Commit 9f98b79e authored by kostja@oak.local's avatar kostja@oak.local

Merge oak.local:/home/kostja/mysql/mysql-4.1-root

into oak.local:/home/kostja/mysql/mysql-4.1
parents bdeb6fe2 7dab500b
......@@ -622,3 +622,10 @@ vio/test-ssl
vio/test-sslclient
vio/test-sslserver
vio/viotest-ssl
start_mysqld.sh
mysys/main.cc
BitKeeper/post-commit
BitKeeper/post-commit-manual
build_tags.sh
tests/connect_test
BUILD/compile-pentium-maintainer
......@@ -51,6 +51,7 @@ jcole@sarvik.tfr.cafe.ee
jcole@tetra.spaceapes.com
jorge@linux.jorge.mysql.com
kaj@work.mysql.com
kostja@oak.local
lenz@kallisto.mysql.com
lenz@mysql.com
miguel@hegel.(none)
......
......@@ -769,9 +769,12 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
return 1;
}
if (argv[1][0])
make_scrambled_password(crypted_pw,argv[1],
(find_type(argv[0], &command_typelib, 2) ==
ADMIN_OLD_PASSWORD), &rand_st);
{
if (find_type(argv[0], &command_typelib, 2) == ADMIN_OLD_PASSWORD)
make_scrambled_password_323(crypted_pw, argv[1]);
else
make_scrambled_password(crypted_pw, argv[1]);
}
else
crypted_pw[0]=0; /* No password */
sprintf(buff,"set password='%s',sql_log_off=0",crypted_pw);
......
......@@ -227,7 +227,9 @@ typedef struct st_mysql
enum mysql_status status;
my_bool free_me; /* If free in mysql_close */
my_bool reconnect; /* set to 1 if automatic reconnect */
char scramble_buff[21]; /* New protocol requires longer scramble*/
char scramble[SCRAMBLE_LENGTH+1]; /* for new servers */
char scramble_323[SCRAMBLE_LENGTH_323+1]; /* for old servers */
/*
Set if this is the original connection, not a master or a slave we have
......
......@@ -49,8 +49,15 @@ enum enum_server_command
};
#define SCRAMBLE_LENGTH 8
#define SCRAMBLE41_LENGTH 20
/*
Length of random string sent by server on handshake; this is also length of
obfuscated password, recieved from client
*/
#define SCRAMBLE_LENGTH 20
#define SCRAMBLE_LENGTH_323 8
/* length of password stored in the db: new passwords are preceeded with '*' */
#define SCRAMBLED_PASSWORD_CHAR_LENGTH (SCRAMBLE_LENGTH*2+1)
#define SCRAMBLED_PASSWORD_CHAR_LENGTH_323 (SCRAMBLE_LENGTH_323*2)
#define NOT_NULL_FLAG 1 /* Field can't be NULL */
......@@ -301,31 +308,34 @@ extern "C" {
extern unsigned long max_allowed_packet;
extern unsigned long net_buffer_length;
void randominit(struct rand_struct *,unsigned long seed1,
/*
These functions are used for authentication by client and server and
implemented in sql/password.c
*/
void randominit(struct rand_struct *, unsigned long seed1,
unsigned long seed2);
double my_rnd(struct rand_struct *);
void make_scrambled_password(char *to,const char *password,
my_bool force_old_scramble,struct rand_struct *rand_st);
int get_password_length(my_bool force_old_scramble);
char get_password_version(const char* password);
void create_random_string(int length,struct rand_struct *rand_st,char* target);
my_bool validate_password(const char* password, const char* message,
unsigned long* salt);
void password_hash_stage1(char *to, const char *password);
void password_hash_stage2(char *to,const char *salt);
void password_crypt(const char* from,char* to, const char* password,int length);
void get_hash_and_password(unsigned long* salt, unsigned char pversion,char* hash,
unsigned char* bin_password);
void get_salt_from_password(unsigned long *res,const char *password);
void create_key_from_old_password(const char* password,char* key);
void make_password_from_salt(char *to, unsigned long *hash_res,
unsigned char password_version);
char *scramble(char *to,const char *message,const char *password,
my_bool old_ver);
my_bool check_scramble(const char *, const char *message,
unsigned long *salt,my_bool old_ver);
void create_random_string(char *to, uint length, struct rand_struct *rand_st);
void hash_password(ulong *to, const char *password);
void make_scrambled_password_323(char *to, const char *password);
char *scramble_323(char *to, const char *message, const char *password);
my_bool check_scramble_323(const char *, const char *message,
unsigned long *salt);
void get_salt_from_password_323(unsigned long *res, const char *password);
void make_password_from_salt_323(char *to, const unsigned long *salt);
void make_scrambled_password(char *to, const char *password);
void scramble(char *to, const char *message, const char *password);
my_bool check_scramble(const char *reply, const char *message,
const unsigned char *hash_stage2);
void get_salt_from_password(unsigned char *res, const char *password);
void make_password_from_salt(char *to, const unsigned char *hash_stage2);
/* end of password.c */
char *get_tty_password(char *opt_message);
void hash_password(unsigned long *result, const char *password);
const char *mysql_errno_to_sqlstate(unsigned int mysql_errno);
/* Some other useful functions */
......
......@@ -287,4 +287,5 @@
#define ER_CANT_AGGREGATE_3COLLATIONS 1268
#define ER_CANT_AGGREGATE_NCOLLATIONS 1269
#define ER_VARIABLE_IS_NOT_STRUCT 1270
#define ER_ERROR_MESSAGES 271
#define ER_SERVER_IS_IN_SECURE_AUTH_MODE 1271
#define ER_ERROR_MESSAGES 272
......@@ -616,40 +616,52 @@ my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user,
/* Store user into the buffer */
end=strmov(end,user)+1;
/*
We always start with old type handshake the only difference is message sent
If server handles secure connection type we'll not send the real scramble
*/
if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{
/* write scrambled password according to server capabilities */
if (passwd[0])
{
/* Prepare false scramble */
bfill(end, SCRAMBLE_LENGTH, 'x');
end+=SCRAMBLE_LENGTH;
*end=0;
}
else /* For empty password */
*end=0; /* zero length scramble */
if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{
*end++= SCRAMBLE_LENGTH;
scramble(end, mysql->scramble, passwd);
end+= SCRAMBLE_LENGTH;
}
else
{
/*
Real scramble is only sent to old servers. This can be blocked
by calling mysql_options(MYSQL *, MYSQL_SECURE_CONNECT, (char*) &1);
*/
end=scramble(end, mysql->scramble_buff, passwd,
(my_bool) (mysql->protocol_version == 9));
end= scramble_323(end, mysql->scramble_323, passwd);
}
else
*end++= '\0'; // empty password
/* Add database if needed */
end=strmov(end+1,db ? db : "");
end= strmov(end, db ? db : "") + 1;
/* Write authentication package */
simple_command(mysql,COM_CHANGE_USER, buff,(ulong) (end-buff),1);
if (mysql_autenticate(mysql, passwd))
NET *net= &mysql->net;
ulong pkt_length= net_safe_read(mysql);
if (pkt_length == packet_error)
goto error;
if (net->read_pos[0] == mysql->scramble_323[0] &&
pkt_length == SCRAMBLE_LENGTH_323 + 1 &&
mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{
/*
By sending this very specific reply server asks us to send scrambled
password in old format. The reply contains scramble_323.
*/
scramble_323(buff, mysql->scramble_323, passwd);
if (my_net_write(net, buff, SCRAMBLE_LENGTH_323 + 1) || net_flush(net))
{
net->last_errno= CR_SERVER_LOST;
strmov(net->sqlstate, unknown_sqlstate);
strmov(net->last_error,ER(net->last_errno));
goto error;
}
/* Read what server thinks about out new auth message report */
if (net_safe_read(mysql) == packet_error)
goto error;
}
/* Free old connect information */
my_free(mysql->user,MYF(MY_ALLOW_ZERO_PTR));
......
......@@ -30,6 +30,7 @@ show tables;
Tables_in_test
update mysql.user set password=old_password("gambling2") where user="test";
flush privileges;
set password=old_password('gambling3');
show tables;
Tables_in_mysql
columns_priv
......
select length(encrypt('foo', 'ff')) <> 0;
length(encrypt('foo', 'ff')) <> 0
1
select password("a",""), password("a",NULL), password("","a"), password(NULL,"a");
password("a","") password("a",NULL) password("","a") password(NULL,"a")
*2517f7235d68d4ba2e5019c93420523101157a792c01 NULL NULL
select password("aaaaaaaaaaaaaaaa","a"), password("a","aaaaaaaaaaaaaaaa");
password("aaaaaaaaaaaaaaaa","a") password("a","aaaaaaaaaaaaaaaa")
*2cd3b9a44e9a9994789a30f935c92f45a96c5472f381 *37c7c5c794ff144819f2531bf03c57772cd84e40db09
select old_password('test'), length(password("1")), length(encrypt('test')), encrypt('test','aa');
old_password('test') length(password("1")) length(encrypt('test')) encrypt('test','aa')
378b243e220ca493 45 13 aaqPiZY5xR5l.
select old_password(""), old_password(NULL), password(""), password(NULL);
old_password("") old_password(NULL) password("") password(NULL)
NULL NULL
select password('abc');
password('abc')
*0d3ced9bec10a777aec23ccc353a8c08a633045e
select password('');
password('')
select old_password('abc');
old_password('abc')
7cd2b5942be28759
select old_password('');
old_password('')
select password('gabbagabbahey');
password('gabbagabbahey')
*b0f99d2963660dd7e16b751ec9ee2f17b6a68fa6
select old_password('idkfa');
old_password('idkfa')
5c078dc54ca0fcca
select length(password('1'));
length(password('1'))
41
select length(encrypt('test'));
length(encrypt('test'))
13
select encrypt('test','aa');
encrypt('test','aa')
aaqPiZY5xR5l.
select old_password(NULL);
old_password(NULL)
NULL
select password(NULL);
password(NULL)
NULL
set global old_passwords=on;
select password('');
password('')
select old_password('');
old_password('')
select password('idkfa');
password('idkfa')
*b669c9dac3aa6f2254b03cdef8dfdd6b2d1054ba
select old_password('idkfa');
old_password('idkfa')
5c078dc54ca0fcca
set old_passwords=on;
select password('idkfa');
password('idkfa')
5c078dc54ca0fcca
select old_password('idkfa');
old_password('idkfa')
5c078dc54ca0fcca
set global old_passwords=off;
select password('idkfa');
password('idkfa')
5c078dc54ca0fcca
select old_password('idkfa');
old_password('idkfa')
5c078dc54ca0fcca
set old_passwords=off;
select password('idkfa ');
password('idkfa ')
*2dc31d90647b4c1abc9231563d2236e96c9a2db2
select password('idkfa');
password('idkfa')
*b669c9dac3aa6f2254b03cdef8dfdd6b2d1054ba
select password(' idkfa');
password(' idkfa')
*12b099e56bb7fe8d43c78fd834a9d1d11178d045
select old_password('idkfa');
old_password('idkfa')
5c078dc54ca0fcca
select old_password(' i d k f a ');
old_password(' i d k f a ')
5c078dc54ca0fcca
......@@ -48,8 +48,9 @@ flush privileges;
#connect (con1,localhost,test,gambling2,"");
#show tables;
connect (con1,localhost,test,gambling2,mysql);
set password=old_password('gambling3');
show tables;
connect (con1,localhost,test,gambling2,test);
connect (con1,localhost,test,gambling3,test);
show tables;
# Re enable this one day if error handling on connect will take place
......@@ -63,7 +64,9 @@ show tables;
#connect (con1,localhost,test,zorro,);
#--error 1045
# remove user 'test' so that other tests which may use 'test'
# do not depend on this test.
delete from mysql.user where user="test";
flush privileges;
......@@ -4,7 +4,33 @@ select length(encrypt('foo', 'ff')) <> 0;
--replace_result $1$aa$4OSUA5cjdx0RUQ08opV27/ aaqPiZY5xR5l.
# Test new and old password handling functions
select password("a",""), password("a",NULL), password("","a"), password(NULL,"a");
select password("aaaaaaaaaaaaaaaa","a"), password("a","aaaaaaaaaaaaaaaa");
select old_password('test'), length(password("1")), length(encrypt('test')), encrypt('test','aa');
select old_password(""), old_password(NULL), password(""), password(NULL);
select password('abc');
select password('');
select old_password('abc');
select old_password('');
select password('gabbagabbahey');
select old_password('idkfa');
select length(password('1'));
select length(encrypt('test'));
select encrypt('test','aa');
select old_password(NULL);
select password(NULL);
set global old_passwords=on;
select password('');
select old_password('');
select password('idkfa');
select old_password('idkfa');
set old_passwords=on;
select password('idkfa');
select old_password('idkfa');
set global old_passwords=off;
select password('idkfa');
select old_password('idkfa');
# this test shows that new scrambles honor spaces in passwords:
set old_passwords=off;
select password('idkfa ');
select password('idkfa');
select password(' idkfa');
select old_password('idkfa');
select old_password(' i d k f a ');
......@@ -108,7 +108,7 @@ then
c_u="$c_u CREATE TABLE user ("
c_u="$c_u Host char(60) binary DEFAULT '' NOT NULL,"
c_u="$c_u User char(16) binary DEFAULT '' NOT NULL,"
c_u="$c_u Password char(45) binary DEFAULT '' NOT NULL,"
c_u="$c_u Password char(41) binary DEFAULT '' NOT NULL,"
c_u="$c_u Select_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Insert_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
c_u="$c_u Update_priv enum('N','Y') DEFAULT 'N' NOT NULL,"
......
......@@ -4,7 +4,7 @@ ALTER TABLE host type=MyISAM;
ALTER TABLE func type=MyISAM;
ALTER TABLE columns_priv type=MyISAM;
ALTER TABLE tables_priv type=MyISAM;
ALTER TABLE user change Password Password char(45) not null;
ALTER TABLE user change Password Password char(41) not null;
ALTER TABLE user add File_priv enum('N','Y') NOT NULL;
CREATE TABLE IF NOT EXISTS func (
name char(64) DEFAULT '' NOT NULL,
......
......@@ -1334,76 +1334,6 @@ mysql_ssl_free(MYSQL *mysql __attribute__((unused)))
#endif /* HAVE_OPENSSL */
/*
Handle password authentication
*/
my_bool mysql_autenticate(MYSQL *mysql, const char *passwd)
{
ulong pkt_length;
NET *net= &mysql->net;
char buff[SCRAMBLE41_LENGTH];
char password_hash[SCRAMBLE41_LENGTH]; /* Used for storage of stage1 hash */
/* We shall only query server if it expect us to do so */
if ((pkt_length=net_safe_read(mysql)) == packet_error)
goto error;
if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{
/*
This should always happen with new server unless empty password
OK/Error packets have zero as the first char
*/
if (pkt_length == 24 && net->read_pos[0])
{
/* Old passwords will have '*' at the first byte of hash */
if (net->read_pos[0] != '*')
{
/* Build full password hash as it is required to decode scramble */
password_hash_stage1(buff, passwd);
/* Store copy as we'll need it later */
memcpy(password_hash,buff,SCRAMBLE41_LENGTH);
/* Finally hash complete password using hash we got from server */
password_hash_stage2(password_hash,(const char*) net->read_pos);
/* Decypt and store scramble 4 = hash for stage2 */
password_crypt((const char*) net->read_pos+4,mysql->scramble_buff,
password_hash, SCRAMBLE41_LENGTH);
mysql->scramble_buff[SCRAMBLE41_LENGTH]=0;
/* Encode scramble with password. Recycle buffer */
password_crypt(mysql->scramble_buff,buff,buff,SCRAMBLE41_LENGTH);
}
else
{
/* Create password to decode scramble */
create_key_from_old_password(passwd,password_hash);
/* Decypt and store scramble 4 = hash for stage2 */
password_crypt((const char*) net->read_pos+4,mysql->scramble_buff,
password_hash, SCRAMBLE41_LENGTH);
mysql->scramble_buff[SCRAMBLE41_LENGTH]=0;
/* Finally scramble decoded scramble with password */
scramble(buff, mysql->scramble_buff, passwd,0);
}
/* Write second package of authentication */
if (my_net_write(net,buff,SCRAMBLE41_LENGTH) || net_flush(net))
{
net->last_errno= CR_SERVER_LOST;
strmov(net->sqlstate, unknown_sqlstate);
strmov(net->last_error,ER(net->last_errno));
goto error;
}
/* Read what server thinks about out new auth message report */
if (net_safe_read(mysql) == packet_error)
goto error;
}
}
return 0;
error:
return 1;
}
/*
Note that the mysql argument must be initialized with mysql_init()
before calling mysql_real_connect !
......@@ -1481,7 +1411,7 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
mysql->server_status=SERVER_STATUS_AUTOCOMMIT;
/*
Grab a socket and connect it to the server
Part 0: Grab a socket and connect it to the server
*/
#if defined(HAVE_SMEM)
if ((!mysql->options.protocol ||
......@@ -1682,6 +1612,11 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
strmov(net->last_error,ER(net->last_errno));
goto error;
}
/*
Part 1: Connection established, read and parse first packet
*/
if ((pkt_length=net_safe_read(mysql)) == packet_error)
goto error;
......@@ -1702,8 +1637,14 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
end=strend((char*) net->read_pos+1);
mysql->thread_id=uint4korr(end+1);
end+=5;
strmake(mysql->scramble_buff,end,8);
end+=9;
/*
Scramble is split into two parts because old clients does not understand
long scrambles; here goes the first part.
