Loading include/violite.h +1 −1 Original line number Diff line number Diff line Loading @@ -108,7 +108,6 @@ my_bool vio_poll_read(Vio *vio,uint timeout); #ifdef __cplusplus } #endif #endif /* vio_violite_h_ */ #if defined(HAVE_VIO) && !defined(DONT_MAP_VIO) #define vio_delete(vio) (vio)->viodelete(vio) Loading Loading @@ -237,3 +236,4 @@ struct st_vio #endif /* HAVE_VIO */ }; #endif /* EMBEDDED_LIBRARY */ #endif /* vio_violite_h_ */ libmysqld/lib_sql.cc +24 −38 Original line number Diff line number Diff line Loading @@ -19,13 +19,16 @@ #include "../regex/regex.h" #include "my_sys.h" /* The following is needed to not cause conflicts when we include mysqld.cc */ #define main main1 #define mysql_unix_port mysql_inix_port1 #define mysql_port mysql_port1 #define net_read_timeout net_read_timeout1 #define net_write_timeout net_write_timeout1 #define changeable_vars changeable_vars1 //#define mysql_tmpdir mysql_tmpdir1 extern "C" { Loading @@ -36,38 +39,23 @@ extern "C" class THD; static int check_connections1(THD * thd); static bool check_user(THD *thd, enum_server_command command,const char *user, const char *passwd, const char *db, bool check_count); static int check_connections2(THD * thd); extern void free_defaults(char ** argv); static int check_connections1(THD * thd); static int check_connections2(THD * thd); static bool check_user(THD *thd, enum_server_command command, const char *user, const char *passwd, const char *db, bool check_count); void free_defaults_internal(char ** argv) {if (argv) free_defaults(argv);} #define free_defaults free_defaults_internal char mysql_data_home[FN_REFLEN]; char * get_mysql_data_home(){return mysql_data_home;}; char * get_mysql_data_home() { return mysql_data_home; } #define mysql_data_home mysql_data_home_internal #include "../sql/mysqld.cc" #define SCRAMBLE_LENGTH 8 extern "C" { /* void free_defaults(char ** argv) {}; void load_defaults(const char *, const char **, int *, char ***) {}; */ char * get_mysql_home(){ return mysql_home;}; char * get_mysql_real_data_home(){ return mysql_real_data_home;}; char * get_mysql_home(){ return mysql_home;}; char * get_mysql_real_data_home(){ return mysql_real_data_home;}; bool lib_dispatch_command(enum enum_server_command command, NET *net, Loading @@ -83,9 +71,7 @@ bool lib_dispatch_command(enum enum_server_command command, NET *net, } void lib_connection_phase(NET * net, int phase) void lib_connection_phase(NET * net, int phase) { THD * thd; thd = (THD *)(net->vio->dest_thd); Loading @@ -99,7 +85,9 @@ lib_connection_phase(NET * net, int phase) } } } } } /* extern "C" */ void start_embedded_conn1(NET * net) { THD * thd = new THD; Loading Loading @@ -662,14 +650,12 @@ void start_embedded_connection(NET * net) { start_embedded_conn1(net); } //==================================================================== } } /* extern "C" */ int embedded_do_command(NET * net) { THD * thd = (THD *) net ->vio; do_command(thd); return 0; } sql/mysqld.cc +1 −3 Original line number Diff line number Diff line Loading @@ -677,9 +677,7 @@ static sig_handler print_signal_warning(int sig) void unireg_end(int signal_number __attribute__((unused))) { clean_up(); #if defined(EMBEDDED_LIBRARY) exit(0); // XXX QQ: this is a temporary hack (I hope) #else #ifndef EMBEDDED_LIBRARY pthread_exit(0); // Exit is in main thread #endif } Loading sql/sql_acl.cc +140 −139 Original line number Diff line number Diff line Loading @@ -205,14 +205,17 @@ int acl_init(bool dont_read_acl_tables) user.password=get_field(&mem, table,2); #ifdef HAVE_OPENSSL DBUG_PRINT("info",("table->fields=%d",table->fields)); if (table->fields >= 21) { /* From 4.0.0 we have more fields */ if(!strcmp(get_field(&mem, table,17),"ANY")) if (table->fields >= 21) /* From 4.0.0 we have more fields */ { char *ssl_type=get_field(&mem, table,17); if (!strcmp(ssl_type, "ANY")) user.ssl_type=SSL_TYPE_ANY; else if(!strcmp(get_field(&mem, table,17),"X509")) else if (!strcmp(ssl_type, "X509")) user.ssl_type=SSL_TYPE_X509; else if(!strcmp(get_field(&mem, table,17),"SPECIFIED")) else if (!strcmp(ssl_type, "SPECIFIED")) user.ssl_type=SSL_TYPE_SPECIFIED; else user.ssl_type=SSL_TYPE_NONE; else user.ssl_type=SSL_TYPE_NONE; user.ssl_cipher=get_field(&mem, table, 18); user.x509_issuer=get_field(&mem, table, 19); user.x509_subject=get_field(&mem, table, 20); Loading Loading @@ -447,11 +450,12 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user, (my_bool) old_ver))) { #ifdef HAVE_OPENSSL #define vio (thd->net.vio) /* In this point we know that user is allowed to connect * from given host by given username/password pair. Now * we check if SSL is required, if user is using SSL and * if X509 certificate attributes are OK Vio *vio=thd->net.vio; /* In this point we know that user is allowed to connect from given host by given username/password pair. Now we check if SSL is required, if user is using SSL and if X509 certificate attributes are OK */ switch(acl_user->ssl_type) { case SSL_TYPE_NONE: /* SSL is not required to connect */ Loading @@ -462,20 +466,24 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user, user_access=acl_user->access; break; case SSL_TYPE_X509: /* Client should have any valid certificate. */ /* Connections with non-valid certificates are dropped already * in sslaccept() anyway, so we do not check validity here. /* Connections with non-valid certificates are dropped already in sslaccept() anyway, so we do not check validity here. */ if (SSL_get_peer_certificate(vio->ssl_)) user_access=acl_user->access; break; case SSL_TYPE_SPECIFIED: /* Client should have attributes as specified */ /* We do not check for absence of SSL because without SSL it does not * pass all checks here anyway. case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */ /* We do not check for absence of SSL because without SSL it does not pass all checks here anyway. If cipher name is specified, we compare it to actual cipher in use. */ /* If cipher name is specified, we compare it to actual cipher in use */ if (acl_user->ssl_cipher) DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'", acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_))); acl_user->ssl_cipher, SSL_get_cipher(vio->ssl_))); if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_))) user_access=acl_user->access; else Loading Loading @@ -557,12 +565,10 @@ static byte* check_get_key(ACL_USER *buff,uint *length, static void acl_update_user(const char *user, const char *host, const char *password, #ifdef HAVE_OPENSSL enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, #endif /* HAVE_OPENSSL */ uint privileges) { for (uint i=0 ; i < acl_users.elements ; i++) Loading Loading @@ -601,12 +607,10 @@ static void acl_update_user(const char *user, const char *host, static void acl_insert_user(const char *user, const char *host, const char *password, #ifdef HAVE_OPENSSL enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, #endif /* HAVE_OPENSSL */ uint privileges) { ACL_USER acl_user; Loading Loading @@ -1159,34 +1163,32 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, #ifdef HAVE_OPENSSL /* We write down SSL related ACL stuff */ DBUG_PRINT("info",("table->fields=%d",table->fields)); if (table->fields >= 21) { /* From 4.0.0 we have more fields */ switch (thd->lex.ssl_type) { case SSL_TYPE_ANY: table->field[17]->store("ANY",3); if (table->fields >= 21) /* From 4.0.0 we have more fields */ { table->field[18]->store("",0); table->field[19]->store("",0); table->field[20]->store("",0); switch (thd->lex.ssl_type) { case SSL_TYPE_ANY: table->field[17]->store("ANY",3); break; case SSL_TYPE_X509: table->field[17]->store("X509",4); table->field[18]->store("",0); table->field[19]->store("",0); table->field[20]->store("",0); break; case SSL_TYPE_SPECIFIED: table->field[17]->store("SPECIFIED",9); if (thd->lex.ssl_cipher) table->field[18]->store(thd->lex.ssl_cipher,strlen(thd->lex.ssl_cipher)); table->field[18]->store(thd->lex.ssl_cipher, strlen(thd->lex.ssl_cipher)); if (thd->lex.x509_issuer) table->field[19]->store(thd->lex.x509_issuer,strlen(thd->lex.x509_issuer)); table->field[19]->store(thd->lex.x509_issuer, strlen(thd->lex.x509_issuer)); if (thd->lex.x509_subject) table->field[20]->store(thd->lex.x509_subject,strlen(thd->lex.x509_subject)); table->field[20]->store(thd->lex.x509_subject, strlen(thd->lex.x509_subject)); break; default: table->field[17]->store("NONE",4); table->field[18]->store("",0); table->field[19]->store("",0); table->field[20]->store("",0); } } #endif /* HAVE_OPENSSL */ Loading Loading @@ -1224,21 +1226,17 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, password=0; // No password given on command if (old_row_exists) acl_update_user(combo.user.str,combo.host.str,password, #ifdef HAVE_OPENSSL thd->lex.ssl_type, thd->lex.ssl_cipher, thd->lex.x509_issuer, thd->lex.x509_subject, #endif /* HAVE_OPENSSL */ rights); else acl_insert_user(combo.user.str,combo.host.str,password, #ifdef HAVE_OPENSSL thd->lex.ssl_type, thd->lex.ssl_cipher, thd->lex.x509_issuer, thd->lex.x509_subject, #endif /* HAVE_OPENSSL */ rights); } table->file->index_end(); Loading Loading @@ -2599,21 +2597,24 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user) else if (acl_user->ssl_type==SSL_TYPE_SPECIFIED) { global.append(" REQUIRE ",9); if(acl_user->x509_issuer) { if (acl_user->x509_issuer) { if (ssl_options++) global.append(" AND ",5); global.append("ISSUER \"",8); global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer)); global.append("\"",1); } if(acl_user->x509_subject) { if (acl_user->x509_subject) { if (ssl_options++) global.append(" AND ",5); global.append("SUBJECT \"",9); global.append(acl_user->x509_subject,strlen(acl_user->x509_subject)); global.append("\"",1); } if(acl_user->ssl_cipher) { if (acl_user->ssl_cipher) { if (ssl_options++) global.append(" AND ",5); global.append("CIPHER \"",8); Loading Loading
include/violite.h +1 −1 Original line number Diff line number Diff line Loading @@ -108,7 +108,6 @@ my_bool vio_poll_read(Vio *vio,uint timeout); #ifdef __cplusplus } #endif #endif /* vio_violite_h_ */ #if defined(HAVE_VIO) && !defined(DONT_MAP_VIO) #define vio_delete(vio) (vio)->viodelete(vio) Loading Loading @@ -237,3 +236,4 @@ struct st_vio #endif /* HAVE_VIO */ }; #endif /* EMBEDDED_LIBRARY */ #endif /* vio_violite_h_ */
libmysqld/lib_sql.cc +24 −38 Original line number Diff line number Diff line Loading @@ -19,13 +19,16 @@ #include "../regex/regex.h" #include "my_sys.h" /* The following is needed to not cause conflicts when we include mysqld.cc */ #define main main1 #define mysql_unix_port mysql_inix_port1 #define mysql_port mysql_port1 #define net_read_timeout net_read_timeout1 #define net_write_timeout net_write_timeout1 #define changeable_vars changeable_vars1 //#define mysql_tmpdir mysql_tmpdir1 extern "C" { Loading @@ -36,38 +39,23 @@ extern "C" class THD; static int check_connections1(THD * thd); static bool check_user(THD *thd, enum_server_command command,const char *user, const char *passwd, const char *db, bool check_count); static int check_connections2(THD * thd); extern void free_defaults(char ** argv); static int check_connections1(THD * thd); static int check_connections2(THD * thd); static bool check_user(THD *thd, enum_server_command command, const char *user, const char *passwd, const char *db, bool check_count); void free_defaults_internal(char ** argv) {if (argv) free_defaults(argv);} #define free_defaults free_defaults_internal char mysql_data_home[FN_REFLEN]; char * get_mysql_data_home(){return mysql_data_home;}; char * get_mysql_data_home() { return mysql_data_home; } #define mysql_data_home mysql_data_home_internal #include "../sql/mysqld.cc" #define SCRAMBLE_LENGTH 8 extern "C" { /* void free_defaults(char ** argv) {}; void load_defaults(const char *, const char **, int *, char ***) {}; */ char * get_mysql_home(){ return mysql_home;}; char * get_mysql_real_data_home(){ return mysql_real_data_home;}; char * get_mysql_home(){ return mysql_home;}; char * get_mysql_real_data_home(){ return mysql_real_data_home;}; bool lib_dispatch_command(enum enum_server_command command, NET *net, Loading @@ -83,9 +71,7 @@ bool lib_dispatch_command(enum enum_server_command command, NET *net, } void lib_connection_phase(NET * net, int phase) void lib_connection_phase(NET * net, int phase) { THD * thd; thd = (THD *)(net->vio->dest_thd); Loading @@ -99,7 +85,9 @@ lib_connection_phase(NET * net, int phase) } } } } } /* extern "C" */ void start_embedded_conn1(NET * net) { THD * thd = new THD; Loading Loading @@ -662,14 +650,12 @@ void start_embedded_connection(NET * net) { start_embedded_conn1(net); } //==================================================================== } } /* extern "C" */ int embedded_do_command(NET * net) { THD * thd = (THD *) net ->vio; do_command(thd); return 0; }
sql/mysqld.cc +1 −3 Original line number Diff line number Diff line Loading @@ -677,9 +677,7 @@ static sig_handler print_signal_warning(int sig) void unireg_end(int signal_number __attribute__((unused))) { clean_up(); #if defined(EMBEDDED_LIBRARY) exit(0); // XXX QQ: this is a temporary hack (I hope) #else #ifndef EMBEDDED_LIBRARY pthread_exit(0); // Exit is in main thread #endif } Loading
sql/sql_acl.cc +140 −139 Original line number Diff line number Diff line Loading @@ -205,14 +205,17 @@ int acl_init(bool dont_read_acl_tables) user.password=get_field(&mem, table,2); #ifdef HAVE_OPENSSL DBUG_PRINT("info",("table->fields=%d",table->fields)); if (table->fields >= 21) { /* From 4.0.0 we have more fields */ if(!strcmp(get_field(&mem, table,17),"ANY")) if (table->fields >= 21) /* From 4.0.0 we have more fields */ { char *ssl_type=get_field(&mem, table,17); if (!strcmp(ssl_type, "ANY")) user.ssl_type=SSL_TYPE_ANY; else if(!strcmp(get_field(&mem, table,17),"X509")) else if (!strcmp(ssl_type, "X509")) user.ssl_type=SSL_TYPE_X509; else if(!strcmp(get_field(&mem, table,17),"SPECIFIED")) else if (!strcmp(ssl_type, "SPECIFIED")) user.ssl_type=SSL_TYPE_SPECIFIED; else user.ssl_type=SSL_TYPE_NONE; else user.ssl_type=SSL_TYPE_NONE; user.ssl_cipher=get_field(&mem, table, 18); user.x509_issuer=get_field(&mem, table, 19); user.x509_subject=get_field(&mem, table, 20); Loading Loading @@ -447,11 +450,12 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user, (my_bool) old_ver))) { #ifdef HAVE_OPENSSL #define vio (thd->net.vio) /* In this point we know that user is allowed to connect * from given host by given username/password pair. Now * we check if SSL is required, if user is using SSL and * if X509 certificate attributes are OK Vio *vio=thd->net.vio; /* In this point we know that user is allowed to connect from given host by given username/password pair. Now we check if SSL is required, if user is using SSL and if X509 certificate attributes are OK */ switch(acl_user->ssl_type) { case SSL_TYPE_NONE: /* SSL is not required to connect */ Loading @@ -462,20 +466,24 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user, user_access=acl_user->access; break; case SSL_TYPE_X509: /* Client should have any valid certificate. */ /* Connections with non-valid certificates are dropped already * in sslaccept() anyway, so we do not check validity here. /* Connections with non-valid certificates are dropped already in sslaccept() anyway, so we do not check validity here. */ if (SSL_get_peer_certificate(vio->ssl_)) user_access=acl_user->access; break; case SSL_TYPE_SPECIFIED: /* Client should have attributes as specified */ /* We do not check for absence of SSL because without SSL it does not * pass all checks here anyway. case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */ /* We do not check for absence of SSL because without SSL it does not pass all checks here anyway. If cipher name is specified, we compare it to actual