Fix security bug. mysqld server without ssl support was completly

ignorant about ssl_type attribute

Fix security bug. mysqld server without ssl support was completly
ignorant about ssl_type attribute
b5faccbb · dlenev@dlenev.mshome · 99aa453f · b5faccbb · b5faccbb
Commit b5faccbb authored Jul 23, 2003 by dlenev@dlenev.mshome
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 4 deletions

BitKeeper/etc/logging_ok BitKeeper/etc/logging_ok +1 -0

sql/sql_acl.cc sql/sql_acl.cc +10 -4

No files found.
--- a/BitKeeper/etc/logging_ok
+++ b/BitKeeper/etc/logging_ok
@@ -20,6 +20,7 @@ bk@admin.bk
 bk@mysql.r18.ru
 carsten@tsort.bitbybit.dk
 davida@isil.mysql.com
+dlenev@mysql.com
 gluh@gluh.(none)
 gluh@gluh.mysql.r18.ru
 greg@mysql.com

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -590,7 +590,6 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,

  /* OK. User found and password checked continue validation */

-#ifdef HAVE_OPENSSL
  {
    Vio *vio=thd->net.vio;
    /*
@@ -604,6 +603,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
    case SSL_TYPE_NONE: /* SSL is not required to connect */
      user_access=acl_user->access;
      break;
+#ifdef HAVE_OPENSSL
    case SSL_TYPE_ANY: /* Any kind of SSL is good enough */
      if (vio_type(vio) == VIO_TYPE_SSL)
 	user_access=acl_user->access;
@@ -686,11 +686,17 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	free(ptr);
      }
      break;
+#else /* HAVE_OPENSSL */
+    default: 
+      /*
+         If we don't have SSL but SSL is required for this user the 
+         authentication should fail.
+       */
+      break;
+#endif /* HAVE_OPENSSL */
    }
  }
-#else  /* HAVE_OPENSSL */
-  user_access=acl_user->access;
-#endif /* HAVE_OPENSSL */
+
  *mqh=acl_user->user_resource;
  if (!acl_user->user)
    *priv_user=(char*) "";	// Change to anonymous user /* purecov: inspected */