*/
strmake(mysql->scramble_323, end, SCRAMBLE_LENGTH_323);
end+= SCRAMBLE_LENGTH_323+1;
memcpy(mysql->scramble, mysql->scramble_323, SCRAMBLE_LENGTH_323);
if (pkt_length >= (uint) (end+1 - (char*) net->read_pos))
mysql->server_capabilities=uint2korr(end);
if (pkt_length >= (uint) (end+18 - (char*) net->read_pos))
......@@ -1712,6 +1653,13 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
mysql->server_language=end[2];
mysql->server_status=uint2korr(end+3);
}
end+= 18;
if (pkt_length >= (uint) (end + SCRAMBLE_LENGTH - SCRAMBLE_LENGTH_323 + 1 -
(char *) net->read_pos))
strmake(mysql->scramble+SCRAMBLE_LENGTH_323, end,
SCRAMBLE_LENGTH-SCRAMBLE_LENGTH_323);
else
mysql->server_capabilities&= ~CLIENT_SECURE_CONNECTION;
/* Set character set */
if ((charset_name=mysql->options.charset_name))
......@@ -1783,9 +1731,12 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
mysql->unix_socket=0;
strmov(mysql->server_version,(char*) net->read_pos+1);
mysql->port=port;
client_flag|=mysql->options.client_flag;
/* Send client information for access check */
/*
Part 2: format and send client info to the server for access check
*/
client_flag|=mysql->options.client_flag;
client_flag|=CLIENT_CAPABILITIES;
if (client_flag & CLIENT_MULTI_QUERIES)
client_flag|= CLIENT_MULTI_RESULTS;
......@@ -1872,7 +1823,7 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
mysql->server_status, client_flag));
/* This needs to be changed as it's not useful with big packets */
if (user && user[0])
strmake(end,user,32); /* Max user name */
strmake(end,user,USERNAME_LENGTH); /* Max user name */
else
read_user_name((char*) end);
......@@ -1881,41 +1832,27 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
#include "_cust_libmysql.h"
#endif
DBUG_PRINT("info",("user: %s",end));
/*
We always start with old type handshake the only difference is message sent
If server handles secure connection type we'll not send the real scramble
*/
if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{
end= strend(end) + 1;
if (passwd[0])
{
/* Prepare false scramble */
end=strend(end)+1;
bfill(end, SCRAMBLE_LENGTH, 'x');
end+=SCRAMBLE_LENGTH;
*end=0;
}
else /* For empty password*/
if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{
end=strend(end)+1;
*end=0; /* Store zero length scramble */
}
*end++= SCRAMBLE_LENGTH;
scramble(end, mysql->scramble, passwd);
end+= SCRAMBLE_LENGTH;
}
else
{
/*
Real scramble is only sent to old servers. This can be blocked
by calling mysql_options(MYSQL *, MYSQL_SECURE_CONNECT, (char*) &1);
*/
end=scramble(strend(end)+1, mysql->scramble_buff, passwd,
(my_bool) (mysql->protocol_version == 9));
end= scramble_323(end, mysql->scramble_323, passwd) + 1;
}
else
*end++= '\0'; /* empty password */
/* Add database if needed */
if (db && (mysql->server_capabilities & CLIENT_CONNECT_WITH_DB))
{
end=strmake(end+1,db,NAME_LEN);
mysql->db=my_strdup(db,MYF(MY_WME));
db=0;
end= strmake(end, db, NAME_LEN) + 1;
mysql->db= my_strdup(db,MYF(MY_WME));
db= 0;
}
/* Write authentication package */
if (my_net_write(net,buff,(ulong) (end-buff)) || net_flush(net))
......@@ -1926,8 +1863,35 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
goto error;
}
if (mysql_autenticate(mysql, passwd))
/*
Part 3: Authorization data's been sent. Now server can reply with
OK-packet, or re-request scrambled password.
*/
if ((pkt_length=net_safe_read(mysql)) == packet_error)
goto error;
if (net->read_pos[0] == mysql->scramble_323[0] &&
pkt_length == SCRAMBLE_LENGTH_323 + 1 &&
mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
{
/*
By sending this very specific reply server asks us to send scrambled
password in old format. The reply contains scramble_323.
*/
scramble_323(buff, mysql->scramble_323, passwd);
if (my_net_write(net, buff, SCRAMBLE_LENGTH_323 + 1) || net_flush(net))
{
net->last_errno= CR_SERVER_LOST;
strmov(net->sqlstate, unknown_sqlstate);
strmov(net->last_error,ER(net->last_errno));
goto error;
}
/* Read what server thinks about out new auth message report */
if (net_safe_read(mysql) == packet_error)
goto error;
}
if (client_flag & CLIENT_COMPRESS) /* We will use compression */
net->compress=1;
......
......@@ -52,13 +52,6 @@ Item *create_func_ord(Item* a)
return new Item_func_ord(a);
}
Item *create_func_old_password(Item* a)
{
return new Item_func_old_password(a);
}
Item *create_func_asin(Item* a)
{
return new Item_func_asin(a);
......@@ -332,11 +325,6 @@ Item *create_func_quarter(Item* a)
return new Item_func_quarter(a);
}
Item *create_func_password(Item* a)
{
return new Item_func_password(a);
}
Item *create_func_radians(Item *a)
{
return new Item_func_units((char*) "radians",a,M_PI/180,0.0);
......
......@@ -69,14 +69,12 @@ Item *create_func_monthname(Item* a);
Item *create_func_nullif(Item* a, Item *b);
Item *create_func_oct(Item *);
Item *create_func_ord(Item* a);
Item *create_func_old_password(Item* a);
Item *create_func_period_add(Item* a, Item *b);
Item *create_func_period_diff(Item* a, Item *b);
Item *create_func_pi(void);
Item *create_func_pow(Item* a, Item *b);
Item *create_func_current_user(void);
Item *create_func_quarter(Item* a);
Item *create_func_password(Item* a);
Item *create_func_radians(Item *a);
Item *create_func_release_lock(Item* a);
Item *create_func_repeat(Item* a, Item *b);
......
......@@ -1326,95 +1326,49 @@ void Item_func_trim::fix_length_and_dec()
}
void Item_func_password::fix_length_and_dec()
{
/*
If PASSWORD() was called with only one argument, it depends on a random
number so we need to save this random number into the binary log.
If called with two arguments, it is repeatable.
*/
if (arg_count == 1)
{
THD *thd= current_thd;
thd->rand_used= 1;
thd->rand_saved_seed1= thd->rand.seed1;
thd->rand_saved_seed2= thd->rand.seed2;
}
max_length= get_password_length(use_old_passwords);
}
/*
Password() function has 2 arguments. Second argument can be used
to make results repeatable
*/
/* Item_func_password */
String *Item_func_password::val_str(String *str)
{
struct rand_struct rand_st; // local structure for 2 param version
ulong seed=0; // seed to initialise random generator to
String *res =args[0]->val_str(str);
String *res= args[0]->val_str(str);
if ((null_value=args[0]->null_value))
return 0;
if (arg_count == 1)
{
if (res->length() == 0)
return &empty_string;
make_scrambled_password(tmp_value,res->c_ptr(),use_old_passwords,
&current_thd->rand);
str->set(tmp_value,get_password_length(use_old_passwords),res->charset());
make_scrambled_password(tmp_value, res->c_ptr());
str->set(tmp_value, SCRAMBLED_PASSWORD_CHAR_LENGTH, res->charset());
return str;
}
else
{
/* We'll need the buffer to get second parameter */
char key_buff[80];
String tmp_key_value(key_buff, sizeof(key_buff), system_charset_info);
String *key =args[1]->val_str(&tmp_key_value);
/* Check second argument for NULL value. First one is already checked */
if ((null_value=args[1]->null_value))
return 0;
/* This shall be done after checking for null for proper results */
if (res->length() == 0)
return &empty_string;
/* Generate the seed first this allows to avoid double allocation */
char* seed_ptr=key->c_ptr();
while (*seed_ptr)
{
seed=(seed*211+*seed_ptr) & 0xffffffffL; /* Use simple hashing */
seed_ptr++;
}
/* Use constants which allow nice random values even with small seed */
randominit(&rand_st,
(ulong) ((ulonglong) seed*111111+33333333L) & (ulong) 0xffffffff,
(ulong) ((ulonglong) seed*1111+55555555L) & (ulong) 0xffffffff);
}
make_scrambled_password(tmp_value,res->c_ptr(),use_old_passwords,
&rand_st);
str->set(tmp_value,get_password_length(use_old_passwords),res->charset());
return str;
}
char *Item_func_password::alloc(THD *thd, const char *password)
{
char *buff= (char *) thd->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH+1);
if (buff)
make_scrambled_password(buff, password);
return buff;
}
/* Item_func_old_password */
String *Item_func_old_password::val_str(String *str)
{
String *res =args[0]->val_str(str);
String *res= args[0]->val_str(str);
if ((null_value=args[0]->null_value))
return 0;
if (res->length() == 0)
return &empty_string;
make_scrambled_password(tmp_value,res->c_ptr(),1,&current_thd->rand);
str->set(tmp_value,16,res->charset());
make_scrambled_password_323(tmp_value, res->c_ptr());
str->set(tmp_value, SCRAMBLED_PASSWORD_CHAR_LENGTH_323, res->charset());
return str;
}
char *Item_func_old_password::alloc(THD *thd, const char *password)
{
char *buff= (char *) thd->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH_323+1);
if (buff)
make_scrambled_password_323(buff, password);
return buff;
}
#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
......
......@@ -254,30 +254,45 @@ public:
};
/*
Item_func_password -- new (4.1.1) PASSWORD() function implementation.
Returns strcat('*', octet2hex(sha1(sha1(password)))). '*' stands for new
password format, sha1(sha1(password) is so-called hash_stage2 value.
Length of returned string is always 41 byte. To find out how entire
authentification procedure works, see comments in password.c.
*/
class Item_func_password :public Item_str_func
{
char tmp_value[64]; /* This should be enough for new password format */
char tmp_value[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
public:
Item_func_password(Item *a) :Item_str_func(a) {}
Item_func_password(Item *a, Item *b) :Item_str_func(a,b) {}
String *val_str(String *);
void fix_length_and_dec();
String *val_str(String *str);
void fix_length_and_dec() { max_length= SCRAMBLED_PASSWORD_CHAR_LENGTH; }
const char *func_name() const { return "password"; }
static char *alloc(THD *thd, const char *password);
};
/*
Item_func_old_password -- PASSWORD() implementation used in MySQL 3.21 - 4.0
compatibility mode. This item is created in sql_yacc.yy when
'old_passwords' session variable is set, and to handle OLD_PASSWORD()
function.
*/
class Item_func_old_password :public Item_str_func
{
char tmp_value[17]; /* old password length +1 */
char tmp_value[SCRAMBLED_PASSWORD_CHAR_LENGTH_323+1];
public:
Item_func_old_password(Item *a) :Item_str_func(a) {}
String *val_str(String *);
void fix_length_and_dec() { max_length = get_password_length(1); }
String *val_str(String *str);
void fix_length_and_dec() { max_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323; }
const char *func_name() const { return "old_password"; }
static char *alloc(THD *thd, const char *password);
};
class Item_func_des_encrypt :public Item_str_func
{
String tmp_value;
......
......@@ -288,6 +288,7 @@ static SYMBOL symbols[] = {
{ "NULL", SYM(NULL_SYM),0,0},
{ "NUMERIC", SYM(NUMERIC_SYM),0,0},
{ "OFFSET", SYM(OFFSET_SYM),0,0},
{ "OLD_PASSWORD", SYM(OLD_PASSWORD),0,0},
{ "ON", SYM(ON),0,0},
{ "OPEN", SYM(OPEN_SYM),0,0},
{ "OPTIMIZE", SYM(OPTIMIZE),0,0},
......@@ -586,7 +587,6 @@ static SYMBOL sql_functions[] = {
{ "NUMPOINTS", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_numpoints)},
{ "OCTET_LENGTH", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_length)},
{ "OCT", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_oct)},
{ "OLD_PASSWORD", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_old_password)},
{ "ORD", SYM(FUNC_ARG1),0,CREATE_FUNC(create_func_ord)},
{ "OVERLAPS", SYM(FUNC_ARG2),0,CREATE_FUNC(create_func_overlaps)},
{ "PERIOD_ADD", SYM(FUNC_ARG2),0,CREATE_FUNC(create_func_period_add)},
......
