# HG changeset patch # User Timo Sirainen # Date 1090861594 -10800 # Node ID 189a6de6b166687628962fe9d7134fc4121cd99e # Parent 1ce02ffc7ec7c82adf3653ec72af81a6ebeabb9f Added MySQL SSL support. diff -r 1ce02ffc7ec7 -r 189a6de6b166 configure.in --- a/configure.in Mon Jul 26 19:39:18 2004 +0300 +++ b/configure.in Mon Jul 26 20:06:34 2004 +0300 @@ -1119,15 +1119,33 @@ fi if test $want_mysql = yes; then + mysql_header=mysql.h AC_CHECK_LIB(mysqlclient, mysql_init, [ AC_CHECK_HEADER(mysql.h,, [ AC_CHECK_HEADER(mysql/mysql.h, [ + mysql_header=mysql/mysql.h AUTH_CFLAGS="$AUTH_CFLAGS -DHAVE_MYSQL_MYSQL_H" ], want_mysql=no) ]) ], want_mysql=no) if test $want_mysql = yes; then + AC_CHECK_LIB(mysqlclient, mysql_ssl_set, [ + AC_DEFINE(HAVE_MYSQL_SSL,, Define if your MySQL library has SSL functions) + if test "x$have_openssl" = "yes"; then + ssl_define="#define HAVE_OPENSSL" + else + ssl_define="" + fi + AC_TRY_COMPILE([ + $ssl_define + #include <$mysql_header> + ], [ + mysql_set_ssl(0, 0, 0, 0, 0, 0); + ], [ + AC_DEFINE(HAVE_MYSQL_SSL_CIPHER,, Define if your MySQL library supports setting cipher) + ]) + ]) AUTH_LIBS="$AUTH_LIBS -lmysqlclient" AC_DEFINE(USERDB_MYSQL,, Build with MySQL support) diff -r 1ce02ffc7ec7 -r 189a6de6b166 doc/dovecot-mysql.conf --- a/doc/dovecot-mysql.conf Mon Jul 26 19:39:18 2004 +0300 +++ b/doc/dovecot-mysql.conf Mon Jul 26 20:06:34 2004 +0300 @@ -28,6 +28,17 @@ db_passwd = opensesame db_client_flags = 0 +# Parameters for SSL connection to MySQL 4.x +# +# Only ssl_ca or ssl_ca_path is required. Set ssl_cert and ssl_key +# to use x509 authentication instead of username/password pair. + +#ssl_cert = /etc/mysql/ssl/client-cert.pem +#ssl_key = /etc/mysql/ssl/client-key.pem +#ssl_ca = /etc/mysql/ssl/cacert.pem +#ssl_ca_path = /etc/mysql/ssl/ +#ssl_cipher = HIGH + # Default password scheme. # # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and CRYPT. diff -r 1ce02ffc7ec7 -r 189a6de6b166 src/auth/db-mysql.c --- a/src/auth/db-mysql.c Mon Jul 26 19:39:18 2004 +0300 +++ b/src/auth/db-mysql.c Mon Jul 26 20:06:34 2004 +0300 @@ -3,7 +3,8 @@ #include "config.h" #undef HAVE_CONFIG_H -#if defined(PASSDB_MYSQL) || defined(USERDB_MYSQL) +//#if defined(PASSDB_MYSQL) || defined(USERDB_MYSQL) +#if 1 #include "common.h" #include "network.h" #include "str.h" @@ -24,6 +25,11 @@ DEF(SET_STR, db_user), DEF(SET_STR, db_passwd), DEF(SET_INT, db_client_flags), + DEF(SET_STR, ssl_key), + DEF(SET_STR, ssl_cert), + DEF(SET_STR, ssl_ca), + DEF(SET_STR, ssl_ca_path), + DEF(SET_STR, ssl_cipher), DEF(SET_STR, password_query), DEF(SET_STR, user_query), DEF(SET_STR, default_pass_scheme) @@ -37,6 +43,11 @@ MEMBER(db_user) NULL, MEMBER(db_passwd) NULL, MEMBER(db_client_flags) 0, + MEMBER(ssl_key) NULL, + MEMBER(ssl_cert) NULL, + MEMBER(ssl_ca) NULL, + MEMBER(ssl_ca_path) NULL, + MEMBER(ssl_cipher) "HIGH", MEMBER(password_query) "SELECT password FROM users WHERE userid = '%u'", MEMBER(user_query) "SELECT home, uid, gid FROM users WHERE userid = '%u'", MEMBER(default_pass_scheme) "PLAIN-MD5" @@ -102,6 +113,8 @@ static int mysql_conn_open(struct mysql_connection *conn) { + int use_ssl = FALSE; + if (conn->connected) return TRUE; @@ -113,6 +126,20 @@ } } +#ifdef HAVE_MYSQL_SSL + if (conn->set.ssl_ca != NULL || conn->set.ssl_ca_path != NULL) { + mysql_ssl_set(conn->mysql, conn->set.ssl_key, + conn->set.ssl_cert, + conn->set.ssl_ca, + conn->set.ssl_ca_path +#ifdef HAVE_MYSQL_SSL_CIPHER + ,conn->set.ssl_cipher +#endif + ); + use_ssl = TRUE; + } +#endif + if (mysql_real_connect(conn->mysql, conn->set.db_host, conn->set.db_user, conn->set.db_passwd, conn->set.db, @@ -123,7 +150,8 @@ conn->set.db, mysql_error(conn->mysql)); } else { conn->connected = TRUE; - i_info("MySQL: connected to %s", conn->set.db_host); + i_info("MySQL: connected to %s%s", conn->set.db_host, + use_ssl ? "using SSL" : ""); } return conn->connected; diff -r 1ce02ffc7ec7 -r 189a6de6b166 src/auth/db-mysql.h --- a/src/auth/db-mysql.h Mon Jul 26 19:39:18 2004 +0300 +++ b/src/auth/db-mysql.h Mon Jul 26 20:06:34 2004 +0300 @@ -24,6 +24,11 @@ const char *db_user; const char *db_passwd; unsigned int db_client_flags; + const char *ssl_key; + const char *ssl_cert; + const char *ssl_ca; + const char *ssl_ca_path; + const char *ssl_cipher; const char *password_query; const char *user_query; const char *default_pass_scheme;