mirror of
https://github.com/MariaDB/server.git
synced 2025-07-27 18:02:13 +03:00
First version of new authentification procedure: now authentification is one-stage (instead of two-stage in 4.1)
For now following tasks have been done: - PASSWORD() function was rewritten. PASSWORD() now returns SHA1 hash_stage2; for new passwords user.password contains '*'hash_stage2; sql_yacc.yy also fixed; - password.c: new functions were implemented, old rolled back to 4.0 state - server code was rewritten to use new authorization algorithm (check_user(), change user, and other stuff in sql/sql_parse.cc) - client code was rewritten to use new authorization algorithm (mysql_real_connect, myslq_authenticate in sql-common/client.c) - now server barks on 45-byte-length 4.1.0 passwords and refuses 4.1.0-style authentification. Users with 4.1.0 passwords are blocked (sql/sql_acl.cc) - mysqladmin.c was fixed to work correctly with new passwords Tests for 4.0-4.1.1, 4.1.1-4.1.1 (with or without db/password) logons was performed; mysqladmin also was tested. Additional check are nevertheless necessary. BitKeeper/etc/ignore: Added start_mysqld.sh mysys/main.cc to the ignore list client/mysqladmin.c: fixed with new password api include/mysql.h: So as scramble_323 accepts only null-terminated message, two scramble buffs are necessary. gotta be fixed include/mysql_com.h: new constants and password.c api changes libmysql/libmysql.c: mysql_change_user rewritten to work with new password api scripts/mysql_create_system_tables.sh: fixed 'Password' column length to 41 scripts/mysql_fix_privilege_tables.sql: fixed 'Password' column length to 41 sql-common/client.c: mysql_real_connect rewritten to support new handshake procedure sql/item_strfunc.cc: Item_func_password and Item_func_old_password rewritten with new password api sql/item_strfunc.h: bit commented, numbers replaced with #defined constants sql/mysql_priv.h: removed unnecessary declaration as now all constants defined is in mysql_com.h sql/mysqld.cc: scramble initialization moved to sql_parce.cc:check_connection sql/password.c: All 4.1 functions were rolled back to 4.0 with attempt to save all possible 4.0-4.1 changes. Names for 4.0 functions were suffixed with '_323' Functions for new handshake were added. sql/slave.cc: Fixed to new constant; Bug #766 remains to be fixed sql/slave.h: fixed to new constant; Buf #766 remains to be fixed sql/sql_acl.cc: rewritten to support new passwords (41 byte-long) and password api sql/sql_acl.h: ditto sql/sql_class.cc: initialization for new members added sql/sql_class.h: same thing as in struct mysql - scramble is used for new family of functions, scramble_323 - for old sql/sql_parse.cc: check_connections was renamed to check_connection as this name reflects better what this function does authorization part of check_connection was rewritten check_user was rewritten with new password and acl api new function 'authenticate', which optionally re-request scramble from client was added fixed some typos COM_CHANGE_USER piece of dipsatch_command() was rewritten sql/sql_repl.h: HASH_PASSWORD_LENGTH replaced with SCRAMBLED_PASSWORD_CHAR_LENGTH bug #766 remains sql/sql_yacc.yy: Two-argument form of PASSWORD() was removed PASSWORD() function was fixed with new password api. BitKeeper/etc/logging_ok: Logging to logging@openlogging.org accepted
This commit is contained in:
unknown
@ -48,8 +48,15 @@ enum enum_server_command
|
||||
};
|
||||
|
||||
|
||||
#define SCRAMBLE_LENGTH 8
|
||||
#define SCRAMBLE41_LENGTH 20
|
||||
/*
|
||||
Length of random string sent by server on handshake; this is also length of
|
||||
obfuscated password, recieved from client
|
||||
*/
|
||||
#define SCRAMBLE_LENGTH 20
|
||||
#define SCRAMBLE_LENGTH_323 8
|
||||
/* length of password stored in the db: new passwords are preceeded with '*' */
|
||||
#define SCRAMBLED_PASSWORD_CHAR_LENGTH (SCRAMBLE_LENGTH*2+1)
|
||||
#define SCRAMBLED_PASSWORD_CHAR_LENGTH_323 (SCRAMBLE_LENGTH_323*2)
|
||||
|
||||
|
||||
#define NOT_NULL_FLAG 1 /* Field can't be NULL */
|
||||
@ -300,31 +307,35 @@ extern "C" {
|
||||
extern unsigned long max_allowed_packet;
|
||||
extern unsigned long net_buffer_length;
|
||||
|
||||
void randominit(struct rand_struct *,unsigned long seed1,
|
||||
unsigned long seed2);
|
||||
/*
|
||||
These functions are used for authentication by client and server and
|
||||
implemented in sql/password.c
|
||||
*/
|
||||
|
||||
void randominit(struct rand_struct *, unsigned long seed1,
|
||||
unsigned long seed2);
|
||||
double my_rnd(struct rand_struct *);
|
||||
void make_scrambled_password(char *to,const char *password,
|
||||
my_bool force_old_scramble,struct rand_struct *rand_st);
|
||||
int get_password_length(my_bool force_old_scramble);
|
||||
char get_password_version(const char* password);
|
||||
void create_random_string(int length,struct rand_struct *rand_st,char* target);
|
||||
my_bool validate_password(const char* password, const char* message,
|
||||
unsigned long* salt);
|
||||
void password_hash_stage1(char *to, const char *password);
|
||||
void password_hash_stage2(char *to,const char *salt);
|
||||
void password_crypt(const char* from,char* to, const char* password,int length);
|
||||
void get_hash_and_password(unsigned long* salt, unsigned char pversion,char* hash,
|
||||
unsigned char* bin_password);
|
||||
void get_salt_from_password(unsigned long *res,const char *password);
|
||||
void create_key_from_old_password(const char* password,char* key);
|
||||
void make_password_from_salt(char *to, unsigned long *hash_res,
|
||||
unsigned char password_version);
|
||||
char *scramble(char *to,const char *message,const char *password,
|
||||
my_bool old_ver);
|
||||
my_bool check_scramble(const char *, const char *message,
|
||||
unsigned long *salt,my_bool old_ver);
|
||||
void create_random_string(char *to, uint length, struct rand_struct *rand_st);
|
||||
|
||||
void hash_password(ulong *to, const char *password);
|
||||
void make_scrambled_password_323(char *to, const char *password);
|
||||
char *scramble_323(char *to, const char *message, const char *password,
|
||||
my_bool old_ver);
|
||||
my_bool check_scramble_323(const char *, const char *message,
|
||||
unsigned long *salt, my_bool old_ver);
|
||||
void get_salt_from_password_323(unsigned long *res, const char *password);
|
||||
void make_password_from_salt_323(char *to, const unsigned long *salt);
|
||||
|
||||
void make_scrambled_password(char *to, const char *password);
|
||||
char *scramble(char *to, const char *message, const char *password);
|
||||
my_bool check_scramble(const char *reply, const char *message,
|
||||
const unsigned char *hash_stage2);
|
||||
void get_salt_from_password(unsigned char *res, const char *password);
|
||||
void make_password_from_salt(char *to, const unsigned char *hash_stage2);
|
||||
|
||||
/* end of password.c */
|
||||
|
||||
char *get_tty_password(char *opt_message);
|
||||
void hash_password(unsigned long *result, const char *password);
|
||||
const char *mysql_errno_to_sqlstate(unsigned int mysql_errno);
|
||||
|
||||
/* Some other useful functions */
|
||||
|
||||
Reference in New Issue
Block a user