Merge salvation.intern.azundris.com:/home/tnurnberg/work/mysql-5.0-maint-20411

into salvation.intern.azundris.com:/home/tnurnberg/work/mysql-5.0-maint-20987

Merge salvation.intern.azundris.com:/home/tnurnberg/work/mysql-5.0-maint-20411
into salvation.intern.azundris.com:/home/tnurnberg/work/mysql-5.0-maint-20987
f0793773 · tnurnberg@salvation.intern.azundris.com · a74c4c0d · 10c351b1 · f0793773 · f0793773
Commit f0793773 authored Aug 22, 2006 by tnurnberg@salvation.intern.azundris.com
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 9 deletions

mysql-test/r/openssl_1.result mysql-test/r/openssl_1.result +6 -3

mysql-test/t/openssl_1.test mysql-test/t/openssl_1.test +7 -3

sql/sql_acl.cc sql/sql_acl.cc +6 -3

No files found.
--- a/mysql-test/r/openssl_1.result
+++ b/mysql-test/r/openssl_1.result
@@ -3,9 +3,12 @@ create table t1(f1 int);
 insert into t1 values (5);
 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;
+connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
+ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)
 SHOW STATUS LIKE 'Ssl_cipher';
 Variable_name	Value
 Ssl_cipher	DHE-RSA-AES256-SHA
@@ -39,7 +42,7 @@ f1
 delete from t1;
 ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1'
 drop user ssl_user1@localhost, ssl_user2@localhost,
-ssl_user3@localhost, ssl_user4@localhost;
+ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
 drop table t1;
 mysqltest: Could not open connection 'default': 2026 SSL connection error
 mysqltest: Could not open connection 'default': 2026 SSL connection error

--- a/mysql-test/t/openssl_1.test
+++ b/mysql-test/t/openssl_1.test
@@ -10,14 +10,18 @@ insert into t1 values (5);

 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;

 connect (con1,localhost,ssl_user1,,,,,SSL);
 connect (con2,localhost,ssl_user2,,,,,SSL);
 connect (con3,localhost,ssl_user3,,,,,SSL);
 connect (con4,localhost,ssl_user4,,,,,SSL);
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+--error 1045
+connect (con5,localhost,ssl_user5,,,,,SSL);

 connection con1;
 # Check ssl turned on
@@ -49,7 +53,7 @@ delete from t1;

 connection default;
 drop user ssl_user1@localhost, ssl_user2@localhost,
-ssl_user3@localhost, ssl_user4@localhost;
+ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;

 drop table t1;


--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -874,6 +874,7 @@ int acl_getroot(THD *thd, USER_RESOURCES  *mqh,
            sql_print_information("X509 issuer mismatch: should be '%s' "
 			      "but is '%s'", acl_user->x509_issuer, ptr);
          free(ptr);
+          user_access=NO_ACCESS;
          break;
        }
        user_access= acl_user->access;
@@ -889,11 +890,13 @@ int acl_getroot(THD *thd, USER_RESOURCES  *mqh,
        if (strcmp(acl_user->x509_subject,ptr))
        {
          if (global_system_variables.log_warnings)
-            sql_print_information("X509 subject mismatch: '%s' vs '%s'",
+            sql_print_information("X509 subject mismatch: should be '%s' but is '%s'",
                            acl_user->x509_subject, ptr);
+          free(ptr);
+          user_access=NO_ACCESS;
+          break;
        }
-        else
-          user_access= acl_user->access;
+        user_access= acl_user->access;
        free(ptr);
      }
      break;