Fixes to get openssl code to compile

34c3484f · monty@hundin.mysql.fi · d22bf7e3 · 34c3484f · 34c3484f · 34c3484f
Commit 34c3484f authored Sep 30, 2001 by monty@hundin.mysql.fi
Showing with 166 additions and 181 deletions

include/violite.h include/violite.h +1 -1

libmysqld/lib_sql.cc libmysqld/lib_sql.cc +24 -38

sql/mysqld.cc sql/mysqld.cc +1 -3

sql/sql_acl.cc sql/sql_acl.cc +140 -139

No files found.
--- a/include/violite.h
+++ b/include/violite.h
@@ -108,7 +108,6 @@ my_bool vio_poll_read(Vio *vio,uint timeout);
 #ifdef	__cplusplus
 }
 #endif
-#endif /* vio_violite_h_ */
 #if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
 #define vio_delete(vio) 			(vio)->viodelete(vio)
@@ -237,3 +236,4 @@ struct st_vio
 #endif /* HAVE_VIO */
 };
 #endif /* EMBEDDED_LIBRARY */
+#endif /* vio_violite_h_ */
--- a/libmysqld/lib_sql.cc
+++ b/libmysqld/lib_sql.cc
@@ -19,13 +19,16 @@
 #include "../regex/regex.h"
 #include "my_sys.h"
+/*
+  The following is needed to not cause conflicts when we include mysqld.cc
+*/
 #define main main1
 #define mysql_unix_port mysql_inix_port1
 #define mysql_port mysql_port1
 #define net_read_timeout net_read_timeout1
 #define net_write_timeout net_write_timeout1
 #define changeable_vars changeable_vars1
-//#define mysql_tmpdir mysql_tmpdir1
 extern "C"
 {
@@ -36,38 +39,23 @@ extern "C"
 class THD;
-static int 
+static int check_connections1(THD * thd);
-check_connections1(THD * thd);
+static int check_connections2(THD * thd);
+static bool check_user(THD *thd, enum_server_command command,
-static bool 
+		       const char *user, const char *passwd, const char *db,
-check_user(THD *thd, enum_server_command command,const char *user, const char *passwd, const char *db, bool check_count);
+		       bool check_count);
+void free_defaults_internal(char ** argv) {if (argv) free_defaults(argv);}
-static int
-check_connections2(THD * thd);
-extern void free_defaults(char ** argv);
-void free_defaults_internal(char ** argv){if (argv) free_defaults(argv);}
 #define free_defaults free_defaults_internal
 char mysql_data_home[FN_REFLEN];
-char * get_mysql_data_home(){return mysql_data_home;};
+char * get_mysql_data_home() { return mysql_data_home; }
 #define mysql_data_home mysql_data_home_internal
 #include "../sql/mysqld.cc"
 #define SCRAMBLE_LENGTH 8
 extern "C" {
+char * get_mysql_home(){ return mysql_home;};
-/*
+char * get_mysql_real_data_home(){ return mysql_real_data_home;};
-void
-free_defaults(char ** argv) {};
-void
-load_defaults(const char *, const char **, int *, char ***) {};
-*/
-char *
-get_mysql_home(){ return mysql_home;};
-char *
-get_mysql_real_data_home(){ return mysql_real_data_home;};
 bool lib_dispatch_command(enum enum_server_command command, NET *net,
@@ -83,9 +71,7 @@ bool lib_dispatch_command(enum enum_server_command command, NET *net,
 }
+void lib_connection_phase(NET * net, int phase)
-void 
-lib_connection_phase(NET * net, int phase)
 {
  THD * thd;
  thd = (THD *)(net->vio->dest_thd);
@@ -99,7 +85,9 @@ lib_connection_phase(NET * net, int phase)
    }
  }
 }
-}
+} /* extern "C" */
 void start_embedded_conn1(NET * net)
 {
  THD * thd = new THD;
@@ -660,16 +648,14 @@ void mysql_thread_end()
 void start_embedded_connection(NET * net)
 {
-    start_embedded_conn1(net);
+  start_embedded_conn1(net);
-}
-//====================================================================
 }
+} /* extern "C" */
 int embedded_do_command(NET * net)
 {
-    THD * thd = (THD *) net ->vio;
+  THD * thd = (THD *) net ->vio;
-    do_command(thd);	
+  do_command(thd);	
-    return 0;
+  return 0;
 }
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -677,9 +677,7 @@ static sig_handler print_signal_warning(int sig)
 void unireg_end(int signal_number __attribute__((unused)))
 {
  clean_up();
-#if defined(EMBEDDED_LIBRARY)
+#ifndef EMBEDDED_LIBRARY
-  exit(0);			// XXX QQ: this is a temporary hack (I hope)
-#else
  pthread_exit(0);				// Exit is in main thread
 #endif
 }

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -205,17 +205,20 @@ int  acl_init(bool dont_read_acl_tables)
    user.password=get_field(&mem, table,2);
 #ifdef HAVE_OPENSSL
    DBUG_PRINT("info",("table->fields=%d",table->fields));
-    if (table->fields >= 21) { /* From 4.0.0 we have more fields */
+    if (table->fields >= 21)      /* From 4.0.0 we have more fields */
-      if(!strcmp(get_field(&mem, table,17),"ANY"))
+    { 
+      char *ssl_type=get_field(&mem, table,17);
+      if (!strcmp(ssl_type, "ANY"))
 	user.ssl_type=SSL_TYPE_ANY;
-      else if(!strcmp(get_field(&mem, table,17),"X509"))
+      else if (!strcmp(ssl_type, "X509"))
 	user.ssl_type=SSL_TYPE_X509;
-      else if(!strcmp(get_field(&mem, table,17),"SPECIFIED"))
+      else if (!strcmp(ssl_type, "SPECIFIED"))
 	user.ssl_type=SSL_TYPE_SPECIFIED;
-      else user.ssl_type=SSL_TYPE_NONE;
+      else
-      user.ssl_cipher=get_field(&mem, table,18);
+	user.ssl_type=SSL_TYPE_NONE;
-      user.x509_issuer=get_field(&mem, table,19);
+      user.ssl_cipher=get_field(&mem, table, 18);
-      user.x509_subject=get_field(&mem, table,20);
+      user.x509_issuer=get_field(&mem, table, 19);
+      user.x509_subject=get_field(&mem, table, 20);
    }
 #endif /* HAVE_OPENSSL */
    if (user.password && (length=(uint) strlen(user.password)) == 8 &&
@@ -447,82 +450,87 @@ uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 			     (my_bool) old_ver)))
 	{
 #ifdef HAVE_OPENSSL
-#define vio (thd->net.vio)
+	  Vio *vio=thd->net.vio;
-          /* In this point we know that user is allowed to connect 
+          /*
-	   * from given host by given username/password pair. Now 
+	    In this point we know that user is allowed to connect 
-	   * we check if SSL is required, if user is using SSL and 
+	    from given host by given username/password pair. Now 
-	   * if X509 certificate attributes are OK 
+	    we check if SSL is required, if user is using SSL and 
-	   */
+	    if X509 certificate attributes are OK 
+	  */
          switch(acl_user->ssl_type) {
          case SSL_TYPE_NONE: /* SSL is not required to connect */
-	       user_access=acl_user->access;
+	    user_access=acl_user->access;
-	       break;
+	    break;
 	  case SSL_TYPE_ANY: /* Any kind of SSL is good enough */
- 	       if(vio_type(vio) == VIO_TYPE_SSL)
+	    if (vio_type(vio) == VIO_TYPE_SSL)
-		 user_access=acl_user->access;
+	      user_access=acl_user->access;
-	       break;
+	    break;
 	  case SSL_TYPE_X509: /* Client should have any valid certificate. */
-	       /* Connections with non-valid certificates are dropped already 
+	    /*
-		* in sslaccept() anyway, so we do not check validity here. 
+	      Connections with non-valid certificates are dropped already 
-		*/
+	      in sslaccept() anyway, so we do not check validity here. 
-               if(SSL_get_peer_certificate(vio->ssl_))
+	    */
-		 user_access=acl_user->access;
+	    if (SSL_get_peer_certificate(vio->ssl_))
-               break;
+	      user_access=acl_user->access;
-	  case SSL_TYPE_SPECIFIED: /* Client should have attributes as specified */
+	    break;
-	       /* We do not check for absence of SSL because without SSL it does not
+	  case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
-		* pass all checks here anyway. 
+	    /*
-		*/
+	      We do not check for absence of SSL because without SSL it does
-	       /* If cipher name is specified, we compare it to actual cipher in use */
+	      not pass all checks here anyway.
-	       if(acl_user->ssl_cipher)
+	      If cipher name is specified, we compare it to actual cipher in
-		 DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
+	      use.
-				acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)));
+	    */
-	         if(!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)))
+	    if (acl_user->ssl_cipher)
-		   user_access=acl_user->access;
+	      DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
-	         else
+				 acl_user->ssl_cipher,
-		 {
+				 SSL_get_cipher(vio->ssl_)));
-		   user_access=NO_ACCESS;
+	    if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)))
-                   break;
+	      user_access=acl_user->access;
-		 }
+	    else
-               /* Prepare certificate (if exists) */
+	    {
-       	       DBUG_PRINT("info",("checkpoint 1"));
+	      user_access=NO_ACCESS;
-               X509* cert=SSL_get_peer_certificate(vio->ssl_);
+	      break;
-       	       DBUG_PRINT("info",("checkpoint 2"));
+	    }
-	       /* If X509 issuer is speified, we check it... */
+	    /* Prepare certificate (if exists) */
- 	       if(acl_user->x509_issuer) 
+	    DBUG_PRINT("info",("checkpoint 1"));
-	       {
+	    X509* cert=SSL_get_peer_certificate(vio->ssl_);
-       	         DBUG_PRINT("info",("checkpoint 3"));
+	    DBUG_PRINT("info",("checkpoint 2"));
-		 ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
+	    /* If X509 issuer is speified, we check it... */
-		 DBUG_PRINT("info",("comparing issuers: '%s' and '%s'",
+	    if (acl_user->x509_issuer) 
-				acl_user->x509_issuer, ptr));
+	    {
-                 if(!strcmp(acl_user->x509_issuer,ptr))
+	      DBUG_PRINT("info",("checkpoint 3"));
-                   user_access=acl_user->access;
+	      ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
-	         else 
+	      DBUG_PRINT("info",("comparing issuers: '%s' and '%s'",
-		 {
+				 acl_user->x509_issuer, ptr));
-		   user_access=NO_ACCESS;
+	      if (!strcmp(acl_user->x509_issuer,ptr))
-		   free(ptr);
+		user_access=acl_user->access;
-		   break;
+	      else 
-		 }
+	      {
-		 free(ptr);
+		user_access=NO_ACCESS;
-	       }
+		free(ptr);
-       	       DBUG_PRINT("info",("checkpoint 4"));
+		break;
-	       /* X509 subject is specified, we check it .. */
+	      }
-	       if(acl_user->x509_subject)
+	      free(ptr);
-	       {
+	    }
-		 ptr = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
+	    DBUG_PRINT("info",("checkpoint 4"));
-		 DBUG_PRINT("info",("comparing subjects: '%s' and '%s'",
+	    /* X509 subject is specified, we check it .. */
