From 6e35c1a95e3f818f80453d441397c0f079ada189 Mon Sep 17 00:00:00 2001 From: "peter@mysql.com" <> Date: Thu, 26 Dec 2002 19:12:57 +0300 Subject: [PATCH 1/2] Add proper error message for old client connecting new server using user which has password in new format SCRUM --- include/mysqld_error.h | 3 ++- sql/share/czech/errmsg.txt | 1 + sql/share/danish/errmsg.txt | 1 + sql/share/dutch/errmsg.txt | 1 + sql/share/english/errmsg.txt | 1 + sql/share/estonian/errmsg.txt | 1 + sql/share/french/errmsg.txt | 1 + sql/share/german/errmsg.txt | 1 + sql/share/greek/errmsg.txt | 1 + sql/share/hungarian/errmsg.txt | 1 + sql/share/italian/errmsg.txt | 1 + sql/share/japanese/errmsg.txt | 1 + sql/share/korean/errmsg.txt | 1 + sql/share/norwegian-ny/errmsg.txt | 1 + sql/share/norwegian/errmsg.txt | 1 + sql/share/polish/errmsg.txt | 1 + sql/share/portuguese/errmsg.txt | 1 + sql/share/romanian/errmsg.txt | 1 + sql/share/russian/errmsg.txt | 1 + sql/share/serbian/errmsg.txt | 1 + sql/share/slovak/errmsg.txt | 1 + sql/share/spanish/errmsg.txt | 1 + sql/share/swedish/errmsg.txt | 1 + sql/share/ukrainian/errmsg.txt | 1 + sql/sql_parse.cc | 43 +++++++++++++++++++------------ 25 files changed, 52 insertions(+), 17 deletions(-) diff --git a/include/mysqld_error.h b/include/mysqld_error.h index 81a24e89164..377f714bfff 100644 --- a/include/mysqld_error.h +++ b/include/mysqld_error.h @@ -265,4 +265,5 @@ #define ER_DERIVED_MUST_HAVE_ALIAS 1246 #define ER_SELECT_REDUCED 1247 #define ER_TABLENAME_NOT_ALLOWED_HERE 1248 -#define ER_ERROR_MESSAGES 249 +#define ER_NOT_SUPPORTED_AUTH_MODE 1249 +#define ER_ERROR_MESSAGES 250 diff --git a/sql/share/czech/errmsg.txt b/sql/share/czech/errmsg.txt index c1ee8b12e7f..6c3196bfeba 100644 --- a/sql/share/czech/errmsg.txt +++ b/sql/share/czech/errmsg.txt @@ -259,3 +259,4 @@ v/* "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/danish/errmsg.txt b/sql/share/danish/errmsg.txt index 17c1dd76474..dcc016511dd 100644 --- a/sql/share/danish/errmsg.txt +++ b/sql/share/danish/errmsg.txt @@ -253,3 +253,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/dutch/errmsg.txt b/sql/share/dutch/errmsg.txt index a2ef2b0923d..6091616fc4a 100644 --- a/sql/share/dutch/errmsg.txt +++ b/sql/share/dutch/errmsg.txt @@ -261,3 +261,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/english/errmsg.txt b/sql/share/english/errmsg.txt index eabbb6c1eeb..d235f8f49a5 100644 --- a/sql/share/english/errmsg.txt +++ b/sql/share/english/errmsg.txt @@ -250,3 +250,4 @@ "Every derived table must have it's own alias", "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/estonian/errmsg.txt b/sql/share/estonian/errmsg.txt index 367bda922f3..43eb5de89a5 100644 --- a/sql/share/estonian/errmsg.txt +++ b/sql/share/estonian/errmsg.txt @@ -255,3 +255,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/french/errmsg.txt b/sql/share/french/errmsg.txt index 93009f564e6..d7bb19c2876 100644 --- a/sql/share/french/errmsg.txt +++ b/sql/share/french/errmsg.txt @@ -250,3 +250,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/german/errmsg.txt b/sql/share/german/errmsg.txt index 24ee7a99409..765fbd875e2 100644 --- a/sql/share/german/errmsg.txt +++ b/sql/share/german/errmsg.txt @@ -260,3 +260,4 @@ "FЭr jede abgeleitete Tabelle muss ein eigener Alias angegeben werden.", "Select %u wurde wДhrend der Optimierung reduziert.", "Tabelle '%-.64s', die in einem der SELECT-Befehle verwendet wurde kann nicht in %-.32s verwendet werden." +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/greek/errmsg.txt b/sql/share/greek/errmsg.txt index ffed9111859..8831d4e47b9 100644 --- a/sql/share/greek/errmsg.txt +++ b/sql/share/greek/errmsg.txt @@ -250,3 +250,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/hungarian/errmsg.txt b/sql/share/hungarian/errmsg.txt index a597e3870b5..8d6c321d316 100644 --- a/sql/share/hungarian/errmsg.txt +++ b/sql/share/hungarian/errmsg.txt @@ -252,3 +252,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/italian/errmsg.txt b/sql/share/italian/errmsg.txt index 84b4d02dc9e..56b3018e3a6 100644 --- a/sql/share/italian/errmsg.txt +++ b/sql/share/italian/errmsg.txt @@ -250,3 +250,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/japanese/errmsg.txt b/sql/share/japanese/errmsg.txt index f339faf5fc4..70ab2d6d42d 100644 --- a/sql/share/japanese/errmsg.txt +++ b/sql/share/japanese/errmsg.txt @@ -252,3 +252,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/korean/errmsg.txt b/sql/share/korean/errmsg.txt index 855f157d3b5..c18c3ed3873 100644 --- a/sql/share/korean/errmsg.txt +++ b/sql/share/korean/errmsg.txt @@ -250,3 +250,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/norwegian-ny/errmsg.txt b/sql/share/norwegian-ny/errmsg.txt index d930ec5ab74..9cd99613f52 100644 --- a/sql/share/norwegian-ny/errmsg.txt +++ b/sql/share/norwegian-ny/errmsg.txt @@ -252,3 +252,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/norwegian/errmsg.txt b/sql/share/norwegian/errmsg.txt index 15bc59c39dc..32fe6c30b34 100644 --- a/sql/share/norwegian/errmsg.txt +++ b/sql/share/norwegian/errmsg.txt @@ -252,3 +252,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/polish/errmsg.txt b/sql/share/polish/errmsg.txt index 95315516cda..4b59a62f991 100644 --- a/sql/share/polish/errmsg.txt +++ b/sql/share/polish/errmsg.txt @@ -254,3 +254,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/portuguese/errmsg.txt b/sql/share/portuguese/errmsg.txt index 47dc0ed569d..7236bd86652 100644 --- a/sql/share/portuguese/errmsg.txt +++ b/sql/share/portuguese/errmsg.txt @@ -250,3 +250,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/romanian/errmsg.txt b/sql/share/romanian/errmsg.txt index 722efe4f83f..0b8bbe1c219 100644 --- a/sql/share/romanian/errmsg.txt +++ b/sql/share/romanian/errmsg.txt @@ -254,3 +254,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/russian/errmsg.txt b/sql/share/russian/errmsg.txt index ddbb5bdbe5d..2f1eedd207c 100644 --- a/sql/share/russian/errmsg.txt +++ b/sql/share/russian/errmsg.txt @@ -253,3 +253,4 @@ "Every derived table must have it's own alias" "Select %u был упразднен в процессе оптимизации", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/serbian/errmsg.txt b/sql/share/serbian/errmsg.txt index c9ab4d8f656..75cfd73f3f0 100644 --- a/sql/share/serbian/errmsg.txt +++ b/sql/share/serbian/errmsg.txt @@ -246,3 +246,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/slovak/errmsg.txt b/sql/share/slovak/errmsg.txt index 0d6a847a341..de354f234c7 100644 --- a/sql/share/slovak/errmsg.txt +++ b/sql/share/slovak/errmsg.txt @@ -258,3 +258,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/spanish/errmsg.txt b/sql/share/spanish/errmsg.txt index cc56e1f6aef..a528c3e6b36 100644 --- a/sql/share/spanish/errmsg.txt +++ b/sql/share/spanish/errmsg.txt @@ -251,3 +251,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/swedish/errmsg.txt b/sql/share/swedish/errmsg.txt index b792864b9f4..5473f4e8e42 100644 --- a/sql/share/swedish/errmsg.txt +++ b/sql/share/swedish/errmsg.txt @@ -250,3 +250,4 @@ "Every derived table must have it's own alias" "Select %u was reduced during optimisation", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/share/ukrainian/errmsg.txt b/sql/share/ukrainian/errmsg.txt index 2b6825adb8a..0b91786d1f3 100644 --- a/sql/share/ukrainian/errmsg.txt +++ b/sql/share/ukrainian/errmsg.txt @@ -255,3 +255,4 @@ "Every derived table must have it's own alias" "Select %u was скасовано при оптимiзацii", "Table '%-.64s' from one of SELECT's can not be used in %-.32s" +"Client does not support authentication protocol requested by server. Consider upgrading MySQL client" \ No newline at end of file diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index f8a3350f051..e4531e7a2bf 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -189,9 +189,9 @@ end: static int check_user(THD *thd,enum_server_command command, const char *user, const char *passwd, const char *db, bool check_count, - bool do_send_error, char* crypted_scramble, - bool had_password,uint *cur_priv_version, - ACL_USER** hint_user) + bool simple_connect, bool do_send_error, + char* crypted_scramble, bool had_password, + uint *cur_priv_version, ACL_USER** hint_user) { thd->db=0; thd->db_length=0; @@ -222,14 +222,23 @@ static int check_user(THD *thd,enum_server_command command, const char *user, { if (do_send_error) { - net_printf(thd, ER_ACCESS_DENIED_ERROR, - thd->user, - thd->host_or_ip, - had_password ? ER(ER_YES) : ER(ER_NO)); - mysql_log.write(thd,COM_CONNECT,ER(ER_ACCESS_DENIED_ERROR), - thd->user, - thd->host_or_ip, - had_password ? ER(ER_YES) : ER(ER_NO)); + /* Old client should get nicer error message if password version is not supported*/ + if (simple_connect && *hint_user && (*hint_user)->pversion) + { + net_printf(thd, ER_NOT_SUPPORTED_AUTH_MODE); + mysql_log.write(thd,COM_CONNECT,ER(ER_NOT_SUPPORTED_AUTH_MODE)); + } + else + { + net_printf(thd, ER_ACCESS_DENIED_ERROR, + thd->user, + thd->host_or_ip, + had_password ? ER(ER_YES) : ER(ER_NO)); + mysql_log.write(thd,COM_CONNECT,ER(ER_ACCESS_DENIED_ERROR), + thd->user, + thd->host_or_ip, + had_password ? ER(ER_YES) : ER(ER_NO)); + } return(1); // Error already given } else @@ -638,8 +647,9 @@ check_connections(THD *thd) /* Store information if we used password. passwd will be dammaged */ bool using_password=test(passwd[0]); /* Check user permissions. If password failure we'll get scramble back */ - if (check_user(thd,COM_CONNECT, user, passwd, db, 1, simple_connect, - prepared_scramble,using_password,&cur_priv_version,&cached_user)<0) + if (check_user(thd, COM_CONNECT, user, passwd, db, 1, simple_connect, + simple_connect, prepared_scramble, using_password, &cur_priv_version, + &cached_user)<0) { /* If The client is old we just have to return error */ if (simple_connect) @@ -679,7 +689,7 @@ check_connections(THD *thd) } /* Final attempt to check the user based on reply */ if (check_user(thd,COM_CONNECT, tmp_user, (char*)net->read_pos, - tmp_db, 1, 1,prepared_scramble,using_password,&cur_priv_version, + tmp_db, 1, 0, 1, prepared_scramble, using_password, &cur_priv_version, &cached_user)) return -1; } @@ -1077,7 +1087,8 @@ bool dispatch_command(enum enum_server_command command, THD *thd, Do not retry if we already have sent error (result>0) */ if (check_user(thd,COM_CHANGE_USER, user, passwd, db, 0, simple_connect, - prepared_scramble,using_password,&cur_priv_version,&cached_user)<0) + simple_connect, prepared_scramble, using_password, &cur_priv_version, + &cached_user)<0) { /* If The client is old we just have to have auth failure */ if (simple_connect) @@ -1112,7 +1123,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, /* Final attempt to check the user based on reply */ if (check_user(thd,COM_CHANGE_USER, tmp_user, (char*)net->read_pos, - tmp_db, 0, 1,prepared_scramble,using_password,&cur_priv_version, + tmp_db, 0, 0, 1, prepared_scramble, using_password, &cur_priv_version, &cached_user)) goto restore_user; } From 6bc97ffaeea90ef3d82604454fb3ea38ee5605e4 Mon Sep 17 00:00:00 2001 From: "peter@mysql.com" <> Date: Fri, 27 Dec 2002 19:47:23 +0300 Subject: [PATCH 2/2] SCRUM Add optional second parameter to password() function. It can be used to force password() to return fixed values. --- mysql-test/r/func_crypt.result | 11 +++++++- mysql-test/t/func_crypt.test | 7 ++++- sql/item_strfunc.cc | 48 +++++++++++++++++++++++++++++----- sql/item_strfunc.h | 1 + sql/sql_yacc.yy | 6 ++--- 5 files changed, 61 insertions(+), 12 deletions(-) diff --git a/mysql-test/r/func_crypt.result b/mysql-test/r/func_crypt.result index ad3a64ccd1d..461ae1e7e09 100644 --- a/mysql-test/r/func_crypt.result +++ b/mysql-test/r/func_crypt.result @@ -1,6 +1,15 @@ select length(encrypt('foo', 'ff')) <> 0; length(encrypt('foo', 'ff')) <> 0 1 -select old_password('test'),length(password("1")),length(encrypt('test')),encrypt('test','aa'); +select password("a",""), password("a",NULL), password("","a"), password(NULL,"a"); +password("a","") password("a",NULL) password("","a") password(NULL,"a") +*2517f7235d68d4ba2e5019c93420523101157a792c01 NULL NULL +select password("aaaaaaaaaaaaaaaa","a"), password("a","aaaaaaaaaaaaaaaa"); +password("aaaaaaaaaaaaaaaa","a") password("a","aaaaaaaaaaaaaaaa") +*2cd3b9a44e9a9994789a30f935c92f45a96c5472f381 *37c7c5c794ff144819f2531bf03c57772cd84e40db09 +select old_password('test'), length(password("1")), length(encrypt('test')), encrypt('test','aa'); old_password('test') length(password("1")) length(encrypt('test')) encrypt('test','aa') 378b243e220ca493 45 13 aaqPiZY5xR5l. +select old_password(""), old_password(NULL), password(""), password(NULL); +old_password("") old_password(NULL) password("") password(NULL) + NULL NULL diff --git a/mysql-test/t/func_crypt.test b/mysql-test/t/func_crypt.test index 812bdade39f..af0ef661d06 100644 --- a/mysql-test/t/func_crypt.test +++ b/mysql-test/t/func_crypt.test @@ -1,3 +1,8 @@ select length(encrypt('foo', 'ff')) <> 0; --replace_result $1$aa$4OSUA5cjdx0RUQ08opV27/ aaqPiZY5xR5l. -select old_password('test'),length(password("1")),length(encrypt('test')),encrypt('test','aa'); + +# Test new and old password handling functions +select password("a",""), password("a",NULL), password("","a"), password(NULL,"a"); +select password("aaaaaaaaaaaaaaaa","a"), password("a","aaaaaaaaaaaaaaaa"); +select old_password('test'), length(password("1")), length(encrypt('test')), encrypt('test','aa'); +select old_password(""), old_password(NULL), password(""), password(NULL); diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 78689bb3044..17112e18456 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -1271,18 +1271,52 @@ String *Item_func_trim::val_str(String *str) return &tmp_value; } +/* + Password() function can have 2 args now. Second argument can be used + to make results repeatable +*/ String *Item_func_password::val_str(String *str) { - String *res =args[0]->val_str(str); + struct rand_struct rand_st; // local structure for 2 param version + ulong seed=0; // seed to initialise random generator to + if ((null_value=args[0]->null_value)) return 0; - if (res->length() == 0) - return &empty_string; - make_scrambled_password(tmp_value,res->c_ptr(),opt_old_passwords, - ¤t_thd->rand); - str->set(tmp_value,get_password_length(opt_old_passwords),res->charset()); - return str; + + if (arg_count == 1) + { + String *res =args[0]->val_str(str); + if (res->length() == 0) + return &empty_string; + make_scrambled_password(tmp_value,res->c_ptr(),opt_old_passwords, + ¤t_thd->rand); + str->set(tmp_value,get_password_length(opt_old_passwords),res->charset()); + return str; + } + else + { + /* Check second argument for NULL value. First one is already checked */ + if ((null_value=args[1]->null_value)) + return 0; + /* Generate the seed first this allows to avoid double allocation */ + char* seed_ptr=args[1]->val_str(str)->c_ptr(); + while (*seed_ptr) + { + seed=seed*211+*seed_ptr; /* Use simple hashing */ + seed_ptr++; + } + /* Use constants which allow nice random values even with small seed */ + randominit(&rand_st,seed*111111+33333333L,seed*1111+55555555L); + + String *res =args[0]->val_str(str); + if (res->length() == 0) + return &empty_string; + make_scrambled_password(tmp_value,res->c_ptr(),opt_old_passwords, + &rand_st); + str->set(tmp_value,get_password_length(opt_old_passwords),res->charset()); + return str; + } } String *Item_func_old_password::val_str(String *str) diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h index c8706c2c933..e11cde52a88 100644 --- a/sql/item_strfunc.h +++ b/sql/item_strfunc.h @@ -257,6 +257,7 @@ class Item_func_password :public Item_str_func char tmp_value[64]; /* This should be enough for new password format */ public: Item_func_password(Item *a) :Item_str_func(a) {} + Item_func_password(Item *a, Item *b) :Item_str_func(a,b) {} String *val_str(String *); void fix_length_and_dec() { max_length = get_password_length(opt_old_passwords); } const char *func_name() const { return "password"; } diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 55f165c0739..b720c9ed4b8 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -2201,9 +2201,9 @@ simple_expr: | NOW_SYM '(' expr ')' { $$= new Item_func_now($3); Lex->safe_to_cache_query=0;} | PASSWORD '(' expr ')' - { - $$= new Item_func_password($3); - } + { $$= new Item_func_password($3); } + | PASSWORD '(' expr ',' expr ')' + { $$= new Item_func_password($3,$5); } | POINTFROMTEXT '(' expr ')' { $$= new Item_func_geometry_from_text($3); } | POINTFROMTEXT '(' expr ',' expr ')'