cipher in use. */ /* If cipher name is specified, we compare it to actual cipher in use */ if (acl_user->ssl_cipher) DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'", acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_))); acl_user->ssl_cipher, SSL_get_cipher(vio->ssl_))); if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_))) user_access=acl_user->access; else Loading Loading @@ -557,12 +565,10 @@ static byte* check_get_key(ACL_USER *buff,uint *length, static void acl_update_user(const char *user, const char *host, const char *password, #ifdef HAVE_OPENSSL enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, #endif /* HAVE_OPENSSL */ uint privileges) { for (uint i=0 ; i < acl_users.elements ; i++) Loading Loading @@ -601,12 +607,10 @@ static void acl_update_user(const char *user, const char *host, static void acl_insert_user(const char *user, const char *host, const char *password, #ifdef HAVE_OPENSSL enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, #endif /* HAVE_OPENSSL */ uint privileges) { ACL_USER acl_user; Loading Loading @@ -1159,34 +1163,32 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, #ifdef HAVE_OPENSSL /* We write down SSL related ACL stuff */ DBUG_PRINT("info",("table->fields=%d",table->fields)); if (table->fields >= 21) { /* From 4.0.0 we have more fields */ switch (thd->lex.ssl_type) { case SSL_TYPE_ANY: table->field[17]->store("ANY",3); if (table->fields >= 21) /* From 4.0.0 we have more fields */ { table->field[18]->store("",0); table->field[19]->store("",0); table->field[20]->store("",0); switch (thd->lex.ssl_type) { case SSL_TYPE_ANY: table->field[17]->store("ANY",3); break; case SSL_TYPE_X509: table->field[17]->store("X509",4); table->field[18]->store("",0); table->field[19]->store("",0); table->field[20]->store("",0); break; case SSL_TYPE_SPECIFIED: table->field[17]->store("SPECIFIED",9); if (thd->lex.ssl_cipher) table->field[18]->store(thd->lex.ssl_cipher,strlen(thd->lex.ssl_cipher)); table->field[18]->store(thd->lex.ssl_cipher, strlen(thd->lex.ssl_cipher)); if (thd->lex.x509_issuer) table->field[19]->store(thd->lex.x509_issuer,strlen(thd->lex.x509_issuer)); table->field[19]->store(thd->lex.x509_issuer, strlen(thd->lex.x509_issuer)); if (thd->lex.x509_subject) table->field[20]->store(thd->lex.x509_subject,strlen(thd->lex.x509_subject)); table->field[20]->store(thd->lex.x509_subject, strlen(thd->lex.x509_subject)); break; default: table->field[17]->store("NONE",4); table->field[18]->store("",0); table->field[19]->store("",0); table->field[20]->store("",0); } } #endif /* HAVE_OPENSSL */ Loading Loading @@ -1224,21 +1226,17 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo, password=0; // No password given on command if (old_row_exists) acl_update_user(combo.user.str,combo.host.str,password, #ifdef HAVE_OPENSSL thd->lex.ssl_type, thd->lex.ssl_cipher, thd->lex.x509_issuer, thd->lex.x509_subject, #endif /* HAVE_OPENSSL */ rights); else acl_insert_user(combo.user.str,combo.host.str,password, #ifdef HAVE_OPENSSL thd->lex.ssl_type, thd->lex.ssl_cipher, thd->lex.x509_issuer, thd->lex.x509_subject, #endif /* HAVE_OPENSSL */ rights); } table->file->index_end(); Loading Loading @@ -2599,21 +2597,24 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user) else if (acl_user->ssl_type==SSL_TYPE_SPECIFIED) { global.append(" REQUIRE ",9); if(acl_user->x509_issuer) { if (acl_user->x509_issuer) { if (ssl_options++) global.append(" AND ",5); global.append("ISSUER \"",8); global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer)); global.append("\"",1); } if(acl_user->x509_subject) { if (acl_user->x509_subject) { if (ssl_options++) global.append(" AND ",5); global.append("SUBJECT \"",9); global.append(acl_user->x509_subject,strlen(acl_user->x509_subject)); global.append("\"",1); } if(acl_user->ssl_cipher) { if (acl_user->ssl_cipher) { if (ssl_options++) global.append(" AND ",5); global.append("CIPHER \"",8); Loading