......@@ -74,9 +74,6 @@ extern CHARSET_INFO *national_charset_info, *table_alias_charset;
****************************************************************************/
#define ACL_CACHE_SIZE 256
/* Password lengh for 4.1 version previous versions had 16 bytes password hash */
#define HASH_PASSWORD_LENGTH 45
#define HASH_OLD_PASSWORD_LENGTH 16
#define HOST_CACHE_SIZE 128
#define MAX_ACCEPT_RETRY 10 // Test accept this many times
#define MAX_FIELDS_BEFORE_HASH 32
......@@ -756,7 +753,7 @@ extern my_bool opt_safe_show_db, opt_local_infile, lower_case_table_names;
extern my_bool opt_slave_compressed_protocol, use_temp_pool;
extern my_bool opt_readonly;
extern my_bool opt_enable_named_pipe;
extern my_bool opt_old_passwords, use_old_passwords;
extern my_bool opt_secure_auth;
extern char *shared_memory_base_name, *mysqld_unix_port;
extern bool opt_enable_shared_memory;
......
......@@ -250,9 +250,10 @@ my_bool opt_local_infile, opt_external_locking, opt_slave_compressed_protocol;
my_bool opt_safe_user_create = 0, opt_no_mix_types = 0;
my_bool lower_case_table_names, opt_old_rpl_compat;
my_bool opt_show_slave_auth_info, opt_sql_bin_update = 0;
my_bool opt_log_slave_updates= 0, opt_old_passwords=0, use_old_passwords=0;
my_bool opt_log_slave_updates= 0;
my_bool opt_console= 0, opt_bdb, opt_innodb, opt_isam;
my_bool opt_readonly, use_temp_pool, relay_log_purge;
my_bool opt_secure_auth= 0;
volatile bool mqh_used = 0;
uint mysqld_port, test_flags, select_errors, dropping_tables, ha_open_options;
......@@ -2757,12 +2758,6 @@ static void create_new_thread(THD *thd)
if (thread_count-delayed_insert_threads > max_used_connections)
max_used_connections=thread_count-delayed_insert_threads;
thd->thread_id=thread_id++;
for (uint i=0; i < 8 ; i++) // Generate password teststring
thd->scramble[i]= (char) (my_rnd(&sql_rand)*94+33);
thd->scramble[8]=0;
// Back it up as old clients may need it
memcpy(thd->old_scramble,thd->scramble,9);
thd->real_id=pthread_self(); // Keep purify happy
......@@ -3472,7 +3467,8 @@ enum options
OPT_EXPIRE_LOGS_DAYS,
OPT_DEFAULT_WEEK_FORMAT,
OPT_GROUP_CONCAT_MAX_LEN,
OPT_DEFAULT_COLLATION
OPT_DEFAULT_COLLATION,
OPT_SECURE_AUTH
};
......@@ -3773,9 +3769,10 @@ Does nothing yet.",
(gptr*) &opt_no_mix_types, (gptr*) &opt_no_mix_types, 0, GET_BOOL, NO_ARG,
0, 0, 0, 0, 0, 0},
#endif
{"old-protocol", 'o', "Use the old (3.20) protocol client/server protocol.",
(gptr*) &protocol_version, (gptr*) &protocol_version, 0, GET_UINT, NO_ARG,
PROTOCOL_VERSION, 0, 0, 0, 0, 0},
{"old-passwords", OPT_OLD_PASSWORDS, "Use old password encryption method (needed for 4.0 and older clients).",
(gptr*) &global_system_variables.old_passwords,
(gptr*) &max_system_variables.old_passwords, 0, GET_BOOL, NO_ARG,
0, 0, 0, 0, 0, 0},
{"old-rpl-compat", OPT_OLD_RPL_COMPAT,
"Use old LOAD DATA format in the binary log (don't save data in file).",
(gptr*) &opt_old_rpl_compat, (gptr*) &opt_old_rpl_compat, 0, GET_BOOL,
......@@ -3844,8 +3841,6 @@ relay logs.",
GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"safe-mode", OPT_SAFE, "Skip some optimize stages (for testing).",
0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0},
{"old-passwords", OPT_OLD_PASSWORDS, "Use old password encryption method (needed for 4.0 and older clients).",
(gptr*) &opt_old_passwords, (gptr*) &opt_old_passwords, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
#ifndef TO_BE_DELETED
{"safe-show-database", OPT_SAFE_SHOW_DB,
"Deprecated option; One should use GRANT SHOW DATABASES instead...",
......@@ -3855,6 +3850,9 @@ relay logs.",
"Don't allow new user creation by the user who has no write privileges to the mysql.user table.",
(gptr*) &opt_safe_user_create, (gptr*) &opt_safe_user_create, 0, GET_BOOL,
NO_ARG, 0, 0, 0, 0, 0, 0},
{"secure-auth", OPT_SECURE_AUTH, "Disallow authentication for accounts that have old (pre-4.1) passwords.",
(gptr*) &opt_secure_auth, (gptr*) &opt_secure_auth, 0, GET_BOOL, NO_ARG,
my_bool(0), 0, 0, 0, 0, 0},
{"server-id", OPT_SERVER_ID,
"Uniquely identifies the server instance in the community of replication partners.",
(gptr*) &server_id, (gptr*) &server_id, 0, GET_ULONG, REQUIRED_ARG, 0, 0, 0,
......@@ -4624,7 +4622,8 @@ static void mysql_init_variables(void)
opt_log= opt_update_log= opt_bin_log= opt_slow_log= 0;
opt_disable_networking= opt_skip_show_db=0;
opt_logname= opt_update_logname= opt_binlog_index_name= opt_slow_logname=0;
opt_bootstrap= opt_myisam_log= use_old_passwords= 0;
opt_secure_auth= 0;
opt_bootstrap= opt_myisam_log= 0;
mqh_used= 0;
segfaulted= kill_in_progress= 0;
cleanup_done= 0;
......@@ -4727,6 +4726,7 @@ static void mysql_init_variables(void)
max_system_variables.select_limit= (ulonglong) HA_POS_ERROR;
global_system_variables.max_join_size= (ulonglong) HA_POS_ERROR;
max_system_variables.max_join_size= (ulonglong) HA_POS_ERROR;
global_system_variables.old_passwords= 0;
/* Variables that depends on compile options */
#ifndef DBUG_OFF
......@@ -4848,9 +4848,6 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
case 'L':
strmake(language, argument, sizeof(language)-1);
break;
case 'o':
protocol_version=PROTOCOL_VERSION-1;
break;
#ifdef HAVE_REPLICATION
case OPT_SLAVE_SKIP_ERRORS:
init_slave_skip_errors(argument);
......
