Systems for MySQLThe world's most popular open source database
mysql/src/5.1-dbg/sql/sql_acl.cc File Reference
#include "mysql_priv.h"#include "hash_filo.h"#include <m_ctype.h>#include <stdarg.h>#include "sp_head.h"#include "sp.h"Include dependency graph for sql_acl.cc:
Go to the source code of this file.
Classes | |
| class | acl_entry |
| class | GRANT_COLUMN |
| class | GRANT_NAME |
| class | GRANT_TABLE |
Defines | |
| #define | FIRST_NON_YN_FIELD 26 |
| #define | IP_ADDR_STRLEN (3+1+3+1+3+1+3) |
| #define | ACL_KEY_LENGTH (IP_ADDR_STRLEN+1+NAME_LEN+1+USERNAME_LENGTH+1) |
| #define | GRANT_TABLES 5 |
Functions | |
| static byte * | acl_entry_get_key (acl_entry *entry, uint *length, my_bool not_used __attribute__((unused))) |
| static ulong | get_access (TABLE *form, uint fieldnr, uint *next_field=0) |
| static int | acl_compare (ACL_ACCESS *a, ACL_ACCESS *b) |
| static ulong | get_sort (uint count,...) |
| static void | init_check_host (void) |
| static void | rebuild_check_host (void) |
| static ACL_USER * | find_acl_user (const char *host, const char *user, my_bool exact) |
| static bool | update_user_table (THD *thd, TABLE *table, const char *host, const char *user, const char *new_password, uint new_password_len) |
| static void | update_hostname (acl_host_and_ip *host, const char *hostname) |
| static bool | compare_hostname (const acl_host_and_ip *host, const char *hostname, const char *ip) |
| static my_bool | acl_load (THD *thd, TABLE_LIST *tables) |
| static my_bool | grant_load (TABLE_LIST *tables) |
| static void | set_user_salt (ACL_USER *acl_user, const char *password, uint password_len) |
| static void | restrict_update_of_old_passwords_var (THD *thd, enum_var_type var_type) |
| my_bool | acl_init (bool dont_read_acl_tables) |
| void | acl_free (bool end) |
| my_bool | acl_reload (THD *thd) |
| int | acl_getroot (THD *thd, USER_RESOURCES *mqh, const char *passwd, uint passwd_len) |
| bool | acl_getroot_no_password (Security_context *sctx, char *user, char *host, char *ip, char *db) |
| static byte * | check_get_key (ACL_USER *buff, uint *length, my_bool not_used __attribute__((unused))) |
| static void | acl_update_user (const char *user, const char *host, const char *password, uint password_len, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, ulong privileges) |
| static void | acl_insert_user (const char *user, const char *host, const char *password, uint password_len, enum SSL_type ssl_type, const char *ssl_cipher, const char *x509_issuer, const char *x509_subject, USER_RESOURCES *mqh, ulong privileges) |
| static void | acl_update_db (const char *user, const char *host, const char *db, ulong privileges) |
| static void | acl_insert_db (const char *user, const char *host, const char *db, ulong privileges) |
| ulong | acl_get (const char *host, const char *ip, const char *user, const char *db, my_bool db_is_pattern) |
| bool | acl_check_host (const char *host, const char *ip) |
| bool | check_change_password (THD *thd, const char *host, const char *user, char *new_password, uint new_password_len) |
| bool | change_password (THD *thd, const char *host, const char *user, char *new_password) |
| bool | is_acl_user (const char *host, const char *user) |
| static const char * | calc_ip (const char *ip, long *val, char end) |
| bool | hostname_requires_resolving (const char *hostname) |
| static bool | test_if_create_new_users (THD *thd) |
| static int | replace_user_table (THD *thd, TABLE *table, const LEX_USER &combo, ulong rights, bool revoke_grant, bool can_create_user, bool no_auto_create) |
| static int | replace_db_table (TABLE *table, const char *db, const LEX_USER &combo, ulong rights, bool revoke_grant) |
| static byte * | get_key_column (GRANT_COLUMN *buff, uint *length, my_bool not_used __attribute__((unused))) |
| static byte * | get_grant_table (GRANT_NAME *buff, uint *length, my_bool not_used __attribute__((unused))) |
| void | free_grant_table (GRANT_TABLE *grant_table) |
| static GRANT_NAME * | name_hash_search (HASH *name_hash, const char *host, const char *ip, const char *db, const char *user, const char *tname, bool exact) |
| GRANT_NAME * | routine_hash_search (const char *host, const char *ip, const char *db, const char *user, const char *tname, bool proc, bool exact) |
| GRANT_TABLE * | table_hash_search (const char *host, const char *ip, const char *db, const char *user, const char *tname, bool exact) |
| GRANT_COLUMN * | column_hash_search (GRANT_TABLE *t, const char *cname, uint length) |
| static int | replace_column_table (GRANT_TABLE *g_t, TABLE *table, const LEX_USER &combo, List< LEX_COLUMN > &columns, const char *db, const char *table_name, ulong rights, bool revoke_grant) |
| static int | replace_table_table (THD *thd, GRANT_TABLE *grant_table, TABLE *table, const LEX_USER &combo, const char *db, const char *table_name, ulong rights, ulong col_rights, bool revoke_grant) |
| static int | replace_routine_table (THD *thd, GRANT_NAME *grant_name, TABLE *table, const LEX_USER &combo, const char *db, const char *routine_name, bool is_proc, ulong rights, bool revoke_grant) |
| bool | mysql_table_grant (THD *thd, TABLE_LIST *table_list, List< LEX_USER > &user_list, List< LEX_COLUMN > &columns, ulong rights, bool revoke_grant) |
| bool | mysql_routine_grant (THD *thd, TABLE_LIST *table_list, bool is_proc, List< LEX_USER > &user_list, ulong rights, bool revoke_grant, bool no_error) |
| bool | mysql_grant (THD *thd, const char *db, List< LEX_USER > &list, ulong rights, bool revoke_grant) |
| void | grant_free (void) |
| my_bool | grant_init () |
| my_bool | grant_reload (THD *thd) |
| bool | check_grant (THD *thd, ulong want_access, TABLE_LIST *tables, uint show_table, uint number, bool no_errors) |
| bool | check_grant_column (THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *name, uint length, Security_context *sctx) |
| bool | check_column_grant_in_table_ref (THD *thd, TABLE_LIST *table_ref, const char *name, uint length) |
| bool | check_grant_all_columns (THD *thd, ulong want_access, GRANT_INFO *grant, const char *db_name, const char *table_name, Field_iterator *fields) |
| bool | check_grant_db (THD *thd, const char *db) |
| bool | check_grant_routine (THD *thd, ulong want_access, TABLE_LIST *procs, bool is_proc, bool no_errors) |
| bool | check_routine_level_acl (THD *thd, const char *db, const char *name, bool is_proc) |
| ulong | get_table_grant (THD *thd, TABLE_LIST *table) |
| ulong | get_column_grant (THD *thd, GRANT_INFO *grant, const char *db_name, const char *table_name, const char *field_name) |
| static void | add_user_option (String *grant, ulong value, const char *name) |
| static int | show_routine_grants (THD *thd, LEX_USER *lex_user, HASH *hash, const char *type, int typelen, char *buff, int buffsize) |
| bool | mysql_show_grants (THD *thd, LEX_USER *lex_user) |
| void | get_privilege_desc (char *to, uint max_length, ulong access) |
| void | get_mqh (const char *user, const char *host, USER_CONN *uc) |
| int | open_grant_tables (THD *thd, TABLE_LIST *tables) |
| ACL_USER * | check_acl_user (LEX_USER *user_name, uint *acl_acl_userdx) |
| static int | modify_grant_table (TABLE *table, Field *host_field, Field *user_field, LEX_USER *user_to) |
| static int | handle_grant_table (TABLE_LIST *tables, uint table_no, bool drop, LEX_USER *user_from, LEX_USER *user_to) |
| static int | handle_grant_struct (uint struct_no, bool drop, LEX_USER *user_from, LEX_USER *user_to) |
| static int | handle_grant_data (TABLE_LIST *tables, bool drop, LEX_USER *user_from, LEX_USER *user_to) |
| static void | append_user (String *str, LEX_USER *user) |
| bool | mysql_create_user (THD *thd, List< LEX_USER > &list) |
| bool | mysql_drop_user (THD *thd, List< LEX_USER > &list) |
| bool | mysql_rename_user (THD *thd, List< LEX_USER > &list) |
| bool | mysql_revoke_all (THD *thd, List< LEX_USER > &list) |
| bool | sp_revoke_privileges (THD *thd, const char *sp_db, const char *sp_name, bool is_proc) |
| bool | sp_grant_privileges (THD *thd, const char *sp_db, const char *sp_name, bool is_proc) |
| int | wild_case_compare (CHARSET_INFO *cs, const char *str, const char *wildstr) |
| void | update_schema_privilege (TABLE *table, char *buff, const char *db, const char *t_name, const char *column, uint col_length, const char *priv, uint priv_length, const char *is_grantable) |
| int | fill_schema_user_privileges (THD *thd, TABLE_LIST *tables, COND *cond) |
| int | fill_schema_schema_privileges (THD *thd, TABLE_LIST *tables, COND *cond) |
| int | fill_schema_table_privileges (THD *thd, TABLE_LIST *tables, COND *cond) |
| int | fill_schema_column_privileges (THD *thd, TABLE_LIST *tables, COND *cond) |
| void | fill_effective_table_privileges (THD *thd, GRANT_INFO *grant, const char *db, const char *table) |
Variables | |
| time_t | mysql_db_table_last_check = 0L |
| TABLE_FIELD_W_TYPE | mysql_db_table_fields [MYSQL_DB_FIELD_COUNT] |
| static DYNAMIC_ARRAY | acl_hosts |
| static DYNAMIC_ARRAY | acl_users |
| static DYNAMIC_ARRAY | acl_dbs |
| static MEM_ROOT | mem |
| static MEM_ROOT | memex |
| static bool | initialized = 0 |
| static bool | allow_all_hosts = 1 |
| static HASH | acl_check_hosts |
| static HASH | column_priv_hash |
| static HASH | proc_priv_hash |
| static HASH | func_priv_hash |
| static DYNAMIC_ARRAY | acl_wild_hosts |
| static hash_filo * | acl_cache |
| static uint | grant_version = 0 |
| static const char * | command_array [] |
| static uint | command_lengths [] |
Define Documentation
| #define ACL_KEY_LENGTH (IP_ADDR_STRLEN+1+NAME_LEN+1+USERNAME_LENGTH+1) |
| #define FIRST_NON_YN_FIELD 26 |
Definition at line 153 of file sql_acl.cc.
| #define GRANT_TABLES 5 |
Definition at line 4785 of file sql_acl.cc.
Referenced by mysql_create_user(), mysql_drop_user(), mysql_rename_user(), mysql_revoke_all(), open_grant_tables(), and sp_revoke_privileges().
| #define IP_ADDR_STRLEN (3+1+3+1+3+1+3) |
Definition at line 171 of file sql_acl.cc.
Function Documentation
| bool acl_check_host | ( | const char * | host, | |
| const char * | ip | |||
| ) |
Definition at line 1469 of file sql_acl.cc.
References acl_cache, acl_check_hosts, acl_wild_hosts, allow_all_hosts, compare_hostname(), dynamic_element, st_dynamic_array::elements, hash_search(), hash_filo::lock, pthread_mutex_lock, pthread_mutex_unlock, strlen(), and VOID.
Referenced by check_connection().
01470 { 01471 if (allow_all_hosts) 01472 return 0; 01473 VOID(pthread_mutex_lock(&acl_cache->lock)); 01474 01475 if (host && hash_search(&acl_check_hosts,(byte*) host,(uint) strlen(host)) || 01476 ip && hash_search(&acl_check_hosts,(byte*) ip,(uint) strlen(ip))) 01477 { 01478 VOID(pthread_mutex_unlock(&acl_cache->lock)); 01479 return 0; // Found host 01480 } 01481 for (uint i=0 ; i < acl_wild_hosts.elements ; i++) 01482 { 01483 acl_host_and_ip *acl=dynamic_element(&acl_wild_hosts,i,acl_host_and_ip*); 01484 if (compare_hostname(acl, host, ip)) 01485 { 01486 VOID(pthread_mutex_unlock(&acl_cache->lock)); 01487 return 0; // Host ok 01488 } 01489 } 01490 VOID(pthread_mutex_unlock(&acl_cache->lock)); 01491 return 1; // Host is not allowed 01492 }
Here is the call graph for this function:
Here is the caller graph for this function:
| static int acl_compare | ( | ACL_ACCESS * | a, | |
| ACL_ACCESS * | b | |||
| ) | [static] |
Definition at line 820 of file sql_acl.cc.
References ACL_ACCESS::sort.
Referenced by acl_insert_db(), acl_insert_user(), and acl_load().
00821 { 00822 if (a->sort > b->sort) 00823 return -1; 00824 if (a->sort < b->sort) 00825 return 1; 00826 return 0; 00827 }
Here is the caller graph for this function:
| static byte* acl_entry_get_key | ( | acl_entry * | entry, | |
| uint * | length, | |||
| my_bool not_used | __attribute__((unused)) | |||
| ) | [static] |
Definition at line 164 of file sql_acl.cc.
Referenced by acl_init().
Here is the caller graph for this function:
| void acl_free | ( | bool | end | ) |
Definition at line 630 of file sql_acl.cc.
References acl_cache, acl_check_hosts, acl_dbs, acl_hosts, acl_users, acl_wild_hosts, hash_filo::clear(), delete_dynamic(), free_root(), hash_free(), mem, and MYF.
Referenced by acl_reload(), and clean_up().
00631 { 00632 free_root(&mem,MYF(0)); 00633 delete_dynamic(&acl_hosts); 00634 delete_dynamic(&acl_users); 00635 delete_dynamic(&acl_dbs); 00636 delete_dynamic(&acl_wild_hosts); 00637 hash_free(&acl_check_hosts); 00638 if (!end) 00639 acl_cache->clear(1); /* purecov: inspected */ 00640 else 00641 { 00642 delete acl_cache; 00643 acl_cache=0; 00644 } 00645 }
Here is the call graph for this function:
Here is the caller graph for this function:
| ulong acl_get | ( | const char * | host, | |
| const char * | ip, | |||
| const char * | user, | |||
| const char * | db, | |||
| my_bool | db_is_pattern | |||
| ) |
Definition at line 1319 of file sql_acl.cc.
References acl_cache, acl_dbs, ACL_KEY_LENGTH, compare_hostname(), DBUG_ENTER, DBUG_PRINT, DBUG_RETURN, dynamic_element, st_dynamic_array::elements, exit, files_charset_info, key, key_length, hash_filo::lock, lower_case_table_names, my_casedn_str, pthread_mutex_lock, pthread_mutex_unlock, hash_filo::search(), strcmp(), strmov(), VOID, and wild_compare().
Referenced by check_access(), fill_effective_table_privileges(), fill_schema_shemata(), get_all_tables(), mysql_change_db(), mysqld_show_create_db(), and test_if_create_new_users().
01321 { 01322 ulong host_access= ~(ulong)0, db_access= 0; 01323 uint i,key_length; 01324 char key[ACL_KEY_LENGTH],*tmp_db,*end; 01325 acl_entry *entry; 01326 DBUG_ENTER("acl_get"); 01327 01328 VOID(pthread_mutex_lock(&acl_cache->lock)); 01329 end=strmov((tmp_db=strmov(strmov(key, ip ? ip : "")+1,user)+1),db); 01330 if (lower_case_table_names) 01331 { 01332 my_casedn_str(files_charset_info, tmp_db); 01333 db=tmp_db; 01334 } 01335 key_length=(uint) (end-key); 01336 if (!db_is_pattern && (entry=(acl_entry*) acl_cache->search(key,key_length))) 01337 { 01338 db_access=entry->access; 01339 VOID(pthread_mutex_unlock(&acl_cache->lock)); 01340 DBUG_PRINT("exit", ("access: 0x%lx", db_access)); 01341 DBUG_RETURN(db_access); 01342 } 01343 01344 /* 01345 Check if there are some access rights for database and user 01346 */ 01347 for (i=0 ; i < acl_dbs.elements ; i++) 01348 { 01349 ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*); 01350 if (!acl_db->user || !strcmp(user,acl_db->user)) 01351 { 01352 if (compare_hostname(&acl_db->host,host,ip)) 01353 { 01354 if (!acl_db->db || !wild_compare(db,acl_db->db,db_is_pattern)) 01355 { 01356 db_access=acl_db->access; 01357 if (acl_db->host.hostname) 01358 goto exit; // Fully specified. Take it 01359 break; /* purecov: tested */ 01360 } 01361 } 01362 } 01363 } 01364 if (!db_access) 01365 goto exit; // Can't be better 01366 01367 /* 01368 No host specified for user. Get hostdata from host table 01369 */ 01370 host_access=0; // Host must be found 01371 for (i=0 ; i < acl_hosts.elements ; i++) 01372 { 01373 ACL_HOST *acl_host=dynamic_element(&acl_hosts,i,ACL_HOST*); 01374 if (compare_hostname(&acl_host->host,host,ip)) 01375 { 01376 if (!acl_host->db || !wild_compare(db,acl_host->db,db_is_pattern)) 01377 { 01378 host_access=acl_host->access; // Fully specified. Take it 01379 break; 01380 } 01381 } 01382 } 01383 exit: 01384 /* Save entry in cache for quick retrieval */ 01385 if (!db_is_pattern && 01386 (entry= (acl_entry*) malloc(sizeof(acl_entry)+key_length))) 01387 { 01388 entry->access=(db_access & host_access); 01389 entry->length=key_length; 01390 memcpy((gptr) entry->key,key,key_length); 01391 acl_cache->add(entry); 01392 } 01393 VOID(pthread_mutex_unlock(&acl_cache->lock)); 01394 DBUG_PRINT("exit", ("access: 0x%lx", db_access & host_access)); 01395 DBUG_RETURN(db_access & host_access); 01396 }
Here is the call graph for this function:
Here is the caller graph for this function:
| int acl_getroot | ( | THD * | thd, | |
| USER_RESOURCES * | mqh, | |||
| const char * | passwd, | |||
| uint | passwd_len | |||
| ) |
Definition at line 862 of file sql_acl.cc.
References acl_cache, acl_users, bzero, check_scramble(), check_scramble_323(), compare_hostname(), DBUG_ENTER, DBUG_RETURN, dynamic_element, st_dynamic_array::elements, hash_filo::lock, NO_ACCESS, pthread_mutex_lock, SCRAMBLE_LENGTH, strcmp(), and VOID.
Referenced by check_user().
00864 { 00865 ulong user_access= NO_ACCESS; 00866 int res= 1; 00867 ACL_USER *acl_user= 0; 00868 Security_context *sctx= thd->security_ctx; 00869 DBUG_ENTER("acl_getroot"); 00870 00871 if (!initialized) 00872 { 00873 /* 00874 here if mysqld's been started with --skip-grant-tables option. 00875 */ 00876 sctx->skip_grants(); 00877 bzero((char*) mqh, sizeof(*mqh)); 00878 DBUG_RETURN(0); 00879 } 00880 00881 VOID(pthread_mutex_lock(&acl_cache->lock)); 00882 00883 /* 00884 Find acl entry in user database. Note, that find_acl_user is not the same, 00885 because it doesn't take into account the case when user is not empty, 00886 but acl_user->user is empty 00887 */ 00888 00889 for (uint i=0 ; i < acl_users.elements ; i++) 00890 { 00891 ACL_USER *acl_user_tmp= dynamic_element(&acl_users,i,ACL_USER*); 00892 if (!acl_user_tmp->user || !strcmp(sctx->user, acl_user_tmp->user)) 00893 { 00894 if (compare_hostname(&acl_user_tmp->host, sctx->host, sctx->ip)) 00895 { 00896 /* check password: it should be empty or valid */ 00897 if (passwd_len == acl_user_tmp->salt_len) 00898 { 00899 if (acl_user_tmp->salt_len == 0 || 00900 (acl_user_tmp->salt_len == SCRAMBLE_LENGTH ? 00901 check_scramble(passwd, thd->scramble, acl_user_tmp->salt) : 00902 check_scramble_323(passwd, thd->scramble, 00903 (ulong *) acl_user_tmp->salt)) == 0) 00904 { 00905 acl_user= acl_user_tmp; 00906 res= 0; 00907 } 00908 } 00909 else if (passwd_len == SCRAMBLE_LENGTH && 00910 acl_user_tmp->salt_len == SCRAMBLE_LENGTH_323) 00911 res= -1; 00912 else if (passwd_len == SCRAMBLE_LENGTH_323 && 00913 acl_user_tmp->salt_len == SCRAMBLE_LENGTH) 00914 res= 2; 00915 /* linear search complete: */ 00916 break; 00917 } 00918 } 00919 } 00920 /* 00921 This was moved to separate tree because of heavy HAVE_OPENSSL case. 00922 If acl_user is not null, res is 0. 00923 */ 00924 00925 if (acl_user) 00926 { 00927 /* OK. User found and password checked continue validation */ 00928 #ifdef HAVE_OPENSSL 00929 Vio *vio=thd->net.vio; 00930 SSL *ssl= (SSL*) vio->ssl_arg; 00931 #endif 00932 00933 /* 00934 At this point we know that user is allowed to connect 00935 from given host by given username/password pair. Now 00936 we check if SSL is required, if user is using SSL and 00937 if X509 certificate attributes are OK 00938 */ 00939 switch (acl_user->ssl_type) { 00940 case SSL_TYPE_NOT_SPECIFIED: // Impossible 00941 case SSL_TYPE_NONE: // SSL is not required 00942 user_access= acl_user->access; 00943 break; 00944 #ifdef HAVE_OPENSSL 00945 case SSL_TYPE_ANY: // Any kind of SSL is ok 00946 if (vio_type(vio) == VIO_TYPE_SSL) 00947 user_access= acl_user->access; 00948 break; 00949 case SSL_TYPE_X509: /* Client should have any valid certificate. */ 00950 /* 00951 Connections with non-valid certificates are dropped already 00952 in sslaccept() anyway, so we do not check validity here. 00953 00954 We need to check for absence of SSL because without SSL 00955 we should reject connection. 00956 */ 00957 if (vio_type(vio) == VIO_TYPE_SSL && 00958 SSL_get_verify_result(ssl) == X509_V_OK && 00959 SSL_get_peer_certificate(ssl)) 00960 user_access= acl_user->access; 00961 break; 00962 case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */ 00963 /* 00964 We do not check for absence of SSL because without SSL it does 00965 not pass all checks here anyway. 00966 If cipher name is specified, we compare it to actual cipher in 00967 use. 00968 */ 00969 X509 *cert; 00970 if (vio_type(vio) != VIO_TYPE_SSL || 00971 SSL_get_verify_result(ssl) != X509_V_OK) 00972 break; 00973 if (acl_user->ssl_cipher) 00974 { 00975 DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'", 00976 acl_user->ssl_cipher,SSL_get_cipher(ssl))); 00977 if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(ssl))) 00978 user_access= acl_user->access; 00979 else 00980 { 00981 if (global_system_variables.log_warnings) 00982 sql_print_information("X509 ciphers mismatch: should be '%s' but is '%s'", 00983 acl_user->ssl_cipher, 00984 SSL_get_cipher(ssl)); 00985 break; 00986 } 00987 } 00988 /* Prepare certificate (if exists) */ 00989 DBUG_PRINT("info",("checkpoint 1")); 00990 if (!(cert= SSL_get_peer_certificate(ssl))) 00991 { 00992 user_access=NO_ACCESS; 00993 break; 00994 } 00995 DBUG_PRINT("info",("checkpoint 2")); 00996 /* If X509 issuer is specified, we check it... */ 00997 if (acl_user->x509_issuer) 00998 { 00999 DBUG_PRINT("info",("checkpoint 3")); 01000 char *ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); 01001 DBUG_PRINT("info",("comparing issuers: '%s' and '%s'", 01002 acl_user->x509_issuer, ptr)); 01003 if (strcmp(acl_user->x509_issuer, ptr)) 01004 { 01005 if (global_system_variables.log_warnings) 01006 sql_print_information("X509 issuer mismatch: should be '%s' " 01007 "but is '%s'", acl_user->x509_issuer, ptr); 01008 free(ptr); 01009 break; 01010 } 01011 user_access= acl_user->access; 01012 free(ptr); 01013 } 01014 DBUG_PRINT("info",("checkpoint 4")); 01015 /* X509 subject is specified, we check it .. */ 01016 if (acl_user->x509_subject) 01017 { 01018 char *ptr= X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); 01019 DBUG_PRINT("info",("comparing subjects: '%s' and '%s'", 01020 acl_user->x509_subject, ptr)); 01021 if (strcmp(acl_user->x509_subject,ptr)) 01022 { 01023 if (global_system_variables.log_warnings) 01024 sql_print_information("X509 subject mismatch: '%s' vs '%s'", 01025 acl_user->x509_subject, ptr); 01026 } 01027 else 01028 user_access= acl_user->access; 01029 free(ptr); 01030 } 01031 break; 01032 #else /* HAVE_OPENSSL */ 01033 default: 01034 /* 01035 If we don't have SSL but SSL is required for this user the 01036 authentication should fail. 01037 */ 01038 break; 01039 #endif /* HAVE_OPENSSL */ 01040 } 01041 sctx->master_access= user_access; 01042 sctx->priv_user= acl_user->user ? sctx->user : (char *) ""; 01043 *mqh= acl_user->user_resource; 01044 01045 if (acl_user->host.hostname) 01046 strmake(sctx->priv_host, acl_user->host.hostname, MAX_HOSTNAME); 01047 else 01048 *sctx->priv_host= 0; 01049 } 01050 VOID(pthread_mutex_unlock(&acl_cache->lock)); 01051 DBUG_RETURN(res); 01052 }
Here is the call graph for this function:
