1/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
2 2016,2018 MariaDB Corporation AB
3
4 This library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Library General Public
6 License as published by the Free Software Foundation; either
7 version 2 of the License, or (at your option) any later version.
8
9 This library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Library General Public License for more details.
13
14 You should have received a copy of the GNU Library General Public
15 License along with this library; if not, write to the Free
16 Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
17 MA 02111-1301, USA */
18
19/* password checking routines */
20/*****************************************************************************
21 The main idea is that no password are sent between client & server on
22 connection and that no password are saved in mysql in a decodable form.
23
24 On connection a random string is generated and sent to the client.
25 The client generates a new string with a random generator inited with
26 the hash values from the password and the sent string.
27 This 'check' string is sent to the server where it is compared with
28 a string generated from the stored hash_value of the password and the
29 random string.
30
31 The password is saved (in user.password) by using the PASSWORD() function in
32 mysql.
33
34 Example:
35 update user set password=PASSWORD("hello") where user="test"
36 This saves a hashed number as a string in the password field.
37*****************************************************************************/
38
39#include <ma_global.h>
40#include <ma_sys.h>
41#include <ma_string.h>
42#include <ma_sha1.h>
43#include "mysql.h"
44
45
46void ma_randominit(struct rand_struct *rand_st,ulong seed1, ulong seed2)
47{ /* For mysql 3.21.# */
48#ifdef HAVE_purify
49 memset((char*) rand_st, 0m sizeof(*rand_st)); /* Avoid UMC varnings */
50#endif
51 rand_st->max_value= 0x3FFFFFFFL;
52 rand_st->max_value_dbl=(double) rand_st->max_value;
53 rand_st->seed1=seed1%rand_st->max_value ;
54 rand_st->seed2=seed2%rand_st->max_value;
55}
56
57double rnd(struct rand_struct *rand_st)
58{
59 rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
60 rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
61 return (((double) rand_st->seed1)/rand_st->max_value_dbl);
62}
63
64void ma_hash_password(ulong *result, const char *password, size_t len)
65{
66 register ulong nr=1345345333L, add=7, nr2=0x12345671L;
67 ulong tmp;
68 const char *password_end= password + len;
69 for (; password < password_end; password++)
70 {
71 if (*password == ' ' || *password == '\t')
72 continue; /* skip space in password */
73 tmp= (ulong) (uchar) *password;
74 nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
75 nr2+=(nr2 << 8) ^ nr;
76 add+=tmp;
77 }
78 result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
79 result[1]=nr2 & (((ulong) 1L << 31) -1L);
80 return;
81}
82
83/*
84 * Genererate a new message based on message and password
85 * The same thing is done in client and server and the results are checked.
86 */
87
88/* scramble for 4.1 servers
89 * Code based on php_nysqlnd_scramble function from PHP's mysqlnd extension,
90 * written by Andrey Hristov (andrey@php.net)
91 * License: PHP License 3.0
92 */
93void my_crypt(unsigned char *buffer, const unsigned char *s1, const unsigned char *s2, size_t len)
94{
95 const unsigned char *s1_end= s1 + len;
96 while (s1 < s1_end) {
97 *buffer++= *s1++ ^ *s2++;
98 }
99}
100
101void ma_scramble_41(const unsigned char *buffer, const char *scramble, const char *password)
102{
103 _MA_SHA1_CTX context;
104 unsigned char sha1[SHA1_MAX_LENGTH];
105 unsigned char sha2[SHA1_MAX_LENGTH];
106
107
108 /* Phase 1: hash password */
109 ma_SHA1Init(&context);
110 ma_SHA1Update(&context, (unsigned char *)password, strlen((char *)password));
111 ma_SHA1Final(sha1, &context);
112
113 /* Phase 2: hash sha1 */
114 ma_SHA1Init(&context);
115 ma_SHA1Update(&context, (unsigned char*)sha1, SHA1_MAX_LENGTH);
116 ma_SHA1Final(sha2, &context);
117
118 /* Phase 3: hash scramble + sha2 */
119 ma_SHA1Init(&context);
120 ma_SHA1Update(&context, (unsigned char *)scramble, SCRAMBLE_LENGTH);
121 ma_SHA1Update(&context, (unsigned char*)sha2, SHA1_MAX_LENGTH);
122 ma_SHA1Final((unsigned char *)buffer, &context);
123
124 /* let's crypt buffer now */
125 my_crypt((uchar *)buffer, (const unsigned char *)buffer, (const unsigned char *)sha1, SHA1_MAX_LENGTH);
126}
127/* }}} */
128
129void ma_make_scrambled_password(char *to,const char *password)
130{
131 ulong hash_res[2];
132 ma_hash_password(hash_res,password, strlen(password));
133 sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
134}
135
136/*
137 * Genererate a new message based on message and password
138 * The same thing is done in client and server and the results are checked.
139 */
140char *ma_scramble_323(char *to, const char *message, const char *password)
141{
142 struct rand_struct rand_st;
143 ulong hash_pass[2], hash_message[2];
144
145 if (password && password[0])
146 {
147 char extra, *to_start=to;
148 const char *end_scramble323= message + SCRAMBLE_LENGTH_323;
149 ma_hash_password(hash_pass,password, (uint) strlen(password));
150 /* Don't use strlen, could be > SCRAMBLE_LENGTH_323 ! */
151 ma_hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
152 ma_randominit(&rand_st, hash_pass[0] ^ hash_message[0],
153 hash_pass[1] ^ hash_message[1]);
154 for (; message < end_scramble323; message++)
155 *to++= (char) (floor(rnd(&rand_st) * 31) + 64);
156 extra=(char) (floor(rnd(&rand_st) * 31));
157 while (to_start != to)
158 *(to_start++)^= extra;
159 }
160 *to= 0;
161 return to;
162}
163