First version of new authentification procedure: now authentification is one-stage (instead of two-stage in 4.1)

For now following tasks have been done:
- PASSWORD() function was rewritten. PASSWORD() now returns SHA1
  hash_stage2; for new passwords user.password contains '*'hash_stage2; sql_yacc.yy also fixed; 

- password.c: new functions were implemented, old rolled back to 4.0 state

- server code was rewritten to use new authorization algorithm (check_user(), change
  user, and other stuff in sql/sql_parse.cc)

- client code was rewritten to use new authorization algorithm
  (mysql_real_connect, myslq_authenticate in sql-common/client.c)

- now server barks on 45-byte-length 4.1.0 passwords and refuses 4.1.0-style
  authentification. Users with 4.1.0 passwords are blocked (sql/sql_acl.cc)

- mysqladmin.c was fixed to work correctly with new passwords

Tests for 4.0-4.1.1, 4.1.1-4.1.1 (with or without db/password) logons was performed;
mysqladmin also was tested. Additional check are nevertheless necessary.


BitKeeper/etc/ignore:
  Added start_mysqld.sh mysys/main.cc to the ignore list
client/mysqladmin.c:
  fixed with new password api
include/mysql.h:
  So as scramble_323 accepts only null-terminated message, two scramble buffs are necessary.
  gotta be fixed
include/mysql_com.h:
  new constants and password.c api changes
libmysql/libmysql.c:
  mysql_change_user rewritten to work with new password api
scripts/mysql_create_system_tables.sh:
  fixed 'Password' column length to 41
scripts/mysql_fix_privilege_tables.sql:
  fixed 'Password' column length to 41
sql-common/client.c:
  mysql_real_connect rewritten to support new handshake procedure
sql/item_strfunc.cc:
  Item_func_password and Item_func_old_password rewritten with new password api
sql/item_strfunc.h:
  bit commented, numbers replaced with #defined constants
sql/mysql_priv.h:
  removed unnecessary declaration as now all constants defined is in mysql_com.h
sql/mysqld.cc:
  scramble initialization moved to sql_parce.cc:check_connection
sql/password.c:
  All 4.1 functions were rolled back to 4.0 with attempt to save all possible 4.0-4.1 changes.
  Names for 4.0 functions were suffixed with '_323'
  Functions for new handshake were added.
sql/slave.cc:
  Fixed to new constant; Bug #766 remains to be fixed
sql/slave.h:
  fixed to new constant; Buf #766 remains to be fixed
sql/sql_acl.cc:
  rewritten to support new passwords (41 byte-long) and password api
sql/sql_acl.h:
  ditto
sql/sql_class.cc:
  initialization for new members added
sql/sql_class.h:
  same thing as in struct mysql - scramble is used for new family of functions, scramble_323 - for old
sql/sql_parse.cc:
  check_connections was renamed to check_connection as this name reflects better what this function does
  authorization part of check_connection was rewritten
  check_user was rewritten with new password and acl api
  new function 'authenticate', which optionally re-request scramble from client was added
  fixed some typos
  COM_CHANGE_USER piece of dipsatch_command() was rewritten
sql/sql_repl.h:
  HASH_PASSWORD_LENGTH replaced with SCRAMBLED_PASSWORD_CHAR_LENGTH
  bug #766 remains
sql/sql_yacc.yy:
  Two-argument form of PASSWORD() was removed
  PASSWORD() function was fixed with new password api.
BitKeeper/etc/logging_ok:
  Logging to logging@openlogging.org accepted

1 files changed, 34 insertions, 24 deletions

diff --git a/libmysql/libmysql.c b/libmysql/libmysql.c
index 771278c1dbb..6bc38abb060 100644
--- a/libmysql/libmysql.c
+++ b/libmysql/libmysql.c
@@ -616,41 +616,51 @@ my_bool	STDCALL mysql_change_user(MYSQL *mysql, const char *user,
   /* Store user into the buffer */
   end=strmov(end,user)+1;
 
-  /*
-    We always start with old type handshake the only difference is message sent
-    If server handles secure connection type we'll not send the real scramble
-  */
-  if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
+  /* write scrambled password according to server capabilities */
+  if (passwd[0])
   {
-    if (passwd[0])
-    {
-      /* Prepare false scramble  */
-      bfill(end, SCRAMBLE_LENGTH, 'x');
-      end+=SCRAMBLE_LENGTH;
-      *end=0;
-
-    }
-    else					/* For empty password */
-      *end=0;					/* zero length scramble */
+    /* Write NULL-terminated scrambled password: */
+    end= mysql->server_capabilities & CLIENT_SECURE_CONNECTION ?
+      scramble(end, mysql->scramble, passwd) :
+      scramble_323(end, mysql->scramble_323, passwd,
+                   (my_bool) (mysql->protocol_version == 9));
   }
   else
-  {
-    /*
-      Real scramble is only sent to old servers. This can be blocked 
-      by calling mysql_options(MYSQL *, MYSQL_SECURE_CONNECT, (char*) &1);
-    */
-    end=scramble(end, mysql->scramble_buff, passwd,
-                 (my_bool) (mysql->protocol_version == 9));
-  }
+    *end= '\0';                                 // empty password
   /* Add database if needed */
   end=strmov(end+1,db ? db : "");
 
   /* Write authentication package */
   simple_command(mysql,COM_CHANGE_USER, buff,(ulong) (end-buff),1);
 
-  if (mysql_autenticate(mysql, passwd))
+  NET *net= &mysql->net;
+  ulong pkt_length= net_safe_read(mysql);
+
+  if (pkt_length == packet_error)
     goto error;
 
+  if (net->read_pos[0] == mysql->scramble_323[0] &&
+      pkt_length == SCRAMBLE_LENGTH_323 + 1 &&
+      mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
+  {
+    /*
+      By sending this very specific reply server asks us to send scrambled
+      password in old format. The reply contains scramble_323.
+    */
+    scramble_323(buff, mysql->scramble_323, passwd,
+                 (my_bool) (mysql->protocol_version == 9));
+    if (my_net_write(net, buff, SCRAMBLE_LENGTH_323 + 1) || net_flush(net))
+    {
+      net->last_errno= CR_SERVER_LOST;
+      strmov(net->sqlstate, unknown_sqlstate);
+      strmov(net->last_error,ER(net->last_errno));
+      goto error;
+    }
+    /* Read what server thinks about out new auth message report */
+    if (net_safe_read(mysql) == packet_error)
+      goto error;
+  }
+
   /* Free old connect information */
   my_free(mysql->user,MYF(MY_ALLOW_ZERO_PTR));
   my_free(mysql->passwd,MYF(MY_ALLOW_ZERO_PTR));