mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 12:02:42 +01:00
dbb088b034
For now following tasks have been done: - PASSWORD() function was rewritten. PASSWORD() now returns SHA1 hash_stage2; for new passwords user.password contains '*'hash_stage2; sql_yacc.yy also fixed; - password.c: new functions were implemented, old rolled back to 4.0 state - server code was rewritten to use new authorization algorithm (check_user(), change user, and other stuff in sql/sql_parse.cc) - client code was rewritten to use new authorization algorithm (mysql_real_connect, myslq_authenticate in sql-common/client.c) - now server barks on 45-byte-length 4.1.0 passwords and refuses 4.1.0-style authentification. Users with 4.1.0 passwords are blocked (sql/sql_acl.cc) - mysqladmin.c was fixed to work correctly with new passwords Tests for 4.0-4.1.1, 4.1.1-4.1.1 (with or without db/password) logons was performed; mysqladmin also was tested. Additional check are nevertheless necessary. BitKeeper/etc/ignore: Added start_mysqld.sh mysys/main.cc to the ignore list client/mysqladmin.c: fixed with new password api include/mysql.h: So as scramble_323 accepts only null-terminated message, two scramble buffs are necessary. gotta be fixed include/mysql_com.h: new constants and password.c api changes libmysql/libmysql.c: mysql_change_user rewritten to work with new password api scripts/mysql_create_system_tables.sh: fixed 'Password' column length to 41 scripts/mysql_fix_privilege_tables.sql: fixed 'Password' column length to 41 sql-common/client.c: mysql_real_connect rewritten to support new handshake procedure sql/item_strfunc.cc: Item_func_password and Item_func_old_password rewritten with new password api sql/item_strfunc.h: bit commented, numbers replaced with #defined constants sql/mysql_priv.h: removed unnecessary declaration as now all constants defined is in mysql_com.h sql/mysqld.cc: scramble initialization moved to sql_parce.cc:check_connection sql/password.c: All 4.1 functions were rolled back to 4.0 with attempt to save all possible 4.0-4.1 changes. Names for 4.0 functions were suffixed with '_323' Functions for new handshake were added. sql/slave.cc: Fixed to new constant; Bug #766 remains to be fixed sql/slave.h: fixed to new constant; Buf #766 remains to be fixed sql/sql_acl.cc: rewritten to support new passwords (41 byte-long) and password api sql/sql_acl.h: ditto sql/sql_class.cc: initialization for new members added sql/sql_class.h: same thing as in struct mysql - scramble is used for new family of functions, scramble_323 - for old sql/sql_parse.cc: check_connections was renamed to check_connection as this name reflects better what this function does authorization part of check_connection was rewritten check_user was rewritten with new password and acl api new function 'authenticate', which optionally re-request scramble from client was added fixed some typos COM_CHANGE_USER piece of dipsatch_command() was rewritten sql/sql_repl.h: HASH_PASSWORD_LENGTH replaced with SCRAMBLED_PASSWORD_CHAR_LENGTH bug #766 remains sql/sql_yacc.yy: Two-argument form of PASSWORD() was removed PASSWORD() function was fixed with new password api. BitKeeper/etc/logging_ok: Logging to logging@openlogging.org accepted
558 lines
17 KiB
C
558 lines
17 KiB
C
/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
|
|
|
|
/* password checking routines */
|
|
/*****************************************************************************
|
|
The main idea is that no password are sent between client & server on
|
|
connection and that no password are saved in mysql in a decodable form.
|
|
|
|
On connection a random string is generated and sent to the client.
|
|
The client generates a new string with a random generator inited with
|
|
the hash values from the password and the sent string.
|
|
This 'check' string is sent to the server where it is compared with
|
|
a string generated from the stored hash_value of the password and the
|
|
random string.
|
|
|
|
The password is saved (in user.password) by using the PASSWORD() function in
|
|
mysql.
|
|
|
|
This is .c file because it's used in libmysqlclient, which is entirely in C.
|
|
(we need it to be portable to a variety of systems).
|
|
Example:
|
|
update user set password=PASSWORD("hello") where user="test"
|
|
This saves a hashed number as a string in the password field.
|
|
|
|
The new autentication is performed in following manner:
|
|
|
|
SERVER: public_seed=create_random_string()
|
|
send(public_seed)
|
|
|
|
CLIENT: recv(public_seed)
|
|
hash_stage1=sha1("password")
|
|
hash_stage2=sha1(hash_stage1)
|
|
reply=xor(hash_stage1, sha1(public_seed,hash_stage2)
|
|
|
|
// this three steps are done in scramble()
|
|
|
|
send(reply)
|
|
|
|
|
|
SERVER: recv(reply)
|
|
hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
|
|
candidate_hash2=sha1(hash_stage1)
|
|
check(candidate_hash2==hash_stage2)
|
|
|
|
// this three steps are done in check_scramble()
|
|
|
|
*****************************************************************************/
|
|
|
|
#include <my_global.h>
|
|
#include <my_sys.h>
|
|
#include <m_string.h>
|
|
#include <sha1.h>
|
|
#include "mysql.h"
|
|
|
|
/************ MySQL 3.23-4.0 authentification routines: untouched ***********/
|
|
|
|
/*
|
|
New (MySQL 3.21+) random generation structure initialization
|
|
SYNOPSIS
|
|
randominit()
|
|
rand_st OUT Structure to initialize
|
|
seed1 IN First initialization parameter
|
|
seed2 IN Second initialization parameter
|
|
*/
|
|
|
|
void randominit(struct rand_struct *rand_st, ulong seed1, ulong seed2)
|
|
{ /* For mysql 3.21.# */
|
|
#ifdef HAVE_purify
|
|
bzero((char*) rand_st,sizeof(*rand_st)); /* Avoid UMC varnings */
|
|
#endif
|
|
rand_st->max_value= 0x3FFFFFFFL;
|
|
rand_st->max_value_dbl=(double) rand_st->max_value;
|
|
rand_st->seed1=seed1%rand_st->max_value ;
|
|
rand_st->seed2=seed2%rand_st->max_value;
|
|
}
|
|
|
|
|
|
/*
|
|
Old (MySQL 3.20) random generation structure initialization
|
|
XXX: is to be deleted very soon!
|
|
SYNOPSIS
|
|
old_randominit()
|
|
rand_st OUT Structure to initialize
|
|
seed1 IN First initialization parameter
|
|
*/
|
|
|
|
static void old_randominit(struct rand_struct *rand_st, ulong seed1)
|
|
{ /* For mysql 3.20.# */
|
|
rand_st->max_value= 0x01FFFFFFL;
|
|
rand_st->max_value_dbl=(double) rand_st->max_value;
|
|
seed1%=rand_st->max_value;
|
|
rand_st->seed1=seed1 ; rand_st->seed2=seed1/2;
|
|
}
|
|
|
|
|
|
/*
|
|
Generate random number.
|
|
SYNOPSIS
|
|
my_rnd()
|
|
rand_st INOUT Structure used for number generation
|
|
RETURN VALUE
|
|
generated pseudo random number
|
|
*/
|
|
|
|
double my_rnd(struct rand_struct *rand_st)
|
|
{
|
|
rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
|
|
rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
|
|
return (((double) rand_st->seed1)/rand_st->max_value_dbl);
|
|
}
|
|
|
|
|
|
/*
|
|
Generate binary hash from raw text string
|
|
Used for Pre-4.1 password handling
|
|
SYNOPSIS
|
|
hash_password()
|
|
result OUT store hash in this location
|
|
password IN plain text password to build hash
|
|
*/
|
|
|
|
void hash_password(ulong *result, const char *password)
|
|
{
|
|
register ulong nr=1345345333L, add=7, nr2=0x12345671L;
|
|
ulong tmp;
|
|
for (; *password ; password++)
|
|
{
|
|
if (*password == ' ' || *password == '\t')
|
|
continue; /* skip space in password */
|
|
tmp= (ulong) (uchar) *password;
|
|
nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
|
|
nr2+=(nr2 << 8) ^ nr;
|
|
add+=tmp;
|
|
}
|
|
result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
|
|
result[1]=nr2 & (((ulong) 1L << 31) -1L);
|
|
return;
|
|
}
|
|
|
|
|
|
/*
|
|
Create password to be stored in user database from raw string
|
|
Used for pre-4.1 password handling
|
|
SYNOPSIS
|
|
make_scrambled_password_323()
|
|
to OUT store scrambled password here
|
|
password IN user-supplied password
|
|
*/
|
|
|
|
void make_scrambled_password_323(char *to, const char *password)
|
|
{
|
|
ulong hash_res[2];
|
|
hash_password(hash_res, password);
|
|
sprintf(to, "%08lx%08lx", hash_res[0], hash_res[1]);
|
|
}
|
|
|
|
|
|
/*
|
|
Scramble string with password.
|
|
Used in pre 4.1 authentication phase.
|
|
SYNOPSIS
|
|
scramble_323()
|
|
to OUT Store scrambled message here. Buffer must be at least
|
|
SCRAMBLE_LENGTH_323+1 bytes long
|
|
message IN Message to scramble. Message must be exactly
|
|
SRAMBLE_LENGTH_323 long and NULL terminated.
|
|
password IN Password to use while scrambling
|
|
old_ver IN Force old version random number generator
|
|
RETURN
|
|
End of scrambled string
|
|
*/
|
|
|
|
char *scramble_323(char *to, const char *message, const char *password,
|
|
my_bool old_ver)
|
|
{
|
|
struct rand_struct rand_st;
|
|
ulong hash_pass[2], hash_message[2];
|
|
|
|
if (password && password[0])
|
|
{
|
|
char *to_start=to;
|
|
hash_password(hash_pass,password);
|
|
hash_password(hash_message, message);
|
|
if (old_ver)
|
|
old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
|
|
else
|
|
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
|
|
hash_pass[1] ^ hash_message[1]);
|
|
while (*message++)
|
|
*to++= (char) (floor(my_rnd(&rand_st)*31)+64);
|
|
if (!old_ver)
|
|
{ /* Make it harder to break */
|
|
char extra=(char) (floor(my_rnd(&rand_st)*31));
|
|
while (to_start != to)
|
|
*(to_start++)^=extra;
|
|
}
|
|
}
|
|
*to=0;
|
|
return to;
|
|
}
|
|
|
|
|
|
/*
|
|
Check scrambled message
|
|
Used in pre 4.1 password handling
|
|
SYNOPSIS
|
|
check_scramble_323()
|
|
scrambled IN scrambled message to check.
|
|
message IN original random message which was used for scrambling; must
|
|
be exactly SCRAMBLED_LENGTH_323 bytes long and
|
|
NULL-terminated.
|
|
hash_pass IN password which should be used for scrambling
|
|
old_ver IN force old (3.20) version random number generator
|
|
RETURN VALUE
|
|
0 - password correct
|
|
!0 - password invalid
|
|
*/
|
|
|
|
my_bool
|
|
check_scramble_323(const char *scrambled, const char *message,
|
|
ulong *hash_pass, my_bool old_ver)
|
|
{
|
|
struct rand_struct rand_st;
|
|
ulong hash_message[2];
|
|
char buff[16],*to,extra; /* Big enough for check */
|
|
const char *pos;
|
|
|
|
/* Check if this exactly N bytes. Overwise this is something fishy */
|
|
if (strlen(message) != SCRAMBLE_LENGTH_323)
|
|
return 1; /* Wrong password */
|
|
|
|
hash_password(hash_message,message);
|
|
if (old_ver)
|
|
old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
|
|
else
|
|
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
|
|
hash_pass[1] ^ hash_message[1]);
|
|
to=buff;
|
|
for (pos=scrambled ; *pos ; pos++)
|
|
*to++=(char) (floor(my_rnd(&rand_st)*31)+64);
|
|
if (old_ver)
|
|
extra=0;
|
|
else
|
|
extra=(char) (floor(my_rnd(&rand_st)*31));
|
|
to=buff;
|
|
while (*scrambled)
|
|
{
|
|
if (*scrambled++ != (char) (*to++ ^ extra))
|
|
return 1; /* Wrong password */
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static uint8 char_val(uint8 X)
|
|
{
|
|
return (uint) (X >= '0' && X <= '9' ? X-'0' :
|
|
X >= 'A' && X <= 'Z' ? X-'A'+10 : X-'a'+10);
|
|
}
|
|
|
|
|
|
/*
|
|
Convert password from hex string (as stored in mysql.user) to binary form.
|
|
SYNOPSIS
|
|
get_salt_from_password_323()
|
|
res OUT store salt here
|
|
password IN password string as stored in mysql.user
|
|
NOTE
|
|
This function does not have length check for passwords. It will just crash
|
|
Password hashes in old format must have length divisible by 8
|
|
*/
|
|
|
|
void get_salt_from_password_323(ulong *res, const char *password)
|
|
{
|
|
res[0]= res[1]= 0;
|
|
if (password)
|
|
{
|
|
while (*password)
|
|
{
|
|
ulong val=0;
|
|
uint i;
|
|
for (i=0 ; i < 8 ; i++)
|
|
val=(val << 4)+char_val(*password++);
|
|
*res++=val;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/*
|
|
Convert scrambled password from binary form to asciiz hex string.
|
|
SYNOPSIS
|
|
make_password_from_salt_323()
|
|
to OUT store resulting string password here, at least 17 bytes
|
|
salt IN password in salt format, 2 ulongs
|
|
*/
|
|
|
|
void make_password_from_salt_323(char *to, const ulong *salt)
|
|
{
|
|
sprintf(to,"%08lx%08lx", salt[0], salt[1]);
|
|
}
|
|
|
|
|
|
/******************* MySQL 4.1.1 authentification routines ******************/
|
|
/*
|
|
Generate string of printable random characters of requested length
|
|
SYNOPSIS
|
|
create_random_string()
|
|
to OUT buffer for generation; must be at least length+1 bytes
|
|
long; result string is always null-terminated
|
|
length IN how many random characters to put in buffer
|
|
rand_st INOUT structure used for number generation
|
|
*/
|
|
|
|
void create_random_string(char *to, uint length, struct rand_struct *rand_st)
|
|
{
|
|
char *end= to + length;
|
|
/* Use pointer arithmetics as it is faster way to do so. */
|
|
for (; to < end; to++)
|
|
*to= (char) (my_rnd(rand_st)*94+33);
|
|
*to= '\0';
|
|
}
|
|
|
|
|
|
/* Character to use as version identifier for version 4.1 */
|
|
|
|
#define PVERSION41_CHAR '*'
|
|
|
|
|
|
/*
|
|
Convert given octet sequence to asciiz string of hex characters;
|
|
str..str+len and 'to' may not overlap.
|
|
SYNOPSIS
|
|
octet2hex()
|
|
buf OUT output buffer. Must be at least 2*len+1 bytes
|
|
str, len IN the beginning and the length of the input string
|
|
*/
|
|
|
|
static
|
|
void
|
|
octet2hex(char *to, const uint8 *str, uint len)
|
|
{
|
|
static const char alphabet[] = { '0', '1', '2', '3', '4', '5', '6', '7',
|
|
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
|
|
const uint8 *str_end= str + len;
|
|
for (; str != str_end; ++str)
|
|
{
|
|
*to++= alphabet[(*str & 0xF0) >> 4];
|
|
*to++= alphabet[*str & 0x0F];
|
|
}
|
|
*to++= '\0';
|
|
}
|
|
|
|
|
|
/*
|
|
Convert given asciiz string of hex (0..9 a..f) characters to octet
|
|
sequence.
|
|
SYNOPSIS
|
|
hex2octet()
|
|
to OUT buffer to place result; must be at least len/2 bytes
|
|
str, len IN begin, length for character string; str and to may not
|
|
overlap; len % 2 == 0
|
|
*/
|
|
|
|
static
|
|
void
|
|
hex2octet(uint8 *to, const char *str, uint len)
|
|
{
|
|
const char *str_end= str + len;
|
|
while (str < str_end)
|
|
{
|
|
*to= char_val(*str++) << 4;
|
|
*to++|= char_val(*str++);
|
|
}
|
|
}
|
|
|
|
|
|
/*
|
|
Encrypt/Decrypt function used for password encryption in authentication.
|
|
Simple XOR is used here but it is OK as we crypt random strings. Note,
|
|
that XOR(s1, XOR(s1, s2)) == s2, XOR(s1, s2) == XOR(s2, s1)
|
|
SYNOPSIS
|
|
my_crypt()
|
|
to OUT buffer to hold crypted string; must be at least len bytes
|
|
long; to and s1 (or s2) may be the same.
|
|
s1, s2 IN input strings (of equal length)
|
|
len IN length of s1 and s2
|
|
*/
|
|
|
|
static
|
|
void
|
|
my_crypt(char *to, const uint8 *s1, const uint8 *s2, uint len)
|
|
{
|
|
const uint8 *s1_end= s1 + len;
|
|
while (s1 < s1_end)
|
|
*to++= *s1++ ^ *s2++;
|
|
}
|
|
|
|
|
|
/*
|
|
MySQL 4.1.1 password hashing: SHA conversion (see RFC 2289, 3174) twice
|
|
applied to the password string, and then produced octet sequence is
|
|
converted to hex string.
|
|
The result of this function is used as return value from PASSWORD() and
|
|
is stored in the database.
|
|
SYNOPSIS
|
|
make_scrambled_password()
|
|
buf OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
|
|
password IN NULL-terminated password string
|
|
*/
|
|
|
|
void
|
|
make_scrambled_password(char *to, const char *password)
|
|
{
|
|
SHA1_CONTEXT sha1_context;
|
|
uint8 hash_stage2[SHA1_HASH_SIZE];
|
|
|
|
sha1_reset(&sha1_context);
|
|
/* stage 1: hash password */
|
|
sha1_input(&sha1_context, (uint8 *) password, strlen(password));
|
|
sha1_result(&sha1_context, (uint8 *) to);
|
|
/* stage 2: hash stage1 output */
|
|
sha1_reset(&sha1_context);
|
|
sha1_input(&sha1_context, (uint8 *) to, SHA1_HASH_SIZE);
|
|
/* separate buffer is used to pass 'to' in octet2hex */
|
|
sha1_result(&sha1_context, hash_stage2);
|
|
/* convert hash_stage2 to hex string */
|
|
*to++= PVERSION41_CHAR;
|
|
octet2hex(to, hash_stage2, SHA1_HASH_SIZE);
|
|
}
|
|
|
|
|
|
/*
|
|
Produce an obscure octet sequence from password and random
|
|
string, recieved from the server. This sequence corresponds to the
|
|
password, but password can not be easily restored from it. The sequence
|
|
is then sent to the server for validation. Trailing zero is stored in
|
|
the buf.
|
|
This function is used by client to create authenticated reply to the
|
|
server's greeting.
|
|
SYNOPSIS
|
|
scramble()
|
|
buf OUT store scrambled string here. The buf must be at least
|
|
SHA1_HASH_SIZE+1 bytes long.
|
|
message IN random message, must be exactly SCRAMBLE_LENGTH long and
|
|
NULL-terminated.
|
|
password IN users' password
|
|
RETURN VALUE
|
|
end of scrambled string
|
|
*/
|
|
|
|
char *
|
|
scramble(char *to, const char *message, const char *password)
|
|
{
|
|
SHA1_CONTEXT sha1_context;
|
|
uint8 hash_stage1[SHA1_HASH_SIZE];
|
|
uint8 hash_stage2[SHA1_HASH_SIZE];
|
|
|
|
sha1_reset(&sha1_context);
|
|
/* stage 1: hash password */
|
|
sha1_input(&sha1_context, (uint8 *) password, strlen(password));
|
|
sha1_result(&sha1_context, hash_stage1);
|
|
/* stage 2: hash stage 1; note that hash_stage2 is stored in the database */
|
|
sha1_reset(&sha1_context);
|
|
sha1_input(&sha1_context, hash_stage1, SHA1_HASH_SIZE);
|
|
sha1_result(&sha1_context, hash_stage2);
|
|
/* create crypt string as sha1(message, hash_stage2) */;
|
|
sha1_reset(&sha1_context);
|
|
sha1_input(&sha1_context, (const uint8 *) message, SCRAMBLE_LENGTH);
|
|
sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
|
|
/* xor allows 'from' and 'to' overlap: lets take advantage of it */
|
|
sha1_result(&sha1_context, (uint8 *) to);
|
|
my_crypt(to, (const uint8 *) to, hash_stage1, SCRAMBLE_LENGTH);
|
|
to[SHA1_HASH_SIZE]= '\0';
|
|
return to + SHA1_HASH_SIZE;
|
|
}
|
|
|
|
|
|
/*
|
|
Check that scrambled message corresponds to the password; the function
|
|
is used by server to check that recieved reply is authentic.
|
|
This function does not check lengths of given strings: message must be
|
|
null-terminated, reply and hash_stage2 must be at least SHA1_HASH_SIZE
|
|
long (if not, something fishy is going on).
|
|
SYNOPSIS
|
|
check_scramble()
|
|
scramble IN clients' reply, presumably produced by scramble()
|
|
message IN original random string, previously sent to client
|
|
(presumably second argument of scramble()), must be
|
|
exactly SCRAMBLE_LENGTH long and NULL-terminated.
|
|
hash_stage2 IN hex2octet-decoded database entry
|
|
RETURN VALUE
|
|
0 password is correct
|
|
!0 password is invalid
|
|
*/
|
|
|
|
my_bool
|
|
check_scramble(const char *scramble, const char *message,
|
|
const uint8 *hash_stage2)
|
|
{
|
|
SHA1_CONTEXT sha1_context;
|
|
uint8 buf[SHA1_HASH_SIZE];
|
|
uint8 hash_stage2_reassured[SHA1_HASH_SIZE];
|
|
|
|
sha1_reset(&sha1_context);
|
|
/* create key to encrypt scramble */
|
|
sha1_input(&sha1_context, (const uint8 *) message, SCRAMBLE_LENGTH);
|
|
sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
|
|
sha1_result(&sha1_context, buf);
|
|
/* encrypt scramble */
|
|
my_crypt((char *) buf, buf, (const uint8 *) scramble, SCRAMBLE_LENGTH);
|
|
/* now buf supposedly contains hash_stage1: so we can get hash_stage2 */
|
|
sha1_reset(&sha1_context);
|
|
sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
|
|
sha1_result(&sha1_context, hash_stage2_reassured);
|
|
return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
|
|
}
|
|
|
|
|
|
/*
|
|
Convert scrambled password from asciiz hex string to binary form.
|
|
SYNOPSIS
|
|
get_salt_from_password()
|
|
res OUT buf to hold password. Must be at least SHA1_HASH_SIZE
|
|
bytes long.
|
|
password IN 4.1.1 version value of user.password
|
|
*/
|
|
|
|
void get_salt_from_password(uint8 *hash_stage2, const char *password)
|
|
{
|
|
hex2octet(hash_stage2, password+1 /* skip '*' */, SHA1_HASH_SIZE * 2);
|
|
}
|
|
|
|
/*
|
|
Convert scrambled password from binary form to asciiz hex string.
|
|
SYNOPSIS
|
|
make_password_from_salt()
|
|
to OUT store resulting string here, 2*SHA1_HASH_SIZE+2 bytes
|
|
salt IN password in salt format
|
|
*/
|
|
|
|
void make_password_from_salt(char *to, const uint8 *hash_stage2)
|
|
{
|
|
*to++= PVERSION41_CHAR;
|
|
octet2hex(to, hash_stage2, SHA1_HASH_SIZE);
|
|
}
|