summaryrefslogtreecommitdiff
path: root/sql/password.c
diff options
context:
space:
mode:
Diffstat (limited to 'sql/password.c')
-rw-r--r--sql/password.c93
1 files changed, 45 insertions, 48 deletions
diff --git a/sql/password.c b/sql/password.c
index 2e9139c12aa..16227aab611 100644
--- a/sql/password.c
+++ b/sql/password.c
@@ -110,15 +110,17 @@ double my_rnd(struct rand_struct *rand_st)
Used for Pre-4.1 password handling
SYNOPSIS
hash_password()
- result OUT store hash in this location
- password IN plain text password to build hash
+ result OUT store hash in this location
+ password IN plain text password to build hash
+ password_len IN password length (password may be not null-terminated)
*/
-void hash_password(ulong *result, const char *password)
+void hash_password(ulong *result, const char *password, uint password_len)
{
register ulong nr=1345345333L, add=7, nr2=0x12345671L;
ulong tmp;
- for (; *password ; password++)
+ const char *password_end= password + password_len;
+ for (; password < password_end; password++)
{
if (*password == ' ' || *password == '\t')
continue; /* skip space in password */
@@ -129,7 +131,6 @@ void hash_password(ulong *result, const char *password)
}
result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
result[1]=nr2 & (((ulong) 1L << 31) -1L);
- return;
}
@@ -145,7 +146,7 @@ void hash_password(ulong *result, const char *password)
void make_scrambled_password_323(char *to, const char *password)
{
ulong hash_res[2];
- hash_password(hash_res, password);
+ hash_password(hash_res, password, strlen(password));
sprintf(to, "%08lx%08lx", hash_res[0], hash_res[1]);
}
@@ -157,14 +158,12 @@ void make_scrambled_password_323(char *to, const char *password)
scramble_323()
to OUT Store scrambled message here. Buffer must be at least
SCRAMBLE_LENGTH_323+1 bytes long
- message IN Message to scramble. Message must be exactly
- SRAMBLE_LENGTH_323 long and NULL terminated.
+ message IN Message to scramble. Message must be at least
+ SRAMBLE_LENGTH_323 bytes long.
password IN Password to use while scrambling
- RETURN
- End of scrambled string
*/
-char *scramble_323(char *to, const char *message, const char *password)
+void scramble_323(char *to, const char *message, const char *password)
{
struct rand_struct rand_st;
ulong hash_pass[2], hash_message[2];
@@ -172,18 +171,18 @@ char *scramble_323(char *to, const char *message, const char *password)
if (password && password[0])
{
char *to_start=to;
- hash_password(hash_pass,password);
- hash_password(hash_message, message);
+ hash_password(hash_pass,password, strlen(password));
+ hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
hash_pass[1] ^ hash_message[1]);
- while (*message++)
+ const char *message_end= message + SCRAMBLE_LENGTH_323;
+ for (; message < message_end; message++)
*to++= (char) (floor(my_rnd(&rand_st)*31)+64);
char extra=(char) (floor(my_rnd(&rand_st)*31));
while (to_start != to)
*(to_start++)^=extra;
}
*to= 0;
- return to;
}
@@ -192,11 +191,13 @@ char *scramble_323(char *to, const char *message, const char *password)
Used in pre 4.1 password handling
SYNOPSIS
check_scramble_323()
- scrambled IN scrambled message to check.
- message IN original random message which was used for scrambling; must
- be exactly SCRAMBLED_LENGTH_323 bytes long and
- NULL-terminated.
- hash_pass IN password which should be used for scrambling
+ scrambled scrambled message to check.
+ message original random message which was used for scrambling; must
+ be exactly SCRAMBLED_LENGTH_323 bytes long and
+ NULL-terminated.
+ hash_pass password which should be used for scrambling
+ All params are IN.
+
RETURN VALUE
0 - password correct
!0 - password invalid
@@ -211,11 +212,7 @@ check_scramble_323(const char *scrambled, const char *message,
char buff[16],*to,extra; /* Big enough for check */
const char *pos;
- /* Check if this exactly N bytes. Overwise this is something fishy */
- if (strlen(message) != SCRAMBLE_LENGTH_323)
- return 1; /* Wrong password */
-
- hash_password(hash_message,message);
+ hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
hash_pass[1] ^ hash_message[1]);
to=buff;
@@ -231,7 +228,7 @@ check_scramble_323(const char *scrambled, const char *message,
return 0;
}
-static uint8 char_val(uint8 X)
+static inline uint8 char_val(uint8 X)
{
return (uint) (X >= '0' && X <= '9' ? X-'0' :
X >= 'A' && X <= 'Z' ? X-'A'+10 : X-'a'+10);
@@ -280,7 +277,10 @@ void make_password_from_salt_323(char *to, const ulong *salt)
}
-/******************* MySQL 4.1.1 authentification routines ******************/
+/*
+ **************** MySQL 4.1.1 authentification routines *************
+*/
+
/*
Generate string of printable random characters of requested length
SYNOPSIS
@@ -315,19 +315,16 @@ void create_random_string(char *to, uint length, struct rand_struct *rand_st)
str, len IN the beginning and the length of the input string
*/
-static
-void
+static void
octet2hex(char *to, const uint8 *str, uint len)
{
- static const char alphabet[] = { '0', '1', '2', '3', '4', '5', '6', '7',
- '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
const uint8 *str_end= str + len;
for (; str != str_end; ++str)
{
- *to++= alphabet[(*str & 0xF0) >> 4];
- *to++= alphabet[*str & 0x0F];
+ *to++= _dig_vec[(*str & 0xF0) >> 4];
+ *to++= _dig_vec[*str & 0x0F];
}
- *to++= '\0';
+ *to= '\0';
}
@@ -341,15 +338,14 @@ octet2hex(char *to, const uint8 *str, uint len)
overlap; len % 2 == 0
*/
-static
-void
+static void
hex2octet(uint8 *to, const char *str, uint len)
{
const char *str_end= str + len;
while (str < str_end)
{
- *to= char_val(*str++) << 4;
- *to++|= char_val(*str++);
+ register char tmp= char_val(*str++);
+ *to++= (tmp << 4) | char_val(*str++);
}
}
@@ -366,9 +362,8 @@ hex2octet(uint8 *to, const char *str, uint len)
len IN length of s1 and s2
*/
-static
-void
-my_crypt(char *to, const uint8 *s1, const uint8 *s2, uint len)
+static void
+my_crypt(char *to, const uchar *s1, const uchar *s2, uint len)
{
const uint8 *s1_end= s1 + len;
while (s1 < s1_end)
@@ -447,7 +442,7 @@ scramble(char *to, const char *message, const char *password)
sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
/* xor allows 'from' and 'to' overlap: lets take advantage of it */
sha1_result(&sha1_context, (uint8 *) to);
- my_crypt(to, (const uint8 *) to, hash_stage1, SCRAMBLE_LENGTH);
+ my_crypt(to, (const uchar *) to, hash_stage1, SCRAMBLE_LENGTH);
}
@@ -459,11 +454,13 @@ scramble(char *to, const char *message, const char *password)
long (if not, something fishy is going on).
SYNOPSIS
check_scramble()
- scramble IN clients' reply, presumably produced by scramble()
- message IN original random string, previously sent to client
- (presumably second argument of scramble()), must be
- exactly SCRAMBLE_LENGTH long and NULL-terminated.
- hash_stage2 IN hex2octet-decoded database entry
+ scramble clients' reply, presumably produced by scramble()
+ message original random string, previously sent to client
+ (presumably second argument of scramble()), must be
+ exactly SCRAMBLE_LENGTH long and NULL-terminated.
+ hash_stage2 hex2octet-decoded database entry
+ All params are IN.
+
RETURN VALUE
0 password is correct
!0 password is invalid
@@ -483,7 +480,7 @@ check_scramble(const char *scramble, const char *message,
sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
sha1_result(&sha1_context, buf);
/* encrypt scramble */
- my_crypt((char *) buf, buf, (const uint8 *) scramble, SCRAMBLE_LENGTH);
+ my_crypt((char *) buf, buf, (const uchar *) scramble, SCRAMBLE_LENGTH);
/* now buf supposedly contains hash_stage1: so we can get hash_stage2 */
sha1_reset(&sha1_context);
sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);