Exemplo n.º 1
0
my_bool
check_scramble_323(const char *scrambled, const char *message,
                   ulong *hash_pass)
{
  struct rand_struct rand_st;
  ulong hash_message[2];
  char buff[16],*to,extra;                      /* Big enough for check */
  const char *pos;

  hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
  randominit(&rand_st,hash_pass[0] ^ hash_message[0],
             hash_pass[1] ^ hash_message[1]);
  to=buff;
  DBUG_ASSERT(sizeof(buff) > SCRAMBLE_LENGTH_323);
  for (pos=scrambled ; *pos && to < buff+sizeof(buff) ; pos++)
    *to++=(char) (floor(my_rnd(&rand_st)*31)+64);
  if (pos-scrambled != SCRAMBLE_LENGTH_323)
    return 1;
  extra=(char) (floor(my_rnd(&rand_st)*31));
  to=buff;
  while (*scrambled)
  {
    if (*scrambled++ != (char) (*to++ ^ extra))
      return 1;                                 /* Wrong password */
  }
  return 0;
}
Exemplo n.º 2
0
my_bool
check_scramble_323(const unsigned char *scrambled, const char *message,
                   ulong *hash_pass)
{
  struct rand_struct rand_st;
  ulong hash_message[2];
  /* Big enough for checks. */
  uchar buff[16], scrambled_buff[SCRAMBLE_LENGTH_323 + 1];
  uchar *to, extra;
  const uchar *pos;

  /* Ensure that the scrambled message is null-terminated. */
  memcpy(scrambled_buff, scrambled, SCRAMBLE_LENGTH_323);
  scrambled_buff[SCRAMBLE_LENGTH_323]= '\0';
  scrambled= scrambled_buff;

  hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
  randominit(&rand_st,hash_pass[0] ^ hash_message[0],
             hash_pass[1] ^ hash_message[1]);
  to=buff;
  DBUG_ASSERT(sizeof(buff) > SCRAMBLE_LENGTH_323);
  for (pos=scrambled ; *pos && to < buff+sizeof(buff) ; pos++)
    *to++=(char) (floor(my_rnd(&rand_st)*31)+64);
  if (pos-scrambled != SCRAMBLE_LENGTH_323)
    return 1;
  extra=(char) (floor(my_rnd(&rand_st)*31));
  to=buff;
  while (*scrambled)
  {
    if (*scrambled++ != (uchar) (*to++ ^ extra))
      return 1;                                 /* Wrong password */
  }
  return 0;
}
Exemplo n.º 3
0
void scramble_323(char *to, _MYSQL_DATA *_psSessionData, const char *message, const char *password)
{
  struct rand_struct rand_st;
  ulong hash_pass[2], hash_message[2];

  if (password && password[0])
  {
    char extra, *to_start=to;
    const char *message_end= message + SCRAMBLE_LENGTH_323;
    
    /* Idea borrowed from "The Database Hacker's Handbook: Defending Database Servers" */
    if (_psSessionData->hashFlag == HASH)
    {
      if (strlen(password) != 16)
        writeError(ERR_ERROR, "[%s] Invalid Hash Type (Old Style Hash Required)", MODULE_NAME);

      sscanf(password, "%08lx%08lx", &hash_pass[0], &hash_pass[1]);
    }
    else
      hash_password(hash_pass, password, strlen(password));

    hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
    randominit(&rand_st, hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]);
    for (; message < message_end; message++)
      *to++= (char) (floor(my_rnd(&rand_st)*31)+64);
    extra=(char) (floor(my_rnd(&rand_st)*31));
    while (to_start != to)
      *(to_start++)^=extra;
  }
  *to= 0;
}
Exemplo n.º 4
0
void create_random_string(char *to, uint length, struct rand_struct *rand_st)
{
  char *end= to + length;
  /* Use pointer arithmetics as it is faster way to do so. */
  for (; to < end; to++)
    *to= (char) (my_rnd(rand_st)*94+33);
  *to= '\0';
}
Exemplo n.º 5
0
void scramble_323(char *to, const char *message, const char *password)
{
  struct rand_struct rand_st;
  ulong hash_pass[2], hash_message[2];

  if (password && password[0])
  {
    char extra, *to_start=to;
    const char *message_end= message + SCRAMBLE_LENGTH_323;
    hash_password(hash_pass,password, (uint) strlen(password));
    hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
    randominit(&rand_st,hash_pass[0] ^ hash_message[0],
               hash_pass[1] ^ hash_message[1]);
    for (; message < message_end; message++)
      *to++= (char) (floor(my_rnd(&rand_st)*31)+64);
    extra=(char) (floor(my_rnd(&rand_st)*31));
    while (to_start != to)
      *(to_start++)^=extra;
  }
  *to= 0;
}
int main() {
  const char password1[] = "root";
  const char password2[] = "long password test";
  const char password3[] = "saf789yasfbsd89f";
  ulong result[2];
  char scrm[9]; // SCRAMBLE_LENGTH_323+1
  struct rand_struct rand_st;
  int i;

  // test hash_password
  hash_password((ulong*)result, password1, strlen(password1));
  printf("hash_password(\"%s\") = %08x%08x\n", password1, result[0], result[1]);

  hash_password((ulong*)result, password2, strlen(password2));
  printf("hash_password(\"%s\") = %08x%08x\n", password2, result[0], result[1]);

  hash_password((ulong*)result, password3, strlen(password3));
  printf("hash_password(\"%s\") = %08x%08x\n", password3, result[0], result[1]);


  // test randominit
  randominit(&rand_st, 0, 0);
  printf("randominit(0x00000000,0x00000000) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);

  randominit(&rand_st, 0xFFFF, 0xFFFF);
  printf("randominit(0x0000FFFF,0x0000FFFF) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);

  randominit(&rand_st, 0x50000000, 0x50000000);
  printf("randominit(0x50000000,0x50000000) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);

  randominit(&rand_st, 0xFFFFFFFF, 0xFFFFFFFF);
  printf("randominit(0xFFFFFFFF,0xFFFFFFFF) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);


  // test my_rnd
  randominit(&rand_st, 3252345, 7149734);
  printf("randominit(3252345, 7149734) = %08x, %08x\n", rand_st.seed1, rand_st.seed2);
  for (i=0; i<10; i++){
	  printf("my_rnd() : %.16f\n", my_rnd(&rand_st));
  }


  // test scramble_323
  scramble_323(scrm, "8bytesofstuff", "root");
  printf("scramble323(8bytesofstuff, root): %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
    scrm[0], scrm[1], scrm[2], scrm[3], scrm[4], scrm[5], scrm[6], scrm[7], scrm[8]);

  scramble_323(scrm, "e8cf00cec9ec825af22", "saf789yasfbsd");
  printf("scramble323(e8cf00cec9ec825af22, saf789yasfbsd): %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
    scrm[0], scrm[1], scrm[2], scrm[3], scrm[4], scrm[5], scrm[6], scrm[7], scrm[8]);

  return 23;
}