~drizzle-trunk/drizzle/development

2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
1
/*
2
 * Drizzle Client & Protocol Library
3
 *
4
 * Copyright (C) 2008 Eric Day (eday@oddments.org)
5
 * All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions are
9
 * met:
10
 *
11
 *     * Redistributions of source code must retain the above copyright
12
 * notice, this list of conditions and the following disclaimer.
13
 *
14
 *     * Redistributions in binary form must reproduce the above
15
 * copyright notice, this list of conditions and the following disclaimer
16
 * in the documentation and/or other materials provided with the
17
 * distribution.
18
 *
19
 *     * The names of its contributors may not be used to endorse or
20
 * promote products derived from this software without specific prior
21
 * written permission.
22
 *
23
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
33
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34
 *
35
 */
36
37
/**
38
 * @file
39
 * @brief Packing definitions
40
 */
41
2449.1.2 by Brian Aker
Additional fixes for libdrizzle.
42
#include <libdrizzle-2.0/common.h>
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
43
44
/*
45
 * Private declarations
46
 */
47
48
/**
49
 * @addtogroup drizzle_pack_private Private Packing Functions
50
 * @ingroup drizzle_pack
51
 * @{
52
 */
53
54
/**
55
 * Compute hash from password and scramble.
56
 */
57
static drizzle_return_t _pack_scramble_hash(drizzle_con_st *con,
58
                                            uint8_t *buffer);
59
60
/** @} */
61
62
/*
63
 * Public definitions
64
 */
65
66
uint8_t *drizzle_pack_length(uint64_t number, uint8_t *ptr)
67
{
68
  if (number < 251)
69
  {
70
    ptr[0]= (uint8_t)number;
71
    ptr++;
72
  }
73
  else if (number < 65536)
74
  {
75
    ptr[0]= 252;
76
    ptr++;
77
    drizzle_set_byte2(ptr, number);
78
    ptr+= 2;
79
  }
80
  else if (number < 16777216)
81
  {
82
    ptr[0]= 253;
83
    ptr++;
84
    drizzle_set_byte3(ptr, number);
85
    ptr+= 3;
86
  }
87
  else
88
  {
89
    ptr[0]= 254;
90
    ptr++;
91
    drizzle_set_byte8(ptr, number);
92
    ptr+= 8;
93
  }
94
95
  return ptr;
96
}
97
98
uint64_t drizzle_unpack_length(drizzle_con_st *con, drizzle_return_t *ret_ptr)
99
{
100
  uint64_t length;
101
  uint8_t bytes;
102
103
  if (con->buffer_ptr[0] < 251)
104
  {
105
    length= (uint64_t)(con->buffer_ptr[0]);
106
    bytes= 1;
107
  }
108
  else if (con->buffer_ptr[0] == 251)
109
  {
110
    con->buffer_ptr++;
111
    con->buffer_size--;
112
    con->packet_size--;
113
114
    *ret_ptr= DRIZZLE_RETURN_NULL_SIZE;
115
    return 0;
116
  }
117
  else if (con->buffer_ptr[0] == 252 && con->buffer_size > 2)
118
  {
119
    length= drizzle_get_byte2(con->buffer_ptr + 1);
120
    bytes= 3;
121
  }
122
  else if (con->buffer_ptr[0] == 253 && con->buffer_size > 3)
123
  {
124
    length= drizzle_get_byte3(con->buffer_ptr + 1);
125
    bytes= 4;
126
  }
127
  else if (con->buffer_size > 8)
128
  {
129
    length= drizzle_get_byte8(con->buffer_ptr + 1);
130
    bytes= 9;
131
  }
132
  else
133
  {
134
    *ret_ptr= DRIZZLE_RETURN_IO_WAIT;
135
    return 0;
136
  }
137
138
  con->buffer_ptr+= bytes;
139
  con->buffer_size-= bytes;
140
  con->packet_size-= bytes;
141
142
  *ret_ptr= DRIZZLE_RETURN_OK;
143
  return length;
144
}
145
146
uint8_t *drizzle_pack_string(char *string, uint8_t *ptr)
147
{
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
148
  if (string == NULL)
149
  {
150
    return NULL;
151
  }
152
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
153
  uint64_t size= strlen(string);
154
155
  ptr= drizzle_pack_length(size, ptr);
156
  if (size > 0)
157
  {
158
    memcpy(ptr, string, (size_t)size);
159
    ptr+= size;
160
  }
161
162
  return ptr;
163
}
164
165
drizzle_return_t drizzle_unpack_string(drizzle_con_st *con, char *buffer,
166
                                       uint64_t max_length)
167
{
168
  drizzle_return_t ret= DRIZZLE_RETURN_OK;
169
  uint64_t length;
170
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
171
  if (con == NULL)
172
  {
173
    return DRIZZLE_RETURN_INVALID_ARGUMENT;
174
  }
175
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
176
  length= drizzle_unpack_length(con, &ret);
177
  if (ret != DRIZZLE_RETURN_OK)
178
  {
179
    if (ret == DRIZZLE_RETURN_NULL_SIZE)
180
    {
181
      drizzle_set_error(con->drizzle, "drizzle_unpack_string",
182
                        "unexpected NULL length");
183
    }
184
185
    return ret;
186
  }
187
188
  if (length < max_length)
189
  {
190
    if (length > 0)
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
191
    {
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
192
      memcpy(buffer, con->buffer_ptr, (size_t)length);
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
193
    }
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
194
195
    buffer[length]= 0;
196
  }
197
  else
198
  {
199
    memcpy(buffer, con->buffer_ptr, (size_t)(max_length - 1));
200
    buffer[max_length - 1]= 0;
201
  }
202
  
203
  con->buffer_ptr+= length;
204
  con->buffer_size-= (size_t)length;
205
  con->packet_size-= (size_t)length;
206
207
  return DRIZZLE_RETURN_OK;
208
}
209
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
210
uint8_t *drizzle_pack_auth(drizzle_con_st *con, uint8_t *ptr, drizzle_return_t *ret_ptr)
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
211
{
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
212
  if (con == NULL)
213
  {
214
    return NULL;
215
  }
216
217
  drizzle_return_t unused;
218
  if (ret_ptr == NULL)
219
  {
220
    ret_ptr= &unused;
221
  }
222
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
223
  if (con->user[0] != 0)
224
  {
225
    memcpy(ptr, con->user, strlen(con->user));
226
    ptr+= strlen(con->user);
227
  }
228
229
  ptr[0]= 0;
230
  ptr++;
231
232
  if (con->options & DRIZZLE_CON_RAW_SCRAMBLE && con->scramble != NULL)
233
  {
234
    ptr[0]= DRIZZLE_MAX_SCRAMBLE_SIZE;
235
    ptr++;
236
237
    memcpy(ptr, con->scramble, DRIZZLE_MAX_SCRAMBLE_SIZE);
238
    ptr+= DRIZZLE_MAX_SCRAMBLE_SIZE;
239
  }
240
  else if (con->password[0] == 0)
241
  {
242
    ptr[0]= 0;
243
    ptr++;
244
    con->packet_size-= DRIZZLE_MAX_SCRAMBLE_SIZE;
245
  }
246
  else
247
  {
248
    ptr[0]= DRIZZLE_MAX_SCRAMBLE_SIZE;
249
    ptr++;
250
251
    if (con->options & DRIZZLE_CON_MYSQL && con->options & DRIZZLE_CON_AUTH_PLUGIN)
252
    {
253
      snprintf((char *)ptr, DRIZZLE_MAX_SCRAMBLE_SIZE, "%s", con->password);
2269.2.1 by Marc Isambart
Various libdrizzle Windows fixes, including closesocket() instead of close(), snprintf handling and WSAECONNREFUSED mapping
254
      ptr[DRIZZLE_MAX_SCRAMBLE_SIZE-1]= 0;
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
255
    }
256
    else if (con->options & DRIZZLE_CON_MYSQL)
257
    {
258
      *ret_ptr= _pack_scramble_hash(con, ptr);
259
      if (*ret_ptr != DRIZZLE_RETURN_OK)
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
260
      {
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
261
        return ptr;
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
262
      }
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
263
    }
264
    else // We assume Drizzle
265
    {
266
      snprintf((char *)ptr, DRIZZLE_MAX_SCRAMBLE_SIZE, "%s", con->password);
2269.2.1 by Marc Isambart
Various libdrizzle Windows fixes, including closesocket() instead of close(), snprintf handling and WSAECONNREFUSED mapping
267
      ptr[DRIZZLE_MAX_SCRAMBLE_SIZE-1]= 0;
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
268
    }
269
270
    ptr+= DRIZZLE_MAX_SCRAMBLE_SIZE;
271
  }
272
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
273
  if (con->schema[0] != 0)
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
274
  {
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
275
    memcpy(ptr, con->schema, strlen(con->schema));
276
    ptr+= strlen(con->schema);
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
277
  }
278
279
  ptr[0]= 0;
280
  ptr++;
281
282
  *ret_ptr= DRIZZLE_RETURN_OK;
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
283
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
284
  return ptr;
285
}
286
287
/*
288
 * Private definitions
289
 */
290
291
static drizzle_return_t _pack_scramble_hash(drizzle_con_st *con,
292
                                            uint8_t *buffer)
293
{
294
  SHA1_CTX ctx;
295
  uint8_t hash_tmp1[SHA1_DIGEST_LENGTH];
296
  uint8_t hash_tmp2[SHA1_DIGEST_LENGTH];
297
298
  if (SHA1_DIGEST_LENGTH != DRIZZLE_MAX_SCRAMBLE_SIZE)
299
  {
300
    drizzle_set_error(con->drizzle, "_pack_scramble_hash",
301
                      "SHA1 hash size mismatch:%u:%u", SHA1_DIGEST_LENGTH,
302
                      DRIZZLE_MAX_SCRAMBLE_SIZE);
303
    return DRIZZLE_RETURN_INTERNAL_ERROR;
304
  }
305
306
  if (con->scramble == NULL)
307
  {
308
    drizzle_set_error(con->drizzle, "_pack_scramble_hash",
309
                      "no scramble buffer");
310
    return DRIZZLE_RETURN_NO_SCRAMBLE;
311
  }
312
313
  /* First hash the password. */
314
  SHA1Init(&ctx);
315
  SHA1Update(&ctx, (uint8_t *)(con->password), strlen(con->password));
316
  SHA1Final(hash_tmp1, &ctx);
317
318
  /* Second, hash the password hash. */
319
  SHA1Init(&ctx);
320
  SHA1Update(&ctx, hash_tmp1, SHA1_DIGEST_LENGTH);
321
  SHA1Final(hash_tmp2, &ctx);
322
323
  /* Third, hash the scramble and the double password hash. */
324
  SHA1Init(&ctx);
325
  SHA1Update(&ctx, con->scramble, SHA1_DIGEST_LENGTH);
326
  SHA1Update(&ctx, hash_tmp2, SHA1_DIGEST_LENGTH);
327
  SHA1Final(buffer, &ctx);
328
329
  /* Fourth, xor the last hash against the first password hash. */
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
330
  for (uint32_t x= 0; x < SHA1_DIGEST_LENGTH; x++)
331
  {
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
332
    buffer[x]= buffer[x] ^ hash_tmp1[x];
2461.1.1 by Brian Aker
Fix safety issues around calling API with no check for NULL
333
  }
2244.1.1 by Monty Taylor
Split libdrizzle into 1.0 and 2.0. Applied the C++ changes to 2.0 branch.
334
335
  return DRIZZLE_RETURN_OK;
336
}