Fixes to get openssl code to compile

34c3484f · monty@hundin.mysql.fi · d22bf7e3 · 34c3484f · 34c3484f · 34c3484f
Commit 34c3484f authored Sep 30, 2001 by monty@hundin.mysql.fi
Showing with 166 additions and 181 deletions

include/violite.h include/violite.h +1 -1

libmysqld/lib_sql.cc libmysqld/lib_sql.cc +24 -38

sql/mysqld.cc sql/mysqld.cc +1 -3

sql/sql_acl.cc sql/sql_acl.cc +140 -139

No files found.
--- a/include/violite.h
+++ b/include/violite.h
@@ -108,7 +108,6 @@ my_bool vio_poll_read(Vio *vio,uint timeout);
 #ifdef	__cplusplus
 }
 #endif
-#endif /* vio_violite_h_ */

 #if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
 #define vio_delete(vio) 			(vio)->viodelete(vio)
@@ -237,3 +236,4 @@ struct st_vio
 #endif /* HAVE_VIO */
 };
 #endif /* EMBEDDED_LIBRARY */
+#endif /* vio_violite_h_ */
--- a/libmysqld/lib_sql.cc
+++ b/libmysqld/lib_sql.cc
@@ -19,13 +19,16 @@
 #include "../regex/regex.h"
 #include "my_sys.h"

+/*
+  The following is needed to not cause conflicts when we include mysqld.cc
+*/
+
 #define main main1
 #define mysql_unix_port mysql_inix_port1
 #define mysql_port mysql_port1
 #define net_read_timeout net_read_timeout1
 #define net_write_timeout net_write_timeout1
 #define changeable_vars changeable_vars1
-//#define mysql_tmpdir mysql_tmpdir1

 extern "C"
 {
@@ -36,38 +39,23 @@ extern "C"

 class THD;

-static int 
-check_connections1(THD * thd);
-
-static bool 
-check_user(THD *thd, enum_server_command command,const char *user, const char *passwd, const char *db, bool check_count);
-
-static int
-check_connections2(THD * thd);
-
-extern void free_defaults(char ** argv);
-void free_defaults_internal(char ** argv){if (argv) free_defaults(argv);}
+static int check_connections1(THD * thd);
+static int check_connections2(THD * thd);
+static bool check_user(THD *thd, enum_server_command command,
+		       const char *user, const char *passwd, const char *db,
+		       bool check_count);
+void free_defaults_internal(char ** argv) {if (argv) free_defaults(argv);}
 #define free_defaults free_defaults_internal

 char mysql_data_home[FN_REFLEN];
-char * get_mysql_data_home(){return mysql_data_home;};
+char * get_mysql_data_home() { return mysql_data_home; }
 #define mysql_data_home mysql_data_home_internal
 #include "../sql/mysqld.cc"

 #define SCRAMBLE_LENGTH 8
 extern "C" {
-
-/*
-void
-free_defaults(char ** argv) {};
-void
-load_defaults(const char *, const char **, int *, char ***) {};
-*/
-
-char *
-get_mysql_home(){ return mysql_home;};
-char *
-get_mysql_real_data_home(){ return mysql_real_data_home;};
+char * get_mysql_home(){ return mysql_home;};
+char * get_mysql_real_data_home(){ return mysql_real_data_home;};


 bool lib_dispatch_command(enum enum_server_command command, NET *net,
@@ -83,9 +71,7 @@ bool lib_dispatch_command(enum enum_server_command command, NET *net,
 }


-
-void 
-lib_connection_phase(NET * net, int phase)
+void lib_connection_phase(NET * net, int phase)
 {
  THD * thd;
  thd = (THD *)(net->vio->dest_thd);
@@ -99,7 +85,9 @@ lib_connection_phase(NET * net, int phase)
    }
  }
 }
-}
+} /* extern "C" */
+
+
 void start_embedded_conn1(NET * net)
 {
  THD * thd = new THD;
@@ -662,14 +650,12 @@ void start_embedded_connection(NET * net)
 {
  start_embedded_conn1(net);
 }
-//====================================================================
-}
+
+} /* extern "C" */
+
 int embedded_do_command(NET * net)
 {
  THD * thd = (THD *) net ->vio;
  do_command(thd);	
  return 0;
 }
-
-
-
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -677,9 +677,7 @@ static sig_handler print_signal_warning(int sig)
 void unireg_end(int signal_number __attribute__((unused)))
 {
  clean_up();
-#if defined(EMBEDDED_LIBRARY)
-  exit(0);			// XXX QQ: this is a temporary hack (I hope)
-#else
+#ifndef EMBEDDED_LIBRARY
  pthread_exit(0);				// Exit is in main thread
 #endif
 }

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -205,17 +205,20 @@ int  acl_init(bool dont_read_acl_tables)
    user.password=get_field(&mem, table,2);
 #ifdef HAVE_OPENSSL
    DBUG_PRINT("info",("table->fields=%d",table->fields));
-    if (table->fields >= 21) { /* From 4.0.0 we have more fields */
-      if(!strcmp(get_field(&mem, table,17),"ANY"))
+    if (table->fields >= 21)      /* From 4.0.0 we have more fields */
+    { 
+      char *ssl_type=get_field(&mem, table,17);
+      if (!strcmp(ssl_type, "ANY"))
 	user.ssl_type=SSL_TYPE_ANY;
-      else if(!strcmp(get_field(&mem, table,17),"X509"))
+      else if (!strcmp(ssl_type, "X509"))
 	user.ssl_type=SSL_TYPE_X509;
-      else if(!strcmp(get_field(&mem, table,17),"SPECIFIED"))
+      else if (!strcmp(ssl_type, "SPECIFIED"))
 	user.ssl_type=SSL_TYPE_SPECIFIED;
-      else user.ssl_type=SSL_TYPE_NONE;
-      user.ssl_cipher=get_field(&mem, table,18);
-      user.x509_issuer=get_field(&mem, table,19);
-      user.x509_subject=get_field(&mem, table,20);
+      else
+	user.ssl_type=SSL_TYPE_NONE;
+      user.ssl_cipher=get_field(&mem, table, 18);
+      user.x509_issuer=get_field(&mem, table, 19);
+      user.x509_subject=get_field(&mem, table, 20);
    }
 #endif /* HAVE_OPENSSL */
    if (user.password && (length=(uint) strlen(user.password)) == 8 &&
@@ -447,36 +450,41 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 			     (my_bool) old_ver)))
 	{
 #ifdef HAVE_OPENSSL
-#define vio (thd->net.vio)
-          /* In this point we know that user is allowed to connect 
-	   * from given host by given username/password pair. Now 
-	   * we check if SSL is required, if user is using SSL and 
-	   * if X509 certificate attributes are OK 
+	  Vio *vio=thd->net.vio;
+          /*
+	    In this point we know that user is allowed to connect 
+	    from given host by given username/password pair. Now 
+	    we check if SSL is required, if user is using SSL and 
+	    if X509 certificate attributes are OK 
 	  */
          switch(acl_user->ssl_type) {
          case SSL_TYPE_NONE: /* SSL is not required to connect */
 	    user_access=acl_user->access;
 	    break;
 	  case SSL_TYPE_ANY: /* Any kind of SSL is good enough */
- 	       if(vio_type(vio) == VIO_TYPE_SSL)
+	    if (vio_type(vio) == VIO_TYPE_SSL)
 	      user_access=acl_user->access;
 	    break;
 	  case SSL_TYPE_X509: /* Client should have any valid certificate. */
-	       /* Connections with non-valid certificates are dropped already 
-		* in sslaccept() anyway, so we do not check validity here. 
+	    /*
+	      Connections with non-valid certificates are dropped already 
+	      in sslaccept() anyway, so we do not check validity here. 
 	    */
-               if(SSL_get_peer_certificate(vio->ssl_))
+	    if (SSL_get_peer_certificate(vio->ssl_))
 	      user_access=acl_user->access;
 	    break;
-	  case SSL_TYPE_SPECIFIED: /* Client should have attributes as specified */
-	       /* We do not check for absence of SSL because without SSL it does not
-		* pass all checks here anyway. 
+	  case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
+	    /*
+	      We do not check for absence of SSL because without SSL it does
+	      not pass all checks here anyway.
+	      If cipher name is specified, we compare it to actual cipher in
+	      use.
 	    */
-	       /* If cipher name is specified, we compare it to actual cipher in use */
-	       if(acl_user->ssl_cipher)
+	    if (acl_user->ssl_cipher)
 	      DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
-				acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)));
-	         if(!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)))
+				 acl_user->ssl_cipher,
+				 SSL_get_cipher(vio->ssl_)));
+	    if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)))
 	      user_access=acl_user->access;
 	    else
 	    {
@@ -488,13 +496,13 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	    X509* cert=SSL_get_peer_certificate(vio->ssl_);
 	    DBUG_PRINT("info",("checkpoint 2"));
 	    /* If X509 issuer is speified, we check it... */
- 	       if(acl_user->x509_issuer) 
+	    if (acl_user->x509_issuer) 
 	    {
 	      DBUG_PRINT("info",("checkpoint 3"));
 	      ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
 	      DBUG_PRINT("info",("comparing issuers: '%s' and '%s'",
 				 acl_user->x509_issuer, ptr));
-                 if(!strcmp(acl_user->x509_issuer,ptr))
+	      if (!strcmp(acl_user->x509_issuer,ptr))
 		user_access=acl_user->access;
 	      else 
 	      {
@@ -506,12 +514,12 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	    }
 	    DBUG_PRINT("info",("checkpoint 4"));
 	    /* X509 subject is specified, we check it .. */
-	       if(acl_user->x509_subject)
+	    if (acl_user->x509_subject)
 	    {
 	      ptr = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
 	      DBUG_PRINT("info",("comparing subjects: '%s' and '%s'",
 				 acl_user->x509_subject, ptr));
-	         if(!strcmp(acl_user->x509_subject,ptr))
+	      if (!strcmp(acl_user->x509_subject,ptr))
 		user_access=acl_user->access;
 	      else 
 	      {
@@ -557,12 +565,10 @@ static byte* check_get_key(ACL_USER *buff,uint *length,

 static void acl_update_user(const char *user, const char *host,
 			    const char *password, 
-#ifdef HAVE_OPENSSL
 			    enum SSL_type ssl_type,
 			    const char *ssl_cipher,
 			    const char *x509_issuer,
 			    const char *x509_subject,
-#endif /* HAVE_OPENSSL */
 			    uint privileges)
 {
  for (uint i=0 ; i < acl_users.elements ; i++)
@@ -601,12 +607,10 @@ static void acl_update_user(const char *user, const char *host,

 static void acl_insert_user(const char *user, const char *host,
 			    const char *password, 
-#ifdef HAVE_OPENSSL
 			    enum SSL_type ssl_type,
 			    const char *ssl_cipher,
 			    const char *x509_issuer,
 			    const char *x509_subject,
-#endif /* HAVE_OPENSSL */
 			    uint privileges)
 {
  ACL_USER acl_user;
@@ -1159,34 +1163,32 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
 #ifdef HAVE_OPENSSL
  /* We write down SSL related ACL stuff */
  DBUG_PRINT("info",("table->fields=%d",table->fields));
-    if (table->fields >= 21) { /* From 4.0.0 we have more fields */
-      switch (thd->lex.ssl_type) {
-      case SSL_TYPE_ANY:
-        table->field[17]->store("ANY",3);
+  if (table->fields >= 21)		/* From 4.0.0 we have more fields */
+  { 
    table->field[18]->store("",0);
    table->field[19]->store("",0);
    table->field[20]->store("",0);
+    switch (thd->lex.ssl_type) {
+    case SSL_TYPE_ANY:
+      table->field[17]->store("ANY",3);
      break;
    case SSL_TYPE_X509:
      table->field[17]->store("X509",4);
-        table->field[18]->store("",0);
-        table->field[19]->store("",0);
-        table->field[20]->store("",0);
      break;
    case SSL_TYPE_SPECIFIED:
      table->field[17]->store("SPECIFIED",9);
-	if(thd->lex.ssl_cipher)
-          table->field[18]->store(thd->lex.ssl_cipher,strlen(thd->lex.ssl_cipher));
-	if(thd->lex.x509_issuer)
-          table->field[19]->store(thd->lex.x509_issuer,strlen(thd->lex.x509_issuer));
-	if(thd->lex.x509_subject)
-          table->field[20]->store(thd->lex.x509_subject,strlen(thd->lex.x509_subject));
+      if (thd->lex.ssl_cipher)
+	table->field[18]->store(thd->lex.ssl_cipher,
+				strlen(thd->lex.ssl_cipher));
+      if (thd->lex.x509_issuer)
+	table->field[19]->store(thd->lex.x509_issuer,
+				strlen(thd->lex.x509_issuer));
+      if (thd->lex.x509_subject)
+	table->field[20]->store(thd->lex.x509_subject,
+				strlen(thd->lex.x509_subject));
      break;
    default:
      table->field[17]->store("NONE",4);
-        table->field[18]->store("",0);
-        table->field[19]->store("",0);
-        table->field[20]->store("",0);
    }
  }
 #endif /* HAVE_OPENSSL */
@@ -1216,7 +1218,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
  }
  error=0;					// Privileges granted / revoked

- end:
+end:
  if (!error)
  {
    acl_cache->clear(1);			// Clear privilege cache
@@ -1224,21 +1226,17 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
      password=0;				// No password given on command
    if (old_row_exists)
      acl_update_user(combo.user.str,combo.host.str,password,
-#ifdef HAVE_OPENSSL
 		      thd->lex.ssl_type,
 		      thd->lex.ssl_cipher,
 		      thd->lex.x509_issuer,
 		      thd->lex.x509_subject,
-#endif /* HAVE_OPENSSL */
 		      rights);
    else
      acl_insert_user(combo.user.str,combo.host.str,password,
-#ifdef HAVE_OPENSSL
 		      thd->lex.ssl_type,
 		      thd->lex.ssl_cipher,
 		      thd->lex.x509_issuer,
 		      thd->lex.x509_subject,
-#endif /* HAVE_OPENSSL */
 		      rights);
  }
  table->file->index_end();
@@ -2591,30 +2589,33 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
      global.append('\'');
    }
 #ifdef HAVE_OPENSSL    
-/* "show grants" SSL related stuff */
-    if(acl_user->ssl_type==SSL_TYPE_ANY)
+    /* "show grants" SSL related stuff */
+    if (acl_user->ssl_type == SSL_TYPE_ANY)
      global.append(" REQUIRE SSL",12);
-    else if(acl_user->ssl_type==SSL_TYPE_X509)       
+    else if (acl_user->ssl_type==SSL_TYPE_X509)       
      global.append(" REQUIRE X509",13);
-    else if(acl_user->ssl_type==SSL_TYPE_SPECIFIED)       
+    else if (acl_user->ssl_type==SSL_TYPE_SPECIFIED)       
    {
      global.append(" REQUIRE ",9);
-      if(acl_user->x509_issuer) {
-        if(ssl_options++)
+      if (acl_user->x509_issuer)
+      {
+        if (ssl_options++)
          global.append(" AND ",5);
        global.append("ISSUER \"",8);
        global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer));
        global.append("\"",1);
      }
-      if(acl_user->x509_subject) {
-        if(ssl_options++)
+      if (acl_user->x509_subject)
+      {
+        if (ssl_options++)
          global.append(" AND ",5);
        global.append("SUBJECT \"",9);
        global.append(acl_user->x509_subject,strlen(acl_user->x509_subject));
        global.append("\"",1);
      }
-      if(acl_user->ssl_cipher) {
-        if(ssl_options++)
+      if (acl_user->ssl_cipher)
+      {
+        if (ssl_options++)
          global.append(" AND ",5);
        global.append("CIPHER \"",8);
        global.append(acl_user->ssl_cipher,strlen(acl_user->ssl_cipher));