-				acl_user->x509_subject, ptr));
+	    if (acl_user->x509_subject)
-	         if(!strcmp(acl_user->x509_subject,ptr))
+	    {
-	           user_access=acl_user->access;
+	      ptr = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
-	         else 
+	      DBUG_PRINT("info",("comparing subjects: '%s' and '%s'",
-		 {
+				 acl_user->x509_subject, ptr));
-		   user_access=NO_ACCESS;
+	      if (!strcmp(acl_user->x509_subject,ptr))
-		   free(ptr);
+		user_access=acl_user->access;
-	           break;
+	      else 
-	         }
+	      {
-		 free(ptr);
+		user_access=NO_ACCESS;
-	       }
+		free(ptr);
-       	       DBUG_PRINT("info",("checkpoint 5"));
+		break;
-	       break;
+	      }
+	      free(ptr);
+	    }
+	    DBUG_PRINT("info",("checkpoint 5"));
+	    break;
 	  }
       	       DBUG_PRINT("info",("checkpoint 6"));
 #else  /* HAVE_OPENSSL */
@@ -557,12 +565,10 @@ static byte* check_get_key(ACL_USER *buff,uint *length,
 static void acl_update_user(const char *user, const char *host,
 			    const char *password, 
-#ifdef HAVE_OPENSSL
 			    enum SSL_type ssl_type,
 			    const char *ssl_cipher,
 			    const char *x509_issuer,
 			    const char *x509_subject,
-#endif /* HAVE_OPENSSL */
 			    uint privileges)
 {
  for (uint i=0 ; i < acl_users.elements ; i++)
@@ -601,12 +607,10 @@ static void acl_update_user(const char *user, const char *host,
 static void acl_insert_user(const char *user, const char *host,
 			    const char *password, 
-#ifdef HAVE_OPENSSL
 			    enum SSL_type ssl_type,
 			    const char *ssl_cipher,
 			    const char *x509_issuer,
 			    const char *x509_subject,
-#endif /* HAVE_OPENSSL */
 			    uint privileges)
 {
  ACL_USER acl_user;
@@ -1158,37 +1162,35 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
  rights=get_access(table,3);
 #ifdef HAVE_OPENSSL
  /* We write down SSL related ACL stuff */
-    DBUG_PRINT("info",("table->fields=%d",table->fields));
+  DBUG_PRINT("info",("table->fields=%d",table->fields));
-    if (table->fields >= 21) { /* From 4.0.0 we have more fields */
+  if (table->fields >= 21)		/* From 4.0.0 we have more fields */
-      switch (thd->lex.ssl_type) {
+  { 
-      case SSL_TYPE_ANY:
+    table->field[18]->store("",0);
-        table->field[17]->store("ANY",3);
+    table->field[19]->store("",0);
-        table->field[18]->store("",0);
+    table->field[20]->store("",0);
-        table->field[19]->store("",0);
+    switch (thd->lex.ssl_type) {
-        table->field[20]->store("",0);
+    case SSL_TYPE_ANY:
-        break;
+      table->field[17]->store("ANY",3);
-      case SSL_TYPE_X509:
+      break;
-        table->field[17]->store("X509",4);
+    case SSL_TYPE_X509:
-        table->field[18]->store("",0);
+      table->field[17]->store("X509",4);
-        table->field[19]->store("",0);
+      break;
-        table->field[20]->store("",0);
+    case SSL_TYPE_SPECIFIED:
-        break;
+      table->field[17]->store("SPECIFIED",9);
-      case SSL_TYPE_SPECIFIED:
+      if (thd->lex.ssl_cipher)
-        table->field[17]->store("SPECIFIED",9);
+	table->field[18]->store(thd->lex.ssl_cipher,
-	if(thd->lex.ssl_cipher)
+				strlen(thd->lex.ssl_cipher));
-          table->field[18]->store(thd->lex.ssl_cipher,strlen(thd->lex.ssl_cipher));
+      if (thd->lex.x509_issuer)
-	if(thd->lex.x509_issuer)
+	table->field[19]->store(thd->lex.x509_issuer,
