Fix security bug. mysqld server without ssl support was completly

ignorant about ssl_type attribute sql/sql_acl.cc: Now acl_getroot() honors ssl_type attribute even if we compile without openssl BitKeeper/etc/logging_ok: Logging to logging@openlogging.org accepted
2025-01-17 04:22:27 +01:00 · 2003-07-30 03:33:48 +04:00 · 2003-07-30 03:33:48 +04:00 · 880088ba50
commit 880088ba50
parent 17a6d749d4
2 changed files with 10 additions and 3 deletions
--- a/BitKeeper/etc/logging_ok
+++ b/BitKeeper/etc/logging_ok
@ -15,6 +15,7 @@ bell@laptop.sanja.is.com.ua
 bell@sanja.is.com.ua
 bk@admin.bk
 davida@isil.mysql.com
+dlenev@mysql.com
 gluh@gluh.(none)
 gluh@gluh.mysql.r18.ru
 greg@gcw.ath.cx
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -530,7 +530,6 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	     !check_scramble(password,message,acl_user->salt,
 			     (my_bool) old_ver)))
 	{
-#ifdef HAVE_OPENSSL
 	  Vio *vio=thd->net.vio;
 	  /*
 	    In this point we know that user is allowed to connect
@ -543,6 +542,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	  case SSL_TYPE_NONE: /* SSL is not required to connect */
 	    user_access=acl_user->access;
 	    break;
+#ifdef HAVE_OPENSSL
 	  case SSL_TYPE_ANY: /* Any kind of SSL is good enough */
 	    if (vio_type(vio) == VIO_TYPE_SSL)
 	      user_access=acl_user->access;
@ -625,10 +625,16 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	      }
 	      break;
 	    }
-	  }
 #else  /* HAVE_OPENSSL */
-	  user_access=acl_user->access;
+          default:
+            /*
+                If we don't have SSL but SSL is required for this user the 
+                authentication should fail.
+            */
+            break;
 #endif /* HAVE_OPENSSL */
+	  }
+          
 	  *mqh=acl_user->user_resource;
 	  if (!acl_user->user)
 	    *priv_user=(char*) "";	// Change to anonymous user /* purecov: inspected */