First version of new authentification procedure: now authentification is one-stage (instead of two-stage in 4.1)

For now following tasks have been done: - PASSWORD() function was rewritten. PASSWORD() now returns SHA1 hash_stage2; for new passwords user.password contains '*'hash_stage2; sql_yacc.yy also fixed; - password.c: new functions were implemented, old rolled back to 4.0 state - server code was rewritten to use new authorization algorithm (check_user(), change user, and other stuff in sql/sql_parse.cc) - client code was rewritten to use new authorization algorithm (mysql_real_connect, myslq_authenticate in sql-common/client.c) - now server barks on 45-byte-length 4.1.0 passwords and refuses 4.1.0-style authentification. Users with 4.1.0 passwords are blocked (sql/sql_acl.cc) - mysqladmin.c was fixed to work correctly with new passwords Tests for 4.0-4.1.1, 4.1.1-4.1.1 (with or without db/password) logons was performed; mysqladmin also was tested. Additional check are nevertheless necessary.
author: kostja@oak.local <> 2003-07-01 23:40:59 +0400
committer: kostja@oak.local <> 2003-07-01 23:40:59 +0400
commit: 7df0475847103581798ddacf75dbf634e8f98d0a (patch)
tree: cbcae0aeb3eee5a5a448084ae5f0e9b5290fac26 /include
parent: 7c799b17b6e8d29ed095c4371302b315e958ad7e (diff)
download: mariadb-git-7df0475847103581798ddacf75dbf634e8f98d0a.tar.gz
2 files changed, 39 insertions, 26 deletions
diff --git a/include/mysql.h b/include/mysql.h
index bd63a10ba45..91ef481e7f7 100644
--- a/include/mysql.h
+++ b/include/mysql.h
@@ -227,7 +227,9 @@ typedef struct st_mysql
   enum mysql_status status;
   my_bool	free_me;		/* If free in mysql_close */
   my_bool	reconnect;		/* set to 1 if automatic reconnect */
-  char	        scramble_buff[21];      /* New protocol requires longer scramble*/
+
+  char	        scramble[SCRAMBLE_LENGTH+1]; /* for new servers */
+  char          scramble_323[SCRAMBLE_LENGTH_323+1]; /* for old servers */
 
  /*
    Set if this is the original connection, not a master or a slave we have
diff --git a/include/mysql_com.h b/include/mysql_com.h
index e87001ff27d..c1f18160667 100644
--- a/include/mysql_com.h
+++ b/include/mysql_com.h
@@ -48,8 +48,15 @@ enum enum_server_command
 };
 
 
-#define SCRAMBLE_LENGTH   8
-#define SCRAMBLE41_LENGTH 20
+/*
+  Length of random string sent by server on handshake; this is also length of
+  obfuscated password, recieved from client 
+*/
+#define SCRAMBLE_LENGTH 20
+#define SCRAMBLE_LENGTH_323 8
+/* length of password stored in the db: new passwords are preceeded with '*' */
+#define SCRAMBLED_PASSWORD_CHAR_LENGTH (SCRAMBLE_LENGTH*2+1)
+#define SCRAMBLED_PASSWORD_CHAR_LENGTH_323 (SCRAMBLE_LENGTH_323*2)
 
 
 #define NOT_NULL_FLAG	1		/* Field can't be NULL */
@@ -300,31 +307,35 @@ extern "C" {
 extern unsigned long max_allowed_packet;
 extern unsigned long net_buffer_length;
 
-void randominit(struct rand_struct *,unsigned long seed1,
-		unsigned long seed2);
+/*
+  These functions are used for authentication by client and server and
+  implemented in sql/password.c
+*/
+
+void randominit(struct rand_struct *, unsigned long seed1,
+                unsigned long seed2);
 double my_rnd(struct rand_struct *);
-void make_scrambled_password(char *to,const char *password,
-     my_bool force_old_scramble,struct rand_struct *rand_st);
-int get_password_length(my_bool force_old_scramble);
-char get_password_version(const char* password);
-void create_random_string(int length,struct rand_struct *rand_st,char* target);
-my_bool validate_password(const char* password, const char* message,
-        unsigned long* salt);
-void password_hash_stage1(char *to, const char *password);
-void password_hash_stage2(char *to,const char *salt);
-void password_crypt(const char* from,char* to, const char* password,int length);
-void get_hash_and_password(unsigned long* salt, unsigned char  pversion,char* hash,
-     unsigned char* bin_password);
-void get_salt_from_password(unsigned long *res,const char *password);
-void create_key_from_old_password(const char* password,char* key);
-void make_password_from_salt(char *to, unsigned long *hash_res,
-     unsigned char  password_version);
-char *scramble(char *to,const char *message,const char *password,
-	       my_bool old_ver);
-my_bool check_scramble(const char *, const char *message,
-		       unsigned long *salt,my_bool old_ver);
+void create_random_string(char *to, uint length, struct rand_struct *rand_st);
+
+void hash_password(ulong *to, const char *password);
+void make_scrambled_password_323(char *to, const char *password);
+char *scramble_323(char *to, const char *message, const char *password,
+                   my_bool old_ver);
+my_bool check_scramble_323(const char *, const char *message,
+                           unsigned long *salt, my_bool old_ver);
+void get_salt_from_password_323(unsigned long *res, const char *password);
+void make_password_from_salt_323(char *to, const unsigned long *salt);
+
+void make_scrambled_password(char *to, const char *password);
+char *scramble(char *to, const char *message, const char *password);
+my_bool check_scramble(const char *reply, const char *message,
+                       const unsigned char *hash_stage2);
+void get_salt_from_password(unsigned char *res, const char *password);
+void make_password_from_salt(char *to, const unsigned char *hash_stage2);
+
+/* end of password.c */
+
 char *get_tty_password(char *opt_message);
-void hash_password(unsigned long *result, const char *password);
 const char *mysql_errno_to_sqlstate(unsigned int mysql_errno);
 
 /* Some other useful functions */
author	kostja@oak.local <>	2003-07-01 23:40:59 +0400
committer	kostja@oak.local <>	2003-07-01 23:40:59 +0400
commit	7df0475847103581798ddacf75dbf634e8f98d0a (patch)
tree	cbcae0aeb3eee5a5a448084ae5f0e9b5290fac26 /include
parent	7c799b17b6e8d29ed095c4371302b315e958ad7e (diff)
download	mariadb-git-7df0475847103581798ddacf75dbf634e8f98d0a.tar.gz