-          table->field[19]->store(thd->lex.x509_issuer,strlen(thd->lex.x509_issuer));
+				strlen(thd->lex.x509_issuer));
-	if(thd->lex.x509_subject)
+      if (thd->lex.x509_subject)
-          table->field[20]->store(thd->lex.x509_subject,strlen(thd->lex.x509_subject));
+	table->field[20]->store(thd->lex.x509_subject,
-        break;
+				strlen(thd->lex.x509_subject));
-      default:
+      break;
-        table->field[17]->store("NONE",4);
+    default:
-        table->field[18]->store("",0);
+      table->field[17]->store("NONE",4);
-        table->field[19]->store("",0);
-        table->field[20]->store("",0);
-      }
    }
+  }
 #endif /* HAVE_OPENSSL */
  if (old_row_exists)
  {
@@ -1216,7 +1218,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
  }
  error=0;					// Privileges granted / revoked
- end:
+end:
  if (!error)
  {
    acl_cache->clear(1);			// Clear privilege cache
@@ -1224,22 +1226,18 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
      password=0;				// No password given on command
    if (old_row_exists)
      acl_update_user(combo.user.str,combo.host.str,password,
-#ifdef HAVE_OPENSSL
+		      thd->lex.ssl_type,
-	        thd->lex.ssl_type,
+		      thd->lex.ssl_cipher,
-                thd->lex.ssl_cipher,
+		      thd->lex.x509_issuer,
-	        thd->lex.x509_issuer,
+		      thd->lex.x509_subject,
-	        thd->lex.x509_subject,
+		      rights);
-#endif /* HAVE_OPENSSL */
-	        rights);
    else
      acl_insert_user(combo.user.str,combo.host.str,password,
-#ifdef HAVE_OPENSSL
+		      thd->lex.ssl_type,
-		thd->lex.ssl_type,
+		      thd->lex.ssl_cipher,
-		thd->lex.ssl_cipher,
+		      thd->lex.x509_issuer,
-		thd->lex.x509_issuer,
+		      thd->lex.x509_subject,
-		thd->lex.x509_subject,
+		      rights);
-#endif /* HAVE_OPENSSL */
-		rights);
  }
  table->file->index_end();
  DBUG_RETURN(error);
@@ -2591,30 +2589,33 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
      global.append('\'');
    }
 #ifdef HAVE_OPENSSL    
-/* "show grants" SSL related stuff */
+    /* "show grants" SSL related stuff */
-    if(acl_user->ssl_type==SSL_TYPE_ANY)
+    if (acl_user->ssl_type == SSL_TYPE_ANY)
      global.append(" REQUIRE SSL",12);
-    else if(acl_user->ssl_type==SSL_TYPE_X509)       
+    else if (acl_user->ssl_type==SSL_TYPE_X509)       
      global.append(" REQUIRE X509",13);
-    else if(acl_user->ssl_type==SSL_TYPE_SPECIFIED)       
+    else if (acl_user->ssl_type==SSL_TYPE_SPECIFIED)       
    {
      global.append(" REQUIRE ",9);
-      if(acl_user->x509_issuer) {
+      if (acl_user->x509_issuer)
-        if(ssl_options++)
+      {
+        if (ssl_options++)
          global.append(" AND ",5);
        global.append("ISSUER \"",8);
        global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer));
        global.append("\"",1);
      }
-      if(acl_user->x509_subject) {
+      if (acl_user->x509_subject)
-        if(ssl_options++)
+      {
+        if (ssl_options++)
          global.append(" AND ",5);
        global.append("SUBJECT \"",9);
        global.append(acl_user->x509_subject,strlen(acl_user->x509_subject));
        global.append("\"",1);
      }
-      if(acl_user->ssl_cipher) {
+      if (acl_user->ssl_cipher)
-        if(ssl_options++)
+      {
+        if (ssl_options++)
          global.append(" AND ",5);
        global.append("CIPHER \"",8);
        global.append(acl_user->ssl_cipher,strlen(acl_user->ssl_cipher));