More work on secure connection protocol. commited in order to do the sync with new large pushed

bunch. client/insert_test.c: Fix function call client/select_test.c: Fix function call include/mysql_com.h: New flag defined for secure connection handling sql/mysqld.cc: Add flag used for connection sql/sql_acl.cc: Partial code to find out needed connection flag based on password format
author: unknown <peter@mysql.com> 2002-10-19 23:18:31 +0400
committer: unknown <peter@mysql.com> 2002-10-19 23:18:31 +0400
commit: 48edd0acae1154fce882e68a370fa630b1528390 (patch)
tree: ce2e903012ec410866da6bb9f726df18dccb0029 /sql/sql_acl.cc
parent: c69223d9be61030fd263eb028bac834080e43f37 (diff)
download: mariadb-git-48edd0acae1154fce882e68a370fa630b1528390.tar.gz
1 files changed, 46 insertions, 2 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 2012b565dae..3b37ff552a3 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -32,6 +32,8 @@
 #include <assert.h>
 #include <stdarg.h>
 
+extern uint connection_auth_flag;
+
 struct acl_host_and_ip
 {
   char *hostname;
@@ -143,7 +145,11 @@ my_bool acl_init(bool dont_read_acl_tables)
 			    (hash_get_key) acl_entry_get_key,
 			    (void (*)(void*)) free);
   if (dont_read_acl_tables)
+  {
+    /* If we do not read tables use old handshake to make it quick for all clients */ 
+    connection_auth_flag=CLIENT_LONG_PASSWORD; 
     DBUG_RETURN(0); /* purecov: tested */
+  }    
 
   /*
     To be able to run this from boot, we allocate a temporary THD
@@ -218,6 +224,7 @@ my_bool acl_init(bool dont_read_acl_tables)
 
   DBUG_PRINT("info",("user table fields: %d",table->fields));
   allow_all_hosts=0;
+  connection_auth_flag=0; /* Reset flag as we're rereading the table */
   while (!(read_record_info.read_record(&read_record_info)))
   {
     ACL_USER user;
@@ -242,6 +249,18 @@ my_bool acl_init(bool dont_read_acl_tables)
     }
     get_salt_from_password(user.salt,user.password);
     user.pversion=get_password_version(user.password);
+    /*
+      We check the version of passwords in database. If no old passwords found we can force new handshake
+      if there are only old password we will force new handshake. In case of both types of passwords
+      found we will perform 2 stage authentication.
+    */
+    if (user.password && user.password[0]!=0) /* empty passwords are not counted */ 
+    {
+      if (user.pversion) 
+        connection_auth_flag|=CLIENT_SECURE_CONNECTION;
+      else
+        connection_auth_flag|=CLIENT_LONG_PASSWORD;   
+    }  
     user.access=get_access(table,3) & GLOBAL_ACLS;
     user.sort=get_sort(2,user.host.hostname,user.user);
     user.hostname_length= (user.host.hostname ?
@@ -299,7 +318,18 @@ my_bool acl_init(bool dont_read_acl_tables)
 	sizeof(ACL_USER),(qsort_cmp) acl_compare);
   end_read_record(&read_record_info);
   freeze_size(&acl_users);
-
+  
+  /* 
+   If database is empty or has no passwords use new connection protocol 
+   unless we're running with --old-passwords option
+  */ 
+  if (!connection_auth_flag)
+  {
+    if(!opt_old_passwords)     
+     connection_auth_flag=CLIENT_SECURE_CONNECTION;
+    else connection_auth_flag=CLIENT_LONG_PASSWORD; 
+  }
+  printf("Set flag after read: %d\n",connection_auth_flag);
   init_read_record(&read_record_info,thd,table=tables[2].table,NULL,1,0);
   VOID(my_init_dynamic_array(&acl_dbs,sizeof(ACL_DB),50,100));
   while (!(read_record_info.read_record(&read_record_info)))
@@ -674,6 +704,12 @@ static void acl_update_user(const char *user, const char *host,
 	    acl_user->password=(char*) "";	// Just point at something
 	    get_salt_from_password(acl_user->salt,password);
 	    acl_user->pversion=get_password_version(acl_user->password);
+	    // We should allow connection with authentication method matching password
+	    if (acl_user->pversion)
+	      connection_auth_flag|=CLIENT_SECURE_CONNECTION;
+	    else
+	      connection_auth_flag|=CLIENT_LONG_PASSWORD;  
+	    printf("Debug: flag set to %d\n",connection_auth_flag);      
 	  }
 	}
 	break;
@@ -1084,7 +1120,15 @@ bool change_password(THD *thd, const char *host, const char *user,
   if (!new_password[0])
     acl_user->password=0;
   else
-    acl_user->password=(char*) "";		// Point at something
+  {
+    acl_user->password=(char*) "";		// Point at something        
+    /* Adjust global connection options depending of client password*/
+    if (acl_user->pversion)
+      connection_auth_flag|=CLIENT_SECURE_CONNECTION;
+    else
+      connection_auth_flag|=CLIENT_LONG_PASSWORD;    
+  }
+    
   acl_cache->clear(1);				// Clear locked hostname cache
   VOID(pthread_mutex_unlock(&acl_cache->lock));
author	unknown <peter@mysql.com>	2002-10-19 23:18:31 +0400
committer	unknown <peter@mysql.com>	2002-10-19 23:18:31 +0400
commit	48edd0acae1154fce882e68a370fa630b1528390 (patch)
tree	ce2e903012ec410866da6bb9f726df18dccb0029 /sql/sql_acl.cc
parent	c69223d9be61030fd263eb028bac834080e43f37 (diff)
download	mariadb-git-48edd0acae1154fce882e68a370fa630b1528390.tar.gz