Merge salvation.intern.azundris.com:/home/tnurnberg/work/mysql-5.0-maint-20411

into  salvation.intern.azundris.com:/home/tnurnberg/work/mysql-5.0-maint-20987
parents a74c4c0d 10c351b1
...@@ -3,9 +3,12 @@ create table t1(f1 int); ...@@ -3,9 +3,12 @@ create table t1(f1 int);
insert into t1 values (5); insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL; grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com"; grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com"; grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
flush privileges; flush privileges;
connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)
SHOW STATUS LIKE 'Ssl_cipher'; SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA Ssl_cipher DHE-RSA-AES256-SHA
...@@ -39,7 +42,7 @@ f1 ...@@ -39,7 +42,7 @@ f1
delete from t1; delete from t1;
ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1' ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1'
drop user ssl_user1@localhost, ssl_user2@localhost, drop user ssl_user1@localhost, ssl_user2@localhost,
ssl_user3@localhost, ssl_user4@localhost; ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
drop table t1; drop table t1;
mysqltest: Could not open connection 'default': 2026 SSL connection error mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL connection error mysqltest: Could not open connection 'default': 2026 SSL connection error
......
...@@ -10,14 +10,18 @@ insert into t1 values (5); ...@@ -10,14 +10,18 @@ insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL; grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com"; grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com"; grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
flush privileges; flush privileges;
connect (con1,localhost,ssl_user1,,,,,SSL); connect (con1,localhost,ssl_user1,,,,,SSL);
connect (con2,localhost,ssl_user2,,,,,SSL); connect (con2,localhost,ssl_user2,,,,,SSL);
connect (con3,localhost,ssl_user3,,,,,SSL); connect (con3,localhost,ssl_user3,,,,,SSL);
connect (con4,localhost,ssl_user4,,,,,SSL); connect (con4,localhost,ssl_user4,,,,,SSL);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error 1045
connect (con5,localhost,ssl_user5,,,,,SSL);
connection con1; connection con1;
# Check ssl turned on # Check ssl turned on
...@@ -49,7 +53,7 @@ delete from t1; ...@@ -49,7 +53,7 @@ delete from t1;
connection default; connection default;
drop user ssl_user1@localhost, ssl_user2@localhost, drop user ssl_user1@localhost, ssl_user2@localhost,
ssl_user3@localhost, ssl_user4@localhost; ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
drop table t1; drop table t1;
......
...@@ -874,6 +874,7 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh, ...@@ -874,6 +874,7 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh,
sql_print_information("X509 issuer mismatch: should be '%s' " sql_print_information("X509 issuer mismatch: should be '%s' "
"but is '%s'", acl_user->x509_issuer, ptr); "but is '%s'", acl_user->x509_issuer, ptr);
free(ptr); free(ptr);
user_access=NO_ACCESS;
break; break;
} }
user_access= acl_user->access; user_access= acl_user->access;
...@@ -889,10 +890,12 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh, ...@@ -889,10 +890,12 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh,
if (strcmp(acl_user->x509_subject,ptr)) if (strcmp(acl_user->x509_subject,ptr))
{ {
if (global_system_variables.log_warnings) if (global_system_variables.log_warnings)
sql_print_information("X509 subject mismatch: '%s' vs '%s'", sql_print_information("X509 subject mismatch: should be '%s' but is '%s'",
acl_user->x509_subject, ptr); acl_user->x509_subject, ptr);
free(ptr);
user_access=NO_ACCESS;
break;
} }
else
user_access= acl_user->access; user_access= acl_user->access;
free(ptr); free(ptr);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment