~drizzle-trunk/drizzle/development : contents of libdrizzle/password.c at revision 294

~drizzle-trunk/drizzle/development : (revision 294)

/* Copyright (C) 2000-2006 MySQL AB

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; version 2 of the License.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */

/* password checking routines */
/*****************************************************************************
  The main idea is that no password are sent between client & server on
  connection and that no password are saved in mysql in a decodable form.

  On connection a random string is generated and sent to the client.
  The client generates a new string with a random generator inited with
  the hash values from the password and the sent string.
  This 'check' string is sent to the server where it is compared with
  a string generated from the stored hash_value of the password and the
  random string.

  The password is saved (in user.password) by using the PASSWORD() function in
  mysql.

  This is .c file because it's used in libmysqlclient, which is entirely in C.
  (we need it to be portable to a variety of systems).
  Example:
    update user set password=PASSWORD("hello") where user="test"
  This saves a hashed number as a string in the password field.

  The new authentication is performed in following manner:

  SERVER:  public_seed=create_random_string()
           send(public_seed)

  CLIENT:  recv(public_seed)
           hash_stage1=sha1("password")
           hash_stage2=sha1(hash_stage1)
           reply=xor(hash_stage1, sha1(public_seed,hash_stage2)

           // this three steps are done in scramble() 

           send(reply)

     
  SERVER:  recv(reply)
           hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
           candidate_hash2=sha1(hash_stage1)
           check(candidate_hash2==hash_stage2)

           // this three steps are done in check_scramble()

*****************************************************************************/

#include <drizzled/global.h>
#include <mysys/my_sys.h>
#include <mystrings/m_string.h>
#include <mysys/sha1.h>
#include "drizzle.h"

/************ MySQL 3.23-4.0 authentication routines: untouched ***********/

/*
  New (MySQL 3.21+) random generation structure initialization
  SYNOPSIS
    randominit()
    rand_st    OUT  Structure to initialize
    seed1      IN   First initialization parameter
    seed2      IN   Second initialization parameter
*/

void randominit(struct rand_struct *rand_st, uint32_t seed1, uint32_t seed2)
{                                               /* For mysql 3.21.# */
  memset(rand_st, 0, sizeof(*rand_st));      /* Avoid UMC varnings */
  rand_st->max_value= 0x3FFFFFFFL;
  rand_st->max_value_dbl=(double) rand_st->max_value;
  rand_st->seed1=seed1%rand_st->max_value ;
  rand_st->seed2=seed2%rand_st->max_value;
}


/*
    Generate random number.
  SYNOPSIS
    my_rnd()
    rand_st    INOUT  Structure used for number generation
  RETURN VALUE
    generated pseudo random number
*/

double my_rnd(struct rand_struct *rand_st)
{
  rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
  rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
  return (((double) rand_st->seed1)/rand_st->max_value_dbl);
}


/*
    Generate binary hash from raw text string 
    Used for Pre-4.1 password handling
  SYNOPSIS
    hash_password()
    result       OUT store hash in this location
    password     IN  plain text password to build hash
    password_len IN  password length (password may be not null-terminated)
*/

void hash_password(uint32_t *result, const char *password, uint32_t password_len)
{
  register uint32_t nr=1345345333L, add=7, nr2=0x12345671L;
  uint32_t tmp;
  const char *password_end= password + password_len;
  for (; password < password_end; password++)
  {
    if (*password == ' ' || *password == '\t')
      continue;                                 /* skip space in password */
    tmp= (uint32_t) (uchar) *password;
    nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
    nr2+=(nr2 << 8) ^ nr;
    add+=tmp;
  }
  result[0]=nr & (((uint32_t) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
  result[1]=nr2 & (((uint32_t) 1L << 31) -1L);
}

static inline uint8_t char_val(uint8_t X)
{
  return (uint) (X >= '0' && X <= '9' ? X-'0' :
      X >= 'A' && X <= 'Z' ? X-'A'+10 : X-'a'+10);
}


/*
     **************** MySQL 4.1.1 authentication routines *************
*/

/*
    Generate string of printable random characters of requested length
  SYNOPSIS
    create_random_string()
    to       OUT   buffer for generation; must be at least length+1 bytes
                   long; result string is always null-terminated
    length   IN    how many random characters to put in buffer
    rand_st  INOUT structure used for number generation
*/

void create_random_string(char *to, uint length, struct rand_struct *rand_st)
{
  char *end= to + length;
  /* Use pointer arithmetics as it is faster way to do so. */
  for (; to < end; to++)
    *to= (char) (my_rnd(rand_st)*94+33);
  *to= '\0';
}


/* Character to use as version identifier for version 4.1 */

#define PVERSION41_CHAR '*'


/*
    Convert given octet sequence to asciiz string of hex characters;
    str..str+len and 'to' may not overlap.
  SYNOPSIS
    octet2hex()
    buf       OUT output buffer. Must be at least 2*len+1 bytes
    str, len  IN  the beginning and the length of the input string

  RETURN
    buf+len*2
*/

char *octet2hex(char *to, const char *str, uint len)
{
  const char *str_end= str + len; 
  for (; str != str_end; ++str)
  {
    *to++= _dig_vec_upper[((uchar) *str) >> 4];
    *to++= _dig_vec_upper[((uchar) *str) & 0x0F];
  }
  *to= '\0';
  return to;
}

1 by brian clean slate	1	/* Copyright (C) 2000-2006 MySQL AB
	2
	3	This program is free software; you can redistribute it and/or modify
	4	it under the terms of the GNU General Public License as published by
	5	the Free Software Foundation; version 2 of the License.
	6
	7	This program is distributed in the hope that it will be useful,
	8	but WITHOUT ANY WARRANTY; without even the implied warranty of
	9	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	10	GNU General Public License for more details.
	11
	12	You should have received a copy of the GNU General Public License
	13	along with this program; if not, write to the Free Software
	14	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
	15
	16	/* password checking routines */
	17	/*****************************************************************************
	18	The main idea is that no password are sent between client & server on
	19	connection and that no password are saved in mysql in a decodable form.
	20
	21	On connection a random string is generated and sent to the client.
	22	The client generates a new string with a random generator inited with
	23	the hash values from the password and the sent string.
	24	This 'check' string is sent to the server where it is compared with
	25	a string generated from the stored hash_value of the password and the
	26	random string.
	27
	28	The password is saved (in user.password) by using the PASSWORD() function in
	29	mysql.
	30
	31	This is .c file because it's used in libmysqlclient, which is entirely in C.
	32	(we need it to be portable to a variety of systems).
	33	Example:
	34	update user set password=PASSWORD("hello") where user="test"
	35	This saves a hashed number as a string in the password field.
	36
	37	The new authentication is performed in following manner:
	38
	39	SERVER: public_seed=create_random_string()
	40	send(public_seed)
	41
	42	CLIENT: recv(public_seed)
	43	hash_stage1=sha1("password")
	44	hash_stage2=sha1(hash_stage1)
	45	reply=xor(hash_stage1, sha1(public_seed,hash_stage2)
	46
	47	// this three steps are done in scramble()
	48
	49	send(reply)
	50
	51
	52	SERVER: recv(reply)
	53	hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
	54	candidate_hash2=sha1(hash_stage1)
	55	check(candidate_hash2==hash_stage2)
	56
	57	// this three steps are done in check_scramble()
	58
	59	*****************************************************************************/
	60
212.5.39 by Monty Taylor Phew. Moved my_base and my_global.	61	#include <drizzled/global.h>
212.5.45 by Monty Taylor Removed excess AM_CPPFLAGS from the tree. Now the only thing that should be in the include path should be -I${top_srcdir} and -I${top_builddir}w	62	#include <mysys/my_sys.h>
212.5.18 by Monty Taylor Moved m_ctype, m_string and my_bitmap. Removed t_ctype.	63	#include <mystrings/m_string.h>
212.5.45 by Monty Taylor Removed excess AM_CPPFLAGS from the tree. Now the only thing that should be in the include path should be -I${top_srcdir} and -I${top_builddir}w	64	#include <mysys/sha1.h>
77.1.39 by Monty Taylor More mysql->drizzle renaming.	65	#include "drizzle.h"
1 by brian clean slate	66
	67	/********** MySQL 3.23-4.0 authentication routines: untouched *********/
	68
	69	/*
	70	New (MySQL 3.21+) random generation structure initialization
	71	SYNOPSIS
	72	randominit()
	73	rand_st OUT Structure to initialize
	74	seed1 IN First initialization parameter
	75	seed2 IN Second initialization parameter
	76	*/
	77
164 by Brian Aker Commit cleanup of export types.	78	void randominit(struct rand_struct *rand_st, uint32_t seed1, uint32_t seed2)
1 by brian clean slate	79	{ /* For mysql 3.21.# */
212.6.16 by Mats Kindahl Removing redundant use of casts in libdrizzle/ for memcmp(), memcpy(), memset(), and memmove().	80	memset(rand_st, 0, sizeof(rand_st)); / Avoid UMC varnings */
1 by brian clean slate	81	rand_st->max_value= 0x3FFFFFFFL;
	82	rand_st->max_value_dbl=(double) rand_st->max_value;
	83	rand_st->seed1=seed1%rand_st->max_value ;
	84	rand_st->seed2=seed2%rand_st->max_value;
	85	}
	86
	87
	88	/*
	89	Generate random number.
	90	SYNOPSIS
	91	my_rnd()
	92	rand_st INOUT Structure used for number generation
	93	RETURN VALUE
	94	generated pseudo random number
	95	*/
	96
	97	double my_rnd(struct rand_struct *rand_st)
	98	{
	99	rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
	100	rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
	101	return (((double) rand_st->seed1)/rand_st->max_value_dbl);
	102	}
	103
	104
	105	/*
	106	Generate binary hash from raw text string
	107	Used for Pre-4.1 password handling
	108	SYNOPSIS
	109	hash_password()
	110	result OUT store hash in this location
	111	password IN plain text password to build hash
	112	password_len IN password length (password may be not null-terminated)
	113	*/
	114
164 by Brian Aker Commit cleanup of export types.	115	void hash_password(uint32_t result, const char password, uint32_t password_len)
1 by brian clean slate	116	{
294 by Brian Aker libdrizzle has ulong removed.	117	register uint32_t nr=1345345333L, add=7, nr2=0x12345671L;
164 by Brian Aker Commit cleanup of export types.	118	uint32_t tmp;
1 by brian clean slate	119	const char *password_end= password + password_len;
	120	for (; password < password_end; password++)
	121	{
	122	if (password == ' ' \|\| password == '\t')
	123	continue; /* skip space in password */
164 by Brian Aker Commit cleanup of export types.	124	tmp= (uint32_t) (uchar) *password;
1 by brian clean slate	125	nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
	126	nr2+=(nr2 << 8) ^ nr;
	127	add+=tmp;
	128	}
164 by Brian Aker Commit cleanup of export types.	129	result[0]=nr & (((uint32_t) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
164 by Brian Aker Commit cleanup of export types.	130	result[1]=nr2 & (((uint32_t) 1L << 31) -1L);
1 by brian clean slate	131	}
1 by brian clean slate	132
206 by Brian Aker Removed final uint dead types.	133	static inline uint8_t char_val(uint8_t X)
1 by brian clean slate	134	{
	135	return (uint) (X >= '0' && X <= '9' ? X-'0' :
	136	X >= 'A' && X <= 'Z' ? X-'A'+10 : X-'a'+10);
	137	}
	138
	139
	140	/*
	141	************** MySQL 4.1.1 authentication routines ***********
	142	*/
	143
	144	/*
	145	Generate string of printable random characters of requested length
	146	SYNOPSIS
	147	create_random_string()
	148	to OUT buffer for generation; must be at least length+1 bytes
	149	long; result string is always null-terminated
	150	length IN how many random characters to put in buffer
	151	rand_st INOUT structure used for number generation
	152	*/
	153
	154	void create_random_string(char to, uint length, struct rand_struct rand_st)
	155	{
	156	char *end= to + length;
	157	/* Use pointer arithmetics as it is faster way to do so. */
	158	for (; to < end; to++)
	159	to= (char) (my_rnd(rand_st)94+33);
	160	*to= '\0';
	161	}
	162
	163
	164	/* Character to use as version identifier for version 4.1 */
	165
	166	#define PVERSION41_CHAR '*'
	167
	168
	169	/*
	170	Convert given octet sequence to asciiz string of hex characters;
	171	str..str+len and 'to' may not overlap.
	172	SYNOPSIS
	173	octet2hex()
	174	buf OUT output buffer. Must be at least 2*len+1 bytes
	175	str, len IN the beginning and the length of the input string
	176
	177	RETURN
	178	buf+len*2
	179	*/
	180
	181	char octet2hex(char to, const char *str, uint len)
	182	{
	183	const char *str_end= str + len;
	184	for (; str != str_end; ++str)
	185	{
	186	to++= _dig_vec_upper[((uchar) str) >> 4];
	187	to++= _dig_vec_upper[((uchar) str) & 0x0F];
	188	}
	189	*to= '\0';
	190	return to;
	191	}