database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-24 11:21:21 +03:00
Code Activity

Preliminary support for options --secure-auth,

Browse Source 
--old-passwords
Support for option --old-protocol was removed.
Some test performed.
Tests for SSL and replication are pending.
More strict following to specification for --old-passwords
is in the TODO.


include/mysql_com.h:
  support for 3.20 passwords removed from
  scramble_323
include/mysqld_error.h:
  added error code for --secure-auth mode
libmysql/libmysql.c:
  removed support for 3.20 password and protocol
  version 9
mysql-test/r/connect.result:
  added check for new syntax of 
  set password
mysql-test/r/func_crypt.result:
  tests for two-argument of password() were removed.
  Instead added tests for cooperation of password() and
  old_passwords session/global variable, passwords() and spaces 
  in argument string
mysql-test/t/connect.test:
  added check for new syntax of
  set password
mysql-test/t/func_crypt.test:
  tests for two-argument of password() were removed.
  Instead added tests for cooperation of password() and
  old_passwords session/global variable, passwords() and spaces 
  in argument string
sql-common/client.c:
  removed support for 3.20 servers and 
  protocol version 9
sql/item_strfunc.h:
  fixed comment
sql/mysql_priv.h:
  added declarartion for option opt_secure_auth
sql/mysqld.cc:
  added option opt_secure_auth
  option old-password placed according to
  sort order
sql/password.c:
  removed support for 3.20 clients and 
  old scrambles
sql/set_var.cc:
  added system variable 'secure_auth'
  added system/thread variable 'old_passwords'
sql/set_var.h:
  sys_old_passwords needs to be exported 
  because sys_old_passwords.after_update is used
  in sql_acl.cc
sql/sql_acl.cc:
  support for 3.20 passwords removed
  now acl_init honors options works properly with
  options/variables --secure-auth and --old-passwords
sql/sql_acl.h:
  support for 3.20 clients removed
sql/sql_class.h:
  added system/thread variable old_passwords
sql/sql_parse.cc:
  support for 3.20 clients removed
  now check_user takes into account option
  secure_auth
sql/sql_yacc.yy:
  global variable use_old_passwords 
  replaced with thread-specific variable 
  old_passwords
sql/share/czech/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/danish/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/dutch/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/english/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/estonian/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/french/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/german/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/greek/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/hungarian/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/italian/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/japanese/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/korean/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/norwegian-ny/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/norwegian/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/polish/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/portuguese/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/romanian/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/russian/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/serbian/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/slovak/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/spanish/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/swedish/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
sql/share/ukrainian/errmsg.txt:
  error message for --secure-auth added
  (as suggested by Paul)
This commit is contained in:
unknown
2003-07-08 02:36:14 +04:00
parent ccbcf1c9da
commit 78c3d9684c
42 changed files with 264 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
sql/sql_parse.cc
View File

@@ -204,7 +204,22 @@ static int check_user(THD *thd, enum enum_server_command command,
bool check_count)
{
DBUG_ENTER("check_user");
my_bool opt_secure_auth_local;
pthread_mutex_lock(&LOCK_global_system_variables);
opt_secure_auth_local= opt_secure_auth;
pthread_mutex_unlock(&LOCK_global_system_variables);
/*
If the server is running in secure auth mode, short scrambles are
forbidden.
*/
if (opt_secure_auth_local && passwd_len == SCRAMBLE_LENGTH_323)
{
net_printf(thd, ER_NOT_SUPPORTED_AUTH_MODE);
mysql_log.write(thd, COM_CONNECT, ER(ER_NOT_SUPPORTED_AUTH_MODE));
DBUG_RETURN(-1);
}
if (passwd_len != 0 &&
passwd_len != SCRAMBLE_LENGTH &&
passwd_len != SCRAMBLE_LENGTH_323)
@@ -220,9 +235,7 @@ static int check_user(THD *thd, enum enum_server_command command,
char buff[NAME_LEN + 1]; /* to conditionally save db */
USER_RESOURCES ur;
int res= acl_getroot(thd, &ur, passwd, passwd_len,
protocol_version == 9 ||
!(thd->client_capabilities & CLIENT_LONG_PASSWORD));
int res= acl_getroot(thd, &ur, passwd, passwd_len);
if (res == -1)
{
/*
@@ -231,6 +244,14 @@ static int check_user(THD *thd, enum enum_server_command command,
scramble_323()). Here we please client to send scrambled_password
in old format.
*/
if (opt_secure_auth_local)
{
net_printf(thd, ER_SERVER_IS_IN_SECURE_AUTH_MODE,
thd->user, thd->host_or_ip);
mysql_log.write(thd, COM_CONNECT, ER(ER_SERVER_IS_IN_SECURE_AUTH_MODE),
thd->user, thd->host_or_ip);
DBUG_RETURN(-1);
}
/* save db because network buffer is to hold new packet */
if (db)
{
@@ -247,8 +268,7 @@ static int check_user(THD *thd, enum enum_server_command command,
}
/* Final attempt to check the user based on reply */
/* So as passwd is short, errcode is always >= 0 */
res= acl_getroot(thd, &ur, (char *) net->read_pos, SCRAMBLE_LENGTH_323,
false);
res= acl_getroot(thd, &ur, (char *) net->read_pos, SCRAMBLE_LENGTH_323);
}
/* here res is always >= 0 */
if (res == 0)