Do the partial merge of WL#5602 correctly:

  Remove unused code (that should not have been merged)
  Add protocol extension (that should have been merged)
  Fix bugs (see pack.c)

6 files changed, 48 insertions, 181 deletions

diff --git a/sql/client_settings.h b/sql/client_settings.h
index 5707413f69f..d6a157f71fd 100644
--- a/sql/client_settings.h
+++ b/sql/client_settings.h
@@ -34,6 +34,7 @@
                              CLIENT_PROTOCOL_41 |   \
                              CLIENT_SECURE_CONNECTION | \
                              CLIENT_PLUGIN_AUTH | \
+                             CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA | \
                              CLIENT_CONNECT_ATTRS)
 
 #define read_user_name(A) {}
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index ef189763d88..fc5dfe0994e 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -2171,129 +2171,28 @@ void Item_func_trim::print(String *str, enum_query_type query_type)
 
 /* Item_func_password */
 
-/**
-  Helper function for calculating a new password. Used in 
-  Item_func_password::fix_length_and_dec() for const parameters and in 
-  Item_func_password::val_str_ascii() for non-const parameters.
-  @param str The plain text password which should be digested
-  @param buffer a pointer to the buffer where the digest will be stored.
-
-  @note The buffer must be of at least CRYPT_MAX_PASSWORD_SIZE size.
-
-  @return Size of the password.
-*/
-
-static int calculate_password(String *str, char *buffer)
-{
-  DBUG_ASSERT(str);
-  if (str->length() == 0) // PASSWORD('') returns ''
-    return 0;
-  
-  int buffer_len= 0;
-  THD *thd= current_thd;
-  int old_passwords= 0;
-  if (thd)
-    old_passwords= thd->variables.old_passwords;
-  
-#if defined(HAVE_OPENSSL)
-  if (old_passwords == 2)
-  {
-    my_make_scrambled_password(buffer, str->ptr(),
-                               str->length());
-    buffer_len= (int) strlen(buffer) + 1;
-  }
-  else
-#endif
-  if (old_passwords == 0)
-  {
-    my_make_scrambled_password_sha1(buffer, str->ptr(),
-                                    str->length());
-    buffer_len= SCRAMBLED_PASSWORD_CHAR_LENGTH;
-  }
-  else
-  if (old_passwords == 1)
-  {
-    my_make_scrambled_password_323(buffer, str->ptr(),
-                                   str->length());
-    buffer_len= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
-  }
-  return buffer_len;
-}
-
-/* Item_func_password */
-void Item_func_password::fix_length_and_dec()
-{
-  maybe_null= false; // PASSWORD() never returns NULL
-  
-  if (args[0]->const_item())
-  {
-    String str;
-    String *res= args[0]->val_str(&str);
-    if (!args[0]->null_value)
-    {
-      m_hashed_password_buffer_len=
-        calculate_password(res, m_hashed_password_buffer);
-      fix_length_and_charset(m_hashed_password_buffer_len, default_charset());
-      m_recalculate_password= false;
-      return;
-    }
-  }
-
-  m_recalculate_password= true;
-  fix_length_and_charset(CRYPT_MAX_PASSWORD_SIZE, default_charset());
-}
-
 String *Item_func_password::val_str_ascii(String *str)
 {
   DBUG_ASSERT(fixed == 1);
-
-  String *res= args[0]->val_str(str);
-
-  if (args[0]->null_value)
-    res= make_empty_result();
-
-  /* we treat NULLs as equal to empty string when calling the plugin */
+  String *res= args[0]->val_str(str); 
   check_password_policy(res);
-
-  null_value= 0;
-  if (args[0]->null_value)  // PASSWORD(NULL) returns ''
-    return res;
-  
-  if (m_recalculate_password)
-    m_hashed_password_buffer_len= calculate_password(res,
-                                                     m_hashed_password_buffer);
-
-  if (m_hashed_password_buffer_len == 0)
+  if (args[0]->null_value || res->length() == 0)
     return make_empty_result();
-
-  str->set(m_hashed_password_buffer, m_hashed_password_buffer_len,
-           default_charset());
-
+  my_make_scrambled_password(tmp_value, res->ptr(), res->length());
+  str->set(tmp_value, SCRAMBLED_PASSWORD_CHAR_LENGTH, &my_charset_latin1);
   return str;
 }
 
-char *Item_func_password::
-  create_password_hash_buffer(THD *thd, const char *password,  size_t pass_len)
+char *Item_func_password::alloc(THD *thd, const char *password, size_t pass_len)
 {
-  String *password_str= new (thd->mem_root)String(password, thd->variables.
-                                                    character_set_client);
-  check_password_policy(password_str);
-
-  char *buff= NULL;
-  if (thd->variables.old_passwords == 0)
-  {
-    /* Allocate memory for the password scramble and one extra byte for \0 */
-    buff= (char *) thd->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH + 1);
-    my_make_scrambled_password_sha1(buff, password, pass_len);
-  }
-#if defined(HAVE_OPENSSL)
-  else
+  char *buff= (char *) thd->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH+1);
+  if (buff)
   {
-    /* Allocate memory for the password scramble and one extra byte for \0 */
-    buff= (char *) thd->alloc(CRYPT_MAX_PASSWORD_SIZE + 1);
+    String *password_str= new (thd->mem_root)String(password, thd->variables.
+                                                    character_set_client);
+    check_password_policy(password_str);
     my_make_scrambled_password(buff, password, pass_len);
   }
-#endif
   return buff;
 }
 
diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h
index 6709b4b64c6..4b9ec50c164 100644
--- a/sql/item_strfunc.h
+++ b/sql/item_strfunc.h
@@ -21,8 +21,6 @@
 
 /* This file defines all string functions */
 
-#include "crypt_genhash_impl.h"
-
 #ifdef USE_PRAGMA_INTERFACE
 #pragma interface			/* gcc class implementation */
 #endif
@@ -394,21 +392,16 @@ public:
 
 class Item_func_password :public Item_str_ascii_func
 {
-  char m_hashed_password_buffer[CRYPT_MAX_PASSWORD_SIZE + 1];
-  unsigned int m_hashed_password_buffer_len;
-  bool m_recalculate_password;
+  char tmp_value[SCRAMBLED_PASSWORD_CHAR_LENGTH+1]; 
 public:
-  Item_func_password(Item *a) :Item_str_ascii_func(a)
+  Item_func_password(Item *a) :Item_str_ascii_func(a) {}
+  String *val_str_ascii(String *str);
+  void fix_length_and_dec()
   {
-    m_hashed_password_buffer_len= 0;
-    m_recalculate_password= false;
+    fix_length_and_charset(SCRAMBLED_PASSWORD_CHAR_LENGTH, default_charset());
   }
-  String *val_str_ascii(String *str);
-  void fix_length_and_dec();
   const char *func_name() const { return "password"; }
   static char *alloc(THD *thd, const char *password, size_t pass_len);
-  static char *create_password_hash_buffer(THD *thd, const char *password,
-                                           size_t pass_len);
 };
 
 
diff --git a/sql/password.c b/sql/password.c
index 954daf2d8d1..22e0060abd2 100644
--- a/sql/password.c
+++ b/sql/password.c
@@ -67,7 +67,6 @@
 #include <mysql.h>
 #include <my_rnd.h>
 #include <sha1.h>
-#include <crypt_genhash_impl.h>
 
 /************ MySQL 3.23-4.0 authentication routines: untouched ***********/
 
@@ -280,14 +279,13 @@ void make_password_from_salt_323(char *to, const ulong *salt)
      **************** MySQL 4.1.1 authentication routines *************
 */
 
-/*
-    Generate string of printable random characters of requested length
-  SYNOPSIS
-    create_random_string()
-    to       OUT   buffer for generation; must be at least length+1 bytes
-                   long; result string is always null-terminated
-    length   IN    how many random characters to put in buffer
-    rand_st  INOUT structure used for number generation
+/**
+    Generate string of printable random characters of requested length.
+  
+    @param to[out]  Buffer for generation; must be at least length+1 bytes
+                    long; result string is always null-terminated
+    length[in]      How many random characters to put in buffer
+    rand_st         Structure used for number generation
 */
 
 void create_random_string(char *to, uint length,
@@ -374,23 +372,6 @@ my_crypt(char *to, const uchar *s1, const uchar *s2, uint len)
 }
 
 
-#if defined(HAVE_OPENSSL)
-void my_make_scrambled_password(char *to, const char *password,
-                                size_t pass_len)
-{
-
-  char salt[CRYPT_SALT_LENGTH + 1];
-  
-  generate_user_salt(salt, CRYPT_SALT_LENGTH + 1);
-  my_crypt_genhash(to,
-                     CRYPT_MAX_PASSWORD_SIZE,
-                     password,
-                     pass_len,
-                     salt,
-                     0);
-
-}
-#endif
 /**
   Compute two stage SHA1 hash of the password :
 
@@ -422,14 +403,14 @@ void compute_two_stage_sha1_hash(const char *password, size_t pass_len,
     The result of this function is used as return value from PASSWORD() and
     is stored in the database.
   SYNOPSIS
-    my_make_scrambled_password_sha1()
+    my_make_scrambled_password()
     buf       OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
     password  IN  password string
     pass_len  IN  length of password string
 */
 
-void my_make_scrambled_password_sha1(char *to, const char *password,
-                                     size_t pass_len)
+void my_make_scrambled_password(char *to, const char *password,
+                                size_t pass_len)
 {
   uint8 hash_stage2[SHA1_HASH_SIZE];
 
@@ -455,7 +436,7 @@ void my_make_scrambled_password_sha1(char *to, const char *password,
 
 void make_scrambled_password(char *to, const char *password)
 {
-  my_make_scrambled_password_sha1(to, password, strlen(password));
+  my_make_scrambled_password(to, password, strlen(password));
 }
 
 
@@ -500,7 +481,7 @@ scramble(char *to, const char *message, const char *password)
     null-terminated, reply and hash_stage2 must be at least SHA1_HASH_SIZE
     long (if not, something fishy is going on).
   SYNOPSIS
-    check_scramble_sha1()
+    check_scramble()
     scramble     clients' reply, presumably produced by scramble()
     message      original random string, previously sent to client
                  (presumably second argument of scramble()), must be 
@@ -514,8 +495,8 @@ scramble(char *to, const char *message, const char *password)
 */
 
 my_bool
-check_scramble_sha1(const uchar *scramble_arg, const char *message,
-                    const uint8 *hash_stage2)
+check_scramble(const uchar *scramble_arg, const char *message,
+               const uint8 *hash_stage2)
 {
   uint8 buf[SHA1_HASH_SIZE];
   uint8 hash_stage2_reassured[SHA1_HASH_SIZE];
@@ -532,13 +513,6 @@ check_scramble_sha1(const uchar *scramble_arg, const char *message,
   return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
 }
 
-my_bool
-check_scramble(const uchar *scramble_arg, const char *message,
-               const uint8 *hash_stage2)
-{
-  return check_scramble_sha1(scramble_arg, message, hash_stage2);
-}
-
 /*
   Convert scrambled password from asciiz hex string to binary form.
 
@@ -567,3 +541,4 @@ void make_password_from_salt(char *to, const uint8 *hash_stage2)
   *to++= PVERSION41_CHAR;
   octet2hex(to, (const char*) hash_stage2, SHA1_HASH_SIZE);
 }
+
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index f97b524e843..4ce41e103bd 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -11419,13 +11419,20 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
     Cast *passwd to an unsigned char, so that it doesn't extend the sign for
     *passwd > 127 and become 2**32-127+ after casting to uint.
   */
-  uint passwd_len= thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
-                   (uchar)(*passwd++) : strlen(passwd);
-
+  uint passwd_len;
+  if (!(thd->client_capabilities & CLIENT_SECURE_CONNECTION))
+    passwd_len= strlen(passwd);
+  else if (!(thd->client_capabilities & CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA))
+    passwd_len= (uchar)(*passwd++);
+  else
+    passwd_len= safe_net_field_length_ll((uchar**)&passwd,
+                                      net->read_pos + pkt_len - (uchar*)passwd);
+  
   db= thd->client_capabilities & CLIENT_CONNECT_WITH_DB ?
     db + passwd_len + 1 : 0;
 
-  if (passwd + passwd_len + test(db) > (char *)net->read_pos + pkt_len)
+  if (passwd == NULL ||
+      passwd + passwd_len + test(db) > (char *)net->read_pos + pkt_len)
     return packet_error;
 
   /* strlen() can't be easily deleted without changing protocol */
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 22fa1e53c21..b51cc27c0b0 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -9753,7 +9753,7 @@ function_call_conflict:
         | PASSWORD '(' expr ')'
           {
             Item* i1;
-            if (thd->variables.old_passwords == 1)
+            if (thd->variables.old_passwords)
               i1= new (thd->mem_root) Item_func_old_password($3);
             else
               i1= new (thd->mem_root) Item_func_password($3);
@@ -14789,18 +14789,10 @@ text_or_password:
           TEXT_STRING { $$=$1.str;}
         | PASSWORD '(' TEXT_STRING ')'
           {
-            if ($3.length == 0)
-             $$= $3.str;
-            else
-            switch (thd->variables.old_passwords) {
-              case 1: $$= Item_func_old_password::
-                alloc(thd, $3.str, $3.length);
-                break;
-              case 0:
-              case 2: $$= Item_func_password::
-                create_password_hash_buffer(thd, $3.str, $3.length);
-                break;
-            }
+            $$= $3.length ? thd->variables.old_passwords ?
+              Item_func_old_password::alloc(thd, $3.str, $3.length) :
+              Item_func_password::alloc(thd, $3.str, $3.length) :
+              $3.str;
             if ($$ == NULL)
               MYSQL_YYABORT;
           }
@@ -15400,7 +15392,7 @@ grant_user:
                   (char *) thd->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH+1);
                 if (buff == NULL)
                   MYSQL_YYABORT;
-                my_make_scrambled_password_sha1(buff, $4.str, $4.length);
+                my_make_scrambled_password(buff, $4.str, $4.length);
                 $1->password.str= buff;
                 $1->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
               }