Fix security bug. mysqld server without ssl support was completly

ignorant about ssl_type attribute sql/sql_acl.cc: Now acl_getroot() honors ssl_type attribute even if we compile without openssl BitKeeper/etc/logging_ok: Logging to logging@openlogging.org accepted
2025-07-30 16:24:05 +03:00 · 2003-07-23 18:50:18 +04:00
parent 9b675b8be0
commit af8d09ff47
2 changed files with 11 additions and 4 deletions
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -590,7 +590,6 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,

  /* OK. User found and password checked continue validation */

-#ifdef HAVE_OPENSSL
  {
    Vio *vio=thd->net.vio;
    /*
@ -604,6 +603,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
    case SSL_TYPE_NONE: /* SSL is not required to connect */
      user_access=acl_user->access;
      break;
+#ifdef HAVE_OPENSSL
    case SSL_TYPE_ANY: /* Any kind of SSL is good enough */
      if (vio_type(vio) == VIO_TYPE_SSL)
 	user_access=acl_user->access;
@ -686,11 +686,17 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	free(ptr);
      }
      break;
+#else /* HAVE_OPENSSL */
+    default: 
+      /*
+         If we don't have SSL but SSL is required for this user the 
+         authentication should fail.
+       */
+      break;
+#endif /* HAVE_OPENSSL */
    }
  }
-#else  /* HAVE_OPENSSL */
-  user_access=acl_user->access;
-#endif /* HAVE_OPENSSL */
+
  *mqh=acl_user->user_resource;
  if (!acl_user->user)
    *priv_user=(char*) "";	// Change to anonymous user /* purecov: inspected */