Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
ecedc7ac
Commit
ecedc7ac
authored
Nov 05, 2002
by
peter@mysql.com
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
More work on secure authentication. Commit for merge
parent
334ffec5
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
26 additions
and
11 deletions
+26
-11
include/mysql_com.h
include/mysql_com.h
+1
-1
sql/password.c
sql/password.c
+14
-6
sql/sql_acl.cc
sql/sql_acl.cc
+7
-3
sql/sql_parse.cc
sql/sql_parse.cc
+4
-1
No files found.
include/mysql_com.h
View file @
ecedc7ac
...
...
@@ -284,7 +284,7 @@ void make_scrambled_password(char *to,const char *password,my_bool force_old_scr
uint
get_password_length
(
my_bool
force_old_scramble
);
uint8
get_password_version
(
const
char
*
password
);
void
get_salt_from_password
(
unsigned
long
*
res
,
const
char
*
password
);
void
make_password_from_salt
(
char
*
to
,
unsigned
long
*
hash_res
);
void
make_password_from_salt
(
char
*
to
,
unsigned
long
*
hash_res
,
uint8
password_version
);
char
*
scramble
(
char
*
to
,
const
char
*
message
,
const
char
*
password
,
my_bool
old_ver
);
my_bool
check_scramble
(
const
char
*
,
const
char
*
message
,
...
...
sql/password.c
View file @
ecedc7ac
...
...
@@ -166,24 +166,26 @@ inline uint char_val(char X)
** This code detects new version password by leading char.
** Old password has to be divisible by 8 length
** do not forget to increase array length if you need longer passwords
** THIS FUNCTION DOES NOT HAVE ANY LENGTH CHECK
*/
void
get_salt_from_password
(
ulong
*
res
,
const
char
*
password
)
{
bzero
(
res
,
5
*
sizeof
(
res
[
0
]));
if
(
password
)
bzero
(
res
,
6
*
sizeof
(
res
[
0
]));
if
(
password
)
// zero salt corresponds to empty password
{
if
(
password
[
0
]
==
PVERSION41_CHAR
)
// if new password
{
uint
val
=
0
;
uint
i
;
password
++
;
// skip version identifier.
//get hashing salt from password and store in in the start of array
//get hashing salt from password and store in in the start of array
for
(
i
=
0
;
i
<
4
;
i
++
)
val
=
(
val
<<
4
)
+
char_val
(
*
password
++
);
*
res
++=
val
;
}
// We process old passwords the same way as new ones in other case
while
(
*
password
)
{
ulong
val
=
0
;
...
...
@@ -196,10 +198,16 @@ void get_salt_from_password(ulong *res,const char *password)
return
;
}
void
make_password_from_salt
(
char
*
to
,
ulong
*
hash_res
)
void
make_password_from_salt
(
char
*
to
,
ulong
*
hash_res
,
uint8
password_version
)
{
// warning this does not work for new passwords yet
if
(
!
password_version
)
// Handling of old passwords.
sprintf
(
to
,
"%08lx%08lx"
,
hash_res
[
0
],
hash_res
[
1
]);
else
if
(
password_version
==
PVERSION41_CHAR
)
sprintf
(
to
,
"%c%04x%08lx%08lx%08lx%08lx%08lx"
,(
uint
)
hash_res
[
0
],
hash_res
[
1
],
hash_res
[
2
],
hash_res
[
3
],
hash_res
[
4
],
hash_res
[
5
]);
else
// Just use empty password if we can't handle it. This should not happen
to
[
0
]
=
'\0'
;
}
...
...
sql/sql_acl.cc
View file @
ecedc7ac
...
...
@@ -32,7 +32,7 @@
#include <assert.h>
#include <stdarg.h>
extern
uint
connection_auth_flag
;
extern
uint
connection_auth_flag
;
// any better way to do it ?
struct
acl_host_and_ip
{
...
...
@@ -329,7 +329,7 @@ my_bool acl_init(bool dont_read_acl_tables)
connection_auth_flag
=
CLIENT_SECURE_CONNECTION
;
else
connection_auth_flag
=
CLIENT_LONG_PASSWORD
;
}
printf
(
"Set flag after read: %d
\n
"
,
connection_auth_flag
);
printf
(
"Set flag after read: %d
\n
"
,
connection_auth_flag
);
/* DEBUG to be removed */
init_read_record
(
&
read_record_info
,
thd
,
table
=
tables
[
2
].
table
,
NULL
,
1
,
0
);
VOID
(
my_init_dynamic_array
(
&
acl_dbs
,
sizeof
(
ACL_DB
),
50
,
100
));
while
(
!
(
read_record_info
.
read_record
(
&
read_record_info
)))
...
...
@@ -746,6 +746,10 @@ static void acl_insert_user(const char *user, const char *host,
acl_user
.
password
=
(
char
*
)
""
;
// Just point at something
get_salt_from_password
(
acl_user
.
salt
,
password
);
acl_user
.
pversion
=
get_password_version
(
acl_user
.
password
);
if
(
acl_user
.
pversion
)
connection_auth_flag
|=
CLIENT_SECURE_CONNECTION
;
else
connection_auth_flag
|=
CLIENT_LONG_PASSWORD
;
}
VOID
(
push_dynamic
(
&
acl_users
,(
gptr
)
&
acl_user
));
...
...
@@ -2844,7 +2848,7 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
if
(
acl_user
->
password
)
{
char
passd_buff
[
HASH_PASSWORD_LENGTH
+
1
];
make_password_from_salt
(
passd_buff
,
acl_user
->
salt
);
make_password_from_salt
(
passd_buff
,
acl_user
->
salt
,
acl_user
->
pversion
);
global
.
append
(
" IDENTIFIED BY PASSWORD '"
,
25
);
global
.
append
(
passd_buff
);
global
.
append
(
'\''
);
...
...
sql/sql_parse.cc
View file @
ecedc7ac
...
...
@@ -51,6 +51,8 @@
#define TRANS_MEM_ROOT_BLOCK_SIZE 4096
#define TRANS_MEM_ROOT_PREALLOC 4096
extern
uint
connection_auth_flag
;
extern
int
yyparse
(
void
);
extern
"C"
pthread_mutex_t
THR_LOCK_keycache
;
#ifdef SOLARIS
...
...
@@ -504,7 +506,8 @@ check_connections(THD *thd)
{
/* buff[] needs to big enough to hold the server_version variable */
char
buff
[
SERVER_VERSION_LENGTH
+
SCRAMBLE_LENGTH
+
32
],
*
end
;
int
client_flags
=
CLIENT_LONG_FLAG
|
CLIENT_CONNECT_WITH_DB
|
CLIENT_PROTOCOL_41
;
int
client_flags
=
CLIENT_LONG_FLAG
|
CLIENT_CONNECT_WITH_DB
|
CLIENT_PROTOCOL_41
|
connection_auth_flag
;
if
(
opt_using_transactions
)
client_flags
|=
CLIENT_TRANSACTIONS
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment