int main() { const char password1[] = "root"; const char password2[] = "long password test"; const char password3[] = "saf789yasfbsd89f"; ulong result[2]; char scrm[9]; // SCRAMBLE_LENGTH_323+1 struct rand_struct rand_st; int i; // test hash_password hash_password((ulong*)result, password1, strlen(password1)); printf("hash_password(\"%s\") = %08x%08x\n", password1, result[0], result[1]); hash_password((ulong*)result, password2, strlen(password2)); printf("hash_password(\"%s\") = %08x%08x\n", password2, result[0], result[1]); hash_password((ulong*)result, password3, strlen(password3)); printf("hash_password(\"%s\") = %08x%08x\n", password3, result[0], result[1]); // test randominit randominit(&rand_st, 0, 0); printf("randominit(0x00000000,0x00000000) = %08x, %08x\n", rand_st.seed1, rand_st.seed2); randominit(&rand_st, 0xFFFF, 0xFFFF); printf("randominit(0x0000FFFF,0x0000FFFF) = %08x, %08x\n", rand_st.seed1, rand_st.seed2); randominit(&rand_st, 0x50000000, 0x50000000); printf("randominit(0x50000000,0x50000000) = %08x, %08x\n", rand_st.seed1, rand_st.seed2); randominit(&rand_st, 0xFFFFFFFF, 0xFFFFFFFF); printf("randominit(0xFFFFFFFF,0xFFFFFFFF) = %08x, %08x\n", rand_st.seed1, rand_st.seed2); // test my_rnd randominit(&rand_st, 3252345, 7149734); printf("randominit(3252345, 7149734) = %08x, %08x\n", rand_st.seed1, rand_st.seed2); for (i=0; i<10; i++){ printf("my_rnd() : %.16f\n", my_rnd(&rand_st)); } // test scramble_323 scramble_323(scrm, "8bytesofstuff", "root"); printf("scramble323(8bytesofstuff, root): %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", scrm[0], scrm[1], scrm[2], scrm[3], scrm[4], scrm[5], scrm[6], scrm[7], scrm[8]); scramble_323(scrm, "e8cf00cec9ec825af22", "saf789yasfbsd"); printf("scramble323(e8cf00cec9ec825af22, saf789yasfbsd): %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", scrm[0], scrm[1], scrm[2], scrm[3], scrm[4], scrm[5], scrm[6], scrm[7], scrm[8]); return 23; }
void MySQLClient::sendAuth323() { DBG("Using auth 4.0-\n"); byte scramble[8]={0}; memcpy(scramble, &m_buf[BUF_SIZE-8], 8); //Recover scramble //memcpy(scramble+8, m_pPos+31, 12); // *(m_pPos+43) == 0 (zero-terminated char*) byte token[9]={0}; scramble_323((char*)token, (const char*)scramble, m_password.c_str()); DBG("Building response\n"); //Build response memcpy((char*)m_buf,token,9); m_len = 9; #if 0 *((uint32_t*)&m_buf[0]) = htonl(clientFlags); *((uint32_t*)&m_buf[4]) = BUF_SIZE; //Max packets size m_buf[8] = 8; //latin1 charset memset((char*)(m_buf+9),0,23); strcpy((char*)(m_buf+32),m_user.c_str()); m_pPos = m_buf + 32 + m_user.length() + 1; m_pPos[0] = 8; memcpy((char*)&m_pPos[1],token+1,8); strcpy((char*)(m_pPos+9),m_db.c_str()); m_len = 32 + m_user.length() + 1 + 9 + m_db.length() + 1; #endif DBG("Writing data\n"); writeData(); }
/* Protocol 10 is used by MySQL 3.22 and later. However, MySQL 4.1 introduced a new password algorithm. In some cases, MySQL 4.1 and later systems will contain accounts which are still configured with password hashes generated using the older algorithm. When we authenticate to a 4.1 server and this is the case, the server is nice enough to tell us and allow us to reauthenticate. This function generates the appropriate response for this particular case. */ int MySQLPrepareAuthNewOld(_MYSQL_DATA *_psSessionData, char* szPassword, char* szSessionSalt, unsigned char** szResponse, unsigned long* iResponseLength) { unsigned char* response; int response_len = 4 + /* header */ 1 + 8; /* scrambled password length */ response = (unsigned char *) malloc(response_len + 1); memset(response, 0, response_len + 1); response[0] = response_len - 4; /* packet length */ response[3] = 0x03; /* packet number */ scramble_323((char *) &response[4], _psSessionData, szSessionSalt, szPassword); *(iResponseLength) = response_len; *szResponse = response; return SUCCESS; }
static int old_password_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql) { uchar *pkt; int pkt_len; if (((MCPVIO_EXT *)vio)->mysql_change_user) { /* in mysql_change_user() the client sends the first packet. we use the old scramble. */ pkt= (uchar*)mysql->scramble_buff; pkt_len= SCRAMBLE_LENGTH_323 + 1; } else { /* read the scramble */ if ((pkt_len= vio->read_packet(vio, &pkt)) < 0) return CR_ERROR; if (pkt_len != SCRAMBLE_LENGTH_323 + 1 && pkt_len != SCRAMBLE_LENGTH + 1) return CR_SERVER_HANDSHAKE_ERR; /* save it in MYSQL */ memcpy(mysql->scramble_buff, pkt, pkt_len); mysql->scramble_buff[pkt_len] = 0; } if (mysql->passwd[0]) { char scrambled[SCRAMBLE_LENGTH_323 + 1]; scramble_323(scrambled, (char*)pkt, mysql->passwd); if (vio->write_packet(vio, (uchar*)scrambled, SCRAMBLE_LENGTH_323 + 1)) return CR_ERROR; } else if (vio->write_packet(vio, 0, 0)) /* no password */ return CR_ERROR; return CR_OK; }
int MySQLPrepareAuthOld(_MYSQL_DATA *_psSessionData, char* szLogin, char* szPassword, char* szSessionSalt, unsigned char** szResponse, unsigned long* iResponseLength) { unsigned char* response; /* usernames limited to 16 characters - http://dev.mysql.com/doc/refman/5.1/en/user-names.html */ int login_len = strlen(szLogin) > 16 ? 16 : strlen(szLogin); int response_len = 4 /* header */ + 2 /* client flags */ + 3 /* max packet len */ + login_len /* username length */ + 1 /* NULL terminate username */ + 8; /* scrambled password len */ response = (unsigned char *) malloc(response_len + 1); memset(response, 0, response_len + 1); response[0] = response_len - 4; /* packet length */ response[1] = 0x00; response[2] = 0x00; response[3] = 0x01; /* packet number */ response[4] = 0x85; /* client flag */ response[5] = 0x24; response[6] = 0x00; /* max packet */ response[7] = 0x00; response[8] = 0x00; strncpy((char*)response + 9, szLogin, login_len); response[9 + login_len] = '\0'; /* null terminate login */ if ( strcmp(szPassword, "") != 0) /* password set */ scramble_323((char *) &response[9 + login_len + 1], _psSessionData, szSessionSalt, szPassword); *(iResponseLength) = response_len; *szResponse = response; return SUCCESS; }