Basically minor code optimizations and cleanups

3ee8bee2 · peter@mysql.com · 0601168d · 3ee8bee2 · 3ee8bee2 · 3ee8bee2
Commit 3ee8bee2 authored Dec 05, 2002 by peter@mysql.com
7 changed files
--- a/client/mysqladmin.c
+++ b/client/mysqladmin.c
@@ -768,9 +768,9 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
 	return 1;
      }
      if (argv[1][0])
-	make_scrambled_password(crypted_pw,argv[1],(find_type(argv[0],
-                                &command_typelib,2)==ADMIN_OLD_PASSWORD),
-                                &rand_st);
+	make_scrambled_password(crypted_pw,argv[1],
+                                (find_type(argv[0], &command_typelib, 2) ==
+                                 ADMIN_OLD_PASSWORD), &rand_st);
      else
 	crypted_pw[0]=0;			/* No password */
      sprintf(buff,"set password='%s',sql_log_off=0",crypted_pw);

--- a/libmysql/libmysql.c
+++ b/libmysql/libmysql.c
@@ -2228,9 +2228,12 @@ Try also with PIPE or TCP/IP
  {
    if (passwd[0])
    {
-      /* Use something for not empty password not to match against empty one */
-      end=scramble(strend(buff+5)+1, mysql->scramble_buff,"\1~MySQL#!\2",
-                 (my_bool) (mysql->protocol_version == 9));
+      /* Prepare false scramble  */
+      end=strend(buff+5)+1;
+      bfill(end, SCRAMBLE_LENGTH, 'x');
+      end+=SCRAMBLE_LENGTH;
+      *end=0;
+      end++;
    }
    else  /* For empty password*/
    {
@@ -2238,8 +2241,11 @@ Try also with PIPE or TCP/IP
      *end=0; /* Store zero length scramble */
    }
  }
-  /* Real scramble is sent only for servers. This is to be blocked by option */
  else
+    /*
+     Real scramble is only sent to old servers. This can be blocked 
+     by calling mysql_options(MYSQL *, MYSQL_SECURE_CONNECT, (char*) &1);
+    */
    end=scramble(strend(buff+5)+1, mysql->scramble_buff, passwd,
                 (my_bool) (mysql->protocol_version == 9));

@@ -2265,11 +2271,12 @@ Try also with PIPE or TCP/IP

  if  (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
  {
-    /* This should basically always happen with new server unless empty password */
-    if (pkt_length==24) /* We have new hash back */
+    /* This should always happen with new server unless empty password */
+    if (pkt_length==24 && net->read_pos[0]) 
+    /* OK/Error packets have zero as the first char */
    {
-      /* Old passwords will have zero at the first byte of hash */
-      if (net->read_pos[0])
+      /* Old passwords will have '*' at the first byte of hash */
+      if (net->read_pos[0] != '*')
      {
        /* Build full password hash as it is required to decode scramble */
        password_hash_stage1(buff, passwd);
@@ -2433,15 +2440,20 @@ my_bool	STDCALL mysql_change_user(MYSQL *mysql, const char *user,
  {
    if (passwd[0])
    {
-      /* Use something for not empty password not to match it against empty one */
-      end=scramble(end, mysql->scramble_buff,"\1~MySQL#!\2",
-                 (my_bool) (mysql->protocol_version == 9));
+      /* Prepare false scramble  */
+      bfill(end, SCRAMBLE_LENGTH, 'x');
+      end+=SCRAMBLE_LENGTH;
+      *end=0;
+
    }
    else  /* For empty password*/
      *end=0; /* Store zero length scramble */
  }
-  /* Real scramble is sent only for servers. This is to be blocked by option */
  else
+   /*
+    Real scramble is only sent to old servers. This can be blocked 
+    by calling mysql_options(MYSQL *, MYSQL_SECURE_CONNECT, (char*) &1);
+   */
    end=scramble(end, mysql->scramble_buff, passwd,
                 (my_bool) (mysql->protocol_version == 9));

@@ -2458,11 +2470,12 @@ my_bool	STDCALL mysql_change_user(MYSQL *mysql, const char *user,

  if  (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
  {
-    /* This should basically always happen with new server unless empty password */
-    if (pkt_length==24) /* We have new hash back */
+    /* This should always happen with new server unless empty password */
+    if (pkt_length==24 && net->read_pos[0])
+    /* Err/OK messages has first character=0 */
    {
      /* Old passwords will have zero at the first byte of hash */
-      if (net->read_pos[0])
+      if (net->read_pos[0] != '*')
      {
        /* Build full password hash as it is required to decode scramble */
        password_hash_stage1(buff, passwd);

--- a/sql/mini_client.cc
+++ b/sql/mini_client.cc
@@ -810,9 +810,12 @@ mc_mysql_connect(MYSQL *mysql,const char *host, const char *user,
  {
    if (passwd[0])
    {
-      /* Use something for not empty password not to match it against empty one */
-      end=scramble(strend(buff+5)+1, mysql->scramble_buff,"~MySQL#!",
-                 (my_bool) (mysql->protocol_version == 9));
+      /* Prepare false scramble */
+      end=strend(buff+5)+1;
+      bfill(end, SCRAMBLE_LENGTH, 'x');
+      end+=SCRAMBLE_LENGTH;
+      *end=0;
+      end++;
    }
    else  /* For empty password*/
    {
@@ -820,8 +823,11 @@ mc_mysql_connect(MYSQL *mysql,const char *host, const char *user,
      *end=0; /* Store zero length scramble */
    }
  }
-  /* Real scramble is sent only for old servers. This is to be blocked by option */
  else
+    /*
+     Real scramble is only sent to old servers. This can be blocked  
+     by calling mysql_options(MYSQL *, MYSQL_SECURE_CONNECT, (char*) &1);
+    */
    end=scramble(strend(buff+5)+1, mysql->scramble_buff, passwd,
                 (my_bool) (mysql->protocol_version == 9));

@@ -847,11 +853,12 @@ mc_mysql_connect(MYSQL *mysql,const char *host, const char *user,

  if  (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
  {
-    /* This should basically always happen with new server unless empty password */
-    if (pkt_length==24) /* We have new hash back */
+    /* This should always happen with new server unless empty password */
+    if (pkt_length==24 && net->read_pos[0]) 
+    /* OK/Error message has zero as the first character */
    {
      /* Old passwords will have zero at the first byte of hash */
-      if (net->read_pos[0])
+      if (net->read_pos[0] != '*')
      {
        /* Build full password hash as it is required to decode scramble */
        password_hash_stage1(buff, passwd);

--- a/sql/password.c
+++ b/sql/password.c
@@ -556,7 +556,7 @@ void get_hash_and_password(ulong* salt, uint8 pversion, char* hash, unsigned cha
      val=*(++salt);
      for (t=3; t>=0; t--)
      {
-        bin_password[t]=val%256;
+        bin_password[t]=val & 255;
        val>>=8; /* Scroll 8 bits to get next part*/
      }
      bin_password+=4; /* Get to next 4 chars*/

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -461,6 +461,9 @@ void prepare_scramble(THD *thd, ACL_USER *acl_user,char* prepared_scramble)
  thd->scramble[SCRAMBLE41_LENGTH]=0;
  /* Get binary form, First 4 bytes of prepared scramble is salt */
  get_hash_and_password(acl_user->salt,acl_user->pversion,prepared_scramble,(unsigned char*)bin_password);
+  /* Store "*" as identifier for old passwords */
+  if (!acl_user->pversion)
+    prepared_scramble[0]='*';
  /* Finally encrypt password to get prepared scramble */
  password_crypt(thd->scramble,prepared_scramble+4,bin_password,SCRAMBLE41_LENGTH);
 }
@@ -482,12 +485,13 @@ void prepare_scramble(THD *thd, ACL_USER *acl_user,char* prepared_scramble)
 ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 		  const char *password,const char *message,char **priv_user,
 		  bool old_ver, USER_RESOURCES  *mqh,char* prepared_scramble,
-                  int stage,uint *cur_priv_version,ACL_USER** hint_user)
+                  uint *cur_priv_version,ACL_USER** hint_user)
 {
  ulong user_access=NO_ACCESS;
-  *priv_user=(char*) user;
-  bool password_correct=0;
-  ACL_USER *acl_user=NULL;
+  *priv_user= (char*) user;
+  bool password_correct= 0;
+  int stage= (*hint_user != NULL); /* NULL passed as first stage */
+  ACL_USER *acl_user= NULL;

  DBUG_ENTER("acl_getroot");


--- a/sql/sql_acl.h
+++ b/sql/sql_acl.h
@@ -138,7 +138,7 @@ ulong acl_get(const char *host, const char *ip, const char *bin_ip,
 ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 		  const char *password,const char *scramble,char **priv_user,
 		  bool old_ver, USER_RESOURCES *max,char* prepared_scramble,
-                  int stage, uint *cur_priv_version, ACL_USER **cached_user);
+                  uint *cur_priv_version, ACL_USER **cached_user);
 bool acl_check_host(const char *host, const char *ip);
 bool check_change_password(THD *thd, const char *host, const char *user);
 bool change_password(THD *thd, const char *host, const char *user,

--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -187,7 +187,7 @@ static int get_or_create_user_conn(THD *thd, const char *user,

 static int check_user(THD *thd,enum_server_command command, const char *user,
 		       const char *passwd, const char *db, bool check_count,
-                       bool do_send_error, char* crypted_scramble,int stage,
+                       bool do_send_error, char* crypted_scramble,
                       bool had_password,uint *cur_priv_version,
                       ACL_USER** hint_user)
 {
@@ -207,7 +207,7 @@ static int check_user(THD *thd,enum_server_command command, const char *user,
 				 protocol_version == 9 ||
 				 !(thd->client_capabilities &
 				   CLIENT_LONG_PASSWORD),&ur,crypted_scramble,
-                                   stage,cur_priv_version,hint_user);
+                                   cur_priv_version,hint_user);

  DBUG_PRINT("info",
 	     ("Capabilities: %d  packet_length: %d  Host: '%s'  User: '%s'  Using password: %s  Access: %u  db: '%s'",
@@ -628,7 +628,7 @@ check_connections(THD *thd)

  char prepared_scramble[SCRAMBLE41_LENGTH+4]; /* Buffer for scramble and hash */

-  ACL_USER* cached_user;
+  ACL_USER* cached_user=NULL; /* Initialise to NULL as first stage indication */
  uint cur_priv_version;

  /* Simple connect only for old clients. New clients always use secure auth */
@@ -636,10 +636,9 @@ check_connections(THD *thd)

  /* Store information if we used password. passwd will be dammaged */
  bool using_password=test(passwd[0]);
-
  /* Check user permissions. If password failure we'll get scramble back */
  if (check_user(thd,COM_CONNECT, user, passwd, db, 1, simple_connect,
-      prepared_scramble,0,using_password,&cur_priv_version,&cached_user)<0)
+      prepared_scramble,using_password,&cur_priv_version,&cached_user)<0)
  {
    /* If The client is old we just have to return error */
    if (simple_connect)
@@ -659,8 +658,8 @@ check_connections(THD *thd)
      strmake(tmp_db,db,NAME_LEN);

    /* Write hash and encrypted scramble to client */
-    if (my_net_write(net,prepared_scramble,SCRAMBLE41_LENGTH+4)
-        || net_flush(net))
+    if (my_net_write(net,prepared_scramble,SCRAMBLE41_LENGTH+4) ||
+        net_flush(net))
      {
        inc_host_errors(&thd->remote.sin_addr);
        return ER_HANDSHAKE_ERROR;
@@ -679,7 +678,7 @@ check_connections(THD *thd)
      }
    /* Final attempt to check the user based on reply */
    if (check_user(thd,COM_CONNECT, tmp_user, (char*)net->read_pos,
-        tmp_db, 1, 1,prepared_scramble,1,using_password,&cur_priv_version,
+        tmp_db, 1, 1,prepared_scramble,using_password,&cur_priv_version,
        &cached_user))
      return -1;
  }
@@ -1059,7 +1058,8 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
      goto restore_user_err;

    char prepared_scramble[SCRAMBLE41_LENGTH+4];/* Buffer for scramble,hash */
-    ACL_USER* cached_user;                      /* Cached user */
+    ACL_USER* cached_user     ;                 /* Cached user */
+    cached_user= NULL;
    uint cur_priv_version;                      /* Cached grant version */

    /* Simple connect only for old clients. New clients always use sec. auth*/
@@ -1076,7 +1076,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
     Do not retry if we already have sent error (result>0)
    */
    if (check_user(thd,COM_CHANGE_USER, user, passwd, db, 0, simple_connect,
-        prepared_scramble,0,using_password,&cur_priv_version,&cached_user)<0)
+        prepared_scramble,using_password,&cur_priv_version,&cached_user)<0)
    {
      /* If The client is old we just have to have auth failure */
      if (simple_connect)
@@ -1086,26 +1086,19 @@ bool dispatch_command(enum enum_server_command command, THD *thd,

      char tmp_user[USERNAME_LENGTH+1];
      char tmp_db[NAME_LEN+1];
-
+     
+      tmp_user[0]=0;
      if (user)
-      {
-        strncpy(tmp_user,user,USERNAME_LENGTH+1);
-        /* Extra safety if we have too long data */
-        tmp_user[USERNAME_LENGTH]=0;
-      }
-      else
-        tmp_user[0]=0;
+        strmake(tmp_user,user,USERNAME_LENGTH);
+
+      tmp_db[0]=0;
      if (db)
-      {
-        strncpy(tmp_db,db,NAME_LEN+1);
-        tmp_db[NAME_LEN]=0;
-      }
-      else
-        tmp_db[0]=0;
+        strmake(tmp_db,db,NAME_LEN);
+

      /* Write hash and encrypted scramble to client */
-      if (my_net_write(net,prepared_scramble,SCRAMBLE41_LENGTH+4)
-        || net_flush(net))
+      if (my_net_write(net,prepared_scramble,SCRAMBLE41_LENGTH+4) ||
+          net_flush(net))
        goto restore_user_err;

      /* Reading packet back */
@@ -1117,8 +1110,8 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
        goto restore_user;

      /* Final attempt to check the user based on reply */
-      if (check_user(thd,COM_CONNECT, tmp_user, (char*)net->read_pos,
-          tmp_db, 0, 1,prepared_scramble,1,using_password,&cur_priv_version,
+      if (check_user(thd,COM_CHANGE_USER, tmp_user, (char*)net->read_pos,
+          tmp_db, 0, 1,prepared_scramble,using_password,&cur_priv_version,
          &cached_user))
        goto restore_user;
    }