More work on secure authentication. Commit for merge

include/mysql_com.h:
  Update prototype
sql/password.c:
  More handling of new passwords
sql/sql_acl.cc:
  Discovery of authentication type to go
sql/sql_parse.cc:
  Add new flags in handshake

3 files changed, 25 insertions, 10 deletions

diff --git a/sql/password.c b/sql/password.c
index ba7dc17c671..0d60b381e1b 100644
--- a/sql/password.c
+++ b/sql/password.c
@@ -166,24 +166,26 @@ inline uint char_val(char X)
 ** This code detects new version password by leading char. 
 ** Old password has to be divisible by 8 length
 ** do not forget to increase array length if you need longer passwords
+** THIS FUNCTION DOES NOT HAVE ANY LENGTH CHECK 
 */
 
 void get_salt_from_password(ulong *res,const char *password)
 {
-  bzero(res,5*sizeof(res[0]));
-  if (password)
+  bzero(res,6*sizeof(res[0]));
+  if (password) // zero salt corresponds to empty password 
   {
     if (password[0]==PVERSION41_CHAR) // if new password
     {
       uint val=0;
       uint i;
       password++; // skip version identifier.
-      //get hashing salt from password and store in in the start of array
       
+      //get hashing salt from password and store in in the start of array      
       for (i=0 ; i < 4 ; i++)
 	val=(val << 4)+char_val(*password++);
       *res++=val; 
     }
+     // We process old passwords the same way as new ones in other case
     while (*password)
     {
       ulong val=0;
@@ -196,10 +198,16 @@ void get_salt_from_password(ulong *res,const char *password)
   return;
 }
 
-void make_password_from_salt(char *to, ulong *hash_res)
+void make_password_from_salt(char *to, ulong *hash_res,uint8 password_version)
 {
-  // warning this does not work for new passwords yet
-  sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
+  if (!password_version) // Handling of old passwords.
+    sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
+  else
+    if (password_version==PVERSION41_CHAR)
+      sprintf(to,"%c%04x%08lx%08lx%08lx%08lx%08lx",(uint)hash_res[0],hash_res[1],
+              hash_res[2],hash_res[3],hash_res[4],hash_res[5]);
+    else // Just use empty password if we can't handle it. This should not happen
+      to[0]='\0';
 }
 
 
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 3b37ff552a3..8895cb84203 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -32,7 +32,7 @@
 #include <assert.h>
 #include <stdarg.h>
 
-extern uint connection_auth_flag;
+extern uint connection_auth_flag; // any better way to do it ?
 
 struct acl_host_and_ip
 {
@@ -329,7 +329,7 @@ my_bool acl_init(bool dont_read_acl_tables)
      connection_auth_flag=CLIENT_SECURE_CONNECTION;
     else connection_auth_flag=CLIENT_LONG_PASSWORD; 
   }
-  printf("Set flag after read: %d\n",connection_auth_flag);
+  printf("Set flag after read: %d\n",connection_auth_flag); /* DEBUG to be removed */
   init_read_record(&read_record_info,thd,table=tables[2].table,NULL,1,0);
   VOID(my_init_dynamic_array(&acl_dbs,sizeof(ACL_DB),50,100));
   while (!(read_record_info.read_record(&read_record_info)))
@@ -746,6 +746,10 @@ static void acl_insert_user(const char *user, const char *host,
     acl_user.password=(char*) "";		// Just point at something
     get_salt_from_password(acl_user.salt,password);
     acl_user.pversion=get_password_version(acl_user.password);
+    if (acl_user.pversion)
+      connection_auth_flag|=CLIENT_SECURE_CONNECTION;
+    else
+      connection_auth_flag|=CLIENT_LONG_PASSWORD;
   }
 
   VOID(push_dynamic(&acl_users,(gptr) &acl_user));
@@ -2844,7 +2848,7 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
     if (acl_user->password)
     {
       char passd_buff[HASH_PASSWORD_LENGTH+1];
-      make_password_from_salt(passd_buff,acl_user->salt);
+      make_password_from_salt(passd_buff,acl_user->salt,acl_user->pversion);
       global.append(" IDENTIFIED BY PASSWORD '",25);
       global.append(passd_buff);
       global.append('\'');
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 97714da0e8d..d6e7b1193e0 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -51,6 +51,8 @@
 #define TRANS_MEM_ROOT_BLOCK_SIZE 4096
 #define TRANS_MEM_ROOT_PREALLOC   4096
 
+extern uint connection_auth_flag;
+
 extern int yyparse(void);
 extern "C" pthread_mutex_t THR_LOCK_keycache;
 #ifdef SOLARIS
@@ -504,7 +506,8 @@ check_connections(THD *thd)
   {
     /* buff[] needs to big enough to hold the server_version variable */
     char buff[SERVER_VERSION_LENGTH + SCRAMBLE_LENGTH+32],*end;
-    int client_flags = CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | CLIENT_PROTOCOL_41;
+    int client_flags = CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | 
+                       CLIENT_PROTOCOL_41 | connection_auth_flag;
 
     if (opt_using_transactions)
       client_flags|=CLIENT_TRANSACTIONS;