mirror of
https://github.com/MariaDB/server.git
synced 2025-01-17 12:32:27 +01:00
16115af97c
Fixed problem with LIKE with latin1_de Added parsing support of UNSIGNED LONG LONG Docs/manual.texi: Changelog client/client_priv.h: Changed to use my_global.h client/completion_hash.cc: Changed to use my_global.h client/errmsg.c: Changed to use my_global.h client/get_password.c: Changed to use my_global.h client/mysqldump.c: Changed to use my_global.h client/mysqlshow.c: Changed to use my_global.h client/mysqltest.c: Changed to use my_global.h client/password.c: Changed to use my_global.h client/readline.cc: Changed to use my_global.h client/sql_string.cc: Changed to use my_global.h client/thimble.cc: Changed to use my_global.h client/thread_test.c: Changed to use my_global.h dbug/dbug.c: Changed to use my_global.h dbug/dbug_analyze.c: Changed to use my_global.h dbug/example1.c: Changed to use my_global.h dbug/example2.c: Changed to use my_global.h dbug/example3.c: Changed to use my_global.h dbug/factorial.c: Changed to use my_global.h dbug/main.c: Changed to use my_global.h dbug/sanity.c: Changed to use my_global.h extra/comp_err.c: Changed to use my_global.h extra/my_print_defaults.c: Changed to use my_global.h extra/perror.c: Changed to use my_global.h extra/replace.c: Changed to use my_global.h extra/resolve_stack_dump.c: Changed to use my_global.h extra/resolveip.c: Changed to use my_global.h fs/libmysqlfs.h: Changed to use my_global.h fs/mysqlcorbafs.h: Changed to use my_global.h heap/hp_test1.c: Changed to use my_global.h include/Makefile.am: Changed to use my_global.h include/m_ctype.h: Changed to use my_global.h include/my_base.h: Changed to use my_global.h innobase/include/univ.i: Changed to use my_global.h libmysql/dll.c: Changed to use my_global.h libmysql/errmsg.c: Changed to use my_global.h libmysql/get_password.c: Changed to use my_global.h libmysql/libmysql.c: Changed to use my_global.h libmysql/net.c: Changed to use my_global.h libmysql/password.c: Changed to use my_global.h libmysqld/lib_sql.cc: Changed to use my_global.h libmysqld/lib_vio.c: Changed to use my_global.h libmysqld/libmysqld.c: Changed to use my_global.h mysql-test/mysql-test-run.sh: Changed to use latin1 as default character set mysql-test/r/ctype_latin1_de.result: Changed to use my_global.h mysql-test/r/func_like.result: New test mysql-test/t/ctype_latin1_de.test: Added test of part keys mysql-test/t/func_like.test: New test mysys/checksum.c: Changed to use my_global.h mysys/getopt.c: Changed to use my_global.h mysys/getopt1.c: Changed to use my_global.h mysys/make-conf.c: Changed to use my_global.h mysys/my_alloc.c: Changed to use my_global.h mysys/my_clock.c: Changed to use my_global.h mysys/my_compress.c: Changed to use my_global.h mysys/mysys_priv.h: Changed to use my_global.h mysys/test_charset.c: Changed to use my_global.h mysys/testhash.c: Changed to use my_global.h mysys/thr_alarm.c: Changed to use my_global.h mysys/thr_mutex.c: Changed to use my_global.h regex/debug.c: Changed to use my_global.h regex/main.c: Changed to use my_global.h regex/regcomp.c: Changed to use my_global.h regex/regerror.c: Changed to use my_global.h regex/regexec.c: Changed to use my_global.h regex/regexp.c: Changed to use my_global.h regex/regfree.c: Changed to use my_global.h regex/reginit.c: Changed to use my_global.h sql/cache_manager.cc: Changed to use my_global.h sql/gen_lex_hash.cc: Changed to use my_global.h sql/ha_berkeley.cc: Fixed problem with UNIQUE keys that could contain NULL sql/ha_gemini.h: Changed to use my_global.h sql/handler.cc: Fixed problem after merge sql/item.cc: Added Item_unit sql/item.h: Added Item_uint sql/matherr.c: Changed to use my_global.h sql/md5.c: Changed to use my_global.h sql/mini_client.cc: Changed to use my_global.h sql/my_lock.c: Changed to use my_global.h sql/mysql_priv.h: Changed to use my_global.h sql/net_serv.cc: Changed to use my_global.h sql/password.c: Changed to use my_global.h sql/sql_lex.cc: Added parsing support of UNSIGNED LONG LONG sql/sql_show.cc: Changed to use my_global.h sql/sql_string.cc: Changed to use my_global.h sql/sql_yacc.yy: Added usage of Int_uint sql/stacktrace.c: Changed to use my_global.h sql/udf_example.cc: Changed to use my_global.h strings/atof.c: Changed to use my_global.h strings/bchange.c: Changed to use my_global.h strings/bcmp.c: Changed to use my_global.h strings/bfill.c: Changed to use my_global.h strings/bmove.c: Changed to use my_global.h strings/bmove512.c: Changed to use my_global.h strings/bmove_upp.c: Changed to use my_global.h strings/ctype-big5.c: Changed to use my_global.h strings/ctype-czech.c: Changed to use my_global.h strings/ctype-euc_kr.c: Changed to use my_global.h strings/ctype-gb2312.c: Changed to use my_global.h strings/ctype-gbk.c: Changed to use my_global.h strings/ctype-latin1_de.c: Fixed problem with LIKE strings/ctype-sjis.c: Changed to use my_global.h strings/ctype-tis620.c: Changed to use my_global.h strings/ctype-ujis.c: Changed to use my_global.h strings/ctype.c: Changed to use my_global.h strings/do_ctype.c: Changed to use my_global.h strings/int2str.c: Changed to use my_global.h strings/is_prefix.c: Changed to use my_global.h strings/llstr.c: Changed to use my_global.h strings/longlong2str.c: Changed to use my_global.h strings/r_strinstr.c: Changed to use my_global.h strings/str2int.c: Changed to use my_global.h strings/str_test.c: Changed to use my_global.h strings/strappend.c: Changed to use my_global.h strings/strcend.c: Changed to use my_global.h strings/strcont.c: Changed to use my_global.h strings/strend.c: Changed to use my_global.h strings/strfill.c: Changed to use my_global.h strings/strings-not-used.h: Changed to use my_global.h strings/strinstr.c: Changed to use my_global.h strings/strmake.c: Changed to use my_global.h strings/strmov.c: Changed to use my_global.h strings/strnlen.c: Changed to use my_global.h strings/strnmov.c: Changed to use my_global.h strings/strstr.c: Changed to use my_global.h strings/strto.c: Changed to use my_global.h strings/strtol.c: Changed to use my_global.h strings/strtoll.c: Changed to use my_global.h strings/strtoul.c: Changed to use my_global.h strings/strtoull.c: Changed to use my_global.h strings/strxmov.c: Changed to use my_global.h strings/strxnmov.c: Changed to use my_global.h strings/udiv.c: Changed to use my_global.h tools/mysqlmanager.c: Changed to use my_global.h vio/test-ssl.c: Changed to use my_global.h vio/test-sslclient.c: Changed to use my_global.h vio/test-sslserver.c: Changed to use my_global.h vio/test-ssl: Changed to use my_global.h vio/vio.c: Changed to use my_global.h vio/viosocket.c: Changed to use my_global.h vio/viossl.c: Changed to use my_global.h vio/viosslfactories.c: Changed to use my_global.h vio/viotest-ssl.c: Changed to use my_global.h
192 lines
5.6 KiB
C
192 lines
5.6 KiB
C
/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Library General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2 of the License, or (at your option) any later version.
|
|
|
|
This library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Library General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Library General Public
|
|
License along with this library; if not, write to the Free
|
|
Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
|
|
MA 02111-1307, USA */
|
|
|
|
/* password checking routines */
|
|
/*****************************************************************************
|
|
The main idea is that no password are sent between client & server on
|
|
connection and that no password are saved in mysql in a decodable form.
|
|
|
|
On connection a random string is generated and sent to the client.
|
|
The client generates a new string with a random generator inited with
|
|
the hash values from the password and the sent string.
|
|
This 'check' string is sent to the server where it is compared with
|
|
a string generated from the stored hash_value of the password and the
|
|
random string.
|
|
|
|
The password is saved (in user.password) by using the PASSWORD() function in
|
|
mysql.
|
|
|
|
Example:
|
|
update user set password=PASSWORD("hello") where user="test"
|
|
This saves a hashed number as a string in the password field.
|
|
*****************************************************************************/
|
|
|
|
#include <my_global.h>
|
|
#include <my_sys.h>
|
|
#include <m_string.h>
|
|
#include "mysql.h"
|
|
|
|
|
|
void randominit(struct rand_struct *rand_st,ulong seed1, ulong seed2)
|
|
{ /* For mysql 3.21.# */
|
|
#ifdef HAVE_purify
|
|
bzero((char*) rand_st,sizeof(*rand_st)); /* Avoid UMC varnings */
|
|
#endif
|
|
rand_st->max_value= 0x3FFFFFFFL;
|
|
rand_st->max_value_dbl=(double) rand_st->max_value;
|
|
rand_st->seed1=seed1%rand_st->max_value ;
|
|
rand_st->seed2=seed2%rand_st->max_value;
|
|
}
|
|
|
|
static void old_randominit(struct rand_struct *rand_st,ulong seed1)
|
|
{ /* For mysql 3.20.# */
|
|
rand_st->max_value= 0x01FFFFFFL;
|
|
rand_st->max_value_dbl=(double) rand_st->max_value;
|
|
seed1%=rand_st->max_value;
|
|
rand_st->seed1=seed1 ; rand_st->seed2=seed1/2;
|
|
}
|
|
|
|
double rnd(struct rand_struct *rand_st)
|
|
{
|
|
rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
|
|
rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
|
|
return (((double) rand_st->seed1)/rand_st->max_value_dbl);
|
|
}
|
|
|
|
void hash_password(ulong *result, const char *password)
|
|
{
|
|
register ulong nr=1345345333L, add=7, nr2=0x12345671L;
|
|
ulong tmp;
|
|
for (; *password ; password++)
|
|
{
|
|
if (*password == ' ' || *password == '\t')
|
|
continue; /* skipp space in password */
|
|
tmp= (ulong) (uchar) *password;
|
|
nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
|
|
nr2+=(nr2 << 8) ^ nr;
|
|
add+=tmp;
|
|
}
|
|
result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
|
|
result[1]=nr2 & (((ulong) 1L << 31) -1L);
|
|
return;
|
|
}
|
|
|
|
void make_scrambled_password(char *to,const char *password)
|
|
{
|
|
ulong hash_res[2];
|
|
hash_password(hash_res,password);
|
|
sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
|
|
}
|
|
|
|
static inline uint char_val(char X)
|
|
{
|
|
return (uint) (X >= '0' && X <= '9' ? X-'0' :
|
|
X >= 'A' && X <= 'Z' ? X-'A'+10 :
|
|
X-'a'+10);
|
|
}
|
|
|
|
/*
|
|
** This code assumes that len(password) is divideable with 8 and that
|
|
** res is big enough (2 in mysql)
|
|
*/
|
|
|
|
void get_salt_from_password(ulong *res,const char *password)
|
|
{
|
|
res[0]=res[1]=0;
|
|
if (password)
|
|
{
|
|
while (*password)
|
|
{
|
|
ulong val=0;
|
|
uint i;
|
|
for (i=0 ; i < 8 ; i++)
|
|
val=(val << 4)+char_val(*password++);
|
|
*res++=val;
|
|
}
|
|
}
|
|
return;
|
|
}
|
|
|
|
void make_password_from_salt(char *to, ulong *hash_res)
|
|
{
|
|
sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
|
|
}
|
|
|
|
|
|
/*
|
|
* Genererate a new message based on message and password
|
|
* The same thing is done in client and server and the results are checked.
|
|
*/
|
|
|
|
char *scramble(char *to,const char *message,const char *password,
|
|
my_bool old_ver)
|
|
{
|
|
struct rand_struct rand_st;
|
|
ulong hash_pass[2],hash_message[2];
|
|
if (password && password[0])
|
|
{
|
|
char *to_start=to;
|
|
hash_password(hash_pass,password);
|
|
hash_password(hash_message,message);
|
|
if (old_ver)
|
|
old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
|
|
else
|
|
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
|
|
hash_pass[1] ^ hash_message[1]);
|
|
while (*message++)
|
|
*to++= (char) (floor(rnd(&rand_st)*31)+64);
|
|
if (!old_ver)
|
|
{ /* Make it harder to break */
|
|
char extra=(char) (floor(rnd(&rand_st)*31));
|
|
while (to_start != to)
|
|
*(to_start++)^=extra;
|
|
}
|
|
}
|
|
*to=0;
|
|
return to;
|
|
}
|
|
|
|
|
|
my_bool check_scramble(const char *scrambled, const char *message,
|
|
ulong *hash_pass, my_bool old_ver)
|
|
{
|
|
struct rand_struct rand_st;
|
|
ulong hash_message[2];
|
|
char buff[16],*to,extra; /* Big enough for check */
|
|
const char *pos;
|
|
|
|
hash_password(hash_message,message);
|
|
if (old_ver)
|
|
old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
|
|
else
|
|
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
|
|
hash_pass[1] ^ hash_message[1]);
|
|
to=buff;
|
|
for (pos=scrambled ; *pos ; pos++)
|
|
*to++=(char) (floor(rnd(&rand_st)*31)+64);
|
|
if (old_ver)
|
|
extra=0;
|
|
else
|
|
extra=(char) (floor(rnd(&rand_st)*31));
|
|
to=buff;
|
|
while (*scrambled)
|
|
{
|
|
if (*scrambled++ != (char) (*to++ ^ extra))
|
|
return 1; /* Wrong password */
|
|
}
|
|
return 0;
|
|
}
|