From 2b0a481c98a144973570a182fb94381864cf4593 Mon Sep 17 00:00:00 2001
From: unknown <kostja@oak.local>
Date: Tue, 1 Jul 2003 23:40:59 +0400
Subject: First version of new authentification procedure: now authentification
 is one-stage (instead of two-stage in 4.1)

For now following tasks have been done:
- PASSWORD() function was rewritten. PASSWORD() now returns SHA1
  hash_stage2; for new passwords user.password contains '*'hash_stage2; sql_yacc.yy also fixed;

- password.c: new functions were implemented, old rolled back to 4.0 state

- server code was rewritten to use new authorization algorithm (check_user(), change
  user, and other stuff in sql/sql_parse.cc)

- client code was rewritten to use new authorization algorithm
  (mysql_real_connect, myslq_authenticate in sql-common/client.c)

- now server barks on 45-byte-length 4.1.0 passwords and refuses 4.1.0-style
  authentification. Users with 4.1.0 passwords are blocked (sql/sql_acl.cc)

- mysqladmin.c was fixed to work correctly with new passwords

Tests for 4.0-4.1.1, 4.1.1-4.1.1 (with or without db/password) logons was performed;
mysqladmin also was tested. Additional check are nevertheless necessary.


BitKeeper/etc/ignore:
  Added start_mysqld.sh mysys/main.cc to the ignore list
client/mysqladmin.c:
  fixed with new password api
include/mysql.h:
  So as scramble_323 accepts only null-terminated message, two scramble buffs are necessary.
  gotta be fixed
include/mysql_com.h:
  new constants and password.c api changes
libmysql/libmysql.c:
  mysql_change_user rewritten to work with new password api
scripts/mysql_create_system_tables.sh:
  fixed 'Password' column length to 41
scripts/mysql_fix_privilege_tables.sql:
  fixed 'Password' column length to 41
sql-common/client.c:
  mysql_real_connect rewritten to support new handshake procedure
sql/item_strfunc.cc:
  Item_func_password and Item_func_old_password rewritten with new password api
sql/item_strfunc.h:
  bit commented, numbers replaced with #defined constants
sql/mysql_priv.h:
  removed unnecessary declaration as now all constants defined is in mysql_com.h
sql/mysqld.cc:
  scramble initialization moved to sql_parce.cc:check_connection
sql/password.c:
  All 4.1 functions were rolled back to 4.0 with attempt to save all possible 4.0-4.1 changes.
  Names for 4.0 functions were suffixed with '_323'
  Functions for new handshake were added.
sql/slave.cc:
  Fixed to new constant; Bug #766 remains to be fixed
sql/slave.h:
  fixed to new constant; Buf #766 remains to be fixed
sql/sql_acl.cc:
  rewritten to support new passwords (41 byte-long) and password api
sql/sql_acl.h:
  ditto
sql/sql_class.cc:
  initialization for new members added
sql/sql_class.h:
  same thing as in struct mysql - scramble is used for new family of functions, scramble_323 - for old
sql/sql_parse.cc:
  check_connections was renamed to check_connection as this name reflects better what this function does
  authorization part of check_connection was rewritten
  check_user was rewritten with new password and acl api
  new function 'authenticate', which optionally re-request scramble from client was added
  fixed some typos
  COM_CHANGE_USER piece of dipsatch_command() was rewritten
sql/sql_repl.h:
  HASH_PASSWORD_LENGTH replaced with SCRAMBLED_PASSWORD_CHAR_LENGTH
  bug #766 remains
sql/sql_yacc.yy:
  Two-argument form of PASSWORD() was removed
  PASSWORD() function was fixed with new password api.
BitKeeper/etc/logging_ok:
  Logging to logging@openlogging.org accepted
---
 sql/sql_acl.h | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

(limited to 'sql/sql_acl.h')

diff --git a/sql/sql_acl.h b/sql/sql_acl.h
index e6c6771253c..3370797820a 100644
--- a/sql/sql_acl.h
+++ b/sql/sql_acl.h
@@ -111,9 +111,9 @@ public:
   acl_host_and_ip host;
   uint hostname_length;
   USER_RESOURCES user_resource;
-  char *user,*password;
-  ulong salt[6]; // New password has longer length
-  uint8 pversion; // password version
+  char *user;
+  uint8 salt[SCRAMBLE_LENGTH+1];       // scrambled password in binary form
+  uint8 salt_len;        // 0 - no password, 4 - 3.20, 8 - 3.23, 20 - 4.1.1 
   enum SSL_type ssl_type;
   const char *ssl_cipher, *x509_issuer, *x509_subject;
 };
@@ -135,11 +135,8 @@ void acl_reload(THD *thd);
 void acl_free(bool end=0);
 ulong acl_get(const char *host, const char *ip, const char *bin_ip,
 	      const char *user, const char *db);
-ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
-		  const char *password,const char *scramble,
-                  char **priv_user, char *priv_host,
-		  bool old_ver, USER_RESOURCES *max,char* prepared_scramble,
-                  uint *cur_priv_version, ACL_USER **cached_user);
+int acl_getroot(THD *thd, USER_RESOURCES *mqh,
+                const char *passwd, uint passwd_len, bool old_ver);
 bool acl_check_host(const char *host, const char *ip);
 bool check_change_password(THD *thd, const char *host, const char *user);
 bool change_password(THD *thd, const char *host, const char *user,
-- 
cgit v1.2.1