Commit 50d3291a authored by kostja@oak.local's avatar kostja@oak.local

manual merge

parents e8d52f34 ce691c7c
...@@ -23,6 +23,7 @@ ...@@ -23,6 +23,7 @@
.vimrc .vimrc
50 50
=6 =6
BUILD/compile-pentium-maintainer
BitKeeper/etc/config BitKeeper/etc/config
BitKeeper/etc/csets BitKeeper/etc/csets
BitKeeper/etc/csets-in BitKeeper/etc/csets-in
...@@ -30,6 +31,8 @@ BitKeeper/etc/csets-out ...@@ -30,6 +31,8 @@ BitKeeper/etc/csets-out
BitKeeper/etc/gone BitKeeper/etc/gone
BitKeeper/etc/level BitKeeper/etc/level
BitKeeper/etc/pushed BitKeeper/etc/pushed
BitKeeper/post-commit
BitKeeper/post-commit-manual
BitKeeper/tmp/* BitKeeper/tmp/*
BitKeeper/tmp/bkr3sAHD BitKeeper/tmp/bkr3sAHD
BitKeeper/tmp/gone BitKeeper/tmp/gone
...@@ -223,6 +226,7 @@ bkpull.log.5 ...@@ -223,6 +226,7 @@ bkpull.log.5
bkpull.log.6 bkpull.log.6
bkpush.log bkpush.log
build.log build.log
build_tags.sh
client/insert_test client/insert_test
client/log_event.cc client/log_event.cc
client/log_event.h client/log_event.h
...@@ -311,6 +315,8 @@ libmysql_r/conf_to_src ...@@ -311,6 +315,8 @@ libmysql_r/conf_to_src
libmysql_r/my_static.h libmysql_r/my_static.h
libmysql_r/mysys_priv.h libmysql_r/mysys_priv.h
libmysqld/backup_dir libmysqld/backup_dir
libmysqld/client.c
libmysqld/client_settings.h
libmysqld/convert.cc libmysqld/convert.cc
libmysqld/derror.cc libmysqld/derror.cc
libmysqld/errmsg.c libmysqld/errmsg.c
...@@ -355,6 +361,7 @@ libmysqld/item_sum.cc ...@@ -355,6 +361,7 @@ libmysqld/item_sum.cc
libmysqld/item_timefunc.cc libmysqld/item_timefunc.cc
libmysqld/item_uniq.cc libmysqld/item_uniq.cc
libmysqld/key.cc libmysqld/key.cc
libmysqld/libmysql.c
libmysqld/lock.cc libmysqld/lock.cc
libmysqld/log.cc libmysqld/log.cc
libmysqld/log_event.cc libmysqld/log_event.cc
...@@ -366,6 +373,7 @@ libmysqld/net_serv.cc ...@@ -366,6 +373,7 @@ libmysqld/net_serv.cc
libmysqld/opt_ft.cc libmysqld/opt_ft.cc
libmysqld/opt_range.cc libmysqld/opt_range.cc
libmysqld/opt_sum.cc libmysqld/opt_sum.cc
libmysqld/pack.c
libmysqld/password.c libmysqld/password.c
libmysqld/procedure.cc libmysqld/procedure.cc
libmysqld/protocol.cc libmysqld/protocol.cc
...@@ -482,6 +490,7 @@ mysys/#mf_iocache.c# ...@@ -482,6 +490,7 @@ mysys/#mf_iocache.c#
mysys/charset2html mysys/charset2html
mysys/getopt.c mysys/getopt.c
mysys/getopt1.c mysys/getopt1.c
mysys/main.cc
mysys/ste5KbMa mysys/ste5KbMa
mysys/test_charset mysys/test_charset
mysys/test_dir mysys/test_dir
...@@ -585,6 +594,7 @@ stamp-h1 ...@@ -585,6 +594,7 @@ stamp-h1
stamp-h2 stamp-h2
stamp-h3 stamp-h3
stamp-h4 stamp-h4
start_mysqld.sh
strings/conf_to_src strings/conf_to_src
strings/ctype_autoconf.c strings/ctype_autoconf.c
strings/ctype_extra_sources.c strings/ctype_extra_sources.c
...@@ -611,6 +621,7 @@ support-files/mysql.spec ...@@ -611,6 +621,7 @@ support-files/mysql.spec
tags tags
test_xml test_xml
tests/client_test tests/client_test
tests/connect_test
thread_test thread_test
tmp/* tmp/*
tools/my_vsnprintf.c tools/my_vsnprintf.c
...@@ -622,7 +633,3 @@ vio/test-ssl ...@@ -622,7 +633,3 @@ vio/test-ssl
vio/test-sslclient vio/test-sslclient
vio/test-sslserver vio/test-sslserver
vio/viotest-ssl vio/viotest-ssl
libmysqld/client.c
libmysqld/client_settings.h
libmysqld/libmysql.c
libmysqld/pack.c
...@@ -53,6 +53,7 @@ jcole@sarvik.tfr.cafe.ee ...@@ -53,6 +53,7 @@ jcole@sarvik.tfr.cafe.ee
jcole@tetra.spaceapes.com jcole@tetra.spaceapes.com
jorge@linux.jorge.mysql.com jorge@linux.jorge.mysql.com
kaj@work.mysql.com kaj@work.mysql.com
kostja@oak.local
lenz@kallisto.mysql.com lenz@kallisto.mysql.com
lenz@mysql.com lenz@mysql.com
miguel@hegel.(none) miguel@hegel.(none)
......
...@@ -769,9 +769,12 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) ...@@ -769,9 +769,12 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
return 1; return 1;
} }
if (argv[1][0]) if (argv[1][0])
make_scrambled_password(crypted_pw,argv[1], {
(find_type(argv[0], &command_typelib, 2) == if (find_type(argv[0], &command_typelib, 2) == ADMIN_OLD_PASSWORD)
ADMIN_OLD_PASSWORD), &rand_st); make_scrambled_password_323(crypted_pw, argv[1]);
else
make_scrambled_password(crypted_pw, argv[1]);
}
else else
crypted_pw[0]=0; /* No password */ crypted_pw[0]=0; /* No password */
sprintf(buff,"set password='%s',sql_log_off=0",crypted_pw); sprintf(buff,"set password='%s',sql_log_off=0",crypted_pw);
......
...@@ -229,7 +229,9 @@ typedef struct st_mysql ...@@ -229,7 +229,9 @@ typedef struct st_mysql
enum mysql_status status; enum mysql_status status;
my_bool free_me; /* If free in mysql_close */ my_bool free_me; /* If free in mysql_close */
my_bool reconnect; /* set to 1 if automatic reconnect */ my_bool reconnect; /* set to 1 if automatic reconnect */
char scramble_buff[21]; /* New protocol requires longer scramble*/
/* session-wide random string */
char scramble[SCRAMBLE_LENGTH+1];
/* /*
Set if this is the original connection, not a master or a slave we have Set if this is the original connection, not a master or a slave we have
......
...@@ -49,8 +49,15 @@ enum enum_server_command ...@@ -49,8 +49,15 @@ enum enum_server_command
}; };
#define SCRAMBLE_LENGTH 8 /*
#define SCRAMBLE41_LENGTH 20 Length of random string sent by server on handshake; this is also length of
obfuscated password, recieved from client
*/
#define SCRAMBLE_LENGTH 20
#define SCRAMBLE_LENGTH_323 8
/* length of password stored in the db: new passwords are preceeded with '*' */
#define SCRAMBLED_PASSWORD_CHAR_LENGTH (SCRAMBLE_LENGTH*2+1)
#define SCRAMBLED_PASSWORD_CHAR_LENGTH_323 (SCRAMBLE_LENGTH_323*2)
#define NOT_NULL_FLAG 1 /* Field can't be NULL */ #define NOT_NULL_FLAG 1 /* Field can't be NULL */
...@@ -302,31 +309,34 @@ extern "C" { ...@@ -302,31 +309,34 @@ extern "C" {
extern unsigned long max_allowed_packet; extern unsigned long max_allowed_packet;
extern unsigned long net_buffer_length; extern unsigned long net_buffer_length;
void randominit(struct rand_struct *,unsigned long seed1, /*
unsigned long seed2); These functions are used for authentication by client and server and
implemented in sql/password.c
*/
void randominit(struct rand_struct *, unsigned long seed1,
unsigned long seed2);
double my_rnd(struct rand_struct *); double my_rnd(struct rand_struct *);
void make_scrambled_password(char *to,const char *password, void create_random_string(char *to, uint length, struct rand_struct *rand_st);
my_bool force_old_scramble,struct rand_struct *rand_st);
int get_password_length(my_bool force_old_scramble); void hash_password(ulong *to, const char *password, uint password_len);
char get_password_version(const char* password); void make_scrambled_password_323(char *to, const char *password);
void create_random_string(int length,struct rand_struct *rand_st,char* target); void scramble_323(char *to, const char *message, const char *password);
my_bool validate_password(const char* password, const char* message, my_bool check_scramble_323(const char *, const char *message,
unsigned long* salt); unsigned long *salt);
void password_hash_stage1(char *to, const char *password); void get_salt_from_password_323(unsigned long *res, const char *password);
void password_hash_stage2(char *to,const char *salt); void make_password_from_salt_323(char *to, const unsigned long *salt);
void password_crypt(const char* from,char* to, const char* password,int length);
void get_hash_and_password(unsigned long* salt, unsigned char pversion,char* hash, void make_scrambled_password(char *to, const char *password);
unsigned char* bin_password); void scramble(char *to, const char *message, const char *password);
void get_salt_from_password(unsigned long *res,const char *password); my_bool check_scramble(const char *reply, const char *message,
void create_key_from_old_password(const char* password,char* key); const unsigned char *hash_stage2);
void make_password_from_salt(char *to, unsigned long *hash_res, void get_salt_from_password(unsigned char *res, const char *password);
unsigned char password_version); void make_password_from_salt(char *to, const unsigned char *hash_stage2);
char *scramble(char *to,const char *message,const char *password,
my_bool old_ver); /* end of password.c */
my_bool check_scramble(const char *, const char *message,
unsigned long *salt,my_bool old_ver);
char *get_tty_password(char *opt_message); char *get_tty_password(char *opt_message);
void hash_password(unsigned long *result, const char *password);
const char *mysql_errno_to_sqlstate(unsigned int mysql_errno); const char *mysql_errno_to_sqlstate(unsigned int mysql_errno);
/* Some other useful functions */ /* Some other useful functions */
......
...@@ -288,4 +288,5 @@ ...@@ -288,4 +288,5 @@
#define ER_CANT_AGGREGATE_NCOLLATIONS 1269 #define ER_CANT_AGGREGATE_NCOLLATIONS 1269
#define ER_VARIABLE_IS_NOT_STRUCT 1270 #define ER_VARIABLE_IS_NOT_STRUCT 1270
#define ER_UNKNOWN_COLLATION 1271 #define ER_UNKNOWN_COLLATION 1271
#define ER_ERROR_MESSAGES 272 #define ER_SERVER_IS_IN_SECURE_AUTH_MODE 1272
#define ER_ERROR_MESSAGES 273
...@@ -601,41 +601,55 @@ my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user, ...@@ -601,41 +601,55 @@ my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user,
/* Store user into the buffer */ /* Store user into the buffer */
end=strmov(end,user)+1; end=strmov(end,user)+1;
/* /* write scrambled password according to server capabilities */
We always start with old type handshake the only difference is message sent if (passwd[0])
If server handles secure connection type we'll not send the real scramble
*/
if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{ {
if (passwd[0]) if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{ {
/* Prepare false scramble */ *end++= SCRAMBLE_LENGTH;
bfill(end, SCRAMBLE_LENGTH, 'x'); scramble(end, mysql->scramble, passwd);
end+=SCRAMBLE_LENGTH; end+= SCRAMBLE_LENGTH;
*end=0; }
else
{
scramble_323(end, mysql->scramble, passwd);
end+= SCRAMBLE_LENGTH_323 + 1;
} }
else /* For empty password */
*end=0; /* zero length scramble */
} }
else else
{ *end++= '\0'; // empty password
/*
Real scramble is only sent to old servers. This can be blocked
by calling mysql_options(MYSQL *, MYSQL_SECURE_CONNECT, (char*) &1);
*/
end=scramble(end, mysql->scramble_buff, passwd,
(my_bool) (mysql->protocol_version == 9));
}
/* Add database if needed */ /* Add database if needed */
end=strmov(end+1,db ? db : ""); end= strmov(end, db ? db : "") + 1;
/* Write authentication package */ /* Write authentication package */
simple_command(mysql,COM_CHANGE_USER, buff,(ulong) (end-buff),1); simple_command(mysql,COM_CHANGE_USER, buff,(ulong) (end-buff),1);
if (mysql_autenticate(mysql, passwd)) NET *net= &mysql->net;
ulong pkt_length= net_safe_read(mysql);
if (pkt_length == packet_error)
goto error; goto error;
if (pkt_length == 1 && net->read_pos[0] == 254 &&
mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{
/*
By sending this very specific reply server asks us to send scrambled
password in old format. The reply contains scramble_323.
*/
scramble_323(buff, mysql->scramble, passwd);
if (my_net_write(net, buff, SCRAMBLE_LENGTH_323 + 1) || net_flush(net))
{
net->last_errno= CR_SERVER_LOST;
strmov(net->sqlstate, unknown_sqlstate);
strmov(net->last_error,ER(net->last_errno));
goto error;
}
/* Read what server thinks about out new auth message report */
if (net_safe_read(mysql) == packet_error)
goto error;
}
/* Free old connect information */ /* Free old connect information */
my_free(mysql->user,MYF(MY_ALLOW_ZERO_PTR)); my_free(mysql->user,MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->passwd,MYF(MY_ALLOW_ZERO_PTR)); my_free(mysql->passwd,MYF(MY_ALLOW_ZERO_PTR));
......
...@@ -30,6 +30,7 @@ show tables; ...@@ -30,6 +30,7 @@ show tables;
Tables_in_test Tables_in_test
update mysql.user set password=old_password("gambling2") where user="test"; update mysql.user set password=old_password("gambling2") where user="test";
flush privileges; flush privileges;
set password=old_password('gambling3');
show tables; show tables;
Tables_in_mysql Tables_in_mysql
columns_priv columns_priv
......
select length(encrypt('foo', 'ff')) <> 0; select length(encrypt('foo', 'ff')) <> 0;
length(encrypt('foo', 'ff')) <> 0 length(encrypt('foo', 'ff')) <> 0
1 1
select password("a",""), password("a",NULL), password("","a"), password(NULL,"a"); select password('abc');
password("a","") password("a",NULL) password("","a") password(NULL,"a") password('abc')
*2517f7235d68d4ba2e5019c93420523101157a792c01 NULL NULL *0d3ced9bec10a777aec23ccc353a8c08a633045e
select password("aaaaaaaaaaaaaaaa","a"), password("a","aaaaaaaaaaaaaaaa"); select password('');
password("aaaaaaaaaaaaaaaa","a") password("a","aaaaaaaaaaaaaaaa") password('')
*2cd3b9a44e9a9994789a30f935c92f45a96c5472f381 *37c7c5c794ff144819f2531bf03c57772cd84e40db09
select old_password('test'), length(password("1")), length(encrypt('test')), encrypt('test','aa'); select old_password('abc');
old_password('test') length(password("1")) length(encrypt('test')) encrypt('test','aa') old_password('abc')
378b243e220ca493 45 13 aaqPiZY5xR5l. 7cd2b5942be28759
select old_password(""), old_password(NULL), password(""), password(NULL); select old_password('');
old_password("") old_password(NULL) password("") password(NULL) old_password('')
NULL NULL
select password('gabbagabbahey');
password('gabbagabbahey')
*b0f99d2963660dd7e16b751ec9ee2f17b6a68fa6
select old_password('idkfa');
old_password('idkfa')
5c078dc54ca0fcca
select length(password('1'));
length(password('1'))
41
select length(encrypt('test'));
length(encrypt('test'))
13
select encrypt('test','aa');
encrypt('test','aa')
aaqPiZY5xR5l.
select old_password(NULL);
old_password(NULL)
NULL
select password(NULL);
password(NULL)
NULL
set global old_passwords=on;
select password('');
password('')
select old_password('');
old_password('')
select password('idkfa');
password('idkfa')
*b669c9dac3aa6f2254b03cdef8dfdd6b2d1054ba
select old_password('idkfa');
old_password('idkfa')
5c078dc54ca0fcca
set old_passwords=on;
select password('idkfa');
password('idkfa')
5c078dc54ca0fcca
select old_password('idkfa');
old_password('idkfa')
5c078dc54ca0fcca
set global old_passwords=off;
select password('idkfa');
password('idkfa')
5c078dc54ca0fcca
select old_password('idkfa');
old_password('idkfa')
5c078dc54ca0fcca
set old_passwords=off;
select password('idkfa ');
password('idkfa ')
*2dc31d90647b4c1abc9231563d2236e96c9a2db2
select password('idkfa');
password('idkfa')
*b669c9dac3aa6f2254b03cdef8dfdd6b2d1054ba
select password(' idkfa');
password(' idkfa')
*12b099e56bb7fe8d43c78fd834a9d1d11178d045
select old_password('idkfa');
old_password('idkfa')
5c078dc54ca0fcca
select old_password(' i d k f a ');
old_password(' i d k f a ')
5c078dc54ca0fcca
...@@ -48,8 +48,9 @@ flush privileges; ...@@ -48,8 +48,9 @@ flush privileges;
#connect (con1,localhost,test,gambling2,""); #connect (con1,localhost,test,gambling2,"");
#show tables; #show tables;
connect (con1,localhost,test,gambling2,mysql); connect (con1,localhost,test,gambling2,mysql);
set password=old_password('gambling3');
show tables; show tables;
connect (con1,localhost,test,gambling2,test); connect (con1,localhost,test,gambling3,test);
show tables; show tables;
# Re enable this one day if error handling on connect will take place # Re enable this one day if error handling on connect will take place
...@@ -63,7 +64,9 @@ show tables; ...@@ -63,7 +64,9 @@ show tables;
#connect (con1,localhost,test,zorro,); #connect (con1,localhost,test,zorro,);
#--error 1045 #--error 1045
# remove user 'test' so that other tests which may use 'test' # remove user 'test' so that other tests which may use 'test'
# do not depend on this test. # do not depend on this test.
delete from mysql.user where user="test"; delete from mysql.user where user="test";
flush privileges; flush privileges;
...@@ -4,7 +4,33 @@ select length(encrypt('foo', 'ff')) <> 0; ...@@ -4,7 +4,33 @@ select length(encrypt('foo', 'ff')) <> 0;
--replace_result $1$aa$4OSUA5cjdx0RUQ08opV27/ aaqPiZY5xR5l. --replace_result $1$aa$4OSUA5cjdx0RUQ08opV27/ aaqPiZY5xR5l.
# Test new and old password handling functions # Test new and old password handling functions
select password("a",""), password("a",NULL), password("","a"), password(NULL,"a"); select password('abc');
select password("aaaaaaaaaaaaaaaa","a"), password("a","aaaaaaaaaaaaaaaa"); select password('');
select old_password('test'), length(password("1")), length(encrypt('test')), encrypt('test','aa'); select old_password('abc');
select old_password(""), old_password(NULL), password(""), password(NULL); select old_password('');
select password('gabbagabbahey');
select old_password('idkfa');
select length(password('1'));
select length(encrypt('test'));
select encrypt('test','aa');
select old_password(NULL);
select password(NULL);
set global old_passwords=on;
select password('');
select old_password('');
select password('idkfa');
select old_password('idkfa');
set old_passwords=on;
select password('idkfa');
select old_password('idkfa');
set global old_passwords=off;
select password('idkfa');
select old_password('idkfa');
# this test shows that new scrambles honor spaces in passwords:
set old_passwords=off;
select password('idkfa ');
select password('idkfa');
select password(' idkfa');
select old_password('idkfa');
select old_password(' i d k f a ');
...@@ -108,7 +108,7 @@ then ...@@ -108,7 +108,7 @@ then
c_u="$c_u CREATE TABLE user (" c_u="$c_u CREATE TABLE user ("
c_u="$c_u Host char(60) binary DEFAULT '' NOT NULL," c_u="$c_u Host char(60) binary DEFAULT '' NOT NULL,"
c_u="$c_u User char(16) binary DEFAULT '' NOT NULL," c_u="$c_u User char(16) binary DEFAULT '' NOT NULL,"
c_u="$c_u Password char(45) binary DEFAULT '' NOT NULL," c_u="$c_u Password char(41) binary DEFAULT '' NOT NULL,"
c_u="$c_u Select_priv enum('N','Y') DEFAULT 'N' NOT NULL," c_u="$c_u Select_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Insert_priv enum('N','Y') DEFAULT 'N' NOT NULL," c_u="$c_u Insert_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Update_priv enum('N','Y') DEFAULT 'N' NOT NULL," c_u="$c_u Update_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
......
...@@ -4,7 +4,7 @@ ALTER TABLE host type=MyISAM; ...@@ -4,7 +4,7 @@ ALTER TABLE host type=MyISAM;
ALTER TABLE func type=MyISAM; ALTER TABLE func type=MyISAM;
ALTER TABLE columns_priv type=MyISAM; ALTER TABLE columns_priv type=MyISAM;
ALTER TABLE tables_priv type=MyISAM; ALTER TABLE tables_priv type=MyISAM;
ALTER TABLE user change Password Password char(45) not null; ALTER TABLE user change Password Password char(41) not null;
ALTER TABLE user add File_priv enum('N','Y') NOT NULL; ALTER TABLE user add File_priv enum('N','Y') NOT NULL;
CREATE TABLE IF NOT EXISTS func ( CREATE TABLE IF NOT EXISTS func (
name char(64) DEFAULT '' NOT NULL, name char(64) DEFAULT '' NOT NULL,
......
...@@ -1352,76 +1352,6 @@ mysql_ssl_free(MYSQL *mysql __attribute__((unused))) ...@@ -1352,76 +1352,6 @@ mysql_ssl_free(MYSQL *mysql __attribute__((unused)))
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
/*
Handle password authentication
*/
my_bool mysql_autenticate(MYSQL *mysql, const char *passwd)
{
ulong pkt_length;
NET *net= &mysql->net;
char buff[SCRAMBLE41_LENGTH];
char password_hash[SCRAMBLE41_LENGTH]; /* Used for storage of stage1 hash */
/* We shall only query server if it expect us to do so */
if ((pkt_length=net_safe_read(mysql)) == packet_error)
goto error;
if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{
/*
This should always happen with new server unless empty password
OK/Error packets have zero as the first char
*/
if (pkt_length == 24 && net->read_pos[0])
{
/* Old passwords will have '*' at the first byte of hash */
if (net->read_pos[0] != '*')
{
/* Build full password hash as it is required to decode scramble */
password_hash_stage1(buff, passwd);
/* Store copy as we'll need it later */
memcpy(password_hash,buff,SCRAMBLE41_LENGTH);
/* Finally hash complete password using hash we got from server */
password_hash_stage2(password_hash,(const char*) net->read_pos);
/* Decypt and store scramble 4 = hash for stage2 */
password_crypt((const char*) net->read_pos+4,mysql->scramble_buff,
password_hash, SCRAMBLE41_LENGTH);
mysql->scramble_buff[SCRAMBLE41_LENGTH]=0;
/* Encode scramble with password. Recycle buffer */
password_crypt(mysql->scramble_buff,buff,buff,SCRAMBLE41_LENGTH);
}
else
{
/* Create password to decode scramble */
create_key_from_old_password(passwd,password_hash);
/* Decypt and store scramble 4 = hash for stage2 */
password_crypt((const char*) net->read_pos+4,mysql->scramble_buff,
password_hash, SCRAMBLE41_LENGTH);
mysql->scramble_buff[SCRAMBLE41_LENGTH]=0;
/* Finally scramble decoded scramble with password */
scramble(buff, mysql->scramble_buff, passwd,0);
}
/* Write second package of authentication */
if (my_net_write(net,buff,SCRAMBLE41_LENGTH) || net_flush(net))
{
net->last_errno= CR_SERVER_LOST;
strmov(net->sqlstate, unknown_sqlstate);
strmov(net->last_error,ER(net->last_errno));
goto error;
}
/* Read what server thinks about out new auth message report */
if (net_safe_read(mysql) == packet_error)
goto error;
}
}
return 0;
error:
return 1;
}
/* /*
Note that the mysql argument must be initialized with mysql_init() Note that the mysql argument must be initialized with mysql_init()
before calling mysql_real_connect ! before calling mysql_real_connect !
...@@ -1513,7 +1443,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1513,7 +1443,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
mysql->server_status=SERVER_STATUS_AUTOCOMMIT; mysql->server_status=SERVER_STATUS_AUTOCOMMIT;
/* /*
Grab a socket and connect it to the server Part 0: Grab a socket and connect it to the server
*/ */
#if defined(HAVE_SMEM) #if defined(HAVE_SMEM)
if ((!mysql->options.protocol || if ((!mysql->options.protocol ||
...@@ -1714,6 +1644,11 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1714,6 +1644,11 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
strmov(net->last_error,ER(net->last_errno)); strmov(net->last_error,ER(net->last_errno));
goto error; goto error;
} }
/*
Part 1: Connection established, read and parse first packet
*/
if ((pkt_length=net_safe_read(mysql)) == packet_error) if ((pkt_length=net_safe_read(mysql)) == packet_error)
goto error; goto error;
...@@ -1734,8 +1669,13 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1734,8 +1669,13 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
end=strend((char*) net->read_pos+1); end=strend((char*) net->read_pos+1);
mysql->thread_id=uint4korr(end+1); mysql->thread_id=uint4korr(end+1);
end+=5; end+=5;
strmake(mysql->scramble_buff,end,8); /*
end+=9; Scramble is split into two parts because old clients does not understand
long scrambles; here goes the first part.
*/
strmake(mysql->scramble, end, SCRAMBLE_LENGTH_323);
end+= SCRAMBLE_LENGTH_323+1;
if (pkt_length >= (uint) (end+1 - (char*) net->read_pos)) if (pkt_length >= (uint) (end+1 - (char*) net->read_pos))
mysql->server_capabilities=uint2korr(end); mysql->server_capabilities=uint2korr(end);
if (pkt_length >= (uint) (end+18 - (char*) net->read_pos)) if (pkt_length >= (uint) (end+18 - (char*) net->read_pos))
...@@ -1744,6 +1684,13 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1744,6 +1684,13 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
mysql->server_language=end[2]; mysql->server_language=end[2];
mysql->server_status=uint2korr(end+3); mysql->server_status=uint2korr(end+3);
} }
end+= 18;
if (pkt_length >= (uint) (end + SCRAMBLE_LENGTH - SCRAMBLE_LENGTH_323 + 1 -
(char *) net->read_pos))
strmake(mysql->scramble+SCRAMBLE_LENGTH_323, end,
SCRAMBLE_LENGTH-SCRAMBLE_LENGTH_323);
else
mysql->server_capabilities&= ~CLIENT_SECURE_CONNECTION;
/* Set character set */ /* Set character set */
if ((charset_name=mysql->options.charset_name)) if ((charset_name=mysql->options.charset_name))
...@@ -1815,9 +1762,12 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1815,9 +1762,12 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
mysql->unix_socket=0; mysql->unix_socket=0;
strmov(mysql->server_version,(char*) net->read_pos+1); strmov(mysql->server_version,(char*) net->read_pos+1);
mysql->port=port; mysql->port=port;
client_flag|=mysql->options.client_flag;
/* Send client information for access check */ /*
Part 2: format and send client info to the server for access check
*/
client_flag|=mysql->options.client_flag;
client_flag|=CLIENT_CAPABILITIES; client_flag|=CLIENT_CAPABILITIES;
if (client_flag & CLIENT_MULTI_QUERIES) if (client_flag & CLIENT_MULTI_QUERIES)
client_flag|= CLIENT_MULTI_RESULTS; client_flag|= CLIENT_MULTI_RESULTS;
...@@ -1904,7 +1854,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1904,7 +1854,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
mysql->server_status, client_flag)); mysql->server_status, client_flag));
/* This needs to be changed as it's not useful with big packets */ /* This needs to be changed as it's not useful with big packets */
if (user && user[0]) if (user && user[0])
strmake(end,user,32); /* Max user name */ strmake(end,user,USERNAME_LENGTH); /* Max user name */
else else
read_user_name((char*) end); read_user_name((char*) end);
...@@ -1913,41 +1863,30 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1913,41 +1863,30 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
#include "_cust_libmysql.h" #include "_cust_libmysql.h"
#endif #endif
DBUG_PRINT("info",("user: %s",end)); DBUG_PRINT("info",("user: %s",end));
/* end= strend(end) + 1;
We always start with old type handshake the only difference is message sent if (passwd[0])
If server handles secure connection type we'll not send the real scramble
*/
if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{ {
if (passwd[0]) if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{ {
/* Prepare false scramble */ *end++= SCRAMBLE_LENGTH;
end=strend(end)+1; scramble(end, mysql->scramble, passwd);
bfill(end, SCRAMBLE_LENGTH, 'x'); end+= SCRAMBLE_LENGTH;
end+=SCRAMBLE_LENGTH;
*end=0;
} }
else /* For empty password*/ else
{ {
end=strend(end)+1; scramble_323(end, mysql->scramble, passwd);
*end=0; /* Store zero length scramble */ end+= SCRAMBLE_LENGTH_323 + 1;
} }
} }
else else
{ *end++= '\0'; /* empty password */
/*
Real scramble is only sent to old servers. This can be blocked
by calling mysql_options(MYSQL *, MYSQL_SECURE_CONNECT, (char*) &1);
*/
end=scramble(strend(end)+1, mysql->scramble_buff, passwd,
(my_bool) (mysql->protocol_version == 9));
}
/* Add database if needed */ /* Add database if needed */
if (db && (mysql->server_capabilities & CLIENT_CONNECT_WITH_DB)) if (db && (mysql->server_capabilities & CLIENT_CONNECT_WITH_DB))
{ {
end=strmake(end+1,db,NAME_LEN); end= strmake(end, db, NAME_LEN) + 1;
mysql->db=my_strdup(db,MYF(MY_WME)); mysql->db= my_strdup(db,MYF(MY_WME));
db=0; db= 0;
} }
/* Write authentication package */ /* Write authentication package */
if (my_net_write(net,buff,(ulong) (end-buff)) || net_flush(net)) if (my_net_write(net,buff,(ulong) (end-buff)) || net_flush(net))
...@@ -1957,10 +1896,36 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1957,10 +1896,36 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
strmov(net->last_error,ER(net->last_errno)); strmov(net->last_error,ER(net->last_errno));
goto error; goto error;
} }
/*
Part 3: Authorization data's been sent. Now server can reply with
OK-packet, or re-request scrambled password.
*/
if (mysql_autenticate(mysql, passwd)) if ((pkt_length=net_safe_read(mysql)) == packet_error)
goto error; goto error;
if (pkt_length == 1 && net->read_pos[0] == 254 &&
mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{
/*
By sending this very specific reply server asks us to send scrambled
password in old format.
*/
scramble_323(buff, mysql->scramble, passwd);
if (my_net_write(net, buff, SCRAMBLE_LENGTH_323 + 1) || net_flush(net))
{
net->last_errno= CR_SERVER_LOST;
strmov(net->sqlstate, unknown_sqlstate);
strmov(net->last_error,ER(net->last_errno));
goto error;
}
/* Read what server thinks about out new auth message report */
if (net_safe_read(mysql) == packet_error)
goto error;
}
if (client_flag & CLIENT_COMPRESS) /* We will use compression */ if (client_flag & CLIENT_COMPRESS) /* We will use compression */
net->compress=1; net->compress=1;
......
...@@ -52,13 +52,6 @@ Item *create_func_ord(Item* a) ...@@ -52,13 +52,6 @@ Item *create_func_ord(Item* a)
return new Item_func_ord(a); return new Item_func_ord(a);
} }
Item *create_func_old_password(Item* a)
{
return new Item_func_old_password(a);
}
Item *create_func_asin(Item* a) Item *create_func_asin(Item* a)
{ {
return new Item_func_asin(a); return new Item_func_asin(a);
...@@ -332,11 +325,6 @@ Item *create_func_quarter(Item* a) ...@@ -332,11 +325,6 @@ Item *create_func_quarter(Item* a)
return new Item_func_quarter(a); return new Item_func_quarter(a);
} }
Item *create_func_password(Item* a)
{
return new Item_func_password(a);
}
Item *create_func_radians(Item *a) Item *create_func_radians(Item *a)
{ {
return new Item_func_units((char*) "radians",a,M_PI/180,0.0); return new Item_func_units((char*) "radians",a,M_PI/180,0.0);
......
...@@ -69,14 +69,12 @@ Item *create_func_monthname(Item* a); ...@@ -69,14 +69,12 @@ Item *create_func_monthname(Item* a);
Item *create_func_nullif(Item* a, Item *b); Item *create_func_nullif(Item* a, Item *b);
Item *create_func_oct(Item *); Item *create_func_oct(Item *);
Item *create_func_ord(Item* a); Item *create_func_ord(Item* a);
Item *create_func_old_password(Item* a);
Item *create_func_period_add(Item* a, Item *b); Item *create_func_period_add(Item* a, Item *b);
Item *create_func_period_diff(Item* a, Item *b); Item *create_func_period_diff(Item* a, Item *b);
Item *create_func_pi(void); Item *create_func_pi(void);
Item *create_func_pow(Item* a, Item *b); Item *create_func_pow(Item* a, Item *b);
Item *create_func_current_user(void); Item *create_func_current_user(void);
Item *create_func_quarter(Item* a); Item *create_func_quarter(Item* a);
Item *create_func_password(Item* a);
Item *create_func_radians(Item *a); Item *create_func_radians(Item *a);
Item *create_func_release_lock(Item* a); Item *create_func_release_lock(Item* a);
Item *create_func_repeat(Item* a, Item *b); Item *create_func_repeat(Item* a, Item *b);
......
...@@ -1326,95 +1326,49 @@ void Item_func_trim::fix_length_and_dec() ...@@ -1326,95 +1326,49 @@ void Item_func_trim::fix_length_and_dec()
} }
/* Item_func_password */
void Item_func_password::fix_length_and_dec()
{
/*
If PASSWORD() was called with only one argument, it depends on a random
number so we need to save this random number into the binary log.
If called with two arguments, it is repeatable.
*/
if (arg_count == 1)
{
THD *thd= current_thd;
thd->rand_used= 1;
thd->rand_saved_seed1= thd->rand.seed1;
thd->rand_saved_seed2= thd->rand.seed2;
}
max_length= get_password_length(use_old_passwords);
}
/*
Password() function has 2 arguments. Second argument can be used
to make results repeatable
*/
String *Item_func_password::val_str(String *str) String *Item_func_password::val_str(String *str)
{ {
struct rand_struct rand_st; // local structure for 2 param version String *res= args[0]->val_str(str);
ulong seed=0; // seed to initialise random generator to
String *res =args[0]->val_str(str);
if ((null_value=args[0]->null_value)) if ((null_value=args[0]->null_value))
return 0; return 0;
if (res->length() == 0)
if (arg_count == 1) return &empty_string;
{ make_scrambled_password(tmp_value, res->c_ptr());
if (res->length() == 0) str->set(tmp_value, SCRAMBLED_PASSWORD_CHAR_LENGTH, res->charset());
return &empty_string; return str;
make_scrambled_password(tmp_value,res->c_ptr(),use_old_passwords,
&current_thd->rand);
str->set(tmp_value,get_password_length(use_old_passwords),res->charset());
return str;
}
else
{
/* We'll need the buffer to get second parameter */
char key_buff[80];
String tmp_key_value(key_buff, sizeof(key_buff), system_charset_info);
String *key =args[1]->val_str(&tmp_key_value);
/* Check second argument for NULL value. First one is already checked */
if ((null_value=args[1]->null_value))
return 0;
/* This shall be done after checking for null for proper results */
if (res->length() == 0)
return &empty_string;
/* Generate the seed first this allows to avoid double allocation */
char* seed_ptr=key->c_ptr();
while (*seed_ptr)
{
seed=(seed*211+*seed_ptr) & 0xffffffffL; /* Use simple hashing */
seed_ptr++;
}
/* Use constants which allow nice random values even with small seed */
randominit(&rand_st,
(ulong) ((ulonglong) seed*111111+33333333L) & (ulong) 0xffffffff,
(ulong) ((ulonglong) seed*1111+55555555L) & (ulong) 0xffffffff);
make_scrambled_password(tmp_value,res->c_ptr(),use_old_passwords,
&rand_st);
str->set(tmp_value,get_password_length(use_old_passwords),res->charset());
return str;
}
} }
char *Item_func_password::alloc(THD *thd, const char *password)
{
char *buff= (char *) thd->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH+1);
if (buff)
make_scrambled_password(buff, password);
return buff;
}
/* Item_func_old_password */
String *Item_func_old_password::val_str(String *str) String *Item_func_old_password::val_str(String *str)
{ {
String *res =args[0]->val_str(str); String *res= args[0]->val_str(str);
if ((null_value=args[0]->null_value)) if ((null_value=args[0]->null_value))
return 0; return 0;
if (res->length() == 0) if (res->length() == 0)
return &empty_string; return &empty_string;
make_scrambled_password(tmp_value,res->c_ptr(),1,&current_thd->rand); make_scrambled_password_323(tmp_value, res->c_ptr());
str->set(tmp_value,16,res->charset()); str->set(tmp_value, SCRAMBLED_PASSWORD_CHAR_LENGTH_323, res->charset());
return str; return str;
} }
char *Item_func_old_password::alloc(THD *thd, const char *password)
{
char *buff= (char *) thd->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH_323+1);
if (buff)
make_scrambled_password_323(buff, password);
return buff;
}
#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.') #define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
......
...@@ -254,30 +254,45 @@ public: ...@@ -254,30 +254,45 @@ public:
}; };
/*
Item_func_password -- new (4.1.1) PASSWORD() function implementation.
Returns strcat('*', octet2hex(sha1(sha1(password)))). '*' stands for new
password format, sha1(sha1(password) is so-called hash_stage2 value.
Length of returned string is always 41 byte. To find out how entire
authentification procedure works, see comments in password.c.
*/
class Item_func_password :public Item_str_func class Item_func_password :public Item_str_func
{ {
char tmp_value[64]; /* This should be enough for new password format */ char tmp_value[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
public: public:
Item_func_password(Item *a) :Item_str_func(a) {} Item_func_password(Item *a) :Item_str_func(a) {}
Item_func_password(Item *a, Item *b) :Item_str_func(a,b) {} String *val_str(String *str);
String *val_str(String *); void fix_length_and_dec() { max_length= SCRAMBLED_PASSWORD_CHAR_LENGTH; }
void fix_length_and_dec();
const char *func_name() const { return "password"; } const char *func_name() const { return "password"; }
static char *alloc(THD *thd, const char *password);
}; };
/*
Item_func_old_password -- PASSWORD() implementation used in MySQL 3.21 - 4.0
compatibility mode. This item is created in sql_yacc.yy when
'old_passwords' session variable is set, and to handle OLD_PASSWORD()
function.
*/
class Item_func_old_password :public Item_str_func class Item_func_old_password :public Item_str_func
{ {
char tmp_value[17]; /* old password length +1 */ char tmp_value[SCRAMBLED_PASSWORD_CHAR_LENGTH_323+1];
public: public:
Item_func_old_password(Item *a) :Item_str_func(a) {} Item_func_old_password(Item *a) :Item_str_func(a) {}
String *val_str(String *); String *val_str(String *str);
void fix_length_and_dec() { max_length = get_password_length(1); } void fix_length_and_dec() { max_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323; }
const char *func_name() const { return "old_password"; } const char *func_name() const { return "old_password"; }
static char *alloc(THD *thd, const char *password);
}; };
class Item_func_des_encrypt :public Item_str_func class Item_func_des_encrypt :public Item_str_func
{ {
String tmp_value; String tmp_value;
......
...@@ -288,6 +288,7 @@ static SYMBOL symbols[] = { ...@@ -288,6 +288,7 @@ static SYMBOL symbols[] = {
{ "NULL", SYM(NULL_SYM),0,0}, { "NULL", SYM(NULL_SYM),0,0},
{ "NUMERIC", SYM(NUMERIC_SYM),0,0}, { "NUMERIC", SYM(NUMERIC_SYM),0,0},
{ "OFFSET", SYM(OFFSET_SYM),0,0}, { "OFFSET", SYM(OFFSET_SYM),0,0},
{ "OLD_PASSWORD", SYM(OLD_PASSWORD),0,0},
{ "ON", SYM(ON),0,0}, { "ON", SYM(ON),0,0},
{ "OPEN", SYM(OPEN_SYM),0,0}, { "OPEN", SYM(OPEN_SYM),0,0},
{ "OPTIMIZE", SYM(OPTIMIZE),0,0}, { "OPTIMIZE", SYM(OPTIMIZE),0,0},
...@@ -586,7 +587,6 @@ static SYMBOL sql_functions[] = { ...@@ -586,7 +587,6 @@ static SYMBOL sql_functions[] = {
{ "NUMPOINTS", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_numpoints)}, { "NUMPOINTS", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_numpoints)},
{ "OCTET_LENGTH", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_length)}, { "OCTET_LENGTH", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_length)},
{ "OCT", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_oct)}, { "OCT", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_oct)},
{ "OLD_PASSWORD", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_old_password)},
{ "ORD", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_ord)}, { "ORD", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_ord)},
{ "OVERLAPS", SYM(FUNC_ARG2),0,CREATE_FUNC(create_func_overlaps)}, { "OVERLAPS", SYM(FUNC_ARG2),0,CREATE_FUNC(create_func_overlaps)},
{ "PERIOD_ADD", SYM(FUNC_ARG2),0,CREATE_FUNC(create_func_period_add)}, { "PERIOD_ADD", SYM(FUNC_ARG2),0,CREATE_FUNC(create_func_period_add)},
......
...@@ -74,9 +74,6 @@ extern CHARSET_INFO *national_charset_info, *table_alias_charset; ...@@ -74,9 +74,6 @@ extern CHARSET_INFO *national_charset_info, *table_alias_charset;
****************************************************************************/ ****************************************************************************/
#define ACL_CACHE_SIZE 256 #define ACL_CACHE_SIZE 256
/* Password lengh for 4.1 version previous versions had 16 bytes password hash */
#define HASH_PASSWORD_LENGTH 45
#define HASH_OLD_PASSWORD_LENGTH 16
#define HOST_CACHE_SIZE 128 #define HOST_CACHE_SIZE 128
#define MAX_ACCEPT_RETRY 10 // Test accept this many times #define MAX_ACCEPT_RETRY 10 // Test accept this many times
#define MAX_FIELDS_BEFORE_HASH 32 #define MAX_FIELDS_BEFORE_HASH 32
...@@ -757,7 +754,7 @@ extern my_bool opt_safe_show_db, opt_local_infile, lower_case_table_names; ...@@ -757,7 +754,7 @@ extern my_bool opt_safe_show_db, opt_local_infile, lower_case_table_names;
extern my_bool opt_slave_compressed_protocol, use_temp_pool; extern my_bool opt_slave_compressed_protocol, use_temp_pool;
extern my_bool opt_readonly; extern my_bool opt_readonly;
extern my_bool opt_enable_named_pipe; extern my_bool opt_enable_named_pipe;
extern my_bool opt_old_passwords, use_old_passwords; extern my_bool opt_secure_auth;
extern char *shared_memory_base_name, *mysqld_unix_port; extern char *shared_memory_base_name, *mysqld_unix_port;
extern bool opt_enable_shared_memory; extern bool opt_enable_shared_memory;
......
...@@ -257,9 +257,10 @@ my_bool opt_local_infile, opt_external_locking, opt_slave_compressed_protocol; ...@@ -257,9 +257,10 @@ my_bool opt_local_infile, opt_external_locking, opt_slave_compressed_protocol;
my_bool opt_safe_user_create = 0, opt_no_mix_types = 0; my_bool opt_safe_user_create = 0, opt_no_mix_types = 0;
my_bool lower_case_table_names, opt_old_rpl_compat; my_bool lower_case_table_names, opt_old_rpl_compat;
my_bool opt_show_slave_auth_info, opt_sql_bin_update = 0; my_bool opt_show_slave_auth_info, opt_sql_bin_update = 0;
my_bool opt_log_slave_updates= 0, opt_old_passwords=0, use_old_passwords=0; my_bool opt_log_slave_updates= 0;
my_bool opt_console= 0, opt_bdb, opt_innodb, opt_isam; my_bool opt_console= 0, opt_bdb, opt_innodb, opt_isam;
my_bool opt_readonly, use_temp_pool, relay_log_purge; my_bool opt_readonly, use_temp_pool, relay_log_purge;
my_bool opt_secure_auth= 0;
volatile bool mqh_used = 0; volatile bool mqh_used = 0;
uint mysqld_port, test_flags, select_errors, dropping_tables, ha_open_options; uint mysqld_port, test_flags, select_errors, dropping_tables, ha_open_options;
...@@ -2764,12 +2765,6 @@ static void create_new_thread(THD *thd) ...@@ -2764,12 +2765,6 @@ static void create_new_thread(THD *thd)
if (thread_count-delayed_insert_threads > max_used_connections) if (thread_count-delayed_insert_threads > max_used_connections)
max_used_connections=thread_count-delayed_insert_threads; max_used_connections=thread_count-delayed_insert_threads;
thd->thread_id=thread_id++; thd->thread_id=thread_id++;
for (uint i=0; i < 8 ; i++) // Generate password teststring
thd->scramble[i]= (char) (my_rnd(&sql_rand)*94+33);
thd->scramble[8]=0;
// Back it up as old clients may need it
memcpy(thd->old_scramble,thd->scramble,9);
thd->real_id=pthread_self(); // Keep purify happy thd->real_id=pthread_self(); // Keep purify happy
...@@ -3479,7 +3474,8 @@ enum options ...@@ -3479,7 +3474,8 @@ enum options
OPT_EXPIRE_LOGS_DAYS, OPT_EXPIRE_LOGS_DAYS,
OPT_DEFAULT_WEEK_FORMAT, OPT_DEFAULT_WEEK_FORMAT,
OPT_GROUP_CONCAT_MAX_LEN, OPT_GROUP_CONCAT_MAX_LEN,
OPT_DEFAULT_COLLATION OPT_DEFAULT_COLLATION,
OPT_SECURE_AUTH
}; };
...@@ -3784,9 +3780,10 @@ Does nothing yet.", ...@@ -3784,9 +3780,10 @@ Does nothing yet.",
(gptr*) &opt_no_mix_types, (gptr*) &opt_no_mix_types, 0, GET_BOOL, NO_ARG, (gptr*) &opt_no_mix_types, (gptr*) &opt_no_mix_types, 0, GET_BOOL, NO_ARG,
0, 0, 0, 0, 0, 0}, 0, 0, 0, 0, 0, 0},
#endif #endif
{"old-protocol", 'o', "Use the old (3.20) protocol client/server protocol.", {"old-passwords", OPT_OLD_PASSWORDS, "Use old password encryption method (needed for 4.0 and older clients).",
(gptr*) &protocol_version, (gptr*) &protocol_version, 0, GET_UINT, NO_ARG, (gptr*) &global_system_variables.old_passwords,
PROTOCOL_VERSION, 0, 0, 0, 0, 0}, (gptr*) &max_system_variables.old_passwords, 0, GET_BOOL, NO_ARG,
0, 0, 0, 0, 0, 0},
{"old-rpl-compat", OPT_OLD_RPL_COMPAT, {"old-rpl-compat", OPT_OLD_RPL_COMPAT,
"Use old LOAD DATA format in the binary log (don't save data in file).", "Use old LOAD DATA format in the binary log (don't save data in file).",
(gptr*) &opt_old_rpl_compat, (gptr*) &opt_old_rpl_compat, 0, GET_BOOL, (gptr*) &opt_old_rpl_compat, (gptr*) &opt_old_rpl_compat, 0, GET_BOOL,
...@@ -3855,8 +3852,6 @@ relay logs.", ...@@ -3855,8 +3852,6 @@ relay logs.",
GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"safe-mode", OPT_SAFE, "Skip some optimize stages (for testing).", {"safe-mode", OPT_SAFE, "Skip some optimize stages (for testing).",
0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0},
{"old-passwords", OPT_OLD_PASSWORDS, "Use old password encryption method (needed for 4.0 and older clients).",
(gptr*) &opt_old_passwords, (gptr*) &opt_old_passwords, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
#ifndef TO_BE_DELETED #ifndef TO_BE_DELETED
{"safe-show-database", OPT_SAFE_SHOW_DB, {"safe-show-database", OPT_SAFE_SHOW_DB,
"Deprecated option; One should use GRANT SHOW DATABASES instead...", "Deprecated option; One should use GRANT SHOW DATABASES instead...",
...@@ -3866,6 +3861,9 @@ relay logs.", ...@@ -3866,6 +3861,9 @@ relay logs.",
"Don't allow new user creation by the user who has no write privileges to the mysql.user table.", "Don't allow new user creation by the user who has no write privileges to the mysql.user table.",
(gptr*) &opt_safe_user_create, (gptr*) &opt_safe_user_create, 0, GET_BOOL, (gptr*) &opt_safe_user_create, (gptr*) &opt_safe_user_create, 0, GET_BOOL,
NO_ARG, 0, 0, 0, 0, 0, 0}, NO_ARG, 0, 0, 0, 0, 0, 0},
{"secure-auth", OPT_SECURE_AUTH, "Disallow authentication for accounts that have old (pre-4.1) passwords.",
(gptr*) &opt_secure_auth, (gptr*) &opt_secure_auth, 0, GET_BOOL, NO_ARG,
my_bool(0), 0, 0, 0, 0, 0},
{"server-id", OPT_SERVER_ID, {"server-id", OPT_SERVER_ID,
"Uniquely identifies the server instance in the community of replication partners.", "Uniquely identifies the server instance in the community of replication partners.",
(gptr*) &server_id, (gptr*) &server_id, 0, GET_ULONG, REQUIRED_ARG, 0, 0, 0, (gptr*) &server_id, (gptr*) &server_id, 0, GET_ULONG, REQUIRED_ARG, 0, 0, 0,
...@@ -4638,7 +4636,8 @@ static void mysql_init_variables(void) ...@@ -4638,7 +4636,8 @@ static void mysql_init_variables(void)
opt_log= opt_update_log= opt_bin_log= opt_slow_log= 0; opt_log= opt_update_log= opt_bin_log= opt_slow_log= 0;
opt_disable_networking= opt_skip_show_db=0; opt_disable_networking= opt_skip_show_db=0;
opt_logname= opt_update_logname= opt_binlog_index_name= opt_slow_logname=0; opt_logname= opt_update_logname= opt_binlog_index_name= opt_slow_logname=0;
opt_bootstrap= opt_myisam_log= use_old_passwords= 0; opt_secure_auth= 0;
opt_bootstrap= opt_myisam_log= 0;
mqh_used= 0; mqh_used= 0;
segfaulted= kill_in_progress= 0; segfaulted= kill_in_progress= 0;
cleanup_done= 0; cleanup_done= 0;
...@@ -4741,6 +4740,7 @@ static void mysql_init_variables(void) ...@@ -4741,6 +4740,7 @@ static void mysql_init_variables(void)
max_system_variables.select_limit= (ulonglong) HA_POS_ERROR; max_system_variables.select_limit= (ulonglong) HA_POS_ERROR;
global_system_variables.max_join_size= (ulonglong) HA_POS_ERROR; global_system_variables.max_join_size= (ulonglong) HA_POS_ERROR;
max_system_variables.max_join_size= (ulonglong) HA_POS_ERROR; max_system_variables.max_join_size= (ulonglong) HA_POS_ERROR;
global_system_variables.old_passwords= 0;
/* Variables that depends on compile options */ /* Variables that depends on compile options */
#ifndef DBUG_OFF #ifndef DBUG_OFF
...@@ -4862,9 +4862,6 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), ...@@ -4862,9 +4862,6 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
case 'L': case 'L':
strmake(language, argument, sizeof(language)-1); strmake(language, argument, sizeof(language)-1);
break; break;
case 'o':
protocol_version=PROTOCOL_VERSION-1;
break;
#ifdef HAVE_REPLICATION #ifdef HAVE_REPLICATION
case OPT_SLAVE_SKIP_ERRORS: case OPT_SLAVE_SKIP_ERRORS:
init_slave_skip_errors(argument); init_slave_skip_errors(argument);
......
This diff is collapsed.
...@@ -349,6 +349,25 @@ send_eof(THD *thd, bool no_flush) ...@@ -349,6 +349,25 @@ send_eof(THD *thd, bool no_flush)
} }
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
} }
/*
Please client to send scrambled_password in old format.
SYNOPSYS
send_old_password_request()
thd thread handle
RETURN VALUE
0 ok
!0 error
*/
bool send_old_password_request(THD *thd)
{
static char buff[1]= { (char) 254 };
NET *net= &thd->net;
return my_net_write(net, buff, 1) || net_flush(net);
}
#endif /* EMBEDDED_LIBRARY */ #endif /* EMBEDDED_LIBRARY */
/* /*
......
...@@ -164,6 +164,7 @@ void net_printf(THD *thd,uint sql_errno, ...); ...@@ -164,6 +164,7 @@ void net_printf(THD *thd,uint sql_errno, ...);
void send_ok(THD *thd, ha_rows affected_rows=0L, ulonglong id=0L, void send_ok(THD *thd, ha_rows affected_rows=0L, ulonglong id=0L,
const char *info=0); const char *info=0);
void send_eof(THD *thd, bool no_flush=0); void send_eof(THD *thd, bool no_flush=0);
bool send_old_password_request(THD *thd);
char *net_store_length(char *packet,ulonglong length); char *net_store_length(char *packet,ulonglong length);
char *net_store_length(char *packet,uint length); char *net_store_length(char *packet,uint length);
char *net_store_data(char *to,const char *from, uint length); char *net_store_data(char *to,const char *from, uint length);
......
...@@ -208,6 +208,7 @@ sys_var_thd_ulong sys_net_retry_count("net_retry_count", ...@@ -208,6 +208,7 @@ sys_var_thd_ulong sys_net_retry_count("net_retry_count",
&SV::net_retry_count, &SV::net_retry_count,
fix_net_retry_count); fix_net_retry_count);
sys_var_thd_bool sys_new_mode("new", &SV::new_mode); sys_var_thd_bool sys_new_mode("new", &SV::new_mode);
sys_var_thd_bool sys_old_passwords("old_passwords", &SV::old_passwords);
sys_var_thd_ulong sys_preload_buff_size("preload_buffer_size", sys_var_thd_ulong sys_preload_buff_size("preload_buffer_size",
&SV::preload_buff_size); &SV::preload_buff_size);
sys_var_thd_ulong sys_read_buff_size("read_buffer_size", sys_var_thd_ulong sys_read_buff_size("read_buffer_size",
...@@ -234,6 +235,7 @@ sys_var_thd_enum sys_query_cache_type("query_cache_type", ...@@ -234,6 +235,7 @@ sys_var_thd_enum sys_query_cache_type("query_cache_type",
&SV::query_cache_type, &SV::query_cache_type,
&query_cache_type_typelib); &query_cache_type_typelib);
#endif /* HAVE_QUERY_CACHE */ #endif /* HAVE_QUERY_CACHE */
sys_var_bool_ptr sys_secure_auth("secure_auth", &opt_secure_auth);
sys_var_long_ptr sys_server_id("server_id",&server_id); sys_var_long_ptr sys_server_id("server_id",&server_id);
sys_var_bool_ptr sys_slave_compressed_protocol("slave_compressed_protocol", sys_var_bool_ptr sys_slave_compressed_protocol("slave_compressed_protocol",
&opt_slave_compressed_protocol); &opt_slave_compressed_protocol);
...@@ -423,6 +425,7 @@ sys_var *sys_variables[]= ...@@ -423,6 +425,7 @@ sys_var *sys_variables[]=
&sys_net_wait_timeout, &sys_net_wait_timeout,
&sys_net_write_timeout, &sys_net_write_timeout,
&sys_new_mode, &sys_new_mode,
&sys_old_passwords,
&sys_preload_buff_size, &sys_preload_buff_size,
&sys_pseudo_thread_id, &sys_pseudo_thread_id,
&sys_query_cache_size, &sys_query_cache_size,
...@@ -441,6 +444,7 @@ sys_var *sys_variables[]= ...@@ -441,6 +444,7 @@ sys_var *sys_variables[]=
#endif #endif
&sys_rpl_recovery_rank, &sys_rpl_recovery_rank,
&sys_safe_updates, &sys_safe_updates,
&sys_secure_auth,
&sys_select_limit, &sys_select_limit,
&sys_server_id, &sys_server_id,
#ifdef HAVE_REPLICATION #ifdef HAVE_REPLICATION
...@@ -598,6 +602,7 @@ struct show_var_st init_vars[]= { ...@@ -598,6 +602,7 @@ struct show_var_st init_vars[]= {
{sys_net_retry_count.name, (char*) &sys_net_retry_count, SHOW_SYS}, {sys_net_retry_count.name, (char*) &sys_net_retry_count, SHOW_SYS},
{sys_net_write_timeout.name,(char*) &sys_net_write_timeout, SHOW_SYS}, {sys_net_write_timeout.name,(char*) &sys_net_write_timeout, SHOW_SYS},
{sys_new_mode.name, (char*) &sys_new_mode, SHOW_SYS}, {sys_new_mode.name, (char*) &sys_new_mode, SHOW_SYS},
{sys_old_passwords.name, (char*) &sys_old_passwords, SHOW_SYS},
{"open_files_limit", (char*) &open_files_limit, SHOW_LONG}, {"open_files_limit", (char*) &open_files_limit, SHOW_LONG},
{"pid_file", (char*) pidfile_name, SHOW_CHAR}, {"pid_file", (char*) pidfile_name, SHOW_CHAR},
{"log_error", (char*) log_error_file, SHOW_CHAR}, {"log_error", (char*) log_error_file, SHOW_CHAR},
...@@ -618,6 +623,7 @@ struct show_var_st init_vars[]= { ...@@ -618,6 +623,7 @@ struct show_var_st init_vars[]= {
SHOW_SYS}, SHOW_SYS},
{sys_query_cache_size.name, (char*) &sys_query_cache_size, SHOW_SYS}, {sys_query_cache_size.name, (char*) &sys_query_cache_size, SHOW_SYS},
{sys_query_cache_type.name, (char*) &sys_query_cache_type, SHOW_SYS}, {sys_query_cache_type.name, (char*) &sys_query_cache_type, SHOW_SYS},
{"secure_auth", (char*) &sys_secure_auth, SHOW_SYS},
#endif /* HAVE_QUERY_CACHE */ #endif /* HAVE_QUERY_CACHE */
#ifdef HAVE_SMEM #ifdef HAVE_SMEM
{"shared_memory", (char*) &opt_enable_shared_memory, SHOW_MY_BOOL}, {"shared_memory", (char*) &opt_enable_shared_memory, SHOW_MY_BOOL},
......
...@@ -692,6 +692,9 @@ public: ...@@ -692,6 +692,9 @@ public:
} }
}; };
/* updated in sql_acl.cc */
extern sys_var_thd_bool sys_old_passwords;
/* /*
Prototypes for helper functions Prototypes for helper functions
...@@ -705,6 +708,7 @@ void fix_delay_key_write(THD *thd, enum_var_type type); ...@@ -705,6 +708,7 @@ void fix_delay_key_write(THD *thd, enum_var_type type);
ulong fix_sql_mode(ulong sql_mode); ulong fix_sql_mode(ulong sql_mode);
extern sys_var_str sys_charset_system; extern sys_var_str sys_charset_system;
CHARSET_INFO *get_old_charset_by_name(const char *old_name); CHARSET_INFO *get_old_charset_by_name(const char *old_name);
gptr find_named(I_List<NAMED_LIST> *list, const char *name, uint length); gptr find_named(I_List<NAMED_LIST> *list, const char *name, uint length);
void delete_elements(I_List<NAMED_LIST> *list, void (*free_element)(gptr)); void delete_elements(I_List<NAMED_LIST> *list, void (*free_element)(gptr));
......
...@@ -277,3 +277,4 @@ v/* ...@@ -277,3 +277,4 @@ v/*
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -271,3 +271,4 @@ ...@@ -271,3 +271,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -279,3 +279,4 @@ ...@@ -279,3 +279,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -273,3 +273,4 @@ ...@@ -273,3 +273,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -273,3 +273,4 @@ ...@@ -273,3 +273,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -268,3 +268,4 @@ ...@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -277,3 +277,4 @@ ...@@ -277,3 +277,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -268,3 +268,4 @@ ...@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -270,3 +270,4 @@ ...@@ -270,3 +270,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -268,3 +268,4 @@ ...@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -270,3 +270,4 @@ ...@@ -270,3 +270,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -268,3 +268,4 @@ ...@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -270,3 +270,4 @@ ...@@ -270,3 +270,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -270,3 +270,4 @@ ...@@ -270,3 +270,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -272,3 +272,4 @@ ...@@ -272,3 +272,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -268,3 +268,4 @@ ...@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -272,3 +272,4 @@ ...@@ -272,3 +272,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -270,3 +270,4 @@ ...@@ -270,3 +270,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
" --secure-auth ( ), '%s@%s' Σ ; "
...@@ -264,3 +264,4 @@ ...@@ -264,3 +264,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -276,3 +276,4 @@ ...@@ -276,3 +276,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -269,3 +269,4 @@ ...@@ -269,3 +269,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -268,3 +268,4 @@ ...@@ -268,3 +268,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -273,3 +273,4 @@ ...@@ -273,3 +273,4 @@
"Illegal mix of collations for operation '%s'", "Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)", "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Unknown collation: '%-.64s'", "Unknown collation: '%-.64s'",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
...@@ -1459,7 +1459,7 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname, ...@@ -1459,7 +1459,7 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
if (master_user) if (master_user)
strmake(mi->user, master_user, sizeof(mi->user) - 1); strmake(mi->user, master_user, sizeof(mi->user) - 1);
if (master_password) if (master_password)
strmake(mi->password, master_password, HASH_PASSWORD_LENGTH); strmake(mi->password, master_password, SCRAMBLED_PASSWORD_CHAR_LENGTH);
mi->port = master_port; mi->port = master_port;
mi->connect_retry = master_connect_retry; mi->connect_retry = master_connect_retry;
} }
...@@ -1483,8 +1483,8 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname, ...@@ -1483,8 +1483,8 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
master_host) || master_host) ||
init_strvar_from_file(mi->user, sizeof(mi->user), &mi->file, init_strvar_from_file(mi->user, sizeof(mi->user), &mi->file,
master_user) || master_user) ||
init_strvar_from_file(mi->password, HASH_PASSWORD_LENGTH+1, &mi->file, init_strvar_from_file(mi->password, SCRAMBLED_PASSWORD_CHAR_LENGTH+1,
master_password) || &mi->file, master_password) ||
init_intvar_from_file(&port, &mi->file, master_port) || init_intvar_from_file(&port, &mi->file, master_port) ||
init_intvar_from_file(&connect_retry, &mi->file, init_intvar_from_file(&connect_retry, &mi->file,
master_connect_retry)) master_connect_retry))
......
...@@ -292,7 +292,7 @@ typedef struct st_master_info ...@@ -292,7 +292,7 @@ typedef struct st_master_info
/* the variables below are needed because we can change masters on the fly */ /* the variables below are needed because we can change masters on the fly */
char host[HOSTNAME_LENGTH+1]; char host[HOSTNAME_LENGTH+1];
char user[USERNAME_LENGTH+1]; char user[USERNAME_LENGTH+1];
char password[HASH_PASSWORD_LENGTH+1]; char password[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
pthread_mutex_t data_lock,run_lock; pthread_mutex_t data_lock,run_lock;
pthread_cond_t data_cond,start_cond,stop_cond; pthread_cond_t data_cond,start_cond,stop_cond;
THD *io_thd; THD *io_thd;
......
This diff is collapsed.
...@@ -111,9 +111,9 @@ public: ...@@ -111,9 +111,9 @@ public:
acl_host_and_ip host; acl_host_and_ip host;
uint hostname_length; uint hostname_length;
USER_RESOURCES user_resource; USER_RESOURCES user_resource;
char *user,*password; char *user;
ulong salt[6]; // New password has longer length uint8 salt[SCRAMBLE_LENGTH+1]; // scrambled password in binary form
uint8 pversion; // password version uint8 salt_len; // 0 - no password, 4 - 3.20, 8 - 3.23, 20 - 4.1.1
enum SSL_type ssl_type; enum SSL_type ssl_type;
const char *ssl_cipher, *x509_issuer, *x509_subject; const char *ssl_cipher, *x509_issuer, *x509_subject;
}; };
...@@ -135,11 +135,8 @@ void acl_reload(THD *thd); ...@@ -135,11 +135,8 @@ void acl_reload(THD *thd);
void acl_free(bool end=0); void acl_free(bool end=0);
ulong acl_get(const char *host, const char *ip, const char *bin_ip, ulong acl_get(const char *host, const char *ip, const char *bin_ip,
const char *user, const char *db, my_bool db_is_pattern); const char *user, const char *db, my_bool db_is_pattern);
ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, int acl_getroot(THD *thd, USER_RESOURCES *mqh, const char *passwd,
const char *password,const char *scramble, uint passwd_len);
char **priv_user, char *priv_host,
bool old_ver, USER_RESOURCES *max,char* prepared_scramble,
uint *cur_priv_version, ACL_USER **cached_user);
bool acl_check_host(const char *host, const char *ip); bool acl_check_host(const char *host, const char *ip);
bool check_change_password(THD *thd, const char *host, const char *user); bool check_change_password(THD *thd, const char *host, const char *user);
bool change_password(THD *thd, const char *host, const char *user, bool change_password(THD *thd, const char *host, const char *user,
......
...@@ -139,6 +139,7 @@ THD::THD():user_time(0), is_fatal_error(0), ...@@ -139,6 +139,7 @@ THD::THD():user_time(0), is_fatal_error(0),
set_query_id=1; set_query_id=1;
db_access=NO_ACCESS; db_access=NO_ACCESS;
version=refresh_version; // For boot version=refresh_version; // For boot
*scramble= '\0';
init(); init();
/* Initialize sub structures */ /* Initialize sub structures */
......
...@@ -386,6 +386,7 @@ struct system_variables ...@@ -386,6 +386,7 @@ struct system_variables
my_bool log_warnings; my_bool log_warnings;
my_bool low_priority_updates; my_bool low_priority_updates;
my_bool new_mode; my_bool new_mode;
my_bool old_passwords;
CHARSET_INFO *character_set_server; CHARSET_INFO *character_set_server;
CHARSET_INFO *character_set_database; CHARSET_INFO *character_set_database;
...@@ -544,10 +545,10 @@ public: ...@@ -544,10 +545,10 @@ public:
enum_tx_isolation session_tx_isolation; enum_tx_isolation session_tx_isolation;
/* for user variables replication*/ /* for user variables replication*/
DYNAMIC_ARRAY user_var_events; DYNAMIC_ARRAY user_var_events;
// extend scramble to handle new auth
char scramble[SCRAMBLE41_LENGTH+1]; /* scramble - random string sent to client on handshake */
// old scramble is needed to handle old clients char scramble[SCRAMBLE_LENGTH+1];
char old_scramble[SCRAMBLE_LENGTH+1];
uint8 query_cache_type; // type of query cache processing uint8 query_cache_type; // type of query cache processing
bool slave_thread; bool slave_thread;
bool set_query_id,locked,count_cuted_fields,some_tables_deleted; bool set_query_id,locked,count_cuted_fields,some_tables_deleted;
......
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
SQL_CRYPT::SQL_CRYPT(const char *password) SQL_CRYPT::SQL_CRYPT(const char *password)
{ {
ulong rand_nr[2]; ulong rand_nr[2];
hash_password(rand_nr,password); hash_password(rand_nr,password, strlen(password));
crypt_init(rand_nr); crypt_init(rand_nr);
} }
......
This diff is collapsed.
...@@ -7,7 +7,7 @@ typedef struct st_slave_info ...@@ -7,7 +7,7 @@ typedef struct st_slave_info
uint32 rpl_recovery_rank, master_id; uint32 rpl_recovery_rank, master_id;
char host[HOSTNAME_LENGTH+1]; char host[HOSTNAME_LENGTH+1];
char user[USERNAME_LENGTH+1]; char user[USERNAME_LENGTH+1];
char password[HASH_PASSWORD_LENGTH+1]; char password[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
uint16 port; uint16 port;
THD* thd; THD* thd;
} SLAVE_INFO; } SLAVE_INFO;
......
...@@ -499,6 +499,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize); ...@@ -499,6 +499,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
%token MULTIPOINT %token MULTIPOINT
%token MULTIPOLYGON %token MULTIPOLYGON
%token NOW_SYM %token NOW_SYM
%token OLD_PASSWORD
%token PASSWORD %token PASSWORD
%token POINTFROMTEXT %token POINTFROMTEXT
%token POINT_SYM %token POINT_SYM
...@@ -2538,9 +2539,13 @@ simple_expr: ...@@ -2538,9 +2539,13 @@ simple_expr:
| NOW_SYM '(' expr ')' | NOW_SYM '(' expr ')'
{ $$= new Item_func_now($3); Lex->safe_to_cache_query=0;} { $$= new Item_func_now($3); Lex->safe_to_cache_query=0;}
| PASSWORD '(' expr ')' | PASSWORD '(' expr ')'
{ $$= new Item_func_password($3); } {
| PASSWORD '(' expr ',' expr ')' $$= YYTHD->variables.old_passwords ?
{ $$= new Item_func_password($3,$5); } (Item *) new Item_func_old_password($3) :
(Item *) new Item_func_password($3);
}
| OLD_PASSWORD '(' expr ')'
{ $$= new Item_func_old_password($3); }
| POINT_SYM '(' expr ',' expr ')' | POINT_SYM '(' expr ',' expr ')'
{ $$= new Item_func_point($3,$5); } { $$= new Item_func_point($3,$5); }
| POINTFROMTEXT '(' expr ')' | POINTFROMTEXT '(' expr ')'
...@@ -4454,6 +4459,7 @@ keyword: ...@@ -4454,6 +4459,7 @@ keyword:
| NO_SYM {} | NO_SYM {}
| NONE_SYM {} | NONE_SYM {}
| OFFSET_SYM {} | OFFSET_SYM {}
| OLD_PASSWORD {}
| OPEN_SYM {} | OPEN_SYM {}
| PACK_KEYS_SYM {} | PACK_KEYS_SYM {}
| PARTIAL {} | PARTIAL {}
...@@ -4667,15 +4673,15 @@ text_or_password: ...@@ -4667,15 +4673,15 @@ text_or_password:
TEXT_STRING { $$=$1.str;} TEXT_STRING { $$=$1.str;}
| PASSWORD '(' TEXT_STRING ')' | PASSWORD '(' TEXT_STRING ')'
{ {
if (!$3.length) $$= $3.length ? YYTHD->variables.old_passwords ?
$$=$3.str; Item_func_old_password::alloc(YYTHD, $3.str) :
else Item_func_password::alloc(YYTHD, $3.str) :
{ $3.str;
char *buff=(char*) YYTHD->alloc(HASH_PASSWORD_LENGTH+1); }
make_scrambled_password(buff,$3.str,use_old_passwords, | OLD_PASSWORD '(' TEXT_STRING ')'
&YYTHD->rand); {
$$=buff; $$= $3.length ? Item_func_old_password::alloc(YYTHD, $3.str) :
} $3.str;
} }
; ;
...@@ -4983,14 +4989,24 @@ grant_user: ...@@ -4983,14 +4989,24 @@ grant_user:
$$=$1; $1->password=$4; $$=$1; $1->password=$4;
if ($4.length) if ($4.length)
{ {
char *buff=(char*) YYTHD->alloc(HASH_PASSWORD_LENGTH+1); if (YYTHD->variables.old_passwords)
if (buff) {
{ char *buff=
make_scrambled_password(buff,$4.str,use_old_passwords, (char *) YYTHD->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH_323+1);
&YYTHD->rand); if (buff)
$1->password.str=buff; make_scrambled_password_323(buff, $4.str);
$1->password.length=HASH_PASSWORD_LENGTH; $1->password.str= buff;
} $1->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
}
else
{
char *buff=
(char *) YYTHD->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH+1);
if (buff)
make_scrambled_password(buff, $4.str);
$1->password.str= buff;
$1->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
}
} }
} }
| user IDENTIFIED_SYM BY PASSWORD TEXT_STRING | user IDENTIFIED_SYM BY PASSWORD TEXT_STRING
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment