From 802d32871faa7cb09a256589d241bc9ac929ce1d Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 5 Nov 2002 20:21:55 +0300 Subject: More work on secure authentication. Commit for merge include/mysql_com.h: Update prototype sql/password.c: More handling of new passwords sql/sql_acl.cc: Discovery of authentication type to go sql/sql_parse.cc: Add new flags in handshake --- sql/password.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'sql/password.c') diff --git a/sql/password.c b/sql/password.c index ba7dc17c671..0d60b381e1b 100644 --- a/sql/password.c +++ b/sql/password.c @@ -166,24 +166,26 @@ inline uint char_val(char X) ** This code detects new version password by leading char. ** Old password has to be divisible by 8 length ** do not forget to increase array length if you need longer passwords +** THIS FUNCTION DOES NOT HAVE ANY LENGTH CHECK */ void get_salt_from_password(ulong *res,const char *password) { - bzero(res,5*sizeof(res[0])); - if (password) + bzero(res,6*sizeof(res[0])); + if (password) // zero salt corresponds to empty password { if (password[0]==PVERSION41_CHAR) // if new password { uint val=0; uint i; password++; // skip version identifier. - //get hashing salt from password and store in in the start of array + //get hashing salt from password and store in in the start of array for (i=0 ; i < 4 ; i++) val=(val << 4)+char_val(*password++); *res++=val; } + // We process old passwords the same way as new ones in other case while (*password) { ulong val=0; @@ -196,10 +198,16 @@ void get_salt_from_password(ulong *res,const char *password) return; } -void make_password_from_salt(char *to, ulong *hash_res) +void make_password_from_salt(char *to, ulong *hash_res,uint8 password_version) { - // warning this does not work for new passwords yet - sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]); + if (!password_version) // Handling of old passwords. + sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]); + else + if (password_version==PVERSION41_CHAR) + sprintf(to,"%c%04x%08lx%08lx%08lx%08lx%08lx",(uint)hash_res[0],hash_res[1], + hash_res[2],hash_res[3],hash_res[4],hash_res[5]); + else // Just use empty password if we can't handle it. This should not happen + to[0]='\0'; } -- cgit v1.2.1