mirror of
https://github.com/MariaDB/server.git
synced 2025-07-29 05:21:33 +03:00
SCRUM: Montymise code
fix mysql_change_user() for old clients include/mysql_com.h: Mover global defines here libmysql/libmysql.c: Remove end spaces from all lines scripts/mysql_fix_privilege_tables.sh: Move password modification to separate alter table sql/mini_client.cc: Defines, fold long lines sql/mysqld.cc: Backup old scramble for mysql_change_user to work from old clients sql/password.c: Several minor optimizations sql/sql_acl.cc: Remove ending spaces sql/sql_class.h: Add old scramble for mysql_change_user to work with old clients sql/sql_parse.cc: Remove end spaces.
This commit is contained in:
unknown
@ -29,6 +29,7 @@
|
||||
#define LOCAL_HOST "localhost"
|
||||
#define LOCAL_HOST_NAMEDPIPE "."
|
||||
|
||||
|
||||
#if defined(__WIN__) && !defined( _CUSTOMCONFIG_)
|
||||
#define MYSQL_NAMEDPIPE "MySQL"
|
||||
#define MYSQL_SERVICENAME "MySql"
|
||||
@ -44,6 +45,11 @@ enum enum_server_command
|
||||
COM_PREPARE, COM_EXECUTE, COM_LONG_DATA, COM_CLOSE_STMT
|
||||
};
|
||||
|
||||
|
||||
#define SCRAMBLE_LENGTH 8
|
||||
#define SCRAMBLE41_LENGTH 20
|
||||
|
||||
|
||||
#define NOT_NULL_FLAG 1 /* Field can't be NULL */
|
||||
#define PRI_KEY_FLAG 2 /* Field is part of a primary key */
|
||||
#define UNIQUE_KEY_FLAG 4 /* Field is part of a unique key */
|
||||
|
||||
@ -1795,7 +1795,7 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
|
||||
{
|
||||
char buff[NAME_LEN+USERNAME_LENGTH+100],charset_name_buff[16];
|
||||
char *end,*host_info,*charset_name;
|
||||
char password_hash[20]; /* Used for tmp storage of stage1 hash */
|
||||
char password_hash[SCRAMBLE41_LENGTH]; /* tmp storage stage1 hash */
|
||||
my_socket sock;
|
||||
uint32 ip_addr;
|
||||
struct sockaddr_in sock_addr;
|
||||
@ -2274,28 +2274,29 @@ Try also with PIPE or TCP/IP
|
||||
/* Build full password hash as it is required to decode scramble */
|
||||
password_hash_stage1(buff, passwd);
|
||||
/* Store copy as we'll need it later */
|
||||
memcpy(password_hash,buff,20);
|
||||
memcpy(password_hash,buff,SCRAMBLE41_LENGTH);
|
||||
/* Finally hash complete password using hash we got from server */
|
||||
password_hash_stage2(password_hash,net->read_pos);
|
||||
/* Decypt and store scramble 4 = hash for stage2 */
|
||||
password_crypt(net->read_pos+4,mysql->scramble_buff,password_hash,20);
|
||||
mysql->scramble_buff[20]=0;
|
||||
password_crypt(net->read_pos+4,mysql->scramble_buff,password_hash,
|
||||
SCRAMBLE41_LENGTH);
|
||||
mysql->scramble_buff[SCRAMBLE41_LENGTH]=0;
|
||||
/* Encode scramble with password. Recycle buffer */
|
||||
password_crypt(mysql->scramble_buff,buff,buff,20);
|
||||
password_crypt(mysql->scramble_buff,buff,buff,SCRAMBLE41_LENGTH);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Create password to decode scramble */
|
||||
create_key_from_old_password(passwd,password_hash);
|
||||
/* Decypt and store scramble 4 = hash for stage2 */
|
||||
password_crypt(net->read_pos+4,mysql->scramble_buff,password_hash,20);
|
||||
mysql->scramble_buff[20]=0;
|
||||
password_crypt(net->read_pos+4,mysql->scramble_buff,password_hash,
|
||||
SCRAMBLE41_LENGTH);
|
||||
mysql->scramble_buff[SCRAMBLE41_LENGTH]=0;
|
||||
/* Finally scramble decoded scramble with password */
|
||||
scramble(buff, mysql->scramble_buff, passwd,
|
||||
(my_bool) (mysql->protocol_version == 9));
|
||||
scramble(buff, mysql->scramble_buff, passwd,0);
|
||||
}
|
||||
/* Write second package of authentication */
|
||||
if (my_net_write(net,buff,20) || net_flush(net))
|
||||
if (my_net_write(net,buff,SCRAMBLE41_LENGTH) || net_flush(net))
|
||||
{
|
||||
net->last_errno= CR_SERVER_LOST;
|
||||
strmov(net->last_error,ER(net->last_errno));
|
||||
@ -2411,7 +2412,7 @@ my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user,
|
||||
{
|
||||
char buff[512],*end=buff;
|
||||
ulong pkt_length;
|
||||
char password_hash[20]; /* Used for tmp storage of stage1 hash */
|
||||
char password_hash[SCRAMBLE41_LENGTH]; /* Used for tmp storage of stage1 hash */
|
||||
NET *net= &mysql->net;
|
||||
|
||||
DBUG_ENTER("mysql_change_user");
|
||||
@ -2466,28 +2467,30 @@ my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user,
|
||||
/* Build full password hash as it is required to decode scramble */
|
||||
password_hash_stage1(buff, passwd);
|
||||
/* Store copy as we'll need it later */
|
||||
memcpy(password_hash,buff,20);
|
||||
memcpy(password_hash,buff,SCRAMBLE41_LENGTH);
|
||||
/* Finally hash complete password using hash we got from server */
|
||||
password_hash_stage2(password_hash,net->read_pos);
|
||||
/* Decypt and store scramble 4 = hash for stage2 */
|
||||
password_crypt(net->read_pos+4,mysql->scramble_buff,password_hash,20);
|
||||
mysql->scramble_buff[20]=0;
|
||||
password_crypt(net->read_pos+4,mysql->scramble_buff,password_hash,
|
||||
SCRAMBLE41_LENGTH);
|
||||
mysql->scramble_buff[SCRAMBLE41_LENGTH]=0;
|
||||
/* Encode scramble with password. Recycle buffer */
|
||||
password_crypt(mysql->scramble_buff,buff,buff,20);
|
||||
password_crypt(mysql->scramble_buff,buff,buff,SCRAMBLE41_LENGTH);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Create password to decode scramble */
|
||||
create_key_from_old_password(passwd,password_hash);
|
||||
/* Decypt and store scramble 4 = hash for stage2 */
|
||||
password_crypt(net->read_pos+4,mysql->scramble_buff,password_hash,20);
|
||||
mysql->scramble_buff[20]=0;
|
||||
password_crypt(net->read_pos+4,mysql->scramble_buff,password_hash,
|
||||
SCRAMBLE41_LENGTH);
|
||||
mysql->scramble_buff[SCRAMBLE41_LENGTH]=0;
|
||||
/* Finally scramble decoded scramble with password */
|
||||
scramble(buff, mysql->scramble_buff, passwd,
|
||||
(my_bool) (mysql->protocol_version == 9));
|
||||
}
|
||||
/* Write second package of authentication */
|
||||
if (my_net_write(net,buff,20) || net_flush(net))
|
||||
if (my_net_write(net,buff,SCRAMBLE41_LENGTH) || net_flush(net))
|
||||
{
|
||||
net->last_errno= CR_SERVER_LOST;
|
||||
strmov(net->last_error,ER(net->last_errno));
|
||||
|
||||
@ -170,12 +170,20 @@ fi
|
||||
|
||||
@bindir@/mysql -f --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
|
||||
alter table user
|
||||
change password password char(45) not null,
|
||||
add max_questions int(11) NOT NULL AFTER x509_subject,
|
||||
add max_updates int(11) unsigned NOT NULL AFTER max_questions,
|
||||
add max_connections int(11) unsigned NOT NULL AFTER max_updates;
|
||||
END_OF_DATA
|
||||
|
||||
# Increase password length to handle new passwords
|
||||
|
||||
@bindir@/mysql -f --user=root --password="$root_password" --host="$host" mysql <<END_OF_DATA
|
||||
alter table user
|
||||
change password password char(45) not null;
|
||||
END_OF_DATA
|
||||
|
||||
|
||||
|
||||
#
|
||||
# Add Create_tmp_table_priv and Lock_tables_priv to db and host
|
||||
#
|
||||
|
||||
@ -490,7 +490,7 @@ mc_mysql_connect(MYSQL *mysql,const char *host, const char *user,
|
||||
uint net_read_timeout)
|
||||
{
|
||||
char buff[NAME_LEN+USERNAME_LENGTH+100],*end,*host_info;
|
||||
char password_hash[20];
|
||||
char password_hash[SCRAMBLE41_LENGTH];
|
||||
my_socket sock;
|
||||
ulong ip_addr;
|
||||
struct sockaddr_in sock_addr;
|
||||
@ -856,28 +856,29 @@ mc_mysql_connect(MYSQL *mysql,const char *host, const char *user,
|
||||
/* Build full password hash as it is required to decode scramble */
|
||||
password_hash_stage1(buff, passwd);
|
||||
/* Store copy as we'll need it later */
|
||||
memcpy(password_hash,buff,20);
|
||||
memcpy(password_hash,buff,SCRAMBLE41_LENGTH);
|
||||
/* Finally hash complete password using hash we got from server */
|
||||
password_hash_stage2(password_hash,(char*)net->read_pos);
|
||||
/* Decypt and store scramble 4 = hash for stage2 */
|
||||
password_crypt((char*)net->read_pos+4,mysql->scramble_buff,password_hash,20);
|
||||
mysql->scramble_buff[20]=0;
|
||||
password_crypt((char*)net->read_pos+4,mysql->scramble_buff,password_hash,
|
||||
SCRAMBLE41_LENGTH);
|
||||
mysql->scramble_buff[SCRAMBLE41_LENGTH]=0;
|
||||
/* Encode scramble with password. Recycle buffer */
|
||||
password_crypt(mysql->scramble_buff,buff,buff,20);
|
||||
password_crypt(mysql->scramble_buff,buff,buff,SCRAMBLE41_LENGTH);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Create password to decode scramble */
|
||||
create_key_from_old_password(passwd,password_hash);
|
||||
/* Decypt and store scramble 4 = hash for stage2 */
|
||||
password_crypt((char*)net->read_pos+4,mysql->scramble_buff,password_hash,20);
|
||||
mysql->scramble_buff[20]=0;
|
||||
password_crypt((char*)net->read_pos+4,mysql->scramble_buff,password_hash,
|
||||
SCRAMBLE41_LENGTH);
|
||||
mysql->scramble_buff[SCRAMBLE41_LENGTH]=0;
|
||||
/* Finally scramble decoded scramble with password */
|
||||
scramble(buff, mysql->scramble_buff, passwd,
|
||||
(my_bool) (mysql->protocol_version == 9));
|
||||
scramble(buff, mysql->scramble_buff, passwd,0);
|
||||
}
|
||||
/* Write second package of authentication */
|
||||
if (my_net_write(net,buff,20) || net_flush(net))
|
||||
if (my_net_write(net,buff,SCRAMBLE41_LENGTH) || net_flush(net))
|
||||
{
|
||||
net->last_errno= CR_SERVER_LOST;
|
||||
strmov(net->last_error,ER(net->last_errno));
|
||||
|
||||
@ -2496,6 +2496,9 @@ static void create_new_thread(THD *thd)
|
||||
for (uint i=0; i < 8 ; i++) // Generate password teststring
|
||||
thd->scramble[i]= (char) (rnd(&sql_rand)*94+33);
|
||||
thd->scramble[8]=0;
|
||||
// Back it up as old clients may need it
|
||||
memcpy(thd->old_scramble,thd->scramble,9);
|
||||
|
||||
|
||||
thd->real_id=pthread_self(); // Keep purify happy
|
||||
|
||||
|
||||
@ -66,7 +66,6 @@
|
||||
#define PVERSION41_CHAR '*'
|
||||
|
||||
/* Scramble length for new password version */
|
||||
#define SCRAMBLE41_LENGTH 20
|
||||
|
||||
|
||||
/*
|
||||
@ -175,17 +174,12 @@ void create_random_string(int length,struct rand_struct *rand_st,char* target)
|
||||
none
|
||||
*/
|
||||
|
||||
inline void password_crypt(const char* from,char* to, const char* password,int length)
|
||||
void password_crypt(const char* from,char* to, const char* password,int length)
|
||||
{
|
||||
const char *from_end=from+length;
|
||||
|
||||
while(from<from_end)
|
||||
{
|
||||
*to=*from^*password;
|
||||
from++;
|
||||
to++;
|
||||
password++;
|
||||
}
|
||||
while (from < from_end)
|
||||
*to++= *(from++) ^* (password++);
|
||||
}
|
||||
|
||||
|
||||
@ -286,7 +280,9 @@ void password_hash_stage2(char *to,const char *salt)
|
||||
none
|
||||
*/
|
||||
|
||||
void make_scrambled_password(char *to,const char *password,my_bool force_old_scramble,struct rand_struct *rand_st)
|
||||
void make_scrambled_password(char *to,const char *password,
|
||||
my_bool force_old_scramble,
|
||||
struct rand_struct *rand_st)
|
||||
{
|
||||
ulong hash_res[2]; /* Used for pre 4.1 password hashing */
|
||||
unsigned short salt; /* Salt for 4.1 version password */
|
||||
@ -336,7 +332,6 @@ void get_salt_from_bin_password(ulong *res,unsigned char *password,ulong salt)
|
||||
unsigned char* password_end=password+SCRAMBLE41_LENGTH;
|
||||
*res=salt;
|
||||
res++;
|
||||
bzero(res,5*sizeof(res[0]));
|
||||
|
||||
/* Process password of known length*/
|
||||
while (password<password_end)
|
||||
@ -364,12 +359,14 @@ void get_salt_from_bin_password(ulong *res,unsigned char *password,ulong salt)
|
||||
!0 for invalid password
|
||||
*/
|
||||
|
||||
my_bool validate_password(const char* password, const char* message, ulong* salt)
|
||||
my_bool validate_password(const char* password, const char* message,
|
||||
ulong* salt)
|
||||
{
|
||||
char buffer[SCRAMBLE41_LENGTH]; /* Used for password validation */
|
||||
char tmpsalt[8]; /* Temporary value to convert salt to string form */
|
||||
int i;
|
||||
ulong salt_candidate[6]; /* Computed candidate salt */
|
||||
ulong* sc=salt_candidate; /* we need to be able to increment */
|
||||
ulong* salt_end;
|
||||
|
||||
/* Now we shall get stage1 encrypted password in buffer*/
|
||||
password_crypt(password,buffer,message,SCRAMBLE41_LENGTH);
|
||||
@ -382,8 +379,10 @@ my_bool validate_password(const char* password, const char* message, ulong* salt
|
||||
get_salt_from_bin_password(salt_candidate,buffer,salt[0]);
|
||||
|
||||
/* Now we shall get exactly the same password as we have stored for user */
|
||||
for(i=1;i<6;i++)
|
||||
if (salt[i]!=salt_candidate[i]) return 1;
|
||||
for (salt_end=salt+5 ; salt < salt_end; )
|
||||
if (*++salt != *++sc)
|
||||
return 1;
|
||||
|
||||
/* Or password correct*/
|
||||
return 0;
|
||||
}
|
||||
@ -400,11 +399,9 @@ my_bool validate_password(const char* password, const char* message, ulong* salt
|
||||
password length >0
|
||||
*/
|
||||
|
||||
inline int get_password_length(my_bool force_old_scramble)
|
||||
int get_password_length(my_bool force_old_scramble)
|
||||
{
|
||||
if (force_old_scramble)
|
||||
return 16;
|
||||
else return SHA1_HASH_SIZE*2+4+1;
|
||||
return (force_old_scramble) ? 16 : SHA1_HASH_SIZE*2+4+1;
|
||||
}
|
||||
|
||||
|
||||
@ -420,7 +417,7 @@ inline int get_password_length(my_bool force_old_scramble)
|
||||
!0 password version char for newer passwords
|
||||
*/
|
||||
|
||||
inline char get_password_version(const char* password)
|
||||
char get_password_version(const char* password)
|
||||
{
|
||||
if (password==NULL) return 0;
|
||||
if (password[0]==PVERSION41_CHAR) return PVERSION41_CHAR;
|
||||
@ -467,7 +464,6 @@ inline uint char_val(char X)
|
||||
|
||||
void get_salt_from_password(ulong *res,const char *password)
|
||||
{
|
||||
bzero(res,6*sizeof(res[0]));
|
||||
if (password) /* zero salt corresponds to empty password */
|
||||
{
|
||||
if (password[0]==PVERSION41_CHAR) /* if new password */
|
||||
@ -553,19 +549,17 @@ void get_hash_and_password(ulong* salt, uint8 pversion, char* hash, unsigned cha
|
||||
|
||||
if (pversion) /* New password version assumed */
|
||||
{
|
||||
salt_end=salt+6;
|
||||
salt_end=salt+5;
|
||||
sprintf(hash,"%04x",(unsigned short)salt[0]);
|
||||
salt++; /* position to the second element */
|
||||
while (salt<salt_end) /* Iterate over these elements*/
|
||||
{
|
||||
val=*salt;
|
||||
for(t=3;t>=0;t--)
|
||||
val=*(++salt);
|
||||
for (t=3; t>=0; t--)
|
||||
{
|
||||
bin_password[t]=val%256;
|
||||
val>>=8; /* Scroll 8 bits to get next part*/
|
||||
}
|
||||
bin_password+=4; /* Get to next 4 chars*/
|
||||
salt++;
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -611,7 +605,7 @@ void get_hash_and_password(ulong* salt, uint8 pversion, char* hash, unsigned cha
|
||||
|
||||
void create_key_from_old_password(const char* passwd, char* key)
|
||||
{
|
||||
char buffer[20]; /* Buffer for various needs */
|
||||
char buffer[SCRAMBLE41_LENGTH]; /* Buffer for various needs */
|
||||
ulong salt[6]; /* Salt (large for safety) */
|
||||
/* At first hash password to the string stored in password */
|
||||
make_scrambled_password(buffer,passwd,1,(struct rand_struct *)NULL);
|
||||
|
||||
@ -452,17 +452,17 @@ static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b)
|
||||
Prepare crypted scramble to be sent to the client
|
||||
*/
|
||||
|
||||
void prepare_scramble(THD* thd, ACL_USER *acl_user,char* prepared_scramble)
|
||||
void prepare_scramble(THD *thd, ACL_USER *acl_user,char* prepared_scramble)
|
||||
{
|
||||
/* Binary password format to be used for generation*/
|
||||
char bin_password[20];
|
||||
char bin_password[SCRAMBLE41_LENGTH];
|
||||
/* Generate new long scramble for the thread */
|
||||
create_random_string(20,&thd->rand,thd->scramble);
|
||||
thd->scramble[20]=0;
|
||||
create_random_string(SCRAMBLE41_LENGTH,&thd->rand,thd->scramble);
|
||||
thd->scramble[SCRAMBLE41_LENGTH]=0;
|
||||
/* Get binary form, First 4 bytes of prepared scramble is salt */
|
||||
get_hash_and_password(acl_user->salt,acl_user->pversion,prepared_scramble,(unsigned char*)bin_password);
|
||||
/* Finally encrypt password to get prepared scramble */
|
||||
password_crypt(thd->scramble,prepared_scramble+4,bin_password,20);
|
||||
password_crypt(thd->scramble,prepared_scramble+4,bin_password,SCRAMBLE41_LENGTH);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -499,7 +499,10 @@ public:
|
||||
uint check_loops_counter; //last id used to check loops
|
||||
/* variables.transaction_isolation is reset to this after each commit */
|
||||
enum_tx_isolation session_tx_isolation;
|
||||
char scramble[21]; // extend scramble to handle new auth
|
||||
// extend scramble to handle new auth
|
||||
char scramble[SCRAMBLE41_LENGTH+1];
|
||||
// old scramble is needed to handle old clients
|
||||
char old_scramble[SCRAMBLE_LENGTH+1];
|
||||
uint8 query_cache_type; // type of query cache processing
|
||||
bool slave_thread;
|
||||
bool set_query_id,locked,count_cuted_fields,some_tables_deleted;
|
||||
|
||||
@ -44,8 +44,6 @@
|
||||
#else
|
||||
#define MIN_HANDSHAKE_SIZE 6
|
||||
#endif /* HAVE_OPENSSL */
|
||||
#define SCRAMBLE_LENGTH 8
|
||||
#define SCRAMBLE41_LENGTH 20
|
||||
|
||||
#define MEM_ROOT_BLOCK_SIZE 8192
|
||||
#define MEM_ROOT_PREALLOC 8192
|
||||
@ -653,21 +651,13 @@ check_connections(THD *thd)
|
||||
char tmp_user[USERNAME_LENGTH+1];
|
||||
char tmp_db[NAME_LEN+1];
|
||||
|
||||
if (user)
|
||||
{
|
||||
strncpy(tmp_user,user,USERNAME_LENGTH+1);
|
||||
/* Extra safety if we have too long data */
|
||||
tmp_user[USERNAME_LENGTH]=0;
|
||||
}
|
||||
else
|
||||
tmp_user[0]=0;
|
||||
if (db)
|
||||
{
|
||||
strncpy(tmp_db,db,NAME_LEN+1);
|
||||
tmp_db[NAME_LEN]=0;
|
||||
}
|
||||
else
|
||||
if (user)
|
||||
strmake(tmp_user,user,USERNAME_LENGTH);
|
||||
|
||||
tmp_db[0]=0;
|
||||
if (db)
|
||||
strmake(tmp_db,db,NAME_LEN);
|
||||
|
||||
/* Write hash and encrypted scramble to client */
|
||||
if (my_net_write(net,prepared_scramble,SCRAMBLE41_LENGTH+4)
|
||||
@ -1079,6 +1069,9 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
|
||||
/* Store information if we used password. passwd will be dammaged */
|
||||
using_password=test(passwd[0]);
|
||||
|
||||
if (simple_connect) /* Restore scramble for old clients */
|
||||
memcpy(thd->scramble,thd->old_scramble,9);
|
||||
|
||||
/*
|
||||
Check user permissions. If password failure we'll get scramble back
|
||||
Do not retry if we already have sent error (result>0)
|
||||
|
||||
Reference in New Issue
Block a user