int main() {
  const char password1[] = "root";
  const char password2[] = "long password test";
  const char password3[] = "saf789yasfbsd89f";
  ulong result[2];
  char scrm[9]; // SCRAMBLE_LENGTH_323+1
  struct rand_struct rand_st;
  int i;

  // test hash_password
  hash_password((ulong*)result, password1, strlen(password1));
  printf("hash_password(\"%s\") = %08x%08x\n", password1, result[0], result[1]);

  hash_password((ulong*)result, password2, strlen(password2));
  printf("hash_password(\"%s\") = %08x%08x\n", password2, result[0], result[1]);

  hash_password((ulong*)result, password3, strlen(password3));
  printf("hash_password(\"%s\") = %08x%08x\n", password3, result[0], result[1]);

  // test randominit
  randominit(&rand_st, 0, 0);
  printf("randominit(0x00000000,0x00000000) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);

  randominit(&rand_st, 0xFFFF, 0xFFFF);
  printf("randominit(0x0000FFFF,0x0000FFFF) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);

  randominit(&rand_st, 0x50000000, 0x50000000);
  printf("randominit(0x50000000,0x50000000) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);

  randominit(&rand_st, 0xFFFFFFFF, 0xFFFFFFFF);
  printf("randominit(0xFFFFFFFF,0xFFFFFFFF) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);

  // test my_rnd
  randominit(&rand_st, 3252345, 7149734);
  printf("randominit(3252345, 7149734) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
  for (i=0; i<10; i++){
	  printf("my_rnd() : %.16f\n", my_rnd(&rand_st));

  // test scramble_323
  scramble_323(scrm, "8bytesofstuff", "root");
  printf("scramble323(8bytesofstuff, root): %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
    scrm[0], scrm[1], scrm[2], scrm[3], scrm[4], scrm[5], scrm[6], scrm[7], scrm[8]);

  scramble_323(scrm, "e8cf00cec9ec825af22", "saf789yasfbsd");
  printf("scramble323(e8cf00cec9ec825af22, saf789yasfbsd): %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
    scrm[0], scrm[1], scrm[2], scrm[3], scrm[4], scrm[5], scrm[6], scrm[7], scrm[8]);

  return 23;
Exemple #2
void MySQLClient::sendAuth323()
  DBG("Using auth 4.0-\n");
  byte scramble[8]={0};
  memcpy(scramble, &m_buf[BUF_SIZE-8], 8); //Recover scramble
  //memcpy(scramble+8, m_pPos+31, 12); // *(m_pPos+43) == 0 (zero-terminated char*)
  byte token[9]={0};
  scramble_323((char*)token, (const char*)scramble, m_password.c_str());
  DBG("Building response\n"); 
  //Build response
  m_len = 9;

  #if 0
  *((uint32_t*)&m_buf[0]) = htonl(clientFlags);
  *((uint32_t*)&m_buf[4]) = BUF_SIZE; //Max packets size
  m_buf[8] = 8; //latin1 charset
  m_pPos = m_buf + 32 + m_user.length() + 1;
  m_pPos[0] = 8;
  m_len = 32 + m_user.length() + 1 + 9 + m_db.length() + 1;
  DBG("Writing data\n"); 
Exemple #3
/* Protocol 10 is used by MySQL 3.22 and later. However, MySQL 4.1 introduced a new password algorithm.
   In some cases, MySQL 4.1 and later systems will contain accounts which are still configured with password
   hashes generated using the older algorithm. When we authenticate to a 4.1 server and this is the case,
   the server is nice enough to tell us and allow us to reauthenticate. This function generates the appropriate
   response for this particular case.
int MySQLPrepareAuthNewOld(_MYSQL_DATA *_psSessionData, char* szPassword, char* szSessionSalt, unsigned char** szResponse, unsigned long* iResponseLength)
  unsigned char* response;
  int response_len = 4 +  /* header */
                     1 +
                     8; /* scrambled password length */

  response = (unsigned char *) malloc(response_len + 1);
  memset(response, 0, response_len + 1);

  response[0] = response_len - 4;   /* packet length */
  response[3] = 0x03;               /* packet number */
  scramble_323((char *) &response[4], _psSessionData, szSessionSalt, szPassword);

  *(iResponseLength) = response_len;
  *szResponse = response;
  return SUCCESS;
Exemple #4
static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
  uchar *pkt;
  int pkt_len;

  if (((MCPVIO_EXT *)vio)->mysql_change_user)
      in mysql_change_user() the client sends the first packet.
      we use the old scramble.
    pkt= (uchar*)mysql->scramble_buff;
    pkt_len= SCRAMBLE_LENGTH_323 + 1;
    /* read the scramble */
    if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
      return CR_ERROR;

    if (pkt_len != SCRAMBLE_LENGTH_323 + 1 &&
        pkt_len != SCRAMBLE_LENGTH + 1)

    /* save it in MYSQL */
    memcpy(mysql->scramble_buff, pkt, pkt_len);
    mysql->scramble_buff[pkt_len] = 0;

  if (mysql->passwd[0])
    char scrambled[SCRAMBLE_LENGTH_323 + 1];
    scramble_323(scrambled, (char*)pkt, mysql->passwd);
    if (vio->write_packet(vio, (uchar*)scrambled, SCRAMBLE_LENGTH_323 + 1))
      return CR_ERROR;
    if (vio->write_packet(vio, 0, 0)) /* no password */
      return CR_ERROR;

  return CR_OK;
Exemple #5
int MySQLPrepareAuthOld(_MYSQL_DATA *_psSessionData, char* szLogin, char* szPassword, char* szSessionSalt, unsigned char** szResponse, unsigned long* iResponseLength)
  unsigned char* response;
  /* usernames limited to 16 characters - */
  int login_len = strlen(szLogin) > 16 ? 16 : strlen(szLogin);
  int response_len = 4 /* header */  +
                     2 /* client flags */  +
                     3 /* max packet len */  +
                     login_len /* username length */ + 
                     1 /* NULL terminate username */ + 
                     8; /* scrambled password len */

  response = (unsigned char *) malloc(response_len + 1);
  memset(response, 0, response_len + 1);

  response[0] = response_len - 4;   /* packet length */
  response[1] = 0x00;
  response[2] = 0x00;
  response[3] = 0x01;               /* packet number */

  response[4] = 0x85;               /* client flag */
  response[5] = 0x24;

  response[6] = 0x00;               /* max packet */
  response[7] = 0x00;
  response[8] = 0x00;
  strncpy((char*)response + 9, szLogin, login_len);

  response[9 + login_len] = '\0';       /* null terminate login */
  if ( strcmp(szPassword, "") != 0) /* password set */
    scramble_323((char *) &response[9 + login_len + 1], _psSessionData, szSessionSalt, szPassword);

  *(iResponseLength) = response_len;
  *szResponse = response;
  return SUCCESS;