int main() {
const char password1[] = "root";
const char password2[] = "long password test";
const char password3[] = "saf789yasfbsd89f";
ulong result[2];
char scrm[9]; // SCRAMBLE_LENGTH_323+1
struct rand_struct rand_st;
int i;
// test hash_password
hash_password((ulong*)result, password1, strlen(password1));
printf("hash_password(\"%s\") = %08x%08x\n", password1, result[0], result[1]);
hash_password((ulong*)result, password2, strlen(password2));
printf("hash_password(\"%s\") = %08x%08x\n", password2, result[0], result[1]);
hash_password((ulong*)result, password3, strlen(password3));
printf("hash_password(\"%s\") = %08x%08x\n", password3, result[0], result[1]);
// test randominit
randominit(&rand_st, 0, 0);
printf("randominit(0x00000000,0x00000000) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
randominit(&rand_st, 0xFFFF, 0xFFFF);
printf("randominit(0x0000FFFF,0x0000FFFF) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
randominit(&rand_st, 0x50000000, 0x50000000);
printf("randominit(0x50000000,0x50000000) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
randominit(&rand_st, 0xFFFFFFFF, 0xFFFFFFFF);
printf("randominit(0xFFFFFFFF,0xFFFFFFFF) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
// test my_rnd
randominit(&rand_st, 3252345, 7149734);
printf("randominit(3252345, 7149734) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
for (i=0; i<10; i++){
printf("my_rnd() : %.16f\n", my_rnd(&rand_st));
}
// test scramble_323
scramble_323(scrm, "8bytesofstuff", "root");
printf("scramble323(8bytesofstuff, root): %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
scrm[0], scrm[1], scrm[2], scrm[3], scrm[4], scrm[5], scrm[6], scrm[7], scrm[8]);
scramble_323(scrm, "e8cf00cec9ec825af22", "saf789yasfbsd");
printf("scramble323(e8cf00cec9ec825af22, saf789yasfbsd): %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
scrm[0], scrm[1], scrm[2], scrm[3], scrm[4], scrm[5], scrm[6], scrm[7], scrm[8]);
return 23;
}
void MySQLClient::sendAuth323()
{
DBG("Using auth 4.0-\n");
byte scramble[8]={0};
memcpy(scramble, &m_buf[BUF_SIZE-8], 8); //Recover scramble
//memcpy(scramble+8, m_pPos+31, 12); // *(m_pPos+43) == 0 (zero-terminated char*)
byte token[9]={0};
scramble_323((char*)token, (const char*)scramble, m_password.c_str());
DBG("Building response\n");
//Build response
memcpy((char*)m_buf,token,9);
m_len = 9;
#if 0
*((uint32_t*)&m_buf[0]) = htonl(clientFlags);
*((uint32_t*)&m_buf[4]) = BUF_SIZE; //Max packets size
m_buf[8] = 8; //latin1 charset
memset((char*)(m_buf+9),0,23);
strcpy((char*)(m_buf+32),m_user.c_str());
m_pPos = m_buf + 32 + m_user.length() + 1;
m_pPos[0] = 8;
memcpy((char*)&m_pPos[1],token+1,8);
strcpy((char*)(m_pPos+9),m_db.c_str());
m_len = 32 + m_user.length() + 1 + 9 + m_db.length() + 1;
#endif
DBG("Writing data\n");
writeData();
}
/* Protocol 10 is used by MySQL 3.22 and later. However, MySQL 4.1 introduced a new password algorithm.
In some cases, MySQL 4.1 and later systems will contain accounts which are still configured with password
hashes generated using the older algorithm. When we authenticate to a 4.1 server and this is the case,
the server is nice enough to tell us and allow us to reauthenticate. This function generates the appropriate
response for this particular case.
*/
int MySQLPrepareAuthNewOld(_MYSQL_DATA *_psSessionData, char* szPassword, char* szSessionSalt, unsigned char** szResponse, unsigned long* iResponseLength)
{
unsigned char* response;
int response_len = 4 + /* header */
1 +
8; /* scrambled password length */
response = (unsigned char *) malloc(response_len + 1);
memset(response, 0, response_len + 1);
response[0] = response_len - 4; /* packet length */
response[3] = 0x03; /* packet number */
scramble_323((char *) &response[4], _psSessionData, szSessionSalt, szPassword);
*(iResponseLength) = response_len;
*szResponse = response;
return SUCCESS;
}
static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
{
uchar *pkt;
int pkt_len;
if (((MCPVIO_EXT *)vio)->mysql_change_user)
{
/*
in mysql_change_user() the client sends the first packet.
we use the old scramble.
*/
pkt= (uchar*)mysql->scramble_buff;
pkt_len= SCRAMBLE_LENGTH_323 + 1;
}
else
{
/* read the scramble */
if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
return CR_ERROR;
if (pkt_len != SCRAMBLE_LENGTH_323 + 1 &&
pkt_len != SCRAMBLE_LENGTH + 1)
return CR_SERVER_HANDSHAKE_ERR;
/* save it in MYSQL */
memcpy(mysql->scramble_buff, pkt, pkt_len);
mysql->scramble_buff[pkt_len] = 0;
}
if (mysql->passwd[0])
{
char scrambled[SCRAMBLE_LENGTH_323 + 1];
scramble_323(scrambled, (char*)pkt, mysql->passwd);
if (vio->write_packet(vio, (uchar*)scrambled, SCRAMBLE_LENGTH_323 + 1))
return CR_ERROR;
}
else
if (vio->write_packet(vio, 0, 0)) /* no password */
return CR_ERROR;
return CR_OK;
}
int MySQLPrepareAuthOld(_MYSQL_DATA *_psSessionData, char* szLogin, char* szPassword, char* szSessionSalt, unsigned char** szResponse, unsigned long* iResponseLength)
{
unsigned char* response;
/* usernames limited to 16 characters - http://dev.mysql.com/doc/refman/5.1/en/user-names.html */
int login_len = strlen(szLogin) > 16 ? 16 : strlen(szLogin);
int response_len = 4 /* header */ +
2 /* client flags */ +
3 /* max packet len */ +
login_len /* username length */ +
1 /* NULL terminate username */ +
8; /* scrambled password len */
response = (unsigned char *) malloc(response_len + 1);
memset(response, 0, response_len + 1);
response[0] = response_len - 4; /* packet length */
response[1] = 0x00;
response[2] = 0x00;
response[3] = 0x01; /* packet number */
response[4] = 0x85; /* client flag */
response[5] = 0x24;
response[6] = 0x00; /* max packet */
response[7] = 0x00;
response[8] = 0x00;
strncpy((char*)response + 9, szLogin, login_len);
response[9 + login_len] = '\0'; /* null terminate login */
if ( strcmp(szPassword, "") != 0) /* password set */
scramble_323((char *) &response[9 + login_len + 1], _psSessionData, szSessionSalt, szPassword);
*(iResponseLength) = response_len;
*szResponse = response;
return SUCCESS;
}
