1 files changed, 46 insertions, 10 deletions

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 798cd78cab1..bc2222ffa48 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -61,6 +61,9 @@ public:
   uint hostname_length;
   char *user,*password;
   ulong salt[2];
+#ifdef HAVE_OPENSSL  
+  char *ssl_type, *ssl_cipher, *x509_issuer, *x509_subject;
+#endif  
 };
 
 class ACL_DB :public ACL_ACCESS
@@ -199,6 +202,15 @@ int  acl_init(bool dont_read_acl_tables)
     update_hostname(&user.host,get_field(&mem, table,0));
     user.user=get_field(&mem, table,1);
     user.password=get_field(&mem, table,2);
+#ifdef HAVE_OPENSSL
+    DBUG_PRINT("info",("table->fields=%d",table->fields));
+    if (table->fields >= 21) {
+      user.ssl_type=get_field(&mem, table,17);
+      user.ssl_cipher=get_field(&mem, table,18);
+      user.x509_issuer=get_field(&mem, table,19);
+      user.x509_subject=get_field(&mem, table,20);
+    }
+#endif    
     if (user.password && (length=(uint) strlen(user.password)) == 8 &&
 	protocol_version == PROTOCOL_VERSION)
     {
@@ -1003,10 +1015,10 @@ static int replace_user_table(TABLE *table, const LEX_USER &combo,
 	my_printf_error(ER_NONEXISTING_GRANT,ER(ER_NONEXISTING_GRANT),
 			MYF(0),combo.user.str,combo.host.str);
       else
-	my_printf_error(ER_NO_PERMISSON_TO_CREATE_USER,
-			ER(ER_NO_PERMISSON_TO_CREATE_USER),
+	my_printf_error(ER_NO_PERMISSION_TO_CREATE_USER,
+			ER(ER_NO_PERMISSION_TO_CREATE_USER),
 			MYF(0),thd->user,
-			thd->host ? thd->host : thd->ip ? thd->ip: "");
+			thd->host_or_ip);
       error= -1;
       goto end;
     }
@@ -1503,8 +1515,7 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table,
   uint store_table_rights,store_col_rights;
   DBUG_ENTER("replace_table_table");
 
-  strxmov(grantor,thd->user,"@",thd->host ? thd->host : thd->ip ? thd->ip :"",
-	  NullS);
+  strxmov(grantor, thd->user, "@", thd->host_or_ip, NullS);
 
   // The following should always succeed as new users are created before
   // this function is called!
@@ -2091,7 +2102,7 @@ bool check_grant(THD *thd, uint want_access, TABLE_LIST *tables,
     net_printf(&thd->net,ER_TABLEACCESS_DENIED_ERROR,
 	       command,
 	       thd->priv_user,
-	       thd->host ? thd->host : (thd->ip ? thd->ip : "unknown"),
+	       thd->host_or_ip,
 	       table ? table->real_name : "unknown");
   }
   return 1;
@@ -2154,7 +2165,7 @@ bool check_grant_column (THD *thd,TABLE *table, const char *name,
 		    MYF(0),
 		    command,
 		    thd->priv_user,
-		    thd->host ? thd->host : (thd->ip ? thd->ip : "unknown"),
+		    thd->host_or_ip,
 		    name,
 		    table ? table->real_name : "unknown");
   }
@@ -2212,7 +2223,7 @@ bool check_grant_all_columns(THD *thd,uint want_access, TABLE *table)
 		  MYF(0),
 		  command,
 		  thd->priv_user,
-		  thd->host ? thd->host : (thd->ip ? thd->ip : "unknown"),
+		  thd->host_or_ip,
 		  field ? field->field_name : "unknown",
 		  table->real_name);
   return 1;
@@ -2313,7 +2324,7 @@ uint get_column_grant(THD *thd, TABLE_LIST *table, Field *field)
 static const char *command_array[]=
 {"SELECT", "INSERT","UPDATE","DELETE","CREATE", "DROP","RELOAD","SHUTDOWN",
  "PROCESS","FILE","GRANT","REFERENCES","INDEX","ALTER"};
-static int command_lengths[]={6,6,6,6,6,4,6,8,7,4,5,9,5,5};
+static int command_lengths[]={6,6,6,6,6,4,6,8,7,4,5,10,5,5};
 
 int mysql_show_grants(THD *thd,LEX_USER *lex_user) 
 {
@@ -2321,7 +2332,7 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
   int  error = 0;
   ACL_USER *acl_user; ACL_DB *acl_db;
   char buff[1024];
-  DBUG_ENTER("mysql_grant");
+  DBUG_ENTER("mysql_show_grants");
 
   LINT_INIT(acl_user);
   if (!initialized)
@@ -2412,6 +2423,31 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
       global.append(passd_buff);
       global.append('\'');
     }
+#ifdef HAVE_OPENSSL    
+/* SSL grant stuff */
+      DBUG_PRINT("info",("acl_user->ssl_type=%s",acl_user->ssl_type));
+      DBUG_PRINT("info",("acl_user->ssl_cipher=%s",acl_user->ssl_cipher));
+      DBUG_PRINT("info",("acl_user->x509_subject=%s",acl_user->x509_subject));
+      DBUG_PRINT("info",("acl_user->x509_issuer=%s",acl_user->x509_issuer));
+      if(acl_user->ssl_type) {
+        if(!strcmp(acl_user->ssl_type,"ssl"))
+          global.append(" REQUIRE SSL",12);
+        else if(!strcmp(acl_user->ssl_type,"x509"))       
+        {
+          global.append(" REQUIRE X509 ",14);
+    	  if(acl_user->x509_issuer) {
+            global.append("SUBJECT \"",9);
+            global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer));
+            global.append("\"",1);
+  	  }
+  	  if(acl_user->x509_subject) {
+            global.append("ISSUER \"",8);
+            global.append(acl_user->x509_subject,strlen(acl_user->x509_subject));
+            global.append("\"",1);
+  	  }
+        }
+      }
+#endif    
     if (want_access & GRANT_ACL)
       global.append(" WITH GRANT OPTION",18); 
     thd->packet.length(0);