This diff is collapsed.
......@@ -208,6 +208,7 @@ sys_var_thd_ulong sys_net_retry_count("net_retry_count",
&SV::net_retry_count,
fix_net_retry_count);
sys_var_thd_bool sys_new_mode("new", &SV::new_mode);
sys_var_thd_bool sys_old_passwords("old_passwords", &SV::old_passwords);
sys_var_thd_ulong sys_preload_buff_size("preload_buffer_size",
&SV::preload_buff_size);
sys_var_thd_ulong sys_read_buff_size("read_buffer_size",
......@@ -234,6 +235,7 @@ sys_var_thd_enum sys_query_cache_type("query_cache_type",
&SV::query_cache_type,
&query_cache_type_typelib);
#endif /* HAVE_QUERY_CACHE */
sys_var_bool_ptr sys_secure_auth("secure_auth", &opt_secure_auth);
sys_var_long_ptr sys_server_id("server_id",&server_id);
sys_var_bool_ptr sys_slave_compressed_protocol("slave_compressed_protocol",
&opt_slave_compressed_protocol);
......@@ -423,6 +425,7 @@ sys_var *sys_variables[]=
&sys_net_wait_timeout,
&sys_net_write_timeout,
&sys_new_mode,
&sys_old_passwords,
&sys_preload_buff_size,
&sys_pseudo_thread_id,
&sys_query_cache_size,
......@@ -441,6 +444,7 @@ sys_var *sys_variables[]=
#endif
&sys_rpl_recovery_rank,
&sys_safe_updates,
&sys_secure_auth,
&sys_select_limit,
&sys_server_id,
#ifdef HAVE_REPLICATION
......@@ -598,6 +602,7 @@ struct show_var_st init_vars[]= {
{sys_net_retry_count.name, (char*) &sys_net_retry_count, SHOW_SYS},
{sys_net_write_timeout.name,(char*) &sys_net_write_timeout, SHOW_SYS},
{sys_new_mode.name, (char*) &sys_new_mode, SHOW_SYS},
{sys_old_passwords.name, (char*) &sys_old_passwords, SHOW_SYS},
{"open_files_limit", (char*) &open_files_limit, SHOW_LONG},
{"pid_file", (char*) pidfile_name, SHOW_CHAR},
{"log_error", (char*) log_error_file, SHOW_CHAR},
......@@ -618,6 +623,7 @@ struct show_var_st init_vars[]= {
SHOW_SYS},
{sys_query_cache_size.name, (char*) &sys_query_cache_size, SHOW_SYS},
{sys_query_cache_type.name, (char*) &sys_query_cache_type, SHOW_SYS},
{"secure_auth", (char*) &sys_secure_auth, SHOW_SYS},
#endif /* HAVE_QUERY_CACHE */
#ifdef HAVE_SMEM
{"shared_memory", (char*) &opt_enable_shared_memory, SHOW_MY_BOOL},
......
......@@ -692,6 +692,9 @@ public:
}
};
/* updated in sql_acl.cc */
extern sys_var_thd_bool sys_old_passwords;
/*
Prototypes for helper functions
......@@ -705,6 +708,7 @@ void fix_delay_key_write(THD *thd, enum_var_type type);
ulong fix_sql_mode(ulong sql_mode);
extern sys_var_str sys_charset_system;
CHARSET_INFO *get_old_charset_by_name(const char *old_name);
gptr find_named(I_List<NAMED_LIST> *list, const char *name, uint length);
void delete_elements(I_List<NAMED_LIST> *list, void (*free_element)(gptr));
......
......@@ -276,3 +276,4 @@ v/*
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -270,3 +270,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -278,3 +278,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -272,3 +272,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -272,3 +272,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -267,3 +267,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -276,3 +276,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -267,3 +267,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -269,3 +269,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -267,3 +267,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -269,3 +269,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -267,3 +267,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -269,3 +269,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -269,3 +269,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -271,3 +271,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -267,3 +267,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -271,3 +271,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -269,3 +269,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
" --secure-auth ( ), '%s@%s' Σ ; "
......@@ -263,3 +263,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -275,3 +275,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -268,3 +268,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -267,3 +267,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -272,3 +272,4 @@
"Illegal mix of collations (%s,%s), (%s,%s), (%s,%s) for operation '%s'",
"Illegal mix of collations for operation '%s'",
"Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
"Server is running in --secure-auth mode, but '%s@%s' has a password in the old format; please change the password to the new format"
......@@ -1459,7 +1459,7 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
if (master_user)
strmake(mi->user, master_user, sizeof(mi->user) - 1);
if (master_password)
strmake(mi->password, master_password, HASH_PASSWORD_LENGTH);
strmake(mi->password, master_password, SCRAMBLED_PASSWORD_CHAR_LENGTH);
mi->port = master_port;
mi->connect_retry = master_connect_retry;
}
......@@ -1483,8 +1483,8 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
master_host) ||
init_strvar_from_file(mi->user, sizeof(mi->user), &mi->file,
master_user) ||
init_strvar_from_file(mi->password, HASH_PASSWORD_LENGTH+1, &mi->file,
master_password) ||
init_strvar_from_file(mi->password, SCRAMBLED_PASSWORD_CHAR_LENGTH+1,
&mi->file, master_password) ||
init_intvar_from_file(&port, &mi->file, master_port) ||
init_intvar_from_file(&connect_retry, &mi->file,
master_connect_retry))
......
......@@ -292,7 +292,7 @@ typedef struct st_master_info
/* the variables below are needed because we can change masters on the fly */
char host[HOSTNAME_LENGTH+1];
char user[USERNAME_LENGTH+1];
char password[HASH_PASSWORD_LENGTH+1];
char password[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
pthread_mutex_t data_lock,run_lock;
pthread_cond_t data_cond,start_cond,stop_cond;
THD *io_thd;
......
This diff is collapsed.
......@@ -111,9 +111,9 @@ public:
acl_host_and_ip host;
uint hostname_length;
USER_RESOURCES user_resource;
char *user,*password;
ulong salt[6]; // New password has longer length
uint8 pversion; // password version
char *user;
uint8 salt[SCRAMBLE_LENGTH+1]; // scrambled password in binary form
uint8 salt_len; // 0 - no password, 4 - 3.20, 8 - 3.23, 20 - 4.1.1
enum SSL_type ssl_type;
const char *ssl_cipher, *x509_issuer, *x509_subject;
};
......@@ -135,11 +135,8 @@ void acl_reload(THD *thd);
void acl_free(bool end=0);
ulong acl_get(const char *host, const char *ip, const char *bin_ip,
const char *user, const char *db);
ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
const char *password,const char *scramble,
char **priv_user, char *priv_host,
bool old_ver, USER_RESOURCES *max,char* prepared_scramble,
uint *cur_priv_version, ACL_USER **cached_user);
int acl_getroot(THD *thd, USER_RESOURCES *mqh, const char *passwd,
uint passwd_len);
bool acl_check_host(const char *host, const char *ip);
bool check_change_password(THD *thd, const char *host, const char *user);
bool change_password(THD *thd, const char *host, const char *user,
......
......@@ -139,6 +139,7 @@ THD::THD():user_time(0), is_fatal_error(0),
set_query_id=1;
db_access=NO_ACCESS;
version=refresh_version; // For boot
*scramble= *scramble_323= '\0';
init();
/* Initialize sub structures */
......
......@@ -386,6 +386,7 @@ struct system_variables
my_bool log_warnings;
my_bool low_priority_updates;
my_bool new_mode;
my_bool old_passwords;
CHARSET_INFO *character_set_server;
CHARSET_INFO *character_set_database;
......@@ -544,10 +545,16 @@ public:
enum_tx_isolation session_tx_isolation;
/* for user variables replication*/
DYNAMIC_ARRAY user_var_events;
// extend scramble to handle new auth
char scramble[SCRAMBLE41_LENGTH+1];
// old scramble is needed to handle old clients
char old_scramble[SCRAMBLE_LENGTH+1];
/* scramble - random string sent to client on handshake */
char scramble[SCRAMBLE_LENGTH+1];
/*
The same as scramble but for old password checking routines. It always
contains first N bytes of scramble.
See check_connection() at sql_parse.cc for authentification details.
*/
char scramble_323[SCRAMBLE_LENGTH_323+1];
uint8 query_cache_type; // type of query cache processing
bool slave_thread;
bool set_query_id,locked,count_cuted_fields,some_tables_deleted;
......
This diff is collapsed.
......@@ -7,7 +7,7 @@ typedef struct st_slave_info
uint32 rpl_recovery_rank, master_id;
char host[HOSTNAME_LENGTH+1];
char user[USERNAME_LENGTH+1];
char password[HASH_PASSWORD_LENGTH+1];
char password[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
uint16 port;
THD* thd;
} SLAVE_INFO;
......
......@@ -499,6 +499,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
%token MULTIPOINT
%token MULTIPOLYGON
%token NOW_SYM
%token OLD_PASSWORD
%token PASSWORD
%token POINTFROMTEXT
%token POINT_SYM
......@@ -2538,9 +2539,13 @@ simple_expr:
| NOW_SYM '(' expr ')'
{ $$= new Item_func_now($3); Lex->safe_to_cache_query=0;}
| PASSWORD '(' expr ')'
{ $$= new Item_func_password($3); }
| PASSWORD '(' expr ',' expr ')'
{ $$= new Item_func_password($3,$5); }
{
$$= YYTHD->variables.old_passwords ?
(Item *) new Item_func_old_password($3) :
(Item *) new Item_func_password($3);
}
| OLD_PASSWORD '(' expr ')'
{ $$= new Item_func_old_password($3); }
| POINT_SYM '(' expr ',' expr ')'
{ $$= new Item_func_point($3,$5); }
| POINTFROMTEXT '(' expr ')'
......@@ -4456,6 +4461,7 @@ keyword:
| NO_SYM {}
| NONE_SYM {}
| OFFSET_SYM {}
| OLD_PASSWORD {}
| OPEN_SYM {}
| PACK_KEYS_SYM {}
| PARTIAL {}
......@@ -4669,15 +4675,15 @@ text_or_password:
TEXT_STRING { $$=$1.str;}
| PASSWORD '(' TEXT_STRING ')'
{
if (!$3.length)
$$=$3.str;
else
{
char *buff=(char*) YYTHD->alloc(HASH_PASSWORD_LENGTH+1);
make_scrambled_password(buff,$3.str,use_old_passwords,
&YYTHD->rand);
$$=buff;
$$= $3.length ? YYTHD->variables.old_passwords ?
Item_func_old_password::alloc(YYTHD, $3.str) :
Item_func_password::alloc(YYTHD, $3.str) :
$3.str;
}
| OLD_PASSWORD '(' TEXT_STRING ')'
{
$$= $3.length ? Item_func_old_password::alloc(YYTHD, $3.str) :
$3.str;
}
;
......@@ -4985,13 +4991,23 @@ grant_user:
$$=$1; $1->password=$4;
if ($4.length)
{
char *buff=(char*) YYTHD->alloc(HASH_PASSWORD_LENGTH+1);
if (YYTHD->variables.old_passwords)
{
char *buff=
(char *) YYTHD->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH_323+1);
if (buff)
make_scrambled_password_323(buff, $4.str);
$1->password.str= buff;
$1->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
}
else
{
make_scrambled_password(buff,$4.str,use_old_passwords,
&YYTHD->rand);
$1->password.str=buff;
$1->password.length=HASH_PASSWORD_LENGTH;
char *buff=
(char *) YYTHD->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH+1);
if (buff)
make_scrambled_password(buff, $4.str);
$1->password.str= buff;
$1->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
}
}
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment