Commit 9be360ee authored by peter@mysql.com's avatar peter@mysql.com

Minor new auth fixes

parent 8762e834
...@@ -689,12 +689,22 @@ my_bool check_scramble(const char *scrambled, const char *message, ...@@ -689,12 +689,22 @@ my_bool check_scramble(const char *scrambled, const char *message,
{ {
struct rand_struct rand_st; struct rand_struct rand_st;
ulong hash_message[2]; ulong hash_message[2];
char buff[16],*to,extra; /* Big enough for check */ char buff[16],*to,extra; /* Big enough for check */
const char *pos; const char *pos;
char message_buffer[9]; /* Copy of message */ char message_buffer[SCRAMBLE_LENGTH+1]; /* Copy of message */
memcpy(message_buffer,message,8); /* Old auth uses 8 bytes at maximum */ /* We need to copy the message as this function can be called for MySQL 4.1
message_buffer[8]=0; scramble which is not zero ended and can have zeroes inside
We could just write zero to proper place in original message but
this would make it harder to understand code for next generations
*/
memcpy(message_buffer,message,SCRAMBLE_LENGTH); /* Ignore the rest */
message_buffer[SCRAMBLE_LENGTH]=0;
/* Check if this exactly N bytes. Overwise this is something fishy */
if (strlen(message_buffer)!=SCRAMBLE_LENGTH)
return 1; /* Wrong password */
hash_password(hash_message,message_buffer); hash_password(hash_message,message_buffer);
if (old_ver) if (old_ver)
......
...@@ -195,8 +195,6 @@ static int check_user(THD *thd,enum_server_command command, const char *user, ...@@ -195,8 +195,6 @@ static int check_user(THD *thd,enum_server_command command, const char *user,
thd->db_length=0; thd->db_length=0;
USER_RESOURCES ur; USER_RESOURCES ur;
if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH)
return 1;
/* We shall avoid dupplicate user allocations here */ /* We shall avoid dupplicate user allocations here */
if (!thd->user && !(thd->user = my_strdup(user, MYF(0)))) if (!thd->user && !(thd->user = my_strdup(user, MYF(0))))
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment