear
(
1
);
// Clear privilege cache
...
@@ -1224,21 +1226,17 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
...
@@ -1224,21 +1226,17 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
password
=
0
;
// No password given on command
password
=
0
;
// No password given on command
if
(
old_row_exists
)
if
(
old_row_exists
)
acl_update_user
(
combo
.
user
.
str
,
combo
.
host
.
str
,
password
,
acl_update_user
(
combo
.
user
.
str
,
combo
.
host
.
str
,
password
,
#ifdef HAVE_OPENSSL
thd
->
lex
.
ssl_type
,
thd
->
lex
.
ssl_type
,
thd
->
lex
.
ssl_cipher
,
thd
->
lex
.
ssl_cipher
,
thd
->
lex
.
x509_issuer
,
thd
->
lex
.
x509_issuer
,
thd
->
lex
.
x509_subject
,
thd
->
lex
.
x509_subject
,
#endif
/* HAVE_OPENSSL */
rights
);
rights
);
else
else
acl_insert_user
(
combo
.
user
.
str
,
combo
.
host
.
str
,
password
,
acl_insert_user
(
combo
.
user
.
str
,
combo
.
host
.
str
,
password
,
#ifdef HAVE_OPENSSL
thd
->
lex
.
ssl_type
,
thd
->
lex
.
ssl_type
,
thd
->
lex
.
ssl_cipher
,
thd
->
lex
.
ssl_cipher
,
thd
->
lex
.
x509_issuer
,
thd
->
lex
.
x509_issuer
,
thd
->
lex
.
x509_subject
,
thd
->
lex
.
x509_subject
,
#endif
/* HAVE_OPENSSL */
rights
);
rights
);
}
}
table
->
file
->
index_end
();
table
->
file
->
index_end
();
...
@@ -2591,30 +2589,33 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
...
@@ -2591,30 +2589,33 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
global
.
append
(
'\''
);
global
.
append
(
'\''
);
}
}
#ifdef HAVE_OPENSSL
#ifdef HAVE_OPENSSL
/* "show grants" SSL related stuff */
/* "show grants" SSL related stuff */
if
(
acl_user
->
ssl_type
==
SSL_TYPE_ANY
)
if
(
acl_user
->
ssl_type
==
SSL_TYPE_ANY
)
global
.
append
(
" REQUIRE SSL"
,
12
);
global
.
append
(
" REQUIRE SSL"
,
12
);
else
if
(
acl_user
->
ssl_type
==
SSL_TYPE_X509
)
else
if
(
acl_user
->
ssl_type
==
SSL_TYPE_X509
)
global
.
append
(
" REQUIRE X509"
,
13
);
global
.
append
(
" REQUIRE X509"
,
13
);
else
if
(
acl_user
->
ssl_type
==
SSL_TYPE_SPECIFIED
)
else
if
(
acl_user
->
ssl_type
==
SSL_TYPE_SPECIFIED
)
{
{
global
.
append
(
" REQUIRE "
,
9
);
global
.
append
(
" REQUIRE "
,
9
);
if
(
acl_user
->
x509_issuer
)
{
if
(
acl_user
->
x509_issuer
)
if
(
ssl_options
++
)
{
if
(
ssl_options
++
)
global
.
append
(
" AND "
,
5
);
global
.
append
(
" AND "
,
5
);
global
.
append
(
"ISSUER
\"
"
,
8
);
global
.
append
(
"ISSUER
\"
"
,
8
);
global
.
append
(
acl_user
->
x509_issuer
,
strlen
(
acl_user
->
x509_issuer
));
global
.
append
(
acl_user
->
x509_issuer
,
strlen
(
acl_user
->
x509_issuer
));
global
.
append
(
"
\"
"
,
1
);
global
.
append
(
"
\"
"
,
1
);
}
}
if
(
acl_user
->
x509_subject
)
{
if
(
acl_user
->
x509_subject
)
if
(
ssl_options
++
)
{
if
(
ssl_options
++
)
global
.
append
(
" AND "
,
5
);
global
.
append
(
" AND "
,
5
);
global
.
append
(
"SUBJECT
\"
"
,
9
);
global
.
append
(
"SUBJECT
\"
"
,
9
);
global
.
append
(
acl_user
->
x509_subject
,
strlen
(
acl_user
->
x509_subject
));
global
.
append
(
acl_user
->
x509_subject
,
strlen
(
acl_user
->
x509_subject
));
global
.
append
(
"
\"
"
,
1
);
global
.
append
(
"
\"
"
,
1
);
}
}
if
(
acl_user
->
ssl_cipher
)
{
if
(
acl_user
->
ssl_cipher
)
if
(
ssl_options
++
)
{
if
(
ssl_options
++
)
global
.
append
(
" AND "
,
5
);
global
.
append
(
" AND "
,
5
);
global
.
append
(
"CIPHER
\"
"
,
8
);
global
.
append
(
"CIPHER
\"
"
,
8
);
global
.
append
(
acl_user
->
ssl_cipher
,
strlen
(
acl_user
->
ssl_cipher
));
global
.
append
(
acl_user
->
ssl_cipher
,
strlen
(
acl_user
->
ssl_cipher